4.1 security data & hijacking of companies (australia)

Security of Data

Hijacking of Companies

Corporate Registers Forum Mauritius April 2010

Rosanne Bell, Senior Executive Leader

Registry Services and Licensing, Australian Securities and Investments Commission

www.asic.gov.au

rosanne.bell@asic.gov.au

The Integrity of Corporate Registers

2

Australia

Australia

• Australia's land area : 7.7 million square kilometres

• Australia's population : 22 million

3

4

Australia - Uluru

5

Australia – Great Barrier Reef

6

Australia - Sports

7

CRF Melbourne 2005

8

ASIC

ASIC is Australia’s corporate, markets, financial and credit services regulator.Our responsibilities are to:

• maintain, facilitate and improve the performance of the financial system and entities in it

• promote confident and informed participation by investors and consumers in the financial system

• administer the law effectively and with minimal procedural requirements

• enforce and give effect to the law

• receive, process and store, efficiently and quickly, information that is given to us

• make information about companies available to the public as soon as practicable

9See our website at www.asic.gov.au

ASIC

10

• 1,800 total ASIC staff

• 400 Real Economy staff – the ‘front door’ to ASIC

• 200 registry and licensing staff

• Appropriation model

16 Public Registers

11

• Companies (1.74 million)• Disqualified Company Directors and Other (2,515)• Company Charges (1.33m)• Registered Australian Bodies (1,023)• Foreign companies (3,195)• Reserved Names• Managed investment schemes (4,895)• Australian Financial Services Licensees (4,876)• Authorised Representatives of Australian Financial Services Licensees (62,866)• Auditors (5,295)• Liquidators (664)• Official Liquidators (498)• Banned or Disqualified Persons (3,044)• Trustee Debenture Holders• Licensees (search only)• Futures Licensees (search only)

New Registers

12

• National Consumer Credit, July 2010, 10,000

• National Business Names, April 2011, 1.8 million

Register

24/7

Registry Modernisation

Provide outstanding and cost effective services to all Real Economy Stakeholders through:

• Upgrading technology• New and improved online services• Customer centric approach• Connectivity

13

ASIC’s Companies Register

• Over 1.7 million companiesPublic 21,439Proprietary 1,721,507

• 150,000 company registrations per annum

• 4.7 million officeholder roles Directors 3,054,615Secretaries 1,675,880

• 30,000 financial accounts pa

• 800,000 changes of details pa 14

15

Annual Review

• Annual statement issued at review date

• Review company details and notify changes

• Pay annual review fee

• Pass a solvency resolution and notify as required

Global Financial Crisis

2008/09:

• Company registrations down 8.7%

• Voluntary company deregistration up 10%

• Registrations of charges over company assets down 14.6%

• External Administrations up 26.5%

• Registry searches up 15%

16

Registry Clients

17

Channels

18

• over 70% of lodgements online

• 85% company registrations online & digital certificates

Current Authentication Model

Features:

• Legislation

• Government direction

• Process and Technology

19

Legislation

• No unique person identifier

• No validation of signatures on paper documents

• No person validation or proof of identify

20

Authentication Process and Technology

• Corporate Key

• Authorising a Registered Agent

21

Data Integrity Checks

• Data validation

Annual Review

Confirmations

Data exchanges

Government interoperability

• Technology

22

Evidence Of Problems

Data integrity issues:

• Duplicates

• Addresses

• Out of date data

23

Compliance Tools

• False lodgement

• Bannings

• Civil remedies

• Criminal remedies

24

Evidence Of Problems

Fraud:

• Registry complaints of fraudulent activities

• Bud Gerigar and Humphrey B Bear

25

Meeting The Challenge

• Government position

• Australian Crime Commission

• National Identity Security Strategy

26

Meeting The Challenge

National ‘e’ Authentication framework:

• Balancing risk and user experience

• Agency specific model

• Reuse of credentials

• 5 levels of security

27

Meeting The Challenge

• ASIC’s implementation of the National ‘e’ Authentication framework

• AUSKey

28

NeAF Level ASIC Solution

Level 0 Direct public access, no authentication necessary

Level 1 Basic authentication (username / password )

Level 2 Digital certificates (such as Auskey)

Level 3 No present solution. 'two factor‘ authentication

Level 4 No present solution & unlikely.

Summary

• ASIC functions and registers

• Technology and registry modernisation program

• Data quality challenges

• Fraudulent activity

• Government priorities

• ASIC direction29