A government and consumer expectation that every breach will be detected and reported will create box-ticking compliance in the financial services industry, the Financial Planning Association (FPA) warns.

In response to an Australian Securities and Investments Commission (ASIC) enforcement review paper, the association says the industry will devote significant resources to this, rather than building a compliance culture focused on consumers.

It also criticises the regulator’s response to licensees’ reported breaches.

“ASIC currently takes significant time to notify the licensee as to how the regulator will treat the information reported,” the submission says.

“This leaves licensees in the dark, worrying about the regulator’s potential action, making licensees reluctant to report borderline potential breaches in the future.”

The FPA says this may affect the industry’s openness to adopting a co-operative approach to breach reporting.

“A co-operative approach to encourage early reporting may offer benefits to licensees, ASIC and consumers,” it says.

Currently, licensees have to report a breach within 10 business days, but for ASIC’s “no action” proposal to apply, the timeframe could be considerably shortened, the FPA warns.

It says the regulator should develop guidance, including standard program timelines and requirements for investigation and information provision, in consultation with industry.

The FPA also wants ASIC to hold off imposing penalties if a licensee cannot meet the early reporting requirements.

“The timeframe to report any breaches, or potential breaches that are not considered significant, should be extended to a longer timeframe – 45 or 60 days. While a co-operative approach is desired and positive, early reporting incentives may do little to change the behaviour of licensees who are not already predisposed to reporting to ASIC.”