RI Advice cybersecurity case will be first of many
The Federal Court’s ruling that RI Advice failed to have adequate cybersecurity risk management systems is a sign of things to come, according to the Cyber Security Research Centre.
In May, RI Advice was found to have breached its Australian Financial Services license obligations on multiple occasions over a six-year period between June 2014 and May 2020 as it failed to have adequate risk management systems to manage cybersecurity risks. RI Advice was ordered to pay $750,000 in court costs but did not receive a fine as the breaches occurred before 2018
However, for breaches later than 2018, fines could be as much as $525 million following changes to legislation.
Speaking at the Stockbrokers and Investment Advisers Association (SIAA) conference, Cyber Security Research Centre chief executive, Rachael Falk, said the case “was a sign of things to come [as] all regulators were waking up to cybersecurity”.
She said she was disappointed to see that the case was settled as further cybersecurity legal precedent could help the industry in the long term.
As the cybersecurity failings stretched a period of six years, Falk asked what role management played or did not play.
“As you probably all know, there was an M&A transition when RI Advice became part of IOOF [in 2018]. But also where was the board and what was the board told? They may have absolutely been in the dark and that’s a whole other issue.”
Falk’s views were echoed by McGrathNicol partner, Shane Bell, who said the Federal Court’s ruling on cybersecurity failings had ‘drawn a line in the sand’.
“I think it’s drawing a bit of a line in the sand and that is that this is a significant issue that relates to Australian Financial Services licensee holding and Corporations Act requirements and that doing nothing isn’t good enough,” he said.
Bell was appointed by the court as an independent expert on the matter and could therefore only share general information about the case, noting it had sent a clear message to the industry on the need for adequate cybersecurity safeguards.
He said the case showed firms needed to conform to minimum cybersecurity standards by having a system management approach with a cybersecurity program that was managed on an ongoing basis to keep risk thresholds within acceptable levels.
AUTHOR
Liam Cormican
Recommended for you
A global investment manager with more than $676 billion in AUM has announced a $345 million debt investment into Oaktree Capital-backed AZ NGA.
Three commentators unpack how firms are increasingly hiring client-facing investment specialists to support financial advisers in understanding the complexities of alternative investment funds.
Five male names are shared by over 10 per cent of the financial advice industry, according to CoreData, while a female name does not appear until number 43.
With the results for the first half of FY25 now in, Money Management takes a look at which of the three ASX-listed investment platforms has seen the highest FUA growth.
