ASIC warns licensees over offshoring

Mike Taylor

Managing Editor and Publisher

10 October 2025

The Australian Securities and Investments Commission (ASIC) has issued a warning to financial services companies over their use of offshore service providers after identifying problems with current practices.

ASIC said a review of offshore service providers (OSPs) had identified failings, including failing to have appropriate frameworks in place, therefore exposing consumers and investors to potential harm.

ASIC said the review of the use of OSPs by financial advice licensees and responsible entities (REs) of registered managed investment schemes found that the quality of risk management arrangements relating to their use varied significantly, with some entities failing to have a framework in place.

ASIC Commissioner Alan Kirkland said that Australian financial services (AFS) licensees are ultimately responsible for the operation of their businesses, even when they outsource to offshore service providers directly or through an intermediary.

“Advice licensees and REs can outsource services but they cannot outsource their fundamental obligations,” Kirland said.

“When licensees neglect their responsibilities, consumers, investors, and financial services businesses can be exposed to harm, such as exposure of personal information through cyber incidents.”

Kirkland said Australian AFS licensees should have sufficient skills to independently identify material risks and to assess an OSP’s performance and ongoing suitability.

“The more critical the outsourced function, the greater the risks to consumers and investors,” he said. “The risks can be exacerbated when outsourced functions are not supervised adequately, particularly if they are outsourced internationally.”

Commissioner Kirkland also flagged critical risks associated with the loss of control over a businesses’ key functions to OSPs, disruptions to operational services, and conflicting obligations for OSPs subject to foreign laws.

“Financial services firms cannot drop their guard. Cyber-attacks, for example, are more prevalent and growing in sophistication. All licensees must proactively review governance frameworks and address issues that threaten to undermine public confidence in their business and in turn, the financial system.”

ASIC will continue to monitor the governance and risk management frameworks of financial services entities, and where necessary, hold them to account for failing to have the right processes in place to protect consumers and investors’ interests.