2023 Regulators Forum highlights key focuses
The complex patchwork of whistleblower protection laws in Australia needs comprehensive reform. The complex patchwork of whistleblower protection laws in Australia needs comprehensive reform.
For governance and risk management professionals, being across the latest regulation is a fundamental aspect of the job. At the Governance Institute’s 2023 Regulators Forum last month, our members and attendees heard important insights from some of Australia’s leading regulators at a time of great complexity and ever-increasing reporting and scrutiny.
Among the critical issues for the regulators heading into 2024 is technology and cyber security – a hot topic at this year’s Regulators Forum and clearly at the front and centre of professionals’ minds.
Greg Yanco, Executive Director, Regulation & Supervision, ASIC, highlighted technological risks and the work being done to protect the integrity of the financial system and vulnerable customers.
In a recent survey conducted to measure cyber resilience in corporate and financial markets, ASIC found some bad news.
‘Some of the findings weren’t that great,’ Greg Yanco told the forum.
‘The weakest links in cyber preparedness are third-party supplier and vendor management risk. 44% of the respondents indicated that they did not manage third party or supply chain risk, and more than half had limited or no capability to protect confidential information,’ he said.
Garth Riddell, General Manager Listings Compliance, ASX Limited & Jordan Hatch, Assistant Secretary, Regulatory Reform Division, Department of Finance, discussed recommendations surrounding the Privacy Act Review and touched on the impact of cyber incidents and regulation for the digital era.
When discussing technology and associated risks with Chair Catherine Maxwell FGIA, Mr Hatch believes it’s a matter of ‘understanding’ how a person’s data is being used.
‘If you’re using Facebook or a government service, is it clear what data is being used and what it is used for?’ He said.
Major General (Retd) Charles Fergus, Senior Advisor at Bondi Partners and Chair of the Advisory Board for the AI and Cyber Futures Institute, emphasised that much of the focus towards data and cybersecurity has followed two ‘significant’ data breaches – Medibank and Optus data hacks.
‘In the Medibank hack, we saw personal data being used to blackmail individuals as their situations were disclosed,’ he said.
Maj. Gen. Fergus (Retd) also referred to an Office of the Australian Information Commissioner survey which found that in relation to community attitudes towards privacy, 70% said they have concerns about data privacy, and 83% said the government should do more.
Our 2023 Ethics Index also found that cybersecurity breaches and privacy protection ranked as the second-highest ethical challenge for 2024. You can view this year’s Ethics Index via the Governance Institute website.
Sallyann Stonier, Acting Assistant Commissioner, ACNC, discussed the similarities of risks and pressures for NFPs and charities compared to other sectors. As well as focusing on cyber security challenges, the strain of cost-of-living, workforce, and funding pressures are also being felt across the board.
Ms Stonier emphasised that the number of volunteers and the way people volunteer has ‘changed.
‘Last year, charities reported that 3.2 million volunteers helped deliver services, but that was a decrease of almost 600,000 compared to the 2018 reporting period,’ she said.
On the topic of cyber security, Ms Stonier described the issue as a ‘particular challenge,’ with some charities not having the resources to deal with the risk.