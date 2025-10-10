Most financial advice licensees that rely on offshore service providers (OSPs) fail to adequately assess, monitor and audit their arrangements thus putting their processes and business at risk, a new ASIC investigation reveals.

ASIC's review of 10 financial advice licensees with more than 300 representatives using OSPs over the last two years found that local practices depend on their overseas representative to ensure risks are managed appropriately.

This puts advice firms' data and technology at risk. It also risks the loss of control over some outsourced tasks or business functions that can impede the ability to protect the confidentiality of business and client information, ASIC said.

ASIC also engaged with six intermediary businesses based in the Philippines, India and Sri Lanka offering outsourcing solutions to Australian licensees to understand the services and infrastructure they offered and their cyber security arrangements.

The services typically outsourced to these providers are financial planning, including client data entry and product research, paraplanning, insurance application and document support, and client communication, such as client situation updates or business updates.

The review found three licensees did not have a formal offshore outsourcing policy in place; one does not have offshore outsource policies at all; and seven licensees' information technology policies did not specifically reference or set additional requirements for offshore staff.

None of the licensees undertook regular audits of their representatives' use of OSPs.

"Failing to adequately supervise outsourced functions could result in the licensee failing to meet its legal obligations and cause harm to consumers. The more critical the outsourced function, the greater the risks involved. The risks can be exacerbated when there is inadequate supervision of these functions, particularly when they are outsourced internationally," ASIC said.

The regulator also warned that licensees must consistently apply the same standards required of Australian-based third-party service providers to OSPs, particularly when handling client information.

"However, regardless of whether these functions are outsourced directly or through an intermediary business, licensees remain responsible for complying with their obligations," ASIC said.

Last year, Fair Work Australia ruled in favour of a Philippines-based worker to bring an unfair dismissal case against the former employer could serve as a warning for financial services firms who rely on offshoring.

"Financial services firms cannot drop their guard. Cyber-attacks, for example, are more prevalent and growing in sophistication. All licensees must proactively review governance frameworks and address issues that threaten to undermine public confidence in their business and in turn, the financial system," ASIC commissioner Alan Kirkland said.

"ASIC will continue to monitor the governance and risk management frameworks of financial services entities, and where necessary, hold them to account for failing to have the right processes in place to protect consumers and investors' interests."