More than ever before, data breaches and privacy concerns are increasingly prevalent and as AFSL holders we face unprecedented challenges in safeguarding client information.
Collecting accurate and relevant client information is crucial to comply with the stringent customer identification procedures outlined in the Anti-Money Laundering and Counter-Terrorism Financing Rules (AML/CTF Rules).
At the Privacy Awareness Week in May of this year we saw the emphasis placed on reviewing organisational privacy practices to ensure fundamental aspects are covered. To mitigate the risks of data breaches, AFSL Authorised Representatives (Licensees) should consider the following measures:
Conduct regular staff training on cybersecurity awareness
Collect only the necessary personal information, minimising data collection.
Implement robust cybersecurity measures, such as encryption and access controls
Employ strong passwords and multi-factor authentication.
Conduct vulnerability assessments (stress-testing).
Establish incident response plans
Follow de-identification techniques in accordance with relevant regulations.
Perform audits of collected information and promptly delete personal data when no longer required.
Implementing a strong Document Retention Policy
At Avenir Capital, our partner Tom O'Callaghan works with our AFSL authorised representatives to design and implement comprehensive GRC frameworks and this includes policies and templates related to the collection, management and destruction of client data in accordance with regulatory requirements and record-keeping standards.
Useful links for AFSL licensee on keeping your data safe:
Comments