Protecting your corporate keys

  • Recently cases have been before the courts involving individuals accessing the ASIC Corporate Key to change company records online, including details of the company's shareholders and directors.
  • Companies should have policies in place to govern access to key digital assets such as ASIC Corporate Keys and similar passwords.
  • If there are suspicions that an ASIC Corporate key has been misused or abused, seek advice to ensure the issue can be appropriately managed.

In an era of online banks and ASIC Corporate Keys, the management of access to your company's digital platforms, which are often critical to your operations, is an essential element of good governance practices. When not managed appropriately, the consequences can be significant.

What's at risk?

Australian courts have seen a series of recent cases where directors or others with access to ASIC Corporate Keys have 'gone rogue' and manipulated details of the company on the official register of the Australian Securities & Investments Commission.

An ASIC Corporate Key is a unique 8-digit number issued by ASIC and linked to a specific company. The ASIC Corporate Key acts like the PIN for a bank account and allows the holder to update the company's ASIC records.

The problem is that anyone with access to the ASIC Corporate Key is able to change company records online including details of the company's shareholders and directors. This can in turn enable a form of corporate identity theft as third parties are liable to rely on the incorrect information on the official register.

This article is exclusive to Governance Institute members and subscribers.

To read the full article…

or Become a member