The Financial Services Council (FSC) welcomes ASIC's proposal that financial services businesses no longer need to report minor or technical breaches that do not cause financial loss to consumers under certain circumstances, but more needs to be done.
The FSC is calling on both sides of parliament to adopt a deregulation agenda, cutting red tape in order to boost productivity in the financial services sector. The breach reporting regime is emblematic of the sort of regulatory simplification opportunities that whoever forms the next Government should be identifying. It is welcome news the regulator has moved ahead of the Government on this.
ASIC has announced that it would provide relief from reporting breaches with no financial losses or damage to clients provided that the breach has been rectified within 30 days, no more than five consumers are impacted, and the total financial loss to all such impacted consumers does not exceed $500.
A survey of 29 of the FSC's superannuation, financial advice licensees and funds management members, conducted Positive Economics, found that it costs $3,800 in extensive documentation, senior executive time and auditor reviews every time a minor breach is reported to the ASIC portal.
Examples of minor and technical breaches include statements being sent to customers one day late, immaterial typos and other inconsequential oversights such as being a few hours late in removing a document from a website.
CEO of the FSC Blake Briggs said: "The regulator has acknowledged industry concerns that reporting these minor breaches is excessively burdensome. These proposals go some way to addressing some of the problems, however more work needs to be done.
"Our survey found unnecessary regulation in the financial services breach reporting regime has resulted in almost $4000 wasted every time a minor breach is reported, or $24 million annually, showing a significant need for streamlining the reporting system to get rid of disproportionate regulation which results in businesses and ASIC incurring unnecessary time and expense.
"This includes 34,000 hours of compliance staff time which could be more productively used to enhance governance and reduce risk, as well as resolve genuinely serious breaches where consumers are financially impacted or otherwise harmed."
The survey also found the current increased compliance costs are likely being passed onto consumers through higher fees and slower resolution of breaches that do impact consumers.
"Good businesses have in place risk compliance identification and management systems, which flag incidents and minor breaches. Businesses should continue to identify minor breaches, however, the requirement to report these to the regulator is what creates unnecessary compliance costs.
While the ASIC proposals to provide additional relief by way of legislative instrument would appear to address some industry concerns, the proposals are relatively limited in their scope, such as the proposed requirement that the number of impacted customers does not exceed five for any given breach (even where there is no financial loss or damage caused).
With more than 12,000 breaches reported in the past year and 64 per cent of those have no financial loss or damage to consumers, coupled with the ongoing difficulties in using the ASIC portal, there should be a more streamlined and efficient way to report breaches. The FSC notes ASIC has not addressed concerns to enhance the usability and efficiency of ASIC's portal and reiterates calls for ASIC to take steps to fix this.
The FSC would welcome a commitment by both sides of politics for a more permanent legislative change, as part of a larger commitment to identifying legislative opportunities to cut red tape in order to boost productivity in the financial services sector.
