AFSL cyber security failures on ASIC’s radar in 2025
ASIC has unveiled a slew of new enforcement priorities for the year ahead where it intends to direct expertise and resources, including a closer watch on licensees falling short on cyber security protections.
In a statement on 14 November, ASIC explained the only enforcement priority targeted towards licensees is one regarding “licensee failures to have adequate cyber security protections”.
Last month, ASIC chair Joe Longo told AFSLs that cyber protection should be “top of mind” as they manage their businesses, noting that while firms and directors are all facing challenges, cyber security should not fall to the wayside.
“Most firms will be victims of some attack and they need to be able to respond to that. I would remind directors that they have to take these issues seriously. They are under legal obligations to manage this risk and put in place systems and processes,” Longo said in an appearance before the standing committee on economics.
The regulator’s 2023 Cyber Pulse Survey, which included almost 700 participants including 120 financial advisers, previously found over half (58 per cent) of respondents had limited or no capability to adequately protect confidential information. A third (33 per cent) did not have a cyber incident response plan.
Earlier this year, ASIC also highlighted the case of RI Advice, which was found by the Federal Court in May 2022 to have breached its licence obligations to act efficiently and fairly when it failed to have adequate risk management systems to manage its cyber security risks.
Elsewhere, ASIC will be looking into greenwashing and misleading conduct involving ESG claims; strengthening investigation and prosecution of insider trading; and licensee failures to have adequate cyber security protections, along with nine other new enforcement priorities.
These sit alongside its “enduring priorities” that include targeting market misconduct and systemic compliance failures by large financial institutions, and transgressions risking consumer harm, among others.
According to ASIC, the last year has seen its new investigations increase by 25 per cent on the previous year, along with a rise in new civil proceedings (23 per cent).
However, ASIC deputy chair Sarah Court maintained numbers “only tell one part of the story”.
“Numbers don’t capture the full impact of the enforcement actions filed including the resulting compliance and deterrence we achieve, particularly in relation to consumer and investor protections and changing industry behaviour,” she said.
AUTHOR
Rhea Nath
Recommended for you
The financial advice profession has lifted back above the 15,500 mark this week thanks to a double-digit net rise in adviser numbers, according to Wealth Data.
High-net-worth advisers seeking to grow their businesses are likely to find alternatives to be a key part of the puzzle amid investor demand, according to Praemium’s head of private wealth.
Research house Morningstar has welcomed a new director for manager research to cover Australian and New Zealand fund managers.
ASIC chair Joe Longo says the complexity of the reportable situations regime for AFSLs is impeding the ability of the regime to achieve its original aim of identifying non-compliant behaviour.
