Industry’s laggard breach remediation process can be resolved with technology

Financial services institutions take on average two-and-half months to resolve a remediation case – a process which regulator the Australian Securities and Investment Commission (ASIC) has deemed unacceptably slow. In hundreds of cases, this remediation process has dragged on for over a year, inviting appreciable scorn from regulators and affected customers. However, one emerging Australian regtech has laid out a pathway, using end-to-end technology, to address this reputationally and commercially damaging remediation gap.

Bluline Technologies, an emerging player in Australia’s burgeoning regulatory technology (regtech) space, has called on the financial services industry to fast-track the adoption of automation solutions to address critical choke points in the remediation process.

These choke points may include any number of processing delays or failures, including a preponderance of manual processing – with Bluline noting the ongoing, “extremely inefficient” and error-prone use of spreadsheets – poor data retrieval practices, a lack of coordination and siloing between remediation teams, and insufficient communications and transparency with affected customers.

Deploying a modularised, plug-and-play automation solution – one that can be deployed within organisations’ existing infrastructure and software systems – Bluline says financial services can effectively resolve this typically “slow and cumbersome approach to… remediation”.

“Integrating an automated remediation solution does not require financial services institutions to overhaul their technology set,” Blueline wrote in a newly released white paper.

“A well-designed automated remediation solution works with software that understands both an institutionʼs business requirements and the necessity for compliant remediation payments.

This solution should, Bluline argues, be applied across the entire remediation lifecycle – covering eligibility (identifying affected products, services and end customers), the calculation of financial compensation, communication with customers and regulators, payment assignment, and finally, lodgement and follow-up processes, in accordance with RG 277.

By opting for a modular solution, an institution can select the modules that are most relevant or beneficial to their remediation process, and connect these to applicable data stores, Bluline added.

According to the regtech, an effective automated remediation solution should, “at the very least”:

• remove the reliance on spreadsheets and manual testing and reporting;
• be capable of handling multiple incidents simultaneously and searching hundreds of thousands of accounts at the same time;
• operate with any product across a financial institutionʼs offering and across the entire remediation life cycle;
• provide real-time tracking for compliance reporting;
• ensure full alignment with ASIC regulations, requirements, and obligations.

Remediation bottlenecks

Poor breach resolution processes are effectively a double whammy blow for customers – not only are they put out by the initial breach, but they must also deal with business seemingly uncaring and unresponsive to their needs.

As such, the speedy and appropriate resolution of these breaches is critical not only to maintaining the reputation of negligent businesses but also the integrity of the sector more broadly.

“Too many Australian customers are left in the dark — uncertain when, how or even if they’ll be compensated after financial breaches. These slow, manual processes are damaging trust and creating significant reputational and regulatory risk,” writes Aidan Carleton, Bluline chief executive and co-founder of Bluline and whitepaper author.

According to the ASIC Report 800, which assessed Australia’s reportable situations regime across the FY23- 23 period, regulated entities spent on average 72 days to remediate customers. In more than 200 cases, the regulator found that entities took more than a year to resolve these cases.

The report further found that less than one-third (32%) of the total customer financial losses reported received compensation – a total $92 million split across nearly half a million customers – with many cases remaining unresolved.

When businesses are in breach, Australian financial services are obligated to “ensure affected customers receive fair compensation, to meet ASIC compliance requirements under RG 277, to identify and rectify systemic failures for preventing future incidents, and to rebuild customer trust and brand reputation”, Bluline notes.

The regtech stresses that the resolution of this “systemic” and ever-increasing problem demands a technology solution.

Bluline notes that its own remediation solution, deployed by one of Australia’s big four banks, has already delivered a 600% increase in efficiency and $51 million in annual cost savings for the institution.

Among the key metrics for measuring the success of an automated remediation solution, as noted by Bluline, include:

• The time it takes to move from one incident to the next – from creation to incident closure.
• The number of customers impacted and the total number of payments.
• The cost for closing incidents (that is, how much time was spent and how many people were necessary in resolving an incident).