Newspaper icon
The latest issue of Financial Standard now available as an e-newspaper

Breach reporting regime a distraction: Report

A survey of compliance professionals has found 67% believe ASIC's breach reporting rules distract from other issues and the greatest proportion of reports filed relate to financial advice failures.

A report from CoreData, Lawcadia and Gadens looks at the first six months of ASIC's enhanced breach reporting laws which were introduced on 1 October 2021.

Surveying 168 respondents from financial services, including regulatory, risk and compliance leaders, the research found 67% of respondents believe the obligations are distracting or diverting resources away from other important areas of work and compliance issues. Of those, 24% said it was to a great extent.

In terms of the content of the reports, 86% of respondents said prior to October 2021 they would file fewer than five breach reports a month. Now, 71% say the same and almost one in five say they're reporting more than five a month. Further, 26% said they are reporting more breaches than they expected to.

In other words, the introduction of the breach reporting obligations has led to a noticeable increase in the number of breaches being reported," the report states.

"Importantly, only AFSL holders were subject to the breach reporting regime prior to 1 October 2021. The increases relate to them, as ACL holders have no prior benchmark; they are reporting for the first time."

Of the reports being lodged, 23% are on advice-related issues, "suggesting the provision of 'general advice' and 'personal advice' is a particular pain point in the financial services industry".

About 18% related to misleading or deceptive conduct issues (18%), conduct issues (14%), administrative and legislative issues (11%) and 'material loss or damage' inflicted on consumers (9%).

Finally, on whether the regime is achieving its purpose, 31% believe the new obligations are ineffective in meeting stated objectives. Further, 51% do not believe ASIC can administer the regime fairly and effectively across all providers. Just 15% believe it can.

Gadens partner Liam Hennessy said the research provides an insight into the quantitative and qualitative trends of breach reporting, ahead of when ASIC plans to publicly release data comparing organisations.

"Breach reporting has very markedly increased, and the main pain points are around misleading and deceptive conduct, advice failures and conduct issues," he said.

"Misleading and deceptive conduct isn't a big surprise - an incorrect fee on a bank statement technically triggers a report, which is asinine and a waste of organisations' and ASIC's time."

Read more: breach reportingASICGadensCoreDataLawcadiaLiam Hennessy