4.1 security data & hijacking of companies (australia)
TRANSCRIPT
Security of Data
Hijacking of Companies
Corporate Registers Forum Mauritius April 2010
Rosanne Bell, Senior Executive Leader
Registry Services and Licensing, Australian Securities and Investments Commission
www.asic.gov.au
The Integrity of Corporate Registers
2
Australia
Australia
• Australia's land area : 7.7 million square kilometres
• Australia's population : 22 million
3
4
Australia - Uluru
5
Australia – Great Barrier Reef
6
Australia - Sports
7
CRF Melbourne 2005
8
ASIC
ASIC is Australia’s corporate, markets, financial and credit services regulator.Our responsibilities are to:
• maintain, facilitate and improve the performance of the financial system and entities in it
• promote confident and informed participation by investors and consumers in the financial system
• administer the law effectively and with minimal procedural requirements
• enforce and give effect to the law
• receive, process and store, efficiently and quickly, information that is given to us
• make information about companies available to the public as soon as practicable
9See our website at www.asic.gov.au
ASIC
10
• 1,800 total ASIC staff
• 400 Real Economy staff – the ‘front door’ to ASIC
• 200 registry and licensing staff
• Appropriation model
16 Public Registers
11
• Companies (1.74 million)• Disqualified Company Directors and Other (2,515)• Company Charges (1.33m)• Registered Australian Bodies (1,023)• Foreign companies (3,195)• Reserved Names• Managed investment schemes (4,895)• Australian Financial Services Licensees (4,876)• Authorised Representatives of Australian Financial Services Licensees (62,866)• Auditors (5,295)• Liquidators (664)• Official Liquidators (498)• Banned or Disqualified Persons (3,044)• Trustee Debenture Holders• Licensees (search only)• Futures Licensees (search only)
New Registers
12
• National Consumer Credit, July 2010, 10,000
• National Business Names, April 2011, 1.8 million
Register
24/7
Registry Modernisation
Provide outstanding and cost effective services to all Real Economy Stakeholders through:
• Upgrading technology• New and improved online services• Customer centric approach• Connectivity
13
ASIC’s Companies Register
• Over 1.7 million companiesPublic 21,439Proprietary 1,721,507
• 150,000 company registrations per annum
• 4.7 million officeholder roles Directors 3,054,615Secretaries 1,675,880
• 30,000 financial accounts pa
• 800,000 changes of details pa 14
15
Annual Review
• Annual statement issued at review date
• Review company details and notify changes
• Pay annual review fee
• Pass a solvency resolution and notify as required
Global Financial Crisis
2008/09:
• Company registrations down 8.7%
• Voluntary company deregistration up 10%
• Registrations of charges over company assets down 14.6%
• External Administrations up 26.5%
• Registry searches up 15%
16
Registry Clients
17
Channels
18
• over 70% of lodgements online
• 85% company registrations online & digital certificates
Current Authentication Model
Features:
• Legislation
• Government direction
• Process and Technology
19
Legislation
• No unique person identifier
• No validation of signatures on paper documents
• No person validation or proof of identify
20
Authentication Process and Technology
• Corporate Key
• Authorising a Registered Agent
21
Data Integrity Checks
• Data validation
Annual Review
Confirmations
Data exchanges
Government interoperability
• Technology
22
Evidence Of Problems
Data integrity issues:
• Duplicates
• Addresses
• Out of date data
23
Compliance Tools
• False lodgement
• Bannings
• Civil remedies
• Criminal remedies
24
Evidence Of Problems
Fraud:
• Registry complaints of fraudulent activities
• Bud Gerigar and Humphrey B Bear
25
Meeting The Challenge
• Government position
• Australian Crime Commission
• National Identity Security Strategy
26
Meeting The Challenge
National ‘e’ Authentication framework:
• Balancing risk and user experience
• Agency specific model
• Reuse of credentials
• 5 levels of security
27
Meeting The Challenge
• ASIC’s implementation of the National ‘e’ Authentication framework
• AUSKey
28
NeAF Level ASIC Solution
Level 0 Direct public access, no authentication necessary
Level 1 Basic authentication (username / password )
Level 2 Digital certificates (such as Auskey)
Level 3 No present solution. 'two factor‘ authentication
Level 4 No present solution & unlikely.
Summary
• ASIC functions and registers
• Technology and registry modernisation program
• Data quality challenges
• Fraudulent activity
• Government priorities
• ASIC direction29