RG255 should apply to all advice businesses
The corporate regulator's guidance on digital advice, RG255, surrounding expectations for digital advice licensees should be equally applied to existing financial advice businesses, Holley Nethercote lawyers believe.
The law firm's partner, Paul Derham, and lawyer, Matthew Twomey, said the Australian Securities and Investments Commission's (ASIC's) guidance was only specified to "digital advice licensees".
"The funny thing is that they're making this statement about expectations to digital advice licensees but most financial planners in Australia rely on cloud hosted software providers such as Xplan, Coin, and Midwinter — I think this standard should equally apply for existing businesses," Derham said.
"What we're saying is the reality is that all financial planners that have cloud-based software that they are using to deliver their advice and in fact one really common form of cyber security breach is third party cyber security breach that a regulated business relies on.
"ASIC sets out all these expectations about cyber security and information security and we think it should probably apply to all financial advisers because of the way they're actually structured."
Derham noted ASIC's August report on enforcement outcomes that stated: "We will take appropriate enforcement action by accepting enforceable undertakings or issuing infringement notices where we identify wrongdoing — for example, where disclosure by companies and issuers provides insufficient information on cyber threats".
"That's ASIC saying ‘we expect businesses to warn their customers about cyber threats' and that's a totally new angle and we've never seen that before from ASIC," Derham said.
"So for financial advisers this could mean warning your clients in your FSG [financial services guide] that they may suffer a loss if there's a cyber-attack or if their email address is compromised. In the same way they may suffer a loss or disruption in services if the licensee is subject to a cyber-attack. So there's this disclosure piece that is completely new."
Twonmey said their firm was advising their clients to talk with their internet services providers and software providers to check against standards that have been set out.
Recommended for you
Proposed legislative changes to safe harbour duty could result in advisers having reduced professional indemnity costs, a joint submission by seven major licensees said.
With 66 per cent of newly established advice licensees being sole advisers, what are the risks and legal ramifications to consider when taking the plunge into self-licensing?
Despite its popularity, only 1 per cent of financial advisers say they have often discussed cryptocurrency with clients, CoreData said, fuelled by concerns of heavy legal expenses if the product goes wrong.
AFCA and the CSLR have signed a memorandum of understanding as to how they will support an efficient financial services sector via the scheme.