Cyber threats include privacy breaches
Australian financial services licensees (AFSLs) and digital advice licensees should be aware that cyber security threats or incidents could encompass privacy breaches as per new legislation tabled to introduce mandatory data breach reporting.
Such was the warning from law firm, Holley Nethercote, which referred to the Privacy Amendment (Notifiable Data Breaches) Bill 2016 and ‘Regulatory Guide 255: Providing digital financial product advice to retail clients' released by the corporate regulator to warn licensees they should implement a cyber resilience program that would be linked with their privacy policies.
The law firm's partner, Paul Derham, said: "All I'm saying is the law around privacy is gaining momentum and what licensees need to realise is when they have a cyber security incident, that triggers a possible privacy incident and a possible contravention of Australian Privacy Principle 11, which is the obligation to keep information secure".
In addition, Derham, and commercial and financial services lawyer, Matthew Twomey, said RG255 was the first regulatory guide that highlighted that the threat of cyber security went beyond just digital advice providers.
The Australian Securities and Investments Commission (ASIC) provided industry specific guidance but emphasised that it applied across the board to all licensees as everyone used software, platforms, and servers in their businesses, they said.
"ASIC is pinning that back to what we call the 10 commandments in section 912A of the Corporations Act, one of them being having the obligation on a licensee to have adequate risk management systems, and adequate IT resources is another obligation," Derham said.
These stipulated obligations, combined with the magnitude of cyber security issues facing AFSLs and digital advice licensees, indicated that ASIC was justifiably escalating its focus in this area, he said.
AUTHOR
Malavika Santhebennur
Recommended for you
The FSCP has announced its latest verdict, suspending an adviser’s registration for failing to comply with his obligations when providing advice to three clients.
Having sold Madison to Infocus earlier this year, Clime has now set up a new financial advice licensee with eight advisers.
With licensees such as Insignia looking to AI for advice efficiencies, they are being urged to write clear AI policies as soon as possible to prevent a “Wild West” of providers being used by their practices.
Iress has revealed the number of clients per adviser that top advice firms serve, as well as how many client meetings they conduct each week.
