Companies using off-shore service providers (OSPs) have been put on notice by ASIC as it highlights potential weaknesses in systems that could expose “consumers and investors to potential harm”.
A review by the regulator found the quality of risk management among financial advice licensees and responsible entities (REs) using OSPs varied widely. In some cases, states ASIC, they had no formal framework at all.
“Advice licensees and REs can outsource services, but they cannot outsource their fundamental obligations,” said ASIC Commissioner Alan Kirkland.
“When licensees neglect their responsibilities, consumers, investors, and financial services businesses can be exposed to harm, such as exposure of personal information through cyber incidents.
“The more critical the outsourced function, the greater the risks to consumers and investors.”
Kirkland also pointed to what he deemed “critical risks” associated with the loss of control over a businesses’ key functions to OSPs, disruptions to operational services, and conflicting obligations for OSPs subject to foreign laws. He said financial services firms cannot drop their guard.
“All licensees must proactively review governance frameworks and address issues that threaten to undermine public confidence in their business and in turn, the financial system,” he said.
