ASIC told: Don’t name and shame without adequate proof

A key superannuation body has acknowledged the damage inflicted by negative publicity on financial services licensees and has urged the Government to move cautiously in imposing a more rigorous self-reporting regime, including naming licensees involved in ‘suspected’ breaches.

The Association of Superannuation Funds of Australia (ASFA) has used a submission to the Treasury on the new self-reporting regime to welcome higher levels of transparency but has warned of the broader negative implications of naming and shaming firms and individuals too early and with insufficient proof of wrongdoing.

“While an increased level of transparency would be beneficial, this must in ASFA’s view be carefully balanced against the risk that unwarranted reputational damage may be caused to individuals, licensees and the financial services industry more generally,” the submission said.

“Supplementing the existing ASIC reporting framework with summary reports containing de-identified information on the volume, nature and customer impacts of reported breaches would, in ASFA’s view, increase transparency and consumer confidence,” it said. “However, ASFA is concerned that publication of breach data by ASIC that attributes breaches at the licensee level or operational unit within the licensee would introduce the risk of uninformed commentary during the investigation and/or remediation stage, in many cases prior to ASIC forming any view on the reported breach.”

VIEW ALL

View all

The ASFA submission noted that in cases where ASIC determined that enforcement activity or sanctions of some type against the licensee were warranted – for example because ASIC considers the licensee’s remediation of a breach to be inadequate – “this already receives widespread publication”.

ASFA said it was concerned about the quality of the data reported at preliminary stages of an investigation into a suspected breach “and the inevitability that many ‘suspected’ breaches will ultimately be determined either not to be ‘significant’ or not to be breaches at all”.

“On this basis, if the self-reporting regime is extended to cover ‘suspected’ breaches we consider it absolutely critical that data about ‘suspected’ breaches is excluded from publication by ASIC,” it said.

“Publication of such data would convey an inaccurate and potentially misleading impression regarding the volume of breaches occurring, and may have a negative – and unwarranted – impact on consumer confidence. It would also potentially create a disincentive for licensees to report,” the submission said.