news item

Financial advice update

Published

The Financial advice update is a round-up of regulatory developments and issues affecting financial advice.

It covers all areas of financial advice regulation and includes a broad range of content relevant to Australian financial services (AFS) licensees who are advice licensees and financial advisers.

The topics of this update are:

Maintaining accurate records on the financial advisers register

AFS licensees are reminded to check that the information about their financial advisers on the financial advisers register is correct. AFS licensees should pay particular attention to their adviser’s approved qualification(s), ability to provide tax (financial) advice services, business address and telephone number.

Any incorrect or out-of-date information must be rectified by lodging a ‘maintain’ transaction on ASIC Connect.

ASIC recently identified errors and inconsistencies on the financial advisers register, including in relation to records of approved degrees and qualifications: see 24-142MR ASIC urges AFS licensees to correct records on the financial advisers register (1 July 2024).

Common errors include:

  • failure to record the degrees accurately in line with the Corporations (Relevant Providers Degrees, Qualifications and Courses Standard) Determination 2021 (Determination)
  • recording degrees that are not approved degrees, but are professional designations (e.g. ‘Certified Financial Planner’)
  • recording degrees that are not approved degrees, but are bridging courses (which may be listed in the Determination but must be coupled with another qualification to meet the requirements of the professional standard), and
  • recording qualifications that are not approved qualifications under the Determination (e.g. the Financial Adviser Exam, Australian Qualifications Framework 1–5 qualifications, and training or qualifications listed in Regulatory Guide 146 Licensing: Training of financial product advisers (RG 146)).

It is a serious offence to knowingly provide false or misleading information to ASIC or to fail to take reasonable steps to ensure that the information provided to ASIC is true and correct. It is also an offence to fail to update the financial advisers register within 30 business days of a financial adviser’s details changing.

ASIC will shortly be commencing a compliance program to ensure that the information recorded on the financial advisers register about approved qualifications is correct and take action where necessary.

Assessing adviser qualifications

If you are an advice licensee, among other things, you must ensure your relevant providers (i.e. advisers who are authorised to provide personal advice to retail clients in relation to relevant financial products) comply with the ‘qualifications standard’ in section 921B(2) of the Corporations Act 2001 (Corporations Act) before authorising them, even if they have been previously authorised by another advice licensee.

Financial advisers who are existing providers have until 1 January 2026 to meet the qualifications standard. For more information, see the quick reference guide on the ASIC website.

Generally, an existing provider who meets the criteria for an experienced provider can rely on the experienced provider pathway to meet the qualifications standard and the professional year standard without needing to undertake further education and training. For more information on the experienced provider pathway, see Information Sheet 281 FAQs: Relevant providers – Accessing the experienced provider pathway (INFO 281).

Under section 921B(2) of the Corporations Act, a person who is, or is to be, a relevant provider must have completed a bachelor or higher degree, or equivalent qualification, approved by the Minister. This applies to both existing providers and new financial advisers, as well as advisers with foreign qualifications. For a list of approved degrees and equivalent qualifications see the Determination.

Assessing your advisers’ qualifications against the Determination

To assess whether your adviser(s) has completed an approved bachelor or higher degree, or equivalent qualification, under the Determination, see the guidance for AFS licensees to check qualifications on the Qualification, exam and professional development page of the ASIC website.

As an AFS licensee, you must ensure that the qualifications exactly match those listed in the Determination. If a domestic qualification has been completed in accordance with Schedule 1 of the Determination, but does not satisfy the prescribed conditions (e.g. unit codes or names do not match or different commencement dates), then an application can be made to Treasury to assess whether the qualification satisfies section 921B(2) of the Corporations Act: see Domestic qualifications: Criteria for assessment on the Treasury website.

If an adviser has foreign qualifications, an application can also be made to Treasury to assess whether these qualifications are equivalent to an Australian bachelor’s or higher degree: see Foreign qualifications: Criteria for assessment on the Treasury website.

If Treasury establishes that an adviser has completed an approved degree or qualification, the relevant provider’s authorising AFS licensee must record this on the financial advisers register as an approved degree or qualification. This can be completed during the appointment process or by submitting a maintenance transaction if the adviser has already been appointed by the AFS licensee.

ASIC’s review of cold calling for superannuation switching business models

In our 2023–27 Corporate Plan, ASIC announced a cross-sector project focused on deterring cold calling for superannuation switching business models. Our review identified that some cold calling businesses are using high-pressure sales tactics to induce consumers into taking unnecessary and inappropriate superannuation switching advice, leading to poor outcomes for clients. These adverse outcomes range from superannuation erosion due to high fees and charges, to the risk of a reduced superannuation balance due to inappropriate investment in high-risk and/or low-quality superannuation products.

Some of the cold calling operators – which make unsolicited calls to consumers after obtaining their personal information from third-party data brokers or by using online click-bait – have lead-generation and referral arrangements with a small subset of financial advisers who typically recommend consumers switch to super products that charge significant fees.

ASIC has observed considerable volumes of superannuation fund movement as a result of cold calling conduct, including inflow into platforms, high-risk property investments and significant payments to cold calling operators.

ASIC also observed some cold calling businesses bypassing data brokers by posting click-bait advertisements on social media platforms like Facebook and Instagram. These advertisements often promote superannuation comparison calculators that give consumers the impression their existing superannuation fund is underperforming.

ASIC identified several areas of concern and is reminding advice licensees and financial advisers of their respective obligations to act in the best interests of consumers when providing financial services.

Advice licensees should ensure they have in place adequate monitoring and supervision arrangements to detect concerning conduct and to make sure their advisers are acting in the best interests of their clients.

Deterring cold calling for superannuation switching models is an ASIC priority. We will continue to take action, where appropriate – including enforcement action – against individuals or entities who are engaging in misconduct.

You can find more information on ASIC’s review of cold calling for superannuation switching business models in our news item Exposing high-pressure cold calling tactics and social media click-bait leading to superannuation switching (7 May 2024).

We have issued Information Sheet 282 Unsolicited contact leading to financial advice (INFO 282) for unlicensed entities that engage with consumers, leading to financial advice. It sets out how the financial services laws apply to these entities and reminds them of their responsibility to ensure that their conduct complies with the law.

ASIC has also launched a consumer awareness campaign, encouraging consumers to ‘just hang up’ when contacted by cold calling operators and to ‘just scroll past’ social media click-bait advertisements.

To report misconduct, see Make a report of misconduct to ASIC on the ASIC website.

For more information, see:

  • 24-092MR ASIC issues warning over dodgy cold calling operators and online baiting tactics (7 May 2024)
  • 24-094MR ASIC calls on super trustees to improve gatekeeping of member savings (9 May 2024)

Cyber security – Third-party exposure

The practice of outsourcing services and products is crucial to most organisations operating in today’s economy, with 76% of leading global businesses outsourcing IT functions. While financial services businesses can outsource their services to third-party suppliers, they cannot outsource the associated risks and liabilities.

Recently, ASIC released findings from our 2023 Cyber Pulse Survey: see Report 776 Spotlight on cyber: Findings and insights from the cyber pulse survey (REP 776). Worryingly, 44% of participating organisations admitted to not managing third-party or supply chain risk.

ASIC has observed a growing number of cyber attacks on Australian organisations stemming from third-party attacks that exploit weaknesses in an organisations supply chain, giving them easy access to the organisation’s systems and networks.

AFS licensees from across Australia have told ASIC they consider cyber security the biggest risk to their business, listing it as a high priority item for board meetings and noting they run regular staff training at all levels of their business. AFS licensees have moved to reinforce their internal cyber security after a series of high-profile incidents from late 2022. With many organisations acting to improve internal defences, their focus must now turn to mitigating third-party exposure – the new frontline in cyber risk management.

For example, the SolarWinds breach of 2020 exploited a vulnerability in SolarWinds’ platform, giving the threat actor access to 3,000 email accounts across 150 organisations, including government agencies and multinational corporations. The breach cost each affected organisation an average of US$12 million.

To enhance the cyber resilience of Australia’s financial institutions against known threat actors, the Council of Financial Regulators (CFR) developed the cyber and operational intelligence-led exercises (CORIE) framework: see Revised CORIE framework and rollout on the CFR website. CORIE uses threat intelligence to simulate adversary attacks and assess the cyber resilience of an organisation. Recent CORIE simulations have exposed vulnerabilities in third-party controls, including instances where third parties held administrator-level access to critical systems.

The recent Latitude Financial cyber attack underscores the need for enhanced scrutiny of third parties with access to core systems. While IT outsourcing is essential for many organisations, basic controls – like multifactor authentication (MFA) for external providers – could minimise breach risks.

Another concerning trend demonstrated by CORIE simulations is the use of weak passwords. Even with complex password creation requirements, users can find ways to craft weak passwords like ‘Pa$$w0rd123!’.

MFA is one of the most effective techniques available to protect organisations from a cyber incident. Where MFA is not available, the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) recommends the use of passphrases: see Passphrases on the ACSC website. These measures should be implemented as part of a broader cultural shift throughout an organisation, driven by employee education, cyber awareness training and rigorous third-party risk assessment.

To mitigate cyber risk, organisations must take an active approach to identifying, assessing, and monitoring third-party cyber risks. We encourage organisations to start by asking three simple questions:

1. How much access do third parties have to my systems?

Implementing the principle of least privilege limits access to necessary functions, minimising the impact of breaches.

2. How is third-party access protected?

Threat actors seek elevated access to systems, which can quickly lead to a significant cyber breach if third-party credentials are compromised. Protecting credentials is tricky. Third parties might have multiple clients and credential storage methods, ranging from password managers to spreadsheets. Enabling multi-factor authentication with close monitoring can reduce the risk of third-party credential exploitation: see Multifactor authentication: A proven strategy to reduce account compromise in the Market Integrity Update on the ASIC website.

3. Where is my data?

Knowing what sensitive data you hold and where it is stored is critical to ensuring the correct level of protection is applied. Additional scrutiny is needed if third-party providers store, transfer and process data.

If your organisation doesn’t have control over the type of protection applied to data stored by a third party, assess the potential impact of data exposure and question whether the level of sensitive data held by the third party can be reduced. Adding contract terms to transfer risk will not absolve you from cyber risk. You must scrutinise, understand and own the risk of exposing data to a third party.

For more information, visit the Australian Signals Directorates ACSC website, including:

Financial adviser registration

On 16 February 2024, the registration requirement commenced whereby all relevant providers, except provisional relevant providers, must be registered before providing personal advice to retail clients in relation to relevant financial products.

The registration requirement is an ongoing obligation and is separate to the requirement for AFS licensees to appoint their relevant providers to the financial advisers register. Self-licensed relevant providers must also be registered. AFS licensees and relevant providers should ensure they understand the circumstances when new registration is required and the circumstances that may lead to a relevant provider being deregistered.

AFS licensees must register their relevant providers:

  • after they authorise and appoint an adviser to the financial advisers register
  • when they appoint an adviser who has moved from another AFS licensee
  • when an adviser changes roles from a ‘provisional relevant provider’ to a ‘relevant provider’, and
  • when an adviser is authorised by two or more AFS licensees and registered by one, and the adviser’s authorisation with their registering AFS licensee ceases.

From 16 February 2024, both the AFS licensee and the relevant provider will be in breach of the law if an unregistered relevant provider provides personal advice to retail clients in relation to relevant financial products.

ASIC recently commenced a compliance program in relation to the registration requirement and has already identified that a number of advisers have not been registered following their move from one AFS licensee to another. In order to avoid regulatory action, please ensure all your advisers are currently registered, particularly those who have changed AFS licensee since 16 February 2024.

For more information, see:

  • Information Sheet 276 FAQs: Registration for relevant providers (INFO 276) – information about the registration requirement, including when a registration will cease
  • Information Sheet 277 Registration of relevant providers: Guidance on making declarations (INFO 277) – guidance on the declarations required during the registration process, and
  • registering a relevant provider on the ASIC website.

Report 779 Superannuation and choice products: What focus is there on performance?

Around $1.1 trillion of Australians’ total retirement savings are invested in the choice product segment. The decision of where to invest these savings is one of the most important decisions a member will make – and is often made based on recommendations by a financial adviser.

A 2018 Productivity Commission inquiry and the Australian Prudential Regulation Authority’s (APRA) annual Choice Heatmap highlighted persistent underperformance of some investment options within the choice sector. In 2023, APRA found one in five choice investment options with an 8-year history significantly underperformed the investment return benchmarks.

To understand why some choice super fund members remained in these poorly performing investment options, we looked at what superannuation trustees, financial advisers and advice licensees did in relation to performance. Each of these stakeholders is responsible for assisting Australians to achieve good retirement outcomes.

Financial advisers have an important role, and their clients (i.e. fund members) trust them to act in their best interests when providing advice about how to achieve their retirement objectives.

On 21 February 2024, we published our observations in Report 779 Superannuation and choice products: What focus is there on performance? (REP 779).

Failure to address underperformance

It was clear that some members holding choice products were relying on financial advisers to optimise their superannuation investment returns.

ASIC reviewed 88 advice files across 26 advice licensees, focusing on advice provided on 9 investment options that all persistently failed to meet the performance benchmark disclosed in the Product Disclosure Statement (PDS).

These members sought advice to make an informed choice. However, ASIC found that financial advisers did not always address underperformance where relevant to the subject matter of the advice. In some cases, clients were not informed about the persistent underperformance of their investment options or that there may be better alternatives.

We also found some clients had not received advice from the adviser linked to their superannuation account in the preceding 2 years, but were still making investments into one of the underperforming options. This was possibly a result of automated investment of their regular superannuation contributions.

Where to from here for financial advisers and advice licensees?

Our review identified five actions for financial advisers and advice licensees to take to improve retirement outcomes for their clients who are members of choice super funds.

Actions for advisers to take:

  • Conduct a reasonable investigation and assessment of investment options to detect and address underperformance when relevant to the subject matter of the advice. This includes treating performance as a primary consideration and considering information from a range of sources to develop and support recommendations. Advisers should be careful not to over-rely on advice licensee product approvals or external research ratings. The fact that an option is approved by an advice licensee or has a minimum external research rating does not mean that an adviser can ignore the performance of an option when providing personal advice.
  • Explain the basis of the advice. This should include communicating underperformance and why the recommendations are appropriate despite the underperformance, and be based on the client’s relevant circumstances.

Actions for advice licensees to take:

  • Take reasonable steps to ensure advisers comply with financial services laws, including the best interests duty and appropriate advice obligation. This includes ensuring advisers conduct a reasonable investigation and assessment of the client’s investment options when relevant to the subject matter of the advice to enable them to detect and address performance issues.
  • Have adequate risk management systems. Even though there is no requirement to have an approved product list (APL), they can help advisers provide good quality advice and advice licensees to comply with their legal obligations. Additionally, when approving products for use by advisers or managing APLs, advice licensees should treat performance as a primary consideration. They should have rigorous processes to detect underperforming options that have been approved for use by advisers and address these in a timely manner. Historical performance should be considered, including performance against the option’s benchmark in the PDS.
  • Ensure that records are kept of the advice and how advisers have complied with the best interests duty and related obligations. Advice licensees should also retain records of the steps they have taken to detect underperformance and monitor investment options approved for use by their advisers. This includes the advice licensee’s decision making and communication with advisers about how to manage underperforming options held by their clients.

These actions require financial advisers and licensees to treat performance as a primary consideration when assisting their clients to meet their retirement objectives. They form part of an industry focus on better assisting fund members to achieve good investment outcomes that ultimately support stronger outcomes in retirement.

Provisional relevant providers

In March 2017, the Corporations Amendment (Professional Standards of Financial Advisers) Act 2017 commenced and introduced reforms to the Corporations Act to raise the education, training and ethical standards of financial advisers. The professional standards require financial advisers to:

  • have an approved qualification
  • pass the financial adviser exam
  • participate in 40 hours of continuing professional development each year, and
  • comply with the Financial Planners and Advisers Code of Ethics 2019 (Code of Ethics).

Anyone wanting to become a financial adviser must also complete a full-time professional year that includes at least 1,500 hours of work and activities and 100 hours of structured training (a total of 1,600 hours).

For more information about the professional standards, see:

As part of ASIC’s supervision activities, we conducted a review with a cross section of AFS licensees, which included understanding their experience with employing a provisional relevant provider. We asked them details about:

  • the process for taking on the responsibility of training and supervising a provisional relevant provider
  • the processes they used to verify and record training hours
  • how they selected and monitored the supervisor of the provisional relevant provider, and
  • the process for certifying the provisional relevant provider has meet all of the requirements for completion.

All licensees involved reported a positive experience of supporting a provisional relevant provider through their professional year. Some listed the benefits as supporting and assisting with their succession planning, and appreciated that they could mentor and train a provisional relevant provider from within the business rather than hiring an external adviser.

We also observed licensee practices that could be improved, including:

  • putting policies in place about who is qualified and suitable to be a supervisor
  • developing processes for how licensees will monitor professional relevant providers and the supervisor, including their advice, once the provisional relevant provider is in the third and fourth quarters of their professional year, and
  • having detailed processes in place for final sign off of the completion certificate.

AFS licensees are reminded of the importance of record keeping throughout the professional year. Most licensees indicated they were able to comply with the record-keeping obligations by using, and in some cases amending, the templates created by the former standards body, the Financial Adviser Standards and Ethics Authority. Others created their own methods for maintaining logbooks to record the structured and unstructured training hours, and to demonstrate and record that all key competencies were satisfactorily acquired.

Keeping up to date with financial advice news

Subscribe to keep updated on financial advice news.

Subscribe to financial advice alerts

Media enquiries: Contact ASIC Media Unit