ASIC warns AFSLs of cyber-attack risk
Australian Financial Services Licensees (AFSLs) are being urged to ensure they meet their cyber-security obligations following the release of the Australian Securities and Investments Commission's (ASIC's) Cyber resilience: Health Check report.
ASIC chairman, Greg Medcraft, warned AFSLs that cyber-attacks posed a "major risk" to the financial services sector.
"The electronic linkages within the financial system mean the impact of a cyber-attack can spread quickly—potentially affecting the integrity and efficiency of global markets, and trust and confidence in the financial system," he said.
"This report outlines some ‘health check prompts' to help businesses review their cyber resilience—including flagging relevant legal and compliance requirements, particularly on risk management and disclosure.
"We encourage businesses, particularly where their exposure to a cyber-attack may have a significant impact on financial consumers and investors or market integrity, to consider using the United States' NIST Cybersecurity Framework to manage their cyber risks or stocktake their risk management practices."
The report stated that AFSLs were required to "explicitly identify the risks" they face and have measures in place to mitigate or avoid those risks.
ASIC said it expected AFSLs to ensure their risk management systems will:
- be based on a structured and systematic process that takes into account your obligations under the Corporations Act;
- identify and evaluate risks faced by your business, focusing on risks that adversely affect consumers or market integrity (this includes risks of non-compliance with the financial services laws);
- establish and maintain controls designed to manage or mitigate those risks; and
- fully implement and monitor those controls to ensure they are effective.
AUTHOR
Nicholas O'Donoghue
Recommended for you
A Sydney financial adviser has been permanently banned from providing any financial services, with the regulator deriding his “lack of integrity, trustworthiness and professionalism”.
Three months on from the first Insignia Financial bid from Bain Capital, what developments have taken place and how have the firm’s shareholders benefitted?
The Australian Financial Complaints Authority has shared how much its member fees will rise in the next financial year.
Advisers may say they struggle to meet their ethics CPD requirements, but the learnings are paying off as research finds it has helped to reduce adviser misconduct and financial fraud.
