ASIC has found there are still serious shortcomings in the way big financial institutions manage compliance in their personal financial advice businesses. These failings include inadequate audit processes, inadequate background and reference checking, and inadequate breach reporting.The regulator said these failings led to or had the potential to lead to poor outcomes for customers.ASIC latest report on the financial advice businesses of large institutions dates back to July 2015, when it started a review of how effectively the big banks and AMP were overseeing their financial advisers - covering 35 advice licensees. Initially, ASIC focused on how these institutions identified and dealt with non-compliant conduct by advisers between 2009 and 2015. It looked at how the institutions remediated customers who received non-compliant advice And it tested the current processes for monitoring and supervising their advisers.The institutions identified serious compliance concerns in relation to 149 advisers between 2009 and 2015. In 2015, 14 of the advisers had already been banned and 28 were under surveillance or investigation. Over the course of the review, another 36 advisers were identified.When ASIC reviewed the breach notices it had received over the review period, it found that reporting practices varied. Almost half of the advisers with serious compliance issues had not been brought to ASIC's attention. And where breaches were reported, there were often considerable delays between the time the institution became aware of non-compliant conduct and the breach being reported."Failure or delay in notifying us of reportable breaches or suspected serious non-compliant conduct may impede our ability to take appropriate enforcement or other regulatory action. It may also result in an increased risk of customer loss or detriment," the report says.ASIC said it was now receiving more breach reports from advice licensees.In its review of the current state of play, ASIC said that in the past institutions have relied on traditional monitoring and supervision tools, such as customer complaint data or adviser audit outcomes.More recently, they have been using new technologies and data analytics to develop key risk indicators to assist in identifying high-risk advisers and affected customers.This process has been challenging because of unreliable data, poor record keeping, incompatible legacy systems and different data gathering methods.On the issue of adviser monitoring and supervision, ASIC found that the 10 licensees it reviewed were currently undertaking some form of background and reference checking when recruiting new advisers.However, these procedures were inadequate and often failed to identify which advisers had a history of non-compliant conduct. References were often sought from former colleagues who were not appropriately independent and would not have access to client records.Recruiting licensees rarely received effective responses to requests for advisers' previous audit reports. There were cases where the recruiting licensee did receive an audit report that flagged potential non-compliant conduct by an adviser but failed to make further inquiries.On current audit processes, ASIC said the process was ineffective in 25 per cent of cases and only partially effective in 57 per cent of cases. ASIC compared the audits with its own file