Breach reports cost consumers $500 million
Australia's big banks and financial institutions are taking years to realise they have broken the law and too long to fix problems that have left five million consumers out of pocket by $500 million.
The regulator says there are serious and unacceptable delays in identifying, reporting and correcting significant breaches of the law.
One in seven significant breaches have not been reported to the Australian Securities and Investments Commission on time, which is a criminal offence.
ASIC found it takes on average more than five years for customers to be compensated after a problem has occurred.
That is partly because it takes financial institutions more than four years on average - or 4.5 years for the big four banks - to even identify the incidents.
Consumers were left out of pocket for an excessive period, ASIC said after reviewing breach reporting by the major banks, AMP and seven other financial institutions.
It found the significant breaches of the law caused financial losses to almost five million consumers totalling $497 million.
About $437 million has so far been repaid to affected consumers but millions of dollars has yet to be remediated.
ASIC chair James Shipton said many of the delays in breach reporting and compensating consumers were due to the financial institutions' inadequate systems, procedures and governance processes.
"Our review found that, on average, it takes over five years from the occurrence of the incident before customers and consumers are remediated, which is a sad indictment on the financial services industry," he said on Tuesday.
"This must not stand."
ASIC said some consumers were permanently disadvantaged by the impact of the significant breach, identifying at least 21 instances where all of the money was not able to be returned.
The six financial groups involved held on to $1.3 million out of a total $114 million, with ASIC saying the practice of retaining residual funds did not align with the principles of ethical business conduct nor with community expectations.
Mr Shipton said the industry is taking far too long to identify and investigate potential breaches, which is the source of the longest delay and therefore of most detriment for consumers.
He said having identified an issue and concluded it is a breach, institutions are failing to then report it to ASIC within the required 10 business days.
Australian Banking Association CEO Anna Bligh says the report is a further wake-up call to the banks to lift their game in quickly fixing issues in their business.
"Customers expect these problems to be identified and fixed as soon as possible," she said.
"Clearly this report shows there's a lot of work to be done."
Back to Breaking News