The Australian Securities and Investment Commission (ASIC) has called for financial services firms to bolster their governance and risk management after a review found weaknesses in the use of offshore service providers.
The review found some financial advice firms and responsible entities (REs) of managed investment schemes don’t have a risk management framework in place for the use of OSPs, while the quality of the arrangements that were in place varied greatly.
Licensed firms are ultimately responsible for the operation of their businesses, even when they outsource to offshore service providers directly or through an intermediary, said ASIC commissioner Alan Kirkland.
“Advice licensees and REs can outsource services, but they cannot outsource their fundamental obligations,” he said.
“When licensees neglect their responsibilities, consumers, investors, and financial services businesses can be exposed to harm, such as exposure of personal information through cyber incidents.”
Kirkland highlighted the risks associated with the loss of control over a businesses’ key functions to OSPs, disruptions to operational services, and conflicting obligations for OSPs subject to foreign laws.
“Financial services firms cannot drop their guard. Cyber attacks, for example, are more prevalent and growing in sophistication.
“All licensees must proactively review governance frameworks and address issues that threaten to undermine public confidence in their business and in turn, the financial system.”
ASIC said it will continue to monitor the governance and risk management frameworks of financial services entities, and where necessary, hold them to account for failing to have the right processes in place to protect consumers and investors’ interests.
