RI Advice flagged as cautionary cyber security tale

RI Advice cybersecurity ASIC Joe Longo cyber attack

23 May 2024
| By Laura Dew |
image
image
expand image

ASIC has flagged the case of RI Advice as an example of the need for cyber security measures within a financial services firm. 

Appearing before a Senate Select Committee into Adopting Artificial Intelligence earlier this week, ASIC chair Joe Longo told the committee that it is imperative for firms to know where their data is held. 

Asked by a select committee member how ASIC could hold directors liable for harmful actions that were the result of AI-decision making, Longo said directors could not ignore what is happening in their businesses from a tech perspective. 

“It starts with curiosity and asking the right questions. What ASIC expects of directors is to be informing themselves of this topic, do they know where their data is? Is it in the hands of a third-party provider, is it in the cloud, how are you protecting that data?

“A cyber attack is almost inevitable, what is your response plan and how are you taking steps for that? What gives you confidence in those steps?

“We need more scientists on boards, those people who are data literate. This goes back to the fundamental question of you won’t understand what is happening unless you ask the right questions of the right people.”

As to how people could be held liable, Longo referenced the case from May 2022 related to advice licensee RI Advice

In this matter, the Federal Court found RI Advice had breached its licence obligations to act efficiently and fairly when it failed to have adequate risk management systems to manage its cyber security risks.

A significant number of cyber incidents occurred at authorised representatives of RI Advice between June 2014 and May 2020. In one instance, an unknown malicious agent obtained, through a brute force attack, unauthorised access to an authorised representative’s file server from December 2017 to April 2018 before being detected, resulting in the potential compromise of confidential and sensitive personal information of several thousand clients and other persons.

Longo said: “We’ve run a couple of cases at ASIC, the most famous of which is that of AFSL RI Advice for basically having no systems in place for cyber security. 

“Do we need changes in the law to make it more specific or prescriptive in our existing director duties to deal with AI and cyber security? That’s a discussion for another day, but at the end of the day, the law and ASIC can intervene and go to court in some actionable circumstances. 

“In this area there is a role for enforcement and court-based outcomes, but it cannot be a complete solution. We need to be constantly encouraging businesses to take it seriously; it is the directors’ responsibility.”

While the RI Advice breach occurred before March 2019, therefore not incurring a penalty, future breaches by firms after this date would incur significant penalties of as much as $525 million.

Avoiding ‘fatalistic fears’

In a separate speech to the ASIC x UTS: AI Regulator Symposium in Sydney on 21 May, Longo detailed the role of government and regulators in shaping how AI is designed and deployed. 

“Like all technology, AI is the product of human ingenuity and can therefore, by definition, be understood. Moreover, it is the job of government and regulators to ensure that these systems are explainable and transparent.

“Fatalistic fears of sentient technology overrunning humanity are the stuff of nightmares – and science fiction. We should not let these existential anxieties – grimly enthralling though they are – distract us from the task at hand.

“Our job is to mitigate the known risks – and, in doing so, bend the trajectory away from the worst imagined outcomes, so that they never materialise.”

Longo said he is hopeful that AI can be deployed to bring about positive change, but a strong regulatory framework is needed to manage it safely. 

“Across Australia, a consensus is developing: we need a strong regulatory framework to steer the course of AI towards its safe and responsible development and use. A framework that enables technological innovation to flourish, so that it can deliver the promised economic benefits and productivity improvements. But not at the expense of consumers and investors.”

Read more about:

AUTHOR

Add new comment

The content of this field is kept private and will not be shown publicly.

Recommended for you

sub-bgsidebar subscription

Never miss the latest news and developments in wealth management industry

MARKET INSIGHTS

JOHN GILLIES

tHOSE 989 WHO ARE CEASED WILL GO ON TO LIVE A LONG AND HEALTHY LIFE JG...

4 days 6 hours ago
Chris Cornish

What a sticth-up. Looks like Labor Senator Jess Walsh follows Stephen Jones who follows what the industry super funds ...

4 days 3 hours ago
Peter Swan

This report is a blatant display of far-left factional partisanship, treating superannuation funds as state property and...

4 days 4 hours ago

ASIC has cancelled the AFS licence of a Sydney wealth firm, the fifth Sydney firm to see a cancellation since the start of the year....

2 weeks 5 days ago

More than 20 winners from the funds management industry have been crowned at this year’s awards....

1 week 5 days ago

ASIC has obtained interim orders from the Federal Court to freeze the assets of a registered managed fund and prevent its former director from leaving Australia. ...

6 days 3 hours ago

TOP PERFORMING FUNDS

ACS FIXED INT - AUSTRALIA/GLOBAL BOND