ASIC v RI Advice Group Pty Ltd cyber security civil penalty trial pushed off from a 29 November 2021 hearing date to a date in April 2022

May 17, 2021 |

The civil penalty proceeding in the Federal Court of ASIC v RI Advice Group is a significant case regarding the effectiveness of the Corporations Act 2001 in dealing with cybersecurity issues. ASIC commenced proceedings against RI Advice alleging that authorised representatives of RI advice were subject to data breaches between 2016 and 2020,  ASIC alleges that RI Advice failed to implement adequate policies and systems and provide sufficient resources to manage cyber security and cyber resilience risk.  ASIC alleges that these failures constitute a breach of the general obligations of RI Advice’s financial licence under section 912A of the Corporations Act.  I provided a detailed analysis of the pleaded case in August last year. 

On 19 February 2021 Mr Justice O’Callaghan set down the timetable of the interlocutory steps before trial, being:

  1. The Plaintiff has leave to file and serve an Amended Originating Process substantially in the form served on the Defendant on 26 October 2020.
  2. By 4.00pm on 24 February 2021, the Plaintiff is to file and serve its Amended Originating Process.
  3. By 4.00pm on 1 March 2021, the Plaintiff is to file and serve any Reply to the Defendant’s Defence to the Amended Statement of Claim.
  4. By 4.00pm on 30 April 2021, the Plaintiff is to file and serve the lay witness statements and expert reports upon which it proposes to rely at trial, and a list of documents which it proposes to tender at trial.
  5. The matter be listed for a further case management hearing at 9.30am on 14 May 2021.
  6. The proceeding is tentatively listed for trial with an estimate of 2 to 3 weeks commencing on 29 November 2021.
  7. Costs are reserved.
  8. There is liberty to apply.

RI Advice’s defence was filed on 12 February 2021.  ASIC did not file a Reply.  ASIC’s expert report was filed on 30 April 2021.  So far so good. 

Last Friday RI Advice claimed it needed more time to review the 800 page expert report filed on 30 April 2021. ASIC argued that there was a public interest in having the matter heard sooner rather than later.  The court agreed to provide RI Advice more time to prepare for trial finding there was no direct prejudice to ASIC in vacating the trial date and setting it down for April next year. 

RI Advice’s defence is not a publicly available document but there is suggestion that RI Advice may challenge the allegations that individual lapses in data security constitutes a breach of the general obligations of a financial licensee under section 912A of the Corporations Act. 

This is the first adjournment of the hearing date.  It was hardly surprising that the hearing date was vacated in the face of a complaint that the respondent needed more time to prepare.  Whether further adjournments are granted is another matter. 

RI Advice Group is also the subject of civil proceeding action by ASIC in relation to the advice provided by its authorised representative, John Doyle.  The trial on liability concluded on 23 March with the court reserving in relation to RI Advice.  In relation to John Doyle the Court made the following declaration:

On various occasions during the period 1 November 2013 to 30 June 2016, as set out in the Schedule attached to this order titled “Instances of Advice”, [Mr Doyle] contravened s 961Q(1) of the Corporations Act 2001 (Cth) in that the [he] contravened ss 961B, 961G, 961H and 961J of the Corporations Act.” The schedule titled “Instances of Advice” lists 13 pieces of advice given by Mr Doyle relating variously to the Macquarie Flexi 100 Trust and Instreet Masti structured products.

A good background to that case is found in an AFR article titled ASIC and ex-ANZ wealth firm ordered into mediation.


Leave a Reply