Powered by MOMENTUM MEDIA
  • subs-bellGet the latest news! Subscribe to the ifa bulletin

Breach reporting rules weigh down on financial services sector

The new breach reporting regime is considered “overly excessive” by the sector. 

Since 1 October, AFSL and ACL holders have been legally obliged to self-report specific matters to ASIC and are subject to civil and criminal penalties if they do not.

Recent research, conducted by CoreData Research and commissioned by legal technology company Lawcadia and law firm Gadens, has revealed that financial services regulatory and compliance teams are facing work overload, stress and anxiety as a direct result of the new compliance and reporting rules.

“The research highlights there is a high level of stress and anxiety being experienced by legal, risk and compliance professionals, who have been tasked with planning, implementing and administering the requirements – regulatory design seems to be a factor here,” Lawcadia co-founder Sacha Kirk explained.

According to the report, based on a survey of 160 staff from Australian financial services organisations, individuals responsible for implementing the obligations report a heavy and often highly manual process of identifying incidents, investigating and determining which need to progress to reporting.

Moreover, 67 per cent of respondents said the new breach reporting obligations are distracting or diverting resources away from other important areas of work and compliance issues.

Interestingly, in terms of the types of issues generative of breach reports under the new regime, the greatest proportion of reports have arisen from advice-related issues (23 per cent), suggesting the provision of “general advice” and “personal advice” is a particular pain point in the financial services industry.

==
==

“Breach reporting has very markedly increased, and the main pain points are around misleading and deceptive conduct, advice failures and conduct issues," said Gadens partner, Liam Hennessy.

"Misleading and deceptive conduct isn’t a big surprise – an incorrect fee on a bank statement technically triggers a report, which is asinine and a waste of organisations’ and ASIC’s time,” he said.

Unsurprisingly, respondents indicated that they are now reporting on behaviours or events under the new regime that they would not have reported prior to 1 October 2021.

“Previously, we didn’t have these obligations. None of our incidents were ever considered for reportability. If we had serious issues, [we] may have had conversations around whether we thought those were worth discussing with ASIC,” a surveyed head of compliance and conduct said.

“Now, every incident that we look at, we’ll look at with that lens and that consideration and assessment. And also, our number of incidences increased because we now require things that weren’t considered an incident before, to be considered incidents and to be raised as incidents…purely so that they can be assessed for reportability.”

The report also found the sector had low confidence in the new regime.

Around half of the survey respondents (51 per cent) said that they do not believe that ASIC can administer the new regime effectively and fairly across all financial services providers.

In comparison, only around one in seven (15 per cent) believe that the regulator will be completely effective.

As for their level of understanding of the enhanced breach reporting regime, around half (51 per cent) of respondents rated their knowledge as moderate, low or very low.

The greatest lack of clear understanding of the obligations was found among financial advisers who are employed in advice practices that do not hold their own AFSL, where almost three quarters (74 per cent) rated their understanding as moderate or lower.

Additionally, around a quarter (24 per cent) of advisers operating under corporate authorised representative arrangements said they had not been adequately trained or informed by their AFS licensee to monitor for breaches.