RI Advice cybersecurity case will be first of many


The Federal Court’s ruling that RI Advice failed to have adequate cybersecurity risk management systems is a sign of things to come, according to the Cyber Security Research Centre.
In May, RI Advice was found to have breached its Australian Financial Services license obligations on multiple occasions over a six-year period between June 2014 and May 2020 as it failed to have adequate risk management systems to manage cybersecurity risks. RI Advice was ordered to pay $750,000 in court costs but did not receive a fine as the breaches occurred before 2018
However, for breaches later than 2018, fines could be as much as $525 million following changes to legislation.
Speaking at the Stockbrokers and Investment Advisers Association (SIAA) conference, Cyber Security Research Centre chief executive, Rachael Falk, said the case “was a sign of things to come [as] all regulators were waking up to cybersecurity”.
She said she was disappointed to see that the case was settled as further cybersecurity legal precedent could help the industry in the long term.
As the cybersecurity failings stretched a period of six years, Falk asked what role management played or did not play.
“As you probably all know, there was an M&A transition when RI Advice became part of IOOF [in 2018]. But also where was the board and what was the board told? They may have absolutely been in the dark and that’s a whole other issue.”
Falk’s views were echoed by McGrathNicol partner, Shane Bell, who said the Federal Court’s ruling on cybersecurity failings had ‘drawn a line in the sand’.
“I think it’s drawing a bit of a line in the sand and that is that this is a significant issue that relates to Australian Financial Services licensee holding and Corporations Act requirements and that doing nothing isn’t good enough,” he said.
Bell was appointed by the court as an independent expert on the matter and could therefore only share general information about the case, noting it had sent a clear message to the industry on the need for adequate cybersecurity safeguards.
He said the case showed firms needed to conform to minimum cybersecurity standards by having a system management approach with a cybersecurity program that was managed on an ongoing basis to keep risk thresholds within acceptable levels.
Recommended for you
Nearly 30 financial advisers have joined a new AFSL, with the majority coming from ex-AMP licensee Charter Financial Planning, which is now owned by Entireti.
Global wealth manager Canaccord Genuity has unveiled five strategic priorities for its wealth management business in Australia as it announces its quarterly results.
ASIC has taken action against a Queensland adviser who was sentenced last May for misappropriating $1.8 million from his clients.
WT Financial managing director, Keith Cullen, says the firm is looking inward when it comes to M&A, with a focus on helping practices in its network become “bigger, better and stronger” via scaling up.