The breaches under the 2014-to-2017 review had caused financial losses to consumers of about A$500 million (£276 million), and remediation had not been completed, the regulator said.

"Many of the delays in breach reporting and compensating consumers were due to the financial institutions’ inadequate systems, procedures and governance processes, as well as a lack of a consumer orientated culture," said James Shipton, chairman of the Australian Securities and Investments Commission (ASIC).

The review of legal compliance covered 12 financial institutions, including Commonwealth Bank, Westpac Banking Corp, Australia and New Zealand Banking Group, National Australia Bank, and AMP Ltd, the regulator said in a statement.

It found that on average, it took more than 5 years from the occurrence of a significant breach before customers were remediated.

The regulator, which has been criticised at a powerful inquiry into financial sector misconduct for being soft on finance firms, said it was considering enforcement action for failures to report breaches on time.

"There is an urgent need for investment by financial services institutions in systems and processes as well as commitment and oversight from boards and senior executives to address these significant failings," Shipton added.

(Reporting by Paulina Duran; Editing by Eric Meijer and Stephen Coates)

By Paulina Duran