November 10, 2025: Outsourcing specialists, Vital Business Partners (VBP) has urged financial advice businesses to review their outsourcing arrangements to ensure adequate governance and risk management, following the Australian Securities and Investments Commission’s recent review into the use of offshore service providers by financial services entities.
Last month, ASIC released the findings of its year-long review of offshore outsourcing identifying significant variations in the quality of risk management arrangements in relation to the use of offshore staff and calling on licensees and advice businesses to regularly assess the performance and suitability of their outsourcing arrangements.
Nathan Jacobsen, Chief Executive Officer of VBP, said the ASIC report highlighted the wide discrepancies that can exist between outsourcing models in terms of governance and compliance, reinforcing the value of partnering with an experienced outsourced service provider (OSP) that had proactive oversight and strong risk management capabilities to protect both clients and advice businesses.
“VBP is highly supportive of ASIC’s recommendations and heightened focus on offshore outsourcing to ensure that both consumers and advice businesses are not unnecessarily exposed to harm, such as their data being stolen through cyber incidents,” he said.
“Whether a business has a direct outsourced contracting arrangement or uses an intermediary, the obligations around areas like data, privacy and cyber security are the same. For those that choose to go direct, sole responsibility for assessing and monitoring outsourcing risk can be a significant burden.”
According to ASIC, licensees and advisers are exposed to critical risks associated with the loss of control over key functions to OSPs, disruptions to operational services and conflicting obligations due to foreign laws, requiring them to urgently close governance gaps and address weaknesses in their use of offshore providers.
Jacobsen said the advice and wealth management industry could expect greater scrutiny of offshore outsourcing arrangements, given the large and growing number of businesses outsourcing tasks to enable them to scale sustainably, improve performance and focus on seeing clients.
“It is in the best interests of consumers, advisers and the broader industry that all parties involved in the provision of advice, including suppliers and contractors, operate with a continuous focus on improving information security practices,” he said.
“The risks are only rising guaranteeing further regulatory scrutiny, and possibly intervention, if the industry cannot effectively and proactively manage these risks.”
VBP maintains a governance and risk management framework that meets the standards set out in Section 912A(1)(h) of the Corporations Act and the group’s internal controls, compliance programs and risk assessment processes are aligned with international standards, ISO 27001:2022 and ISO 31000:2018.
VBP’s frameworks are reviewed annually and actively supported by senior management to ensure ongoing regulatory alignment and operational resilience.
