Today, ob体育 has released its first publication of information lodged under the reportable situations regime. Over 8000 reports were made to ob体育 by financial services and credit licensees under the regime between 1 October 2021 and 30 June 2022.
The numbers show, among other things, that:
- a much smaller proportion of licensees have reported under the regime than anticipated;
- licensees are still taking too long to identify and investigate some breaches;
- more work needs to be done to appropriately identify and report the root cause of breaches; and
- further improvements are needed to licensees鈥� practices towards remediating impacted customers.
ob体育 Commissioner Sean Hughes said, 鈥楾his publication includes significant insights about the implementation of the reportable situations regime. The data ob体育 has been receiving under this regime demonstrates how industry is monitoring and responding to non-compliance. It also highlights where compliance with the regime itself requires greater regulatory attention.鈥�
鈥楢s part of its 2022-23 priorities, ob体育 is focussing on improving the operation of the reportable situations regime. We will continue to work with stakeholders to address issues that have arisen from implementation of the regime, including by providing additional guidance where needed. Greater alignment of reporting practices by licensees will facilitate the publication of more comparative data at the licensee level in coming years,鈥� said Mr Hughes.
Low proportion of the licensee population reporting
Only 6% of the licensee population lodged a report during the first nine months of the regime. This is significantly lower than expected and suggests that some licensees may not have in place the systems and processes required to detect and report non-compliance.聽聽
鈥楢s the regime has been in place for over 12 months, we expect all licensees to be aware of their obligations and comply with the regime. ob体育 will be undertaking a number of activities to strengthen compliance with the regime,鈥� said Mr Hughes.
Improvements required to remediation practices
The total customer financial loss identified to date across the reports received was approximately $368.5 million. Of concern, licensees indicated that they did not intend to compensate impacted customers in 4% of reports that had identified customer financial loss.
The report also shows that where remediation is planned, in many cases it is taking licensees too long to complete. Licensees indicated in 236 reports (12% of the total 1,952 reports involving compensation to customers) that it had taken or was estimated to take more than one year to finalise. 聽
ob体育 will engage further with those licensees indicating they have failed to remediate a breach. 鈥榃e remind licensees that where things do go wrong, we expect proactive and timely action to remediate impacted customers,鈥� said Mr Hughes.聽
Identification and investigation of breaches
In 18% of the reports received, it took the licensee more than one year to identify and commence an investigation into an issue after it had first occurred. ob体育 expects licensee systems to promptly identify non-compliance. Delays create challenges for the timely investigation and rectification of issues and can mean that customers wait longer for remediation.
Mr Hughes said, 鈥榦b体育鈥檚 review of breach reporting in 2018 found that the major banks were taking four and a half years to identify a breach. We recognise the changes to processes that have been implemented following ob体育鈥檚 review to truncate these timeframes. However continued efforts are required by all licensees to ensure that issues are rectified and customers are remediated in a timely manner.鈥�
Identification of root causes
A high proportion of reports (55%) identified staff negligence or error as the sole root cause, including where the licensee had reported that there had been previous similar breaches, or multiple breaches were grouped together.
ob体育 is concerned that licensees may not be adequately identifying and addressing the underlying root causes for breaches, such as by determining the underlying reasons for repeated staff negligence or error.
ob体育 will give further guidance to industry on this issue.
Download
Report 740 Insights from the reportable situations regime: October 2021 to June 2022
Background
The reportable situations regime, often referred to as breach reporting, is a cornerstone of the financial services and credit regulatory regimes, and the reports are a critical source of regulatory intelligence for ob体育. The new regime, which applies to Australian Financial Services (AFS) Licensees and Credit Licensees, commenced on 1 October 2021.
Further information is available at Reportable situations for AFS and credit licensees
Under the reportable situations regime, ob体育 is obliged to report annually on information that is provided under the reportable situations regime. Amongst other things, this public report is intended to assist industry and consumers identify where significant breaches are occurring.
Due to inconsistencies in reporting practices arising through the implementation of the reform, our first report does not name licensees or provide data with a high degree of granularity.
ob体育鈥檚 approach to reporting will evolve over time, as the regime matures, and allow for greater granularity of reporting in the future.