ASIC has commenced proceedings against RI Advice Group Pty Ltd in the Federal Court of Australia for alleged failure to have adequate cyber security systems in place.  This marks the first time that ASIC have instituted proceedings of this kind recognising the importance of cyber security as well as the continued spotlight on financial services boards.

RI Advice Group Pty Ltd are an Australia Financial Services licence holder.  They are currently a wholly owned subsidiary of IOOF Holdings Limited and, prior to 1 October 2018, they were a wholly owned subsidiary of Australia and New Zealand Banking Group Limited.

ASIC is seeking:

  • declarations that RI contravened provisions of the Corporations Act, specifically sections 912A(1)(a), (b), (c), (d) and (h) and (5A);
  • orders that RI pay a civil penalty in an appropriate amount to be determined by the Court; and
  • compliance orders that RI implements systems that are reasonably appropriate to adequately manage risk in respect of cybersecurity and cyber resilience and provide a report from a suitably qualified independent expert confirming that such systems have been implemented.

The Court has vacated the case management hearings listed for 18 September 2020 to 11 December 2020 and it is now listed on 19 February 2021 at 9:30am.  In light of the recent government focus on cyber security and resilience, this will be a very interesting case to keep an eye on.

Click here to read more and to follow the case.

Stacey Brennan
Lawyer & Chief of Staff