RG255 should apply to all advice businesses
The corporate regulator's guidance on digital advice, RG255, surrounding expectations for digital advice licensees should be equally applied to existing financial advice businesses, Holley Nethercote lawyers believe.
The law firm's partner, Paul Derham, and lawyer, Matthew Twomey, said the Australian Securities and Investments Commission's (ASIC's) guidance was only specified to "digital advice licensees".
"The funny thing is that they're making this statement about expectations to digital advice licensees but most financial planners in Australia rely on cloud hosted software providers such as Xplan, Coin, and Midwinter — I think this standard should equally apply for existing businesses," Derham said.
"What we're saying is the reality is that all financial planners that have cloud-based software that they are using to deliver their advice and in fact one really common form of cyber security breach is third party cyber security breach that a regulated business relies on.
"ASIC sets out all these expectations about cyber security and information security and we think it should probably apply to all financial advisers because of the way they're actually structured."
Derham noted ASIC's August report on enforcement outcomes that stated: "We will take appropriate enforcement action by accepting enforceable undertakings or issuing infringement notices where we identify wrongdoing — for example, where disclosure by companies and issuers provides insufficient information on cyber threats".
"That's ASIC saying ‘we expect businesses to warn their customers about cyber threats' and that's a totally new angle and we've never seen that before from ASIC," Derham said.
"So for financial advisers this could mean warning your clients in your FSG [financial services guide] that they may suffer a loss if there's a cyber-attack or if their email address is compromised. In the same way they may suffer a loss or disruption in services if the licensee is subject to a cyber-attack. So there's this disclosure piece that is completely new."
Twonmey said their firm was advising their clients to talk with their internet services providers and software providers to check against standards that have been set out.
Recommended for you
ASIC has accepted a court enforceable undertaking from a Perth-based company auditor who failed to adequately conduct multiple audits on an advice firm that receivers say has $100 million missing.
After a brutal month for adviser numbers, the net loss for June now stands at more than 100 advisers, but the financial year is still on track to end in positive territory.
Two advice platforms have been identified by Adviser Ratings as standouts for efficiency as time-pressured advisers become evermore fickle in their platform selection.
Private wealth manager Escala Partners has increased its alternatives allocations to more than a third in the past three years, describing the asset class as offering “fertile ground” for diversification.
