In-House Lawyers Stressed with Breach Reporting Rules

Financial services regulatory and compliance teams are facing work overload, stress and anxiety as they grapple with onerous new compliance and reporting rules, a ground-breaking new report has found. 

With civil and criminal penalties for not making mandatory breach reports, and a hawkish ASIC keen to show its “Why not litigate?” mantra in action when they do, the enhanced breach reporting regime has been rough on the financial services industry, research has revealed.

The research was conducted by CoreData Research and commissioned by legal technology company Lawcadia and leading law firm Gadens following the introduction of new mandatory breach reporting obligations in October 2021.

The legislation that had been brought in is considered “overly excessive”, and does not achieve the goals Commissioner Hayne had in mind in recommending the changes.

Lawcadia co-founder Sacha Kirk said the new reporting measures were also taking a significant toll on the mental health and wellbeing of staff in the sector.

“The research highlights there is a high level of stress and anxiety being experienced by legal, risk and compliance professionals, who have been tasked with planning, implementing and administering the requirements – regulatory design seems to be a factor here,” she said.

Ms Kirk said the report, based on survey results of 160 staff from Australian financial services organisations and a number of in-depth interviews, also found the sector had low confidence in the new reporting regime.

Around half of the survey respondents (51%) do not believe that ASIC can administer the new regime effectively and fairly across all financial services providers.

Gadens partner Liam Hennessy said the research is valuable because it provides an insight into the quantitative and qualitative trends of breach reporting, ahead of when ASIC plans to publicly release data comparing organisations. This will be a “ritualistic public shaming”, explained Hennessy.  

“Breach reporting has very markedly increased, and the main pain points are around misleading and deceptive conduct, advice failures and conduct issues. Misleading and deceptive conduct isn’t a big surprise – an incorrect fee on a bank statement technically triggers a report, which is asinine and a waste of organisations’ and ASIC’s time,” he said.

The State of Financial Services Breach Reporting in Australia report was commissioned in January after 12 months of discussions with clients and others in the sector about the new requirements.

Mr Hennessy said the report showed that the industry at large was struggling to prepare for and maintain the onerous compliance demands, and that a combination of policy amendments scaling back the more onerous features of the regime and technology adoption is the answer.

The State of Financial Services Breach Reporting in Australia report sought to understand the key challenges and potential benefits of the new legislation, as well as how the industry has responded in the first six months of its rollout.

Access the full 'State of Financial Services Breach Reporting in Australia' report.

Also read top viewed Ai Legal article: The Role of AI in Legal Research.