Banks take 5 years to report significant breaches, but no penalties

By Leith van Onselen

The Australian Securities and Investments Commission (ASIC) yesterday released a Review of selected financial services groups’ compliance with the breach reporting obligation, which examined the breach reporting processes of 12 financial services groups, including the big four banks (ANZ, CBA, NAB and Westpac) and AMP.

The report was damning, finding that the major banks took an average time of 1,726 days (over 4.5 years) to identify significant breaches, whereas it took an average of 150 days from starting an investigation to lodging a breach report with ASIC:

The full text of this article is available to MacroBusiness subscribers

$1 for your first month, then:

$24.99 / month

$249 / year

Cancel at any time through our billing provider, Stripe

Share

About the author

Leith van Onselen is Chief Economist at the MB Fund and MB Super. He is also a co-founder of MacroBusiness. Leith has previously worked at the Australian Treasury, Victorian Treasury and Goldman Sachs.