In its second submission to the Financial System Inquiry, the Australian Securities & Investments Commission (“ASIC”) declared its support for regulatory oversight of technology service vendors to Australia’s financial services industry.
According to ASIC’s submission, such oversight may consist of requiring vendors of “sufficient scale” to obtain and hold Australian Financial Services (“AFS”) licences. ASIC considers that these vendors perform at least four key functions for participants in the financial services industry. These functions include:
- the supply of data inputs (including inputs into buy- and sell-side algorithms, portfolio pricing systems, transaction cost analysis and benchmarking);
- front and middle office functionality (such as order processing, risk monitoring, algorithmic trading and portfolio management services);
- back office functionality (such as booking and settlement of trades and position keeping);
- and exchange and clearing functionality to facilitate the conduct by market operators and participants of their day-to-day operations.
Therefore, ASIC believes the growing reliance on these vendors risks an outage or system malfunction adversely affecting “the fair and orderly functioning of Australia’s financial markets”. However, ASIC submits that there is a lack of “regulatory visibility and oversight”. Additionally, ASIC notes that there are few “regulatory requirements that cover business continuity requirements for market participants”.
Although ASIC expects participants to consider the risks in procuring technology, ASIC believes that participants may not always consider “broader risks of disruption to the fair and orderly operation of Australia’s financial markets” should a vendor fail to deliver ongoing services to the participant.
ASIC considers that imposing AFS licensing requirements on vendors of “sufficient scale” would limit the likelihood of a system outage or malfunction adversely affecting the “fair and orderly operation” of Australia’s financial markets. By requiring vendors to hold an AFS licence, ASIC submits that they would need to have an adequate risk management system under the Corporations Act 2001 (Cth). Additionally, ASIC could also require such vendors to meet minimum business continuity and IT infrastructure requirements.
Further, ASIC foresees that an AFS licensing regime applied to vendors could permit ASIC to identify vendors of sufficient scale with the capacity to affect the market’s fair and orderly operation and require market participants and operators that outsource material business activities to such vendors to ensure that they put in place appropriate due diligence, approval, and ongoing monitoring and risk management policies and procedures to manage the vendors’ provision of services to the market participants.
Submissions to the Inquiry closed on 26 August 2014. It may be some time before the Inquiry’s panel (chaired by Mr David Murray AO) reports to the Commonwealth Government and even longer before the Government acts on the Inquiry’s recommendations. Nonetheless, ASIC’s submission raises the prospect that both customers for and vendors of technology goods and services in Australia’s financial industry may be required to comply with additional regulatory requirements in the foreseeable future.