800-page report dooms ASIC bid for early trial in cybersecurity case against IOOF unit
ASIC 2021-05-14 3:39 pm By Cindy Cameronne | Sydney

A judge has denied ASIC’s request that the court hear its case against RI Advice in November, giving the IOOF unit more time to respond to the 800-page expert report filed by the regulator in support of its case that the company lacked adequate cybersecurity systems.

In a case management hearing on Friday, Federal Court Justice David O’Callaghan found there would be no direct prejudice to the Australian Securities and Investments Commission if the trial were set down for April next year as requested by RI Advice.

“In the absence of any real direct prejudice and given the submission that extra time is required is responsibly made, I really don’t think I have any alternative than to accede to the request,” said Justice O’Callaghan.

Counsel for RI Advice, Fiona McLeod SC, argued that the company needed more time to respond to ASIC’s expert report filed in April this year which she said the regulator had been preparing for two years.

Justice O’Callaghan agreed that it was not unreasonable that the company be given more time to prepare for trial.

ASIC launched proceedings against RI Advice in August last year, alleging that authorised representatives were involved in a number of alleged cybersecurity breach incidents between 2016 and 2020. In May 2020, RI had authorised 191 individuals and 102 corporate entities to provide financial services on its behalf, according to court documents.

According to ASIC, one such cybersecurity incident occurred between December 2017 and May 2018 when RI Advice Group authorised representative Frontier Financial Group Pty Ltd as trustee for The Frontier Trust was subject to a “brute force attack”.

During the attack, an allegedly malicious user spent more than 155 hours logged on to Frontier’s server, which contained sensitive client information, including identification documents.

ASIC alleges that RI, which was a wholly owned subsidiary of Australia and New Zealand Banking Group until October 1, 2018, failed to implement adequate policies, systems and resources to manage cybersecurity and cyber resilience risk.

McLeod said Friday that RI Advice needed more time to look at the individual authorised representatives who had been targeted by ASIC and decide whether to call them as witnesses, and where there was variation of the capability and availability of the advisers to appear.

RI Advice may contest ASIC’s argument that the individual instances of alleged gaps were said to constitute a breach of the general obligations of a financial licensee under s 912A Corporations Act, McLeod said.

Justice O’Callaghan questioned what prejudice ASIC would suffer if the trial took place early next year.

Counsel for ASIC, Stephen Parmenter, argued there was no direct prejudice but said there was a public interest in matters brought by a public regulator being heard “sooner rather than later”.

Parmenter said RI Advice had been on notice of ASIC’s case since October last year and that it was not a “bolt from the blue” for the company.

RI Advice should have engaged an expert when it received the statement of claim in October last year rather than upon receiving ASIC’s expert report on April 30, said Parmenter.

The statement of claim detailed what cybersecurity documents and controls ASIC said RI Advice ought to have had, what systems they in fact had in place and the gaps which allegedly existed, Parmenter said.

“They haven’t explained why they need that much time,” said Parmenter.

“What we did in the statement of claim is set out in chapter and verse what they were required to have, what they actually had and each area where they had a gap.”

A judge found in March that a former RI Advice financial advisor accused of taking hefty commissions for steering investors towards risky investments contravened the financial advice provisions of the Corporations Act.

ASIC is represented by Stephen Parmenter QC, Fleur Shand and Paul Liondas, instructed by Webb Henderson. RI Advice is represented by Fiona McLeod SC, instructed by Gilbert + Tobin.

The case is Australian Securities and Investments Commission v RI Advice Group Pty Ltd.

Copyright Lawyerly Media. A reprint licence is required to re-distribute Lawyerly content.

Want to share this article with a client or a colleague, or use in marketing materials? Contact Us for a reprint licence.

For information on rights and reprints, contact subscriptions@lawyerly.com.au