Skip to main content

Financial services licences now conditional on cybersecurity measures

/
Content updates

Australian Financial Services Licensees, and their authorised representatives, are now on notice from ASIC to manage their cybersecurity risks in compliance with their obligations under the Corporations Act 2001 (Cth). Grant Holley from Holley Nethercote Lawyers revises annotations to the Act.

In ASIC v RI Advice Group Pty Ltd [2022] FCA 496, the licensee agreed that it had breached s 912A(1)(a) and (h) which require that licensees must ensure that the financial services covered by the licence are provided efficiently, honestly and fairly, and have adequate risk management systems. 
Between 2014 and 2020, RI Advice Group’s risk management practices permitted some of its authorised representatives to have taken inadequate cybersecurity measures including failing to have up-to-date antivirus software, system backups, email quarantine and password practices. Several of its clients were affected by cybersecurity incidents. One such incident enabled a hacker to access an authorised representative’s server for several months to collect private information about thousands of clients. Not all the funds fraudulently transferred were recovered. 
This is the first time that ASIC has used its enforcement powers about cybersecurity risk controls and the Federal Court’s first consideration of the topic through the lens of the licensees’ general obligations in s 912A. It’s unlikely to be the last.  
The July 2022 update of Robson’s Annotated Corporations Legislation in Thomson Reuters' Corporations Law Practice Area features revisions by Grant Holley of Holley Nethercote Lawyers to Parts 7.6 (including s 912A) and 7.8 of the Corporations Act.
 

By Nick Jewlachow
Senior Content Manager, Analytical Law

Nick has over 20 years’ worth of experience in publishing, commissioning and editing experts’ contributions on corporate and tax law in Australia.

Speak to a consultant

Can't find an answer to your question?
Contact our support team.

Request training

Contact our team to arrange training.

Tell us what you think

We'd love to hear what you think
of our products and support.