RI Advice cybersecurity case will be first of many
The Federal Court’s ruling that RI Advice failed to have adequate cybersecurity risk management systems is a sign of things to come, according to the Cyber Security Research Centre.
In May, RI Advice was found to have breached its Australian Financial Services license obligations on multiple occasions over a six-year period between June 2014 and May 2020 as it failed to have adequate risk management systems to manage cybersecurity risks. RI Advice was ordered to pay $750,000 in court costs but did not receive a fine as the breaches occurred before 2018
However, for breaches later than 2018, fines could be as much as $525 million following changes to legislation.
Speaking at the Stockbrokers and Investment Advisers Association (SIAA) conference, Cyber Security Research Centre chief executive, Rachael Falk, said the case “was a sign of things to come [as] all regulators were waking up to cybersecurity”.
She said she was disappointed to see that the case was settled as further cybersecurity legal precedent could help the industry in the long term.
As the cybersecurity failings stretched a period of six years, Falk asked what role management played or did not play.
“As you probably all know, there was an M&A transition when RI Advice became part of IOOF [in 2018]. But also where was the board and what was the board told? They may have absolutely been in the dark and that’s a whole other issue.”
Falk’s views were echoed by McGrathNicol partner, Shane Bell, who said the Federal Court’s ruling on cybersecurity failings had ‘drawn a line in the sand’.
“I think it’s drawing a bit of a line in the sand and that is that this is a significant issue that relates to Australian Financial Services licensee holding and Corporations Act requirements and that doing nothing isn’t good enough,” he said.
Bell was appointed by the court as an independent expert on the matter and could therefore only share general information about the case, noting it had sent a clear message to the industry on the need for adequate cybersecurity safeguards.
He said the case showed firms needed to conform to minimum cybersecurity standards by having a system management approach with a cybersecurity program that was managed on an ongoing basis to keep risk thresholds within acceptable levels.
Recommended for you
Sharing his reasoning in joining the FSC board, WT Financial chief executive, Keith Cullen, believes “product and advice cannot be separated” from each other in the current environment.
The Emerge Foundation, a charity run by financial advisers and fund managers, has announced a scholarship program to help veterans transition into tertiary education.
In an open letter, Sequoia chief executive Garry Crole has hit out against shareholders “with a personal axe to grind” as he fights for his job ahead of an EGM.
The JAWG has announced it is in talks with Treasury around five “core principles” to strengthen the education standards for new entrants to the financial advice space.