RI Advice cybersecurity case will be first of many
The Federal Court’s ruling that RI Advice failed to have adequate cybersecurity risk management systems is a sign of things to come, according to the Cyber Security Research Centre.
In May, RI Advice was found to have breached its Australian Financial Services license obligations on multiple occasions over a six-year period between June 2014 and May 2020 as it failed to have adequate risk management systems to manage cybersecurity risks. RI Advice was ordered to pay $750,000 in court costs but did not receive a fine as the breaches occurred before 2018
However, for breaches later than 2018, fines could be as much as $525 million following changes to legislation.
Speaking at the Stockbrokers and Investment Advisers Association (SIAA) conference, Cyber Security Research Centre chief executive, Rachael Falk, said the case “was a sign of things to come [as] all regulators were waking up to cybersecurity”.
She said she was disappointed to see that the case was settled as further cybersecurity legal precedent could help the industry in the long term.
As the cybersecurity failings stretched a period of six years, Falk asked what role management played or did not play.
“As you probably all know, there was an M&A transition when RI Advice became part of IOOF [in 2018]. But also where was the board and what was the board told? They may have absolutely been in the dark and that’s a whole other issue.”
Falk’s views were echoed by McGrathNicol partner, Shane Bell, who said the Federal Court’s ruling on cybersecurity failings had ‘drawn a line in the sand’.
“I think it’s drawing a bit of a line in the sand and that is that this is a significant issue that relates to Australian Financial Services licensee holding and Corporations Act requirements and that doing nothing isn’t good enough,” he said.
Bell was appointed by the court as an independent expert on the matter and could therefore only share general information about the case, noting it had sent a clear message to the industry on the need for adequate cybersecurity safeguards.
He said the case showed firms needed to conform to minimum cybersecurity standards by having a system management approach with a cybersecurity program that was managed on an ongoing basis to keep risk thresholds within acceptable levels.
Recommended for you
It can be extremely hard to realise the gains from financial advice M&A, according to Peloton Partners’ Rob Jones, and more could be gained from firms looking inward at their own practice.
With platforms reporting their quarterly results, there is a clear divide in the adviser markets they are targeting, according to platform specialist Recep Peker, and which would be right for your clients.
The Federal Court has imposed a $10 million penalty on Macquarie Bank for failing to prevent and control unauthorised fee transactions by third parties including financial advisers.
A financial advice firm has seen a weekly decline of 10 advisers, with all moving to a new licensee, while Centrepoint Alliance continues its “growth story”.