The banks say they recognise the need for further improvements after a review into their breach reporting processes.
The Australian Securities and Investments Commission (ASIC) examined 12 financial institutions to assess the way they reported significant breaches of the law.
The report found that the major banks took more than four and a half years to identify a significant breach, which ASIC dubbed “unacceptable”.
It found the average time taken to report a breach to ASIC was 150 days, despite a legal obligation to do so within ten business days.
The average time taken to identify and then investigate a breach was 1,517 days. It then took on average another 226 days to remediate the customer.
A spokesperson for ANZ said, “We recognise there are areas where we can improve, which is why we have set up a specialist team to better manage how we identify and fix issues when they arise. We will look at this report closely to see if there are other areas where we can improve.”
Westpac also responded to a request for comment saying it welcomed the release of the report as it provides “helpful context and insights for all licensees”.
The spokesperson said, “Insights from the report will assist to continuously improve reporting processes across the industry.
“Westpac builds and maintains constructive and trusted working relationships with its regulators. We do this through regular engagement on relevant matters and by taking an open and co-operative approach to information sharing, including both mandatory and voluntary disclosures.
“We are focused on the best interests of our customers and doing the right thing by them, and we will continue to prioritise timely remediation.
“To develop better consistency across the industry, we support proposals on providing greater clarity around the ‘significance’ test and for the mandatory reporting regime to be expanded to include consumer credit.
“Westpac recognises the critical role that regulators play in building trust and confidence in the Australian banking system, and we maintain our support for a stronger ASIC through enhanced breach reporting, law reform and intervention powers.”
A spokesperson for CBA said, "The ASIC report highlights areas where we can do better for our customers. In particular, it makes clear that we need to be more accountable when we identify breaches and that we must act more quickly to compensate our customers.
“We must fix these issues to ensure we get it right for our customers. This report will help us do that.”
The Australian Banking Association (ABA) said the report was a “wakeup call to the banks”.
CEO Anna Bligh said, “This investigation shows that the banks’ efforts to identify issues, report them to ASIC and compensate customers are not good enough.
“Customers expect these problems to be identified and fixed as soon as possible. Clearly this report shows there’s a lot of work to be done.
“The industry has fully cooperated with the ASIC Enforcement Review and has supported changes including increasing penalties and introducing a civil penalty in addition to the criminal offence for failing to report within the required timeframe.
“In August the government announced that ASIC would assign dedicated staff for onsite monitoring in the country’s four major banks and AMP to beef up supervision of governance and compliance with the law.
“This new initiative and others was welcomed by the industry who are working proactively and in good faith with ASIC to improve monitoring and increase transparency within the sector.”