Future cybersecurity breaches could incur $525m penalties
Firms which fail to have adequate risk management systems to manage cybersecurity risk could be fined as much as $525 million by the regulator in the future.
Yesterday, RI Advice was found to have breached its Australian Financial Services license obligations to act efficiently and fairly when it failed to have adequate risk management systems to manage cybersecurity risks. This occurred between June 2014 and May 2020.
While RI Advice had to pay $750,000 in costs, it did not receive a penalty now or in any later hearing as the breach occurred before it was a civil penalty.
However, for any future breaches, firms would incur significant penalties which could be as high as $525 million, the regulator said.
Speaking to Money Management, an ASIC spokesperson said: “The maximum penalties available for a breach of section 912A(1) are now:
- The greatest of $10.5 million;
- Three times the benefit obtained; or
- 10% of annual turnover (capped at $525 million).
“If appropriate, ASIC may seek substantial civil penalties in future cases, if licensees breach their obligations to manage cybersecurity risk”.
AUTHOR
Laura Dew
Recommended for you
Sequoia Financial Group has declined by five financial advisers in the past week, four of whom have opened up a new AFSL, according to Wealth Data.
Insignia Financial chief executive Scott Hartley has detailed whether the firm will be selecting an exclusive bidder for the second phase of due diligence as it awaits revised bids from three private equity players.
Insignia Financial has reported a statutory net loss after tax of $17 million in its first half results, although the firm has noted cost optimisation means this is an improvement from a $50 million loss last year.
With alternative funds being described as “impossible” for fund managers to target towards advisers without the support of BDMs for education, Money Management explores the evolving nature of the distribution role.
