ASIC has unveiled a slew of new enforcement priorities for the year ahead where it intends to direct expertise and resources, including a closer watch on licensees falling short on cyber security protections.
In a statement on 14 November, ASIC explained the only enforcement priority targeted towards licensees is one regarding “licensee failures to have adequate cyber security protections”.
Last month, ASIC chair Joe Longo told AFSLs that cyber protection should be “top of mind” as they manage their businesses, noting that while firms and directors are all facing challenges, cyber security should not fall to the wayside.
“Most firms will be victims of some attack and they need to be able to respond to that. I would remind directors that they have to take these issues seriously. They are under legal obligations to manage this risk and put in place systems and processes,” Longo said in an appearance before the standing committee on economics.
The regulator’s 2023 Cyber Pulse Survey, which included almost 700 participants including 120 financial advisers, previously found over half (58 per cent) of respondents had limited or no capability to adequately protect confidential information. A third (33 per cent) did not have a cyber incident response plan.
Earlier this year, ASIC also highlighted the case of RI Advice, which was found by the Federal Court in May 2022 to have breached its licence obligations to act efficiently and fairly when it failed to have adequate risk management systems to manage its cyber security risks.
Elsewhere, ASIC will be looking into greenwashing and misleading conduct involving ESG claims; strengthening investigation and prosecution of insider trading; and licensee failures to have adequate cyber security protections, along with nine other new enforcement priorities.
These sit alongside its “enduring priorities” that include targeting market misconduct and systemic compliance failures by large financial institutions, and transgressions risking consumer harm, among others.
According to ASIC, the last year has seen its new investigations increase by 25 per cent on the previous year, along with a rise in new civil proceedings (23 per cent).
However, ASIC deputy chair Sarah Court maintained numbers “only tell one part of the story”.
“Numbers don’t capture the full impact of the enforcement actions filed including the resulting compliance and deterrence we achieve, particularly in relation to consumer and investor protections and changing industry behaviour,” she said.
