However, there are still 5 key takeouts for all of the digital
advice providers out there operating in Australia (many of whom are
our existing clients), as well as a few useful 'heads up'
sections for people thinking about entering the already-congested
Australian robo market. We also manage to draw a poignant analogy
between the Kardashian sisters and Australian privacy law, so
please keep reading.
So, what do you need to do?
For existing robo-businesses, jump straight down to the key
takeouts section. For new market entrants, read on:
New market entrants: What do you need to do?
Read the regulatory guide! It steps you through getting a
licence 101, and tells you about your key obligations, the
difference between personal and general advice, and what
organisational competence means to ASIC. You'll quickly realise
that what it means to ASIC is something very different to what it
means to the rest of the industry.
As with any financial services business, it is necessary for a
digital advice provider to ensure that they have the competence to
provide the financial services that they are authorised to provide.
This means that although a robot is providing the advice, at least
one responsible manager needs practical regulated experience over
the last 3+ years, coupled with some relevant qualifications.
Also, keep an eye out for the commencement of ASIC's
regulatory sandbox initiative. It will be helpful to new
fintech businesses in the startup phase.
Key Takeout 1: Strengthen your cyber security defences
Did you know, according to
ASIC's Corporate Plan 2016-2017 released on 1 September
2016, cyber security incidents detected in 2015 in Australia
increased by 109% over the preceding year, a substantially faster
rate than the global average? It's no surprise that ASIC is
placing an increased emphasis on having the appropriate
technological resources in place to maintain client records and
data integrity, and to protect confidential information. The
takeout? Go straight to page 22 of the regulatory guide to see
ASIC's expectations around cyber security frameworks, such as
the National Institute of Standards and Technology's
Framework for improving critical infrastructure
If cyber security is the Kim Kardashian of regulatory themes
(she appears all over the internet despite your best intentions to
avoid her), then Australian Privacy Principle (APP) 11 -
Security of Personal Information - is the equivalent to her
lesser known younger-sister Khloé Kardashian. Still an
important person in her own right, this APP is often breached in
the event of a cybersecurity breach - your systems are compromised
and so is your customer's personal information.
(And just to show how sexy cyber security can be, read the
OAIC Report on the Ashley Madison privacy breach for a real
life case study of how things can go badly and publicly wrong.)
We suggest that you get your IT team to work through these
benchmark standards and ensure your security framework is
state-of-the-art, and your client data protection standards meet
APP requirements. Also, for all you fintech lovers, here's some
interesting Google Trend Analysis:
Interestingly, the phrase 'Khloe Kardashian' is more
popular than the phrase 'FinTech' when comparing search
behaviour over the past 12 years. It is still far less popular,
however, than the phrase 'Kim Kardashian' as Khloe is the
lesser known sister. The same rule applies, sadly, to Australian
Privacy Principle 11, despite its importance. Coincidentally, if
Kim Kardashian's details are put into the algorithm, the sheer
volume of searches for her literally breaks the algorithm in that
FinTech and Khloe's search results are so small that they are
unreadable (and yes, you can record this article as CPD).
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Providers should action the five takeouts in this article relating to ASIC RG 255 and providers of digital advice.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).