The Australian Securities and Exchange Commission (ASIC) has warned of the dangers of offshore assignment.
ASIC calls on financial services entities to enhance governance and risk management after a review that found weaknesses in using offshore services providers (OSPS) by exposing consumers and investors to possible harm.
The revision of the use of OSPS by licensed financial advice and responsible entities (RES) of registered investment projects found that the quality of the risk management arrangements associated with their use varies significantly, with certain entities not having a framework.
Asic Alan Kirkland’s commissioner said the holders of Australian Financial Service (AFS) are ultimately responsible for the operation of their businesses, even when they are entrusted to external service providers directly or through intermediate.
“Advice residents and resin can entrust external partners, but they cannot assign their fundamental obligations to third parties,” said Commissioner Kirkland.
“When the franchisees neglect their responsibilities, consumers, investors and financial service businesses can be exposed to damage, such as the exposure of personal information through cyberspace.”
Commissioner Kirkland said Australian AFS holders should have sufficient skills to identify independently the essential risks and to evaluate the performance and continued suitability of the OSP.
“The more critical the external function, the greater the risks to consumers and investors,” Commissioner Kirkland said.
“The risks can worsen when external functions are not sufficiently supervised, especially if they are assigned to external partners.
Commissioner Kirkland has also suffered critical risks linked to the loss of control of basic business functions in OSPS, operational disorders and conflicting OSPS obligations subject to foreign laws.
“Financial service companies cannot leave their guard. Cyber attacks, for example, are more widespread and increasing in complexity. All franchisees must actively review the frameworks of governance and address issues that threaten to undermine public confidence in their business and in turn the financial system.
ASIC will continue to monitor the rule and risk management frameworks of the financial services entities and, where necessary, keep them accountable for failure to have the right procedures to protect consumer and investor interests.
In relation to general cyberspace concerns, ASIC has taken action against Fiig Securities and Fortnum Private Wealth for alleged failures to adequate cyber security risk management.
In 2022, the Federal Court also ruled in favor of ASIC in a milestone case against RI’s advice, which was found to have violated its obligations to act effectively and fairly when it failed to have adequate risk management systems for cyber security risk management systems.
Where functions are assigned to external partners, the franchisees must:
- Have set measures to ensure that proper skill and care is taken when selecting appropriate service providers,
- Watch the ongoing performance of service providers and
- It deals appropriately with the actions of services providers that violate the service level agreements or the licensee’s general obligations.
Inadequate supervision of external functions could lead to damaging effects on license, compliance with legal obligations and cause harm to consumers.