4.1 security data & hijacking of companies (australia)


Published on

Published in: Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

4.1 security data & hijacking of companies (australia)

  1. 1. Security of Data Hijacking of Companies Corporate Registers Forum Mauritius April 2010 Rosanne Bell, Senior Executive Leader Registry Services and Licensing, Australian Securities and Investments Commission www.asic.gov.au [email_address] The Integrity of Corporate Registers
  2. 2. Australia <ul><ul><ul><li></li></ul></ul></ul>
  3. 3. Australia <ul><li>Australia's land area : 7.7 million square kilometres </li></ul><ul><li>Australia's population : 22 million </li></ul><ul><ul><ul><li></li></ul></ul></ul>
  4. 4. Australia - Uluru <ul><ul><ul><li></li></ul></ul></ul>
  5. 5. Australia – Great Barrier Reef <ul><ul><ul><li></li></ul></ul></ul>
  6. 6. Australia - Sports <ul><ul><ul><li></li></ul></ul></ul>
  7. 7. <ul><ul><ul><li></li></ul></ul></ul>
  8. 8. CRF Melbourne 2005 <ul><ul><ul><li></li></ul></ul></ul>
  9. 9. ASIC <ul><li>ASIC is Australia’s corporate, markets, financial and credit services regulator. </li></ul><ul><ul><li>Our responsibilities are to: </li></ul></ul><ul><ul><li>maintain, facilitate and improve the performance of the financial system and entities in it </li></ul></ul><ul><ul><li>promote confident and informed participation by investors and consumers in the financial system </li></ul></ul><ul><ul><li>administer the law effectively and with minimal procedural requirements </li></ul></ul><ul><ul><li>enforce and give effect to the law </li></ul></ul><ul><ul><li>receive, process and store, efficiently and quickly, information that is given to us </li></ul></ul><ul><ul><li>make information about companies available to the public as soon as practicable </li></ul></ul><ul><ul><ul><li></li></ul></ul></ul>See our website at www.asic.gov.au
  10. 10. ASIC <ul><ul><ul><li></li></ul></ul></ul><ul><li>1,800 total ASIC staff </li></ul><ul><li>400 Real Economy staff – the ‘front door’ to ASIC </li></ul><ul><li>200 registry and licensing staff </li></ul><ul><li>Appropriation model </li></ul>
  11. 11. 16 Public Registers <ul><li>Companies (1.74 million) </li></ul><ul><li>Disqualified Company Directors and Other (2,515) </li></ul><ul><li>Company Charges (1.33m) </li></ul><ul><li>Registered Australian Bodies (1,023) </li></ul><ul><li>Foreign companies (3,195) </li></ul><ul><li>Reserved Names </li></ul><ul><li>Managed investment schemes (4,895) </li></ul><ul><li>Australian Financial Services Licensees (4,876) </li></ul><ul><li>Authorised Representatives of Australian Financial Services Licensees (62,866) </li></ul><ul><li>Auditors (5,295) </li></ul><ul><li>Liquidators (664) </li></ul><ul><li>Official Liquidators (498) </li></ul><ul><li>Banned or Disqualified Persons (3,044) </li></ul><ul><li>Trustee Debenture Holders </li></ul><ul><li>Licensees (search only) </li></ul><ul><li>Futures Licensees (search only) </li></ul><ul><ul><ul><li></li></ul></ul></ul>
  12. 12. New Registers <ul><li>National Consumer Credit, July 2010, 10,000 </li></ul><ul><li>National Business Names, April 2011, 1.8 million </li></ul><ul><ul><ul><li></li></ul></ul></ul>Register 24/7
  13. 13. Registry Modernisation <ul><li>Provide outstanding and cost effective services to all Real Economy Stakeholders through: </li></ul><ul><ul><li>Upgrading technology </li></ul></ul><ul><ul><li>New and improved online services </li></ul></ul><ul><ul><li>Customer centric approach </li></ul></ul><ul><ul><li>Connectivity </li></ul></ul><ul><ul><ul><li></li></ul></ul></ul>
  14. 14. ASIC’s Companies Register <ul><li>Over 1.7 million companies </li></ul><ul><ul><li>Public 21,439 </li></ul></ul><ul><ul><li>Proprietary 1,721,507 </li></ul></ul><ul><li>150,000 company registrations per annum </li></ul><ul><li>4.7 million officeholder roles </li></ul><ul><ul><li>Directors 3,054,615 </li></ul></ul><ul><ul><li>Secretaries 1,675,880 </li></ul></ul><ul><li>30,000 financial accounts pa </li></ul><ul><li>800,000 changes of details pa </li></ul><ul><ul><ul><li></li></ul></ul></ul>
  15. 15. Annual Review <ul><li>Annual statement issued at review date </li></ul><ul><li>Review company details and notify changes </li></ul><ul><li>Pay annual review fee </li></ul><ul><li>Pass a solvency resolution and notify as required </li></ul><ul><ul><ul><li></li></ul></ul></ul>
  16. 16. Global Financial Crisis <ul><li>2008/09: </li></ul><ul><li>Company registrations down 8.7% </li></ul><ul><li>Voluntary company deregistration up 10% </li></ul><ul><li>Registrations of charges over company assets down 14.6% </li></ul><ul><li>External Administrations up 26.5% </li></ul><ul><li>Registry searches up 15% </li></ul><ul><ul><ul><li></li></ul></ul></ul>
  17. 17. Registry Clients <ul><ul><ul><li></li></ul></ul></ul>
  18. 18. Channels <ul><ul><ul><li></li></ul></ul></ul><ul><li>over 70% of lodgements online </li></ul><ul><li>85% company </li></ul><ul><li>registrations online & digital certificates </li></ul>
  19. 19. Current Authentication Model <ul><li>Features: </li></ul><ul><li>Legislation </li></ul><ul><li>Government direction </li></ul><ul><li>Process and Technology </li></ul><ul><ul><ul><li></li></ul></ul></ul>
  20. 20. Legislation <ul><li>No unique person identifier </li></ul><ul><li>No validation of signatures on paper documents </li></ul><ul><li>No person validation or proof of identify </li></ul><ul><ul><ul><li></li></ul></ul></ul>
  21. 21. Authentication Process and Technology <ul><li>Corporate Key </li></ul><ul><li>Authorising a Registered Agent </li></ul><ul><ul><ul><li></li></ul></ul></ul>
  22. 22. Data Integrity Checks <ul><li>Data validation </li></ul><ul><ul><li>Annual Review </li></ul></ul><ul><ul><li>Confirmations </li></ul></ul><ul><ul><li>Data exchanges </li></ul></ul><ul><ul><li>Government interoperability </li></ul></ul><ul><li>Technology </li></ul><ul><ul><ul><li></li></ul></ul></ul>
  23. 23. Evidence Of Problems <ul><li>Data integrity issues: </li></ul><ul><li>Duplicates </li></ul><ul><li>Addresses </li></ul><ul><li>Out of date data </li></ul><ul><ul><ul><li></li></ul></ul></ul>
  24. 24. Compliance Tools <ul><li>False lodgement </li></ul><ul><li>Bannings </li></ul><ul><li>Civil remedies </li></ul><ul><li>Criminal remedies </li></ul><ul><ul><ul><li></li></ul></ul></ul>
  25. 25. Evidence Of Problems <ul><li>Fraud: </li></ul><ul><li>Registry complaints of fraudulent activities </li></ul><ul><li>Bud Gerigar and Humphrey B Bear </li></ul><ul><ul><ul><li></li></ul></ul></ul>
  26. 26. Meeting The Challenge <ul><li>Government position </li></ul><ul><li>Australian Crime Commission </li></ul><ul><li>National Identity Security Strategy </li></ul><ul><ul><ul><li></li></ul></ul></ul>
  27. 27. Meeting The Challenge <ul><li>National ‘e’ Authentication framework: </li></ul><ul><li>Balancing risk and user experience </li></ul><ul><li>Agency specific model </li></ul><ul><li>Reuse of credentials </li></ul><ul><li>5 levels of security </li></ul><ul><ul><ul><li></li></ul></ul></ul>
  28. 28. Meeting The Challenge <ul><li>ASIC’s implementation of the National ‘e’ Authentication framework </li></ul><ul><li>AUSKey </li></ul><ul><ul><ul><li></li></ul></ul></ul>NeAF Level ASIC Solution Level 0 Direct public access, no authentication necessary Level 1 Basic authentication (username / password ) Level 2 Digital certificates (such as Auskey) Level 3 No present solution. 'two factor‘ authentication Level 4 No present solution & unlikely.
  29. 29. Summary <ul><li>ASIC functions and registers </li></ul><ul><li>Technology and registry modernisation program </li></ul><ul><li>Data quality challenges </li></ul><ul><li>Fraudulent activity </li></ul><ul><li>Government priorities </li></ul><ul><li>ASIC direction </li></ul><ul><ul><ul><li></li></ul></ul></ul>