Skip to main content

Webb Henderson acts for ASIC in successful cybersecurity proceedings against RI Advice

Webb Henderson has acted for ASIC in successful civil enforcement proceedings against RI Advice, an Australian Financial Services Licence holder, for breaching its obligations under s 912A(1) of the Corporations Act 2001 (Cth) by failing to implement adequate cybersecurity and cyber resilience measures across its Authorised Representative network.

The Federal Court has today declared that RI Advice contravened s 912A(1)(a) and (h) of the Corporations Act 2001 (Cth), and ordered RI Advice to implement a compliance program and contribute to ASIC’s costs. 

The Federal Court found that RI Advice failed to implement adequate cybersecurity and cyber resilience measures and exposed its Authorised Representatives’ clients to an unacceptable level of risk.  As a result, RI Advice breached s 912A(1)(a) by failing to do all things necessary to ensure the financial services covered by its Licence were provided efficiently and fairly, and s 912A(1)(a) by failing to have adequate risk management systems.

This is the first case to consider the requirement for AFSL holders to have “adequate risk management systems”, and the first to consider the application of the Licensee obligations in s 912A(1) to cybersecurity and cyber resilience.