Practices urged to reassess outsourcing arrangement amid ASIC review
Specialist consultancy firm Vital Business Partners (VBP) has thrown its support behind ASIC’s review of advice businesses’ use of offshore service providers, urging advisers to reassess their own set-ups.
The Australian Securities and Investments Commission’s (ASIC) review into the use of offshore service providers (OSPs) by AFS licensees and responsible entities found that risk management arrangements “varied significantly” in terms of assessing the quality of offshore services, with some having no framework.
According to ASIC commissioner Alan Kirkland, Australian Finance Services (AFS) licensees are ultimately responsible for the operation of their businesses, including when outsourcing to offshore providers, directly or through an intermediary.
“Advice licensees and REs can outsource services, but they cannot outsource their fundamental obligations,” Kirkland said last month.
One potential unintended consequence of outsourcing, particularly if due diligence has not been undertaken, is exposing a practice to cyber security threats.
Already, smaller to medium sized firms are attractive targets for cyber criminals due to the quantities of information they hold on clients, with off-shore out-sourcing adding another level of vulnerability if the organisation’s security practices are not up to standard.
VBP chief executive Nathan Jacobsen said the ASIC report highlighted the wide discrepancies that can exist between outsourcing models in terms of governance and compliance.
“VBP is highly supportive of ASIC’s recommendations and heightened focus on offshore outsourcing to ensure that both consumers and advice businesses are not unnecessarily exposed to harm, such as their data being stolen through cyber incidents,” he said.
According to ASIC, licensees and advisers are exposed to critical risks associated with the loss of control over key functions to OSPs, disruptions to operational services and conflicting obligations due to foreign laws, requiring them to urgently close governance gaps and address weaknesses in their use of offshore providers.
Jacobsen added: “Whether a business has a direct outsourced contracting arrangement or uses an intermediary, the obligations around areas like data, privacy and cyber security are the same.
“For those that choose to go direct, sole responsibility for assessing and monitoring outsourcing risk can be a significant burden.”
He also suggested the advice profession should expect a greater level of scrutiny of offshore outsourcing arrangements, given the growing number of practices looking overseas to help them scale sustainably.
“It is in the best interests of consumers, advisers and the broader industry that all parties involved in the provision of advice, including suppliers and contractors, operate with a continuous focus on improving information security practices,” Jacobsen said.
“The risks are only rising guaranteeing further regulatory scrutiny, and possibly intervention, if the industry cannot effectively and proactively manage these risks.”
Recommended for you
Marking off its first year of operation, Perth-based advice firm Leeuwin Wealth is now looking to strengthen its position in the WA market, targeting organic growth and a strong regional presence.
Financial services software firm Iress has unveiled a new business efficiency program with the aim of permanently lifting its profit margin as the business enters a leaner, growth-focused phase.
AUSIEX has revealed the top traded stocks for October, noting significant jumps in advised investor trading, while ETFs also reported higher activity.
The Financial Advice Association Australia has implored advisers to reevaluate their exposure to AML/CTF obligations ahead of new reforms that will expand their compliance requirements significantly.
