Powered by MOMENTUM MEDIA
New research offers a damning indictment of the new breach reporting obligations implemented following the Hayne royal commission.
Australia-headquartered legal technology company Lawcadia and BigLaw firm Gadens – with the assistance of CoreData Research – commissioned, in early 2022, a study to better understand the key challenges, potential benefits and reactions of the financial services industry to the breach reporting obligations that came into effect in October of last year.
The State of Financial Services Breach Reporting in Australia report sought to learn how the industry has responded in the first six months of its rollout. A total of 160 industry professionals responded to the survey put out by CoreData, and numerous one-on-one interviews were also conducted.
The findings show, Lawcadia said, that the enhanced breach reporting regime “has been rough on the financial services industry”, given the civil and criminal penalties for not making mandatory breach reports, and a “hawkish ASIC keen to show its, ‘Why not litigate?’ mantra in action when they do”.
Findings
The findings from the research included:
A conclusion to be drawn from the research, Lawcadia said in a statement, is that the legislation that had been brought in is considered “overly excessive”, and not achieving the goals that commissioner Hayne had in mind in recommending the changes.
Speaking about the findings, Lawcadia co-founder Sacha Kirk said the new reporting measures were also taking a significant toll on the mental health and wellbeing of staff in the sector.
“The research highlights there is a high level of stress and anxiety being experienced by legal, risk and compliance professionals, who have been tasked with planning, implementing and administering the requirements – regulatory design seems to be a factor here,” she said.
The findings give rise to the impression, Ms Kirk mused, that the sector has low confidence in the new reporting regime.
Gadens partner Liam Hennessy added that the research is valuable because it provides an insight into the quantitative and qualitative trends of breach reporting, ahead of when ASIC plans to publicly release data comparing organisations.
This will be a “ritualistic public shaming”, he explained.
“Breach reporting has very markedly increased, and the main pain points are around misleading and deceptive conduct, advice failures and conduct issues.
“Misleading and deceptive conduct isn’t a big surprise – an incorrect fee on a bank statement technically triggers a report, which is asinine and a waste of organisations’ and ASIC’s time.”
Moreover, he went on, it shows that the industry, as a whole, is struggling to prepare for and maintain the onerous compliance demands and that a combination of policy amendments scaling back the more onerous features of the regime and technology adoption is the answer.
Jerome Doraisamy is the managing editor of Lawyers Weekly and HR Leader. He is also the author of The Wellness Doctrines book series, an admitted solicitor in New South Wales, and a board director of the Minds Count Foundation.
You can email Jerome at: