Why is there so much ‘human error’ in breaches?

ASIC breach

31 October 2022
| By Laura Dew |
expand image

There is over-reliance by licensees on ‘human error’ with over 5,000 reports stating that as a cause of a breach when the fault may lie in their systems and processes, according to a legal expert.

Last week, the Australian Securities and Investments Commission (ASIC) announced the first results of its reportable situations regime data from 1 October, 2021 to 30 June, 2022 which found there had been over 8,000 breaches reported.

This was a smaller number than the regulator had expected and it questioned if licensees understood the nature of the legislation and whether it had the right systems and processes in place to identify breaches.

Felicity Healy, partner and financial services litigator at Corrs Chambers Westgarth, agreed that the law firm had also expected to see a “huge influx” of breach reports made but this had failed to appear.

She noted over 5,000 of reports specified a root cause of the problem as being staff negligence or error and Healy said this was an overuse of the term.

In contrast to human error root causes, just 9% of reports were described as a policy or process deficiency and 6% were described as a system deficiency.

The ASIC report stated: “Staff negligence or error was selected as the sole root cause category in 55% of reports where the licensee had reported that there had been previous similar breaches and/or there were multiple breaches grouped into the relevant report. This raises some concerns as to whether licensees are consistently identifying and addressing the underlying root causes for breaches (e.g. by determining the underlying reasons, such as systems or process issues, for repeated staff negligence or error).

“In response to this, we intend to provide guidance to licensees on the circumstances in which it is appropriate for licensees to select ‘staff negligence or error’ as the root cause (e.g. only when it has determined there are no other underlying root causes).”

Healy said: “There was an overuse of the term ‘human error’ and that doesn’t match up when the the most-common reports were about false or misleading information and it doesn’t match with the understanding of compliance.

“Some breaches may have been caused by human error but that’s caused by a weakness in the system which has then led to an error.”

When this was identified as the cause, ASIC found the most-common rectification method was staff training on internal policy and procedures, cited by 41% of reports.

However, she praised efforts by firms to remediate quickly once a breach was identified.

In 18% of reports received, ASIC said it had taken the licensee more than one year to identify and commence an investigation into an issue after it had first occurred. However, only 0.6% of the reports had taken longer than a year to rectify with most being rectified before the investigation commenced or within seven days.

“This is the good news part, people are finding and fixing these breaches quickly but they can be hard to find, it is hard to be critical of them to taking too long to identify. It takes time to do it properly.

“In particular, customers are very wary of scammers nowadays so contacting them is getting harder, it is not as simple as it used to be to.”

She also pointed out that it was difficult to re-open cases after they had finished so firms were erring on the side of caution and allowing long lead times to complete investigations or customer remediations.

Read more about:


Submitted by Walker on Mon, 2022-10-31 09:48

Like most service providers these days, the financial services industry is filled with people who aspire to mediocrity, but expect top dollar.

It is a scourge and no amount of systems and processes will prevent these errors occurring because put simply, many employees are lazy and just don't care.

Bring on a recession because the service industry needs a good clean out.

Submitted by Louis Leahy on Mon, 2022-10-31 19:11

It’s quite comical to hear lawyers, politicians and regulators making outrageous claims that their new sets of rules will stop the breaches of wide area networks when what is required is the implementation of new code. The Government has failed to assist developers of new code to have the updates implemented to protect the community. Until such time as Government and Industry start to support Developers with new code they will continue to suffer these horrendous losses.

Add new comment

The content of this field is kept private and will not be shown publicly.

Recommended for you

sub-bgsidebar subscription

Never miss the latest news and developments in wealth management industry


Noah Elshin

So much value destruction. And where is Board accountability? Will John Abernethy ever go to save the company?...

13 hours ago

Get rid of the rest of the old guard to clean up the culture, then you might have a chance....

4 days 10 hours ago
Ray Mitchell

The previous directors and managers of both Dixon Advisory and the ultimate holding company Evans and Partners should be...

4 days 23 hours ago

Insignia Financial has unveiled a new operating model and executive team, including a new head of advice, while three senior executives are set to depart the licensee....

5 days 12 hours ago

ASIC has obtained interim orders from the Federal Court to freeze the assets of a registered managed fund and prevent its former director from leaving Australia. ...

3 weeks 6 days ago

The $280 billion Australian Retirement Trust is the first superannuation fund off the block to report its performance for the 2023-24 financial year....

2 weeks 1 day ago