COVID-19 brings dangers of offshoring SMSF trustee data into sharper focus


1 May 2020

In a 2017 survey of self-managed super fund (SMSF) trustees, 97 percent of survey respondents said they believed offshoring SMSF data was not secure. When asked if they would reconsider the services offered by an Australian based SMSF provider if they were advised their personal financial information was going to be sent offshore for processing, 95 per cent said they would. [1]

That’s some staggering numbers. So, three years later, with borders around the globe closed and markets having plummeted off a cliff, where do we stand amid one of the largest global crises we’ve witnessed in several generations?

It seems the COVID-19 pandemic has brought the issue of offshoring SMSF administration into even sharper focus, particularly where it concerns data security.

For many smaller accounting firms, it is no longer viable or profitable to undertake their own SMSF accounting and compliance work due to the increasing costs facing the industry. Consequently, there has been a rise in the number of Australian accounting and advice businesses outsourcing parts of their operations to offshore providers in recent years.

So, what does this mean for SMSF trustees and accounting firms that use offshore providers? SMSF’s hold a significant amount of confidential personal data. So, when you consider that identity has been at the heart of almost every data breach in the past two years [2], the potential compromise of client data is a significant risk to trustees.

With lockdown measures in place from country to country and the majority of staff being forced to work from home, COVID-19 has only served to further exacerbate these risks by exposing operational risks firms had never considered before.

Supervisory arrangements that were previously based on a likely physical visit and subsequent sign-off of a secure site are difficult to maintain with the current restrictions in place. Distributed working arrangements have presented new ethical challenges with the Independent Commission against Corruption (ICAC) saying, “while the majority of employees are honest and trustworthy, there remains the possibility in any organisation for unscrupulous employees to take improper advantage of diminished control or supervision.” [3]

In response, SMSF trustees and accounting firms should be asking themselves the following key questions:

  • Are you aware of all the places that your/your clients’ confidential or critical data resides?

  • Do you have a level of comfort in relation to your/your clients’ data security given previously relied on security or privacy statements may have changed?

  • What checks and balances does your administrator have in place to make sure third party service providers handle data with care and quickly report/escalate any data breaches to you so that they can be handled appropriately?

  • Have circumstances materially changed for your administrator? For example, where work was done in one country is now done by another firm in another country. If yes, full disclosure should be provided.

Findex is the largest onshore SMSF administrator in Australia. With 130 SMSF specialists throughout the country in both regional and metro locations, all our data is kept in Australia and is not sent offshore. If you would like to discuss how we can assist you with the management and administration of your SMSF, get in touch with the team today.