Five takeouts for robo advisers following ASIC's new digital advice regulatory guide.

30 August 2016 marks the release of ASIC's much-anticipated RG 255: Providing Digital Advice to Retail Clients. Its arrival is somewhat lacklustre because it contains no departure from ASIC's existing policy direction around key issues like responsible manager competencydespite some great ideas being tabled in the earlier consultation paper.

However, there are still 5 key takeouts for all of the digital advice providers out there operating in Australia (many of whom are our existing clients), as well as a few useful 'heads up' sections for people thinking about entering the already-congested Australian robo market. We also manage to draw a poignant analogy between the Kardashian sisters and Australian privacy law, so please keep reading.

So, what do you need to do?

For existing robo-businesses, jump straight down to the key takeouts section. For new market entrants, read on:

New market entrants: What do you need to do?

Read the regulatory guide! It steps you through getting a licence 101, and tells you about your key obligations, the difference between personal and general advice, and what organisational competence means to ASIC. You'll quickly realise that what it means to ASIC is something very different to what it means to the rest of the industry.

As with any financial services business, it is necessary for a digital advice provider to ensure that they have the competence to provide the financial services that they are authorised to provide. This means that although a robot is providing the advice, at least one responsible manager needs practical regulated experience over the last 3+ years, coupled with some relevant qualifications.

Also, keep an eye out for the commencement of ASIC's regulatory sandbox initiative. It will be helpful to new fintech businesses in the startup phase.

Key Takeout 1: Strengthen your cyber security defences

Did you know, according to ASIC's Corporate Plan 2016-2017 released on 1 September 2016, cyber security incidents detected in 2015 in Australia increased by 109% over the preceding year, a substantially faster rate than the global average? It's no surprise that ASIC is placing an increased emphasis on having the appropriate technological resources in place to maintain client records and data integrity, and to protect confidential information. The takeout? Go straight to page 22 of the regulatory guide to see ASIC's expectations around cyber security frameworks, such as the National Institute of Standards and Technology's Framework for improving critical infrastructure cybersecurity.

If cyber security is the Kim Kardashian of regulatory themes (she appears all over the internet despite your best intentions to avoid her), then Australian Privacy Principle (APP) 11 - Security of Personal Information - is the equivalent to her lesser known younger-sister Khloé Kardashian. Still an important person in her own right, this APP is often breached in the event of a cybersecurity breach - your systems are compromised and so is your customer's personal information.

(And just to show how sexy cyber security can be, read the OAIC Report on the Ashley Madison privacy breach for a real life case study of how things can go badly and publicly wrong.)

We suggest that you get your IT team to work through these benchmark standards and ensure your security framework is state-of-the-art, and your client data protection standards meet APP requirements. Also, for all you fintech lovers, here's some interesting Google Trend Analysis:


Interestingly, the phrase 'Khloe Kardashian' is more popular than the phrase 'FinTech' when comparing search behaviour over the past 12 years. It is still far less popular, however, than the phrase 'Kim Kardashian' as Khloe is the lesser known sister. The same rule applies, sadly, to Australian Privacy Principle 11, despite its importance. Coincidentally, if Kim Kardashian's details are put into the algorithm, the sheer volume of searches for her literally breaks the algorithm in that FinTech and Khloe's search results are so small that they are unreadable (and yes, you can record this article as CPD).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.