A legal expert says licensees rely too much on ‘human error’ with more than 5,000 reports indicating it is a cause of breach when the fault may lie in their systems and processes.
Last week the Australian Securities and Investments Commission (ASIC) announced the first results of its reportable occurrences regime data from October 1, 2021 to June 30, 2022, which revealed that more than 8,000 breaches had been reported.
This was a lower number than the regulator had anticipated and he questioned whether licensees understood the nature of the legislation and whether he had the right systems and processes in place to identify violations.
Felicity Healy, partner and financial services lawyer at Corrs Chambers Westgarth, agreed the law firm had also expected to see a “mass influx” of breach reports, but that had not happened.
She noted that more than 5,000 reports specified a root cause of the problem as staff negligence or error and Healy said that was an overuse of the term.
In contrast to the root causes of human error, only 9% of reports were described as a policy or process deficiency and 6% were described as a system deficiency.
The ASIC report stated: “Personnel negligence or error was selected as the only root cause category in 55% of reports where the licensee reported that there had been similar prior violations and/or or that there were multiple violations grouped together in the relevant report. This raises some concerns about whether licensees consistently identify and address the underlying root causes of violations (e.g. determining the underlying reasons, such as system or process issues, for negligence or misconduct). repeated staff error).
“In response to this, we intend to provide guidance to licensees on when it is appropriate for licensees to select ‘staff negligence or error’ as the root cause (e.g., only when it has determined that there are no other underlying root causes).”
Healy said: “There has been overuse of the term ‘human error’ and it doesn’t fit where the most common reports were about false or misleading information and it doesn’t fit the understanding of compliance.
“Some breaches may have been caused by human error, but this was due to a weakness in the system which then led to an error.”
When this was identified as the cause, ASIC found that the most common method of rectification was staff training on internal policies and procedures, cited by 41% of reports.
However, she praised companies’ efforts to quickly remedy once a breach has been identified.
In 18% of the reports received, ASIC said it took more than a year for the licensee to identify and investigate an issue after it first occurred. However, only 0.6% of reports had taken more than a year to be rectified, with most being rectified before the start of the investigation or within seven days.
“That’s the good news, people find and fix these flaws quickly, but they can be hard to find, hard to criticize because they take too long to identify. It takes time to do it right. .
“In particular, customers are very wary of scammers these days, so contacting them is getting harder and harder, it’s not as easy as it used to be.”
She also pointed out that it was difficult to reopen cases once they were over, so companies erred on the side of caution and left long deadlines for completing customer investigations or corrective action.
Comments are closed.