AFSLs must prioritise cyber resilience
Australian financial services licensees (AFSLs) that have not incorporated cyber resilience in their risk management systems will not be satisfying this licence obligation, a law firm warned.
Holley Nethercote senior lawyer, Fiona McCord, said licensees should be reviewing information technology resources based on not only their ability to avoid, manage, and respond to a cyber incident but also the ability to keep providing the financial services.
McCord said licensees must have adequate information technology resources to provide the financial services covered by the licence.
“If your information is locked down and you must pay a ransom, what will you do? Can you continue to provide the financial services? Have you identified the resources that your business needs to prevent cyber incidents?” McCord asked.
“Have you identified your vulnerability and exposure to cyber incidents? Do you know what the risks are, and have you assessed what controls you need to deal with them?”
McCord said licensees possess highly personal information which makes them vulnerable to criminal activities such as identity fraud, which could be sold for a high price.
This secondary market for personal information and the inability to conduct business would mean businesses would be more willing to pay a ransom to have the information unlocked and returned, she said.
Recommended for you
As the first quarter of 2024 comes to a close, Money Management looks back on the corporate regulator’s bans and AFSL cancellations in the financial advice sector.
Insignia Financial is holding ‘relatively steady’ onto its rank as Australia’s second-largest financial advice licensee after the Godfrey Pembroke exit but Count is hot on its heels.
Liberal senator Slade Brockman has said the government needs to have a “cold hard look” at the level of regulation in the financial advice space and the costs of running a business.
FAAA chief executive, Sarah Abood, has warned changes in the first tranche of the QAR legislation around advice fees documentation could create more work for advisers rather than less.