Cyber breaches and fraud risk key priority for regulators

Oksana Patron

23 February 2023

The risk of cyber breach and fraud have been named among the key priorities to be addressed by all three regulators in the coming months.

During the ASFA Conference, held in Brisbane, the Australian Prudential Regulation Authority (APRA), Australian Securities and Investments Commission (ASIC) and the Australian Taxation Office (ATO) said the safety of the data was their top priority and industry needed to work together as the cyber incidents happened across the board.

“One of the things that we are very aware of is that once criminals access the data, it lets them build identity points that they can use in a range of places, so don’t just think that if your super fund has not been attacked you are ok,” Deputy Commissioner for Superannuation and Employer Obligations, ATO, Emma Rosenzweig, said.

“If there is data out there {..] that criminals or others can build from identity from they can actually access your members potentially.”

General Manager in Superannuation, APRA, Katrina Ellis, said that although there was no material cyber incident in the superannuation space so far, but APRA operates across the industry and is required to collaborate with various entities.

“There is a working group on the fraud risk and APRA is chairing that. It is another important piece of work on the emerging areas of concern and it’s a really good collaborative group as all parts of the industry are coming together.”

ASIC’s commissioner, Danielle Press, commenting on the potential data breaches and fraud risk, said it was equally important how the entities were dealing with an issue.

“What we are actually concerned in that environment is how [entities] actually treat [potential incidents] and how you are getting on top of what data had been actually [shared] and how you protect the members the best you can.”

Speaking on APRA’s priorities for 2023, Ellis also said that part of its ongoing work was independent assessment of entities across the industries.

“Assessments were taking place across four tranches and the first tranche included nine super funds and that has been completed. The second tranche is under way at the moment and our intention is that the vast majority, if not all, of APRA regulated super funds will be assessed this year in 2023.”

“And we do intend to share the thematic findings from this work from the tranches so look out for those this year.”

Beyond cyber and fraud other areas, APRA said it would be pushing into members outcomes and would remain focused on fund underperformance, in particular with regards to my super products and performance tests.

“And as anybody else we are waiting  to hear the results of the YSYF review but we are expecting there to be some form of the performing test and we are ready for that in 2023.”