www.financialstandard.com.au
24 July 2023 | Volume 21 Number 14
05
13
24
Vincent Stranges, Generation Life
ART, Iress, Praemium
Equity Trustees, MaxCap
Opinion:
Feature:
Product showcase:
07
14
Andrew Baker, Ignition Advice
Managed accounts
Industry grapples with looming cyber threats Chloe Walker
W
ith the threat of cyber-attacks growing by the day, leadership teams in all areas of financial services are being urged to ramp up cybersecurity protections, with the regulators keeping a keen eye on their efforts. But while major institutions might be well resourced to respond, financial advisers are falling behind. In recent months, several major institutions have fallen victim to cyber breaches, most notably NGS Super. According to MinterEllison’s 2023 Cyber Risk Report, 82% of survey respondents from the financial services sector ranked cyber risk among their top five priorities. However, only half of respondents (across all sectors) believed their organisation had sufficient resources to monitor and respond to its cybersecurity needs. MinterEllison technology and data partner Paul Kallenbach says the last 12 months have seen a significant increase in the sophistication and frequency of cyber-attacks. “In general terms, I do believe that Australian financial services organisations are focused on preparing for future cyber-attacks,” Kallenbach says. This is driven, in part, by layers of cyber-related regulation, including the Privacy Act, the Corporations Act, and the Security of Critical Infrastructure Act. Moreover, with the recent large scale data breaches in Australia, Kallenbach says the sector is understandably very nervous about, and therefore focused on mitigating, this risk. Regulators are also focused on it. In June, ASIC launched a cyber pulse survey to measure cyber resilience, open to all ASIC-regulated entities for the first time. In a statement to Financial Standard, ASIC confirmed most respondents so far have opted in to receive an individual report, providing insight as to how their cyber resilience compares to their peers. Meanwhile, APRA is assessing more than 300 of its regulated entities’ compliance with CPS 234 Information Security. So far, 24% of entities have been reviewed, finding several concerning gaps including incident response plans not being regularly reviewed or tested. Bright Corporate Law principal David Jacobson says serious penalties and costs can apply to licensees who fail to protect confidential and sensitive personal information of clients. Referencing the Federal Court judgement in
ASIC v RI Advice Group, in which RI Advice was found to have failed its cybersecurity obligations, Jacobson says regulatory expectations are ramping up. “The proceedings against RI Advice are of interest because they show ASIC’s appetite to take enforcement action against companies that fail to meet reasonable standards in managing cyber risks,” he notes. And APRA regulations are now designed to make sure that financial institutions know what data they have and test to ensure systems are as secure as possible, with a requirement to report serious data breaches to the Privacy Commissioner as well as affected individuals. “Of course, there can always be human error. Therefore, on an organisational level, APRA requires the training of employees and education of customers to make sure financial institutions are as secure as they can be,” Jacobson says. However, at the other end of town, The Cyber Collective founder Fraser Jack says financial advice practices are in dire need of support. “The government is doing a very good job of combining resources and trying to come at this from a ‘one government’ point of view, but unfortunately smaller advice firms are falling through the cracks,” he says. “Larger firms already have a lot of security in place, whereas it’s always been really difficult for the small ‘mum and dad’ businesses to hold fort because they don’t have all the cyber teams working for them.” To prevent cyber-crime, Jack encourages advisers to look at three key areas of practice: technology, training, and testing. “Firstly, setting the tech is an essential. Secondly, we look at training the teams, or what I call ‘rebooting the humans’, and the third area is being able to provide proof. For example, undertaking an audit or being able to demonstrate competence,” he says. Jack also reminds practice owners to consider supply chain risks with third-party providers; ask the right questions and don’t just assume they have adequate processes in place. He adds that having a strong cybersecurity plan in place not only strengthens a business but can improve client relationships, saying: “There’s a huge opportunity for advisers to have proactive conversations with their clients about their cybersecurity processes.” fs
Executive appts:
BTL:
32 Profile:
Angus Whiteley, Stafford Capital Partners
Bullock to be next RBA governor Cassandra Baldini
Fraser Jack
founder The Cyber Collective Australia
Prime Minister Anthony Albanese and Treasurer Jim Chalmers announced Michele Bullock will take over as Reserve Bank of Australia (RBA) governor from Philip Lowe in September. Chalmers said the government is proud to announce the ninth governor, confirming the appointment will be effective September 18. In making the announcement, Albanese acknowledged Lowe’s seven-year service and thanked him for his tenure. “We respect and appreciate the remarkable dedication and contribution he has made to our country and our economy, and the way he has conducted himself in a difficult role at a challenging time,” Chalmers said. At the same time, he said Bullock is an accomplished economist with wide experience at the RBA, including her most recent role as deputy governor. In total, she has served close to 17 years with the central bank. Her responsibilities at the RBA have included
Continued on page 4
Adviser demand rises: Recruiter The financial advice industry is experiencing a buoyant jobs market in 2023, according to a specialist recruitment firm, particularly in the last three months which saw healthy demand for associate adviser roles. Recruit2Advice principal Dugald Braithwaite said advisers and practices that are “well set in the market with a good reputation” are currently inundated with referrals and approaches from new clients. “This suggests the value of advice is highly regarded in the Australian community and sought after, even with upward pricing pressures to deliver advice in recent years,” he said. “We are seeing 50% in newly created roles, whilst the remainder are to replace advisers moving to self-employed or changing careers.” In the last three months, Braithwaite has seen the market shift rapidly. High demand is coming from the employers who want to re-adopt the associate adviser role,
Continued on page 4