RG255 should apply to all advice businesses
The corporate regulator's guidance on digital advice, RG255, surrounding expectations for digital advice licensees should be equally applied to existing financial advice businesses, Holley Nethercote lawyers believe.
The law firm's partner, Paul Derham, and lawyer, Matthew Twomey, said the Australian Securities and Investments Commission's (ASIC's) guidance was only specified to "digital advice licensees".
"The funny thing is that they're making this statement about expectations to digital advice licensees but most financial planners in Australia rely on cloud hosted software providers such as Xplan, Coin, and Midwinter — I think this standard should equally apply for existing businesses," Derham said.
"What we're saying is the reality is that all financial planners that have cloud-based software that they are using to deliver their advice and in fact one really common form of cyber security breach is third party cyber security breach that a regulated business relies on.
"ASIC sets out all these expectations about cyber security and information security and we think it should probably apply to all financial advisers because of the way they're actually structured."
Derham noted ASIC's August report on enforcement outcomes that stated: "We will take appropriate enforcement action by accepting enforceable undertakings or issuing infringement notices where we identify wrongdoing — for example, where disclosure by companies and issuers provides insufficient information on cyber threats".
"That's ASIC saying ‘we expect businesses to warn their customers about cyber threats' and that's a totally new angle and we've never seen that before from ASIC," Derham said.
"So for financial advisers this could mean warning your clients in your FSG [financial services guide] that they may suffer a loss if there's a cyber-attack or if their email address is compromised. In the same way they may suffer a loss or disruption in services if the licensee is subject to a cyber-attack. So there's this disclosure piece that is completely new."
Twonmey said their firm was advising their clients to talk with their internet services providers and software providers to check against standards that have been set out.
Recommended for you
The month of April enjoyed four back-to-back weeks of growth in financial adviser numbers, with this past week seeing a net rise of five.
ASIC has permanently banned a former Perth adviser after he made “materially misleading” statements to induce investors.
The Financial Services and Credit Panel has made a written order to a relevant provider after it gave advice regarding non-concessional contributions.
With the election taking place on Saturday (3 May), Adviser Ratings examines how the two major parties could shape the advice industry in the future.
