Half of advisers rate their understanding of the breach reporting regime as ‘low’ or ‘very low’, indicating the industry is unprepared to deal with the new system.
The ‘State of Financial Services Breach Reporting in Australia’ report shared insights of the first six months of the breach reporting regime and was conducted by Gadens and Lawcadia in conjunction with CoreData.
The research found only 24 per cent of advisers believed they are adequately trained by their licensee to monitor for breaches.
Gadens partner Liam Hennessy tells Professional Planner this is a big risk for “such a serious” regime.
“Advisers don’t know what they’re doing with this regime and that’s a pretty big risk when you consider the personal consequences and the licensee consequences that can come from it,” he says.
This lack of understanding is most pronounced with advisers employed in practices that don’t have their own AFSL, where 74 per cent rate their understanding as ‘moderate’ or ‘low’.
Hennessy says the figure is high because advisers have been “absolutely hammered” in recent years by regulation.
“There’s a lot of regulatory fatigue whether it’s design and distribution obligations, FASEA or education requirements, but that strikes me as a high level of risk in the advice community.”
However, 94 per cent believe their licensee can competently handle a breach when it is reported to them and 82 per cent believe their licensee will support them in resolving the issue.
Breach reporting reforms commenced at the start of last October which require licensees to report to ASIC within 30 days of a breach of financial services law, implementing several Hayne royal commission recommendations.
A pair of Allens lawyers told Professional Planner last July changes to breach reporting obligations for licensees are “onerous”, and add further cost and complexity to the sector.
The Gadens/Lawcadia research found 51 per cent do not believe ASIC can administer the new regime effectively.
Mental health pressure
Some 67 per cent of respondents stated the breach reporting regime are distracting or diverting resources away from other issues.
Hennessey says they found “a lot of anxiety in the system” based on the feedback from survey respondents.
“I feel worried,” an anonymous head of compliance stated in the report. “I feel concerned. I feel scared. Same as our CEO and our team members as well.”
“I personally find it extremely stressful,” a deputy chief risk officer stated. “I’m finding it really, really difficult. My team are so, so busy with the increasing complaints, that they have little to no capacity to deal with incidences and breaches, so it primarily sits with me… It’s getting difficult to resource up.”