From cyber security threats to external reviews, a new survey has uncovered the most notable compliance concerns for Australian financial services licensees (AFSLs).
Financial services law and compliance firm Holley Nethercote’s 2024 compliance trends survey canvassed over 160 participants, including 147 AFSLs.
The paper identified cyber security as “the greatest identified compliance risk and concern” for advice licensees. However, while it was a big concern, nearly 40 per cent of those surveyed had failed to put together a documented cyber resilience policy.
The financial services industry is uniquely exposed to cyber risk due to the vast amounts of sensitive data and funds these companies manage.
Consequently, the Australian Institute of Company Directors’ (AICD) bi-annual Director Sentiment Index released in April found that cyber crime and data security are a significantly higher concern for financial services directors compared to companies overall.
The potential wider impacts of a cyber attack can include significant recovery costs, reputational damages from the loss of customer confidence and legal ramifications through class action lawsuits raised by those impacted, according to WTW.
Paul Derham, Holley Nethercote managing partner, said: “The reality is, pretty much all business owners and senior leaders are frequently considering real and present risks to their business. Sometimes they lie awake at night thinking about these things.”
Derham emphasised a recent Federal Court case as an example of licensees’ core compliance obligations. In April, wholesale licensee Lanterne Fund Services was ordered to pay a $1.25 million penalty for operating as a “licensee for hire”.
“The recent ASIC versus Lanterne case put a price on many of these general obligations of $250,000 per obligation for a licensee that had a few hundred authorised representatives which only serviced wholesale clients. The amount could be much more per obligation in different circumstances, and the case serves as a reminder that licensees need to understand – and do something about – these obligations,” he explained.
In addition, Holley Nethercote’s survey examined AFSLs’ monitoring and supervision activities.
While internal reviews of a licensee’s operations are relatively frequent, with most licensees conducting one or two reviews a year, nearly 20 per cent of licensees do not commission any external reviews of their business operations.
“The law is not prescriptive in how often a licensee should be reviewing its operations and there is no requirement to have an external review,” the managing partner noted.
He added: “Interestingly, reviews of systems and processes were taken into account much more this year for advisers.”
Some 66 per cent of financial advisers considered this as part of their review, up from 47 per cent of respondents in 2023.
ASIC and AI
As advice firms look to improve their compliance processes, financial technology firm Padua expects ASIC to eventually use artificial intelligence (AI) in its compliance and audit checks of advisers.
“Potentially, down the track, we think AI could be used to check if advisory firms are meeting regulatory requirements and to check for compliance in advice documents, and in other supporting materials such as file notes,” commented Matthew Esler, Padua’s co-chief executive.
The corporate regulator’s chair Joe Longo already told a Senate select committee last month that it had been running two pilot AI programs, including one to read public submissions.
Noting the rising uptake of AI in advice practices, Esler reminded advisers to ensure AI-generated file notes and fact find information comply with Australian regulations and laws.
“There’s a real risk for financial advice firms inadvertently providing recommendations in the information gathering stage which would necessitate an advice document within five days.
“We expect ASIC will be monitoring this. Firms too will have to manage their use of AI through a combination of robust technical measures, comprehensive understanding of the regulatory environment and continuous oversight,” the co-CEO continued.
The whole thing is a bit frightening especially the last note where notes on what might be done could result in the need for ….. before the deal is done?