Cyber threats include privacy breaches
Australian financial services licensees (AFSLs) and digital advice licensees should be aware that cyber security threats or incidents could encompass privacy breaches as per new legislation tabled to introduce mandatory data breach reporting.
Such was the warning from law firm, Holley Nethercote, which referred to the Privacy Amendment (Notifiable Data Breaches) Bill 2016 and ‘Regulatory Guide 255: Providing digital financial product advice to retail clients' released by the corporate regulator to warn licensees they should implement a cyber resilience program that would be linked with their privacy policies.
The law firm's partner, Paul Derham, said: "All I'm saying is the law around privacy is gaining momentum and what licensees need to realise is when they have a cyber security incident, that triggers a possible privacy incident and a possible contravention of Australian Privacy Principle 11, which is the obligation to keep information secure".
In addition, Derham, and commercial and financial services lawyer, Matthew Twomey, said RG255 was the first regulatory guide that highlighted that the threat of cyber security went beyond just digital advice providers.
The Australian Securities and Investments Commission (ASIC) provided industry specific guidance but emphasised that it applied across the board to all licensees as everyone used software, platforms, and servers in their businesses, they said.
"ASIC is pinning that back to what we call the 10 commandments in section 912A of the Corporations Act, one of them being having the obligation on a licensee to have adequate risk management systems, and adequate IT resources is another obligation," Derham said.
These stipulated obligations, combined with the magnitude of cyber security issues facing AFSLs and digital advice licensees, indicated that ASIC was justifiably escalating its focus in this area, he said.
AUTHOR
Malavika Santhebennur
Recommended for you
A financial advice firm has been penalised $11 million in the Federal Court for providing ‘cookie cutter advice’ to its clients and breaching conflicted remuneration rules.
Insignia Financial has experienced total quarterly net outflows of $1.8 billion as a result of client rebalancing, while its multi-asset flows halved from the prior quarter.
Prime Financial is looking to shed its “sleeping giant” reputation with larger M&A transactions going forward, having agreed to acquire research firm Lincoln Indicators.
An affiliate of Pinnacle Investment Management has expanded its reach with a London office as the fund manager seeks to grow its overseas distribution into the UK and Europe.
