ASIC urges cyber security to be ‘top of mind’
ASIC chair Joe Longo has told AFSLs that cyber protection should be “top of mind” for them as they manage their businesses, and flagged the weaknesses demonstrated by RI Advice.
Appearing before the standing committee on economics to discuss ASIC’s FY24 annual report on 25 October, Longo said the regulator had received 600 responses to its Cyber Pulse Survey, including 120 financial advisers.
These covered the management of critical cyber capabilities by firms, including their incident response plans.
Four areas of improvement were flagged including supply chain risk management, data security, consequence management and adoption of cyber security standards.
Longo said firms and directors are all facing challenges, but cyber security should not be neglected.
“Most firms will be victims of some attack and they need to be able to respond to that. I would remind directors that they have to take these issues seriously. They are under legal obligations to manage this risk and put in place systems and processes.”
In the financial advice space, he flagged the case of RI Advice.
The Federal Court found RI Advice had breached its licence obligations to act efficiently and fairly when it failed to have adequate risk management systems to manage its cyber security risks.
A significant number of cyber incidents occurred at authorised representatives of RI Advice between June 2014 and May 2020. In one instance, an unknown malicious agent obtained, through a brute force attack, unauthorised access to an authorised representative’s file server from December 2017 to April 2018 before being detected, resulting in the potential compromise of confidential and sensitive personal information of several thousands of clients and other persons.
He said: “We ran a case a few years ago against an AFSL, RI Advice, where the court found the arrangements in place were deficient. ASIC continues to look at these issues. We have a couple of matters under investigation as we speak.
“The efforts of that business were so poor and disproportionate to the risk they were facing that it was something we needed to take to court.
“We understand directors are grappling with lots of different challenges in running a business, but this is one that should be top of mind.”
AUTHOR
Laura Dew
Recommended for you
A financial advice firm has been penalised $11 million in the Federal Court for providing ‘cookie cutter advice’ to its clients and breaching conflicted remuneration rules.
Insignia Financial has experienced total quarterly net outflows of $1.8 billion as a result of client rebalancing, while its multi-asset flows halved from the prior quarter.
Prime Financial is looking to shed its “sleeping giant” reputation with larger M&A transactions going forward, having agreed to acquire research firm Lincoln Indicators.
An affiliate of Pinnacle Investment Management has expanded its reach with a London office as the fund manager seeks to grow its overseas distribution into the UK and Europe.
