AUSTRALIA Trends and Developments Contributed by: Michael Lawson, Nicole Brown, Lizzie White and Tamaryn Leach, MinterEllison
“organisations are reactive rather than proactive when it comes to managing their cyber security”. ASIC encourages the industry to focus on cyber “resilience” rather than cyber “security”. That is, entities should have adequate arrangements in place to prepare for, detect, respond to and recover from a cyber-attack rather than focus - ing solely on prevention. ASIC has indicated that this should include oversight of cyber security risk throughout the fund manager’s supply chain (eg, administrators, custodians, distributors, or third-party service providers). This is because ASIC recently found that “third-party relation - ships provide threat actors with easy access to an organisation’s systems and networks”. Good practice on cyber resilience would include practices such as: • ensuring boards are engaged with the cyber strategy and are increasingly educated about cyber resilience; • tailoring governance processes to ensure “responsive governance”; • having proactive arrangements to prepare for, detect, respond to and recover from a cyber- attack; • regularly reviewing crisis management arrangements, including incident response plans and recovery processes; • regularly testing response plans and assump - tion to test for vulnerabilities; • undertaking cyber risk management, includ - ing through collaboration and information sharing and third-party risk management; • having centralised asset management sys - tems; • conducting audits to identify confidential and business-critical systems and data; and • providing internal cyber awareness and train - ing.
As outlined in its 2024-25 Corporate Plan, advancing digital and data resilience and safety is a current strategic priority for ASIC. The key activities that ASIC will undertake in relation to this strategic priority that are of relevance to par - ticipants in the Australian funds market include: • implementing a supervisory cyber and opera - tional resilience program. As part of this pro - gram, ASIC will conduct reviews of regulated entities’ current cyber resilience and issue letters based on the findings of those reviews; • monitoring licensees’ use of artificial intelli - gence and their related risk management and governance arrangements; • disrupting misconduct involving scams, including publishing findings on scam prac - tices by licensees; and • monitoring how investment managers man - age the risks of using offshore service provid - ers. AML Australia has embarked on a major upgrade to its anti-money laundering and counter-terrorism financing (AML/CTF) regime. The Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Amendment Act 2024 was passed by Parliament in late November 2024. The reforms aim to align Australia’s AML/CTF regime with current international standards, including expanding the regime to capture a range of designated services which do not cur - rently have AML/CTF obligations – these include certain professional services provided by law - yers, accountants, conveyancers, trust/compa - ny service providers and also property services including those provided by real estate agents and developers who sell property directly. Pro - fessional advisers who provide advice regard - ing establishing legal entities and trusts (or who
44
CHAMBERS.COM
Powered by FlippingBook