Cyber Security Act becomes part of the Cyber Security Legislative Package
The Cyber Security Act 2024 could have a significant impact on AFSL holders, as it sets out minimum cyber security standards. The Cyber Security Act includes measures to:
- mandate minimum cyber security standards for smart devices
- introduce a mandatory ransomware and cyber extortion reporting obligation for certain businesses to report ransom payments
- introduce a Limited Use obligation for the National Cyber Security Coordinator to encourage industry engagement with the government following cyber incidents
- establish a Cyber Incident Review Board to conduct reviews of significant cyber incidents and share lessons learned.
Some legislation will only be applicable to certain reporting business entities, with a suggested threshold of $3million. Read more here.
Policies affected: Cyber/Information Security Policies, Cyber Response Plans, Business Continuity Plans
Organisations affected: AFSL holders
AML country assessment rating updated by FATF
FATF has updated its consolidated list of country assessments. These assessments are used in assisting registered entities with AUSTRAC in reviewing high risk or restricted countries when performing AML onboarding requirements. Read more here.
Policies affected: AML/CTF Policy or supporting procedures
Organisations affected: AUSTRAC Registered Entities
Updated reference checking protocols
A new protocol comes into effect from 01 March 2025 which updates the previous reference checking protocol. From 01 March there is an updated reference template which includes a question about ASIC or FSCP warnings or reprimands against financial advisers, and uses language reflecting the current reportable situation regime, replacing the older breach reporting terminology. Read more here.
Policies affected: Advice Policies or Adviser onboarding policy or supporting procedures
Organisations affected: AFSL holders providing personal advice to retail clients
← Back to Blog
