Australian Securities & Investments Commission urges stronger controls over offshore outsourcing after review finds governance and risk management gaps

The Australian Securities & Investments Commission (ASIC) published a review of offshore outsourcing by financial advice licensees and responsible entities of registered managed investment schemes, identifying material weaknesses in governance and risk management arrangements for offshore service providers. ASIC warned that these gaps can expose consumers and investors to harm, including through cyber incidents. ASIC emphasised that Australian financial services (AFS) licensees remain accountable for meeting their obligations even when functions are outsourced directly or via intermediaries, and should retain sufficient capability to identify material risks and assess an offshore service provider’s performance and ongoing suitability. The review highlighted heightened risk where critical functions are outsourced internationally, including loss of control over key functions, operational disruption, and conflicts arising from providers being subject to foreign laws, alongside increased cyber and personal information exposure risks. ASIC said it will continue monitoring governance and risk management frameworks and hold entities to account where processes are inadequate, noting recent cybersecurity-related enforcement action against FIIG Securities and Fortnum Private Wealth and the Federal Court decision against RI Advice for failing to maintain adequate risk management systems.