A review by ASIC of the time taken by financial institutions to identify and report "significant breaches" to the corporate regulator has found "unacceptable delays" have occurred. The ASIC review, launched in April, considered the degree of compliance with reporting requirements under section 912D of the Corporations Act by 12 financial services groups: the four major banks along with AMP, Bank of Queensland, Bendigo Bank, Credit Union Australia, Greater Bank, Heritage Bank, Macquarie and Suncorp. In its report, published yesterday, ASIC was scathing of the foot-dragging among 12 of the country's most important financial services groups, including the Big Four banks, when it came to addressing and remediating customers for these breaches of the law.The current law requires that once a financial institution has investigated and determined that a breach has occurred and that it is "significant", it must be reported to ASIC within 10 business days. One in seven "issues" that were categorised as "significant breaches" (or more precisely, 110 of 715) were reported later than the 10-business days that allowed once the institution becomes aware of the breach - many reports were well outside the limit.ASIC chair James Shipton said "Our review found that, on average, it takes over five years from the occurrence of the incident before customers and consumers are remediated, which is a sad indictment on the financial services industry. This must not stand."The game-playing revealed by major banks and wealth managers in the first six rounds of the royal commission into misconduct in the banking, superannuation and financial services industry demonstrated that in many instances the delay was often due to more than an incompetent management or inadequate monitoring systems problem; plenty of evidence to date has demonstrated how often delays in reporting breaches followed by lowball compensation offers were standard practice over the last decade. The discomfort of NAB executives being called to account - and failing to justify charging fees for no service - was a notable feature of the superannuation round, echoing the skewering of AMP and CBA in particular during the financial advice round.The average timelines from breach reporting to compensation were outlined in the report:•    time taken, on average, by the major banks to identify a significant breach and to then start an investigation was 1,726 days (over 4.5 years); average across all institutions was 1,517 days;•    the process from the start of an investigation to lodging a breach report with ASIC took the major banks an average of 150 days; and•    the delays continued, with the time taken from the end of a financial institution's investigation into the breach to the first payment to impacted consumers ratcheting up to 226 days, on average.ASIC found the significant breaches - limited to those considered under the terms of the review - caused financial losses to consumers of approximately A$500 million, with millions of dollars of remediation yet to be provided.And while ASIC said it is "actively considering enforcement action for failures to report breaches on time", the regulator also highlighted