ASIC Enforcement Wrap: February 2026

‍Key February Takeaways:

• Federal Court proceedings launched against Auto & General Services Pty Ltd for misrepresentations of its Budget Direct insurance policy discounts
• Continued oversight of AFSL and ACL holders, with six companies having their AFSL or ACL cancelled, suspended, or additional conditions imposed
• Petra Capital Pty Ltd fined $205,350 by the Market Disciplinary Panel for misreporting important regulatory data

Spotlight – FIIG Securities ordered to pay pecuniary penalties for cybersecurity failures

FIIG Securities Limited (FIIG) has been ordered by the Federal Court to pay a $2.5 million pecuniary penalty for failures in relation to cybersecurity measures. This is the first time the Court has imposed a pecuniary penalty for cybersecurity failures under general AFSL obligations. Financial services firms have been put on notice to prioritise cybersecurity for client information.

FIIG is authorised to deal with fixed income financial products and services under its Australian Financial Services License (AFSL). In the course of its business, FIIG collected and maintained personal client information, such as driver’s licenses and bank account details.

On 19 May 2023, FIIG information technology systems were the subject of  a cyberattack, resulting in 385GB of data being downloaded from FIIG’s servers. This included personal data of FIIG’s clients, some of which was published on the dark web.

ASIC commenced proceedings against FIIG for failing to protect itself and its clients against cybersecurity risks for the period between 13 March 2019 and 8 June 2023.

FIIG admitted in the Statement of Agreed Facts that its conduct contravened the obligations of a financial services licensee under sections 912A(1)(a), (d) and (h) and section 912A(5A) of the Corporations Act 2001 (Cth). These obligations include having adequate resources, including technological resources, and risk management services to provide financial services.

The Court noted that a successful cyberattack does not necessarily indicate that a licensee has failed to meet their statutory obligations concerning the protection of information. Rather, ASIC’s concerns, and the reason this case was commenced, was whether FIIG had adequate cyber protection systems in place.

FIIG admitted that its cybersecurity measures were inadequate. At the time of the cyberattack, FIIG did not 

• have a cyber incident response plan, 
• use scanning tools to identify vulnerabilities in their network, 
• implement the practice of monitoring threat alerts by IT personnel, and 
• conducted very minimal cybersecurity awareness training with its employees.

In considering the quantum for the penalty, the Court noted that:

• The financial loss to FIIG included remediation costs of approximately $1.5 million, which mitigated the need for a higher penalty than if the financial losses were sustained by third parties;
• ASIC and FIIG agreed to a substantial discount of the penalty for FIIG’s cooperation, which was wholly endorsed by the Court; and
• Specific deterrence to FIIG and general deterrence to AFSL holders would be achieved through the imposition of a $2.5 million penalty.

February in Summary – Enforcement Actions and Outcomes

Civil Action

Civil Proceedings Commenced

ASIC commenced one civil proceeding in the Federal Court:

• ASIC has launched Federal Court proceedings against Auto & General Services Pty Ltd, the insurer of Budget Direct insurance products, alleging online policy discount misrepresentations. ASIC alleges that between March 2020 and July 2024, Auto & General advertised online significant discounts of up to 30% for customers who purchased car, home, or motorbike insurance policies. Approximately 39,000 customers lost their online discount after making amendments to their policy, with the average premium discount loss amounting to roughly $100. ASIC argues that the advertising was misleading because customers were not told they would lose their discount following any changes, such as a change in address. ASIC further alleges that Auto & General first became aware of the issue as early as 2016 but failed to remediate the issue.

Criminal Action

Criminal Charges

Two individuals were charged with criminal offences:

• John William Muir has been charged with one count of authorising a false statement in a document lodged with ASIC, contrary to section 1308(1) of the Corporations Act. At the time of the alleged offence, Mr Muir was the director of JW Tiling & Stone Pty Ltd. ASIC alleges that on 12 July 2024, Mr Muir authorised lodgement of a form to deregister the company which contained a declaration that the company had no outstanding liabilities. However, Mr Muir knew this declaration was false because the company owed roughly $195,000 to a creditor. 
• Byson James Kete Turner, a former director of Links Support and Consulting Services Pty Ltd (Links), has been charged with eight counts of dishonestly using his position as a director to gain an advantage and two counts of failing to appear at an ASIC examination. Links operated as an unregistered provider of services under the National Disability Insurance Scheme. ASIC alleges that Mr Turner unlawfully made 2,782 transfers totalling $858,948 from Links to various accounts in his name, including Sportsbet and Apple. ASIC also alleges that Mr Turner failed to attend two ASIC examinations on 10 May 2024 and 30 May 2024.

Charges Dismissed

One individual had criminal charges dismissed:

• Mark Stevens has had one charge of dishonestly causing financial disadvantage by deception contrary to section 192E(1)(b) of the Crimes Act 1900 (NSW) while he was the director of MWCLMS Pty Ltd (in Liquidation) dismissed. Following a four-day hearing in the Downing Centre Local Court, Mr Stevens was acquitted.

Administrative Action

Director Disqualifications

ASIC disqualified two individuals from managing corporations:

• Claire Mary Moore, a former Queensland senator, has been disqualified from managing corporations for four years until 17 December 2029. Ms Moore was appointed as director of Warwick Gold Holdings Pty Ltd and Impact Gold Ltd in 2023, where both companies entered liquidation in 2024. Upon entering liquidation, the companies had raised $44 million from roughly 400 shareholders for purported gold and precious mining operations in Papua New Guinea and Queensland. ASIC found that Ms Moore failed to meet her obligations as a director by failing to take part in the management of the companies, failing to ensure Impact Gold maintained adequate financial records, and failing to assist the liquidator.
• Kylie Jane Campbell has been disqualified from managing corporations for the maximum period of five years until 20 January 2031. Between June 2017 and May 2022, Ms Campbell was a director of Englobo Group Holdings Pty Ltd, Agritrade Fund Pty Ltd and Entertainment Group Pty Ltd. The three companies owe a combined total of $4.55 million to unsecured creditors, including approximately $3.3 million to unsecured trade creditors. ASIC found that Ms Campbell did not know or understand her duties as a director by failing to assist the liquidators of each company, failed to lodge relevant documentation with the ATO and failed to maintain adequate financial records.

Licence Conditions, Suspension or Cancellation

Six companies had their Australian Financial Services Licence (AFSL) or Australian Credit Licence (ACL) have conditions imposed, suspended or cancelled:

• Centre Capital Securities Pty Ltd had their AFSL and ACL cancelled by ASIC effective 29 January 2026 because Centre Capital Securities failed to pay industry funding levies which were outstanding for over 12 months.
• Cambridge Mercantile (Australia) Pty Ltd (Cambridge), a subsidiary of Corpay Inc., had additional licence conditions imposed on their AFSL following compliance failures. ASIC raised concerns that Cambridge misclassified more than 2,800 retail clients as wholesale clients, did not promptly remediate affected clients, failed to manage conflicts of interest, failed to maintain its risk management systems, and breached its financial resource requirements. The additional licence conditions require Cambridge to prepare a remediation plan, appoint an independent expert, and have the expert assess the effectiveness of the remediation plan.
• Pulse Markets Pty Ltd, a securities dealer, had their AFSL cancelled effective 11 February 2026. ASIC found that Pulse Markets committed serious and sustained breaches of its duties under s912A of the Corporations Act 2001. ASIC found that Pulse Markets failed to comply with its obligations, including a failure to adequately supervise its Corporate Authorised Representatives providing financial services under its AFSL.
• Superfast AM Pty Ltd had its AFSL cancelled effective 13 February 2026 because Superfast ceased to carry on a financial services business. However, Superfast’s AFSL will continue in effect until 9 February 2027 for Superfast in order to maintain its membership with the Australian Financial Complaints Authority. The cancellation of its AFSL is part of ASIC’s ongoing investigation into Superfast and its associated entities.
• Red Panda Future Wealth Pty Ltd (Red Panda) had its AFSL cancelled effective 16 February 2026 because Red Panda ceased to carry on a financial services business. However, Red Panda’s AFSL will continue in effect until 9 February 2027 for Red Panda’s to maintain its membership with the Australian Financial Complaints Authority. The cancellation of its AFSL is part of ASIC’s ongoing investigation into Red Panda and its associated entities.
• Private Wealth Pty Ltd has had its AFSL cancelled effective 12 February 2026 due to payments by the Compensation Scheme of Last Resort (CSLR). On 30 June 2025 and 31 July 2025, the Australian Financial Complaints Authority  made two determinations against Private Wealth, which Private Wealth failed to pay. On 3 December 2025, the CSLR made two payments of $60,317.40 and $54,963.84 for the AFCA determinations and notified ASIC.

Bans

ASIC has banned three individuals from the financial services industry:

• Patrick Nong has been permanently banned, effective 13 January 2026, from providing financial services, controlling an entity that carries on a financial services business, or carrying on a financial services business. He was banned for engaging in conduct relating to a financial product or service which is misleading or deceptive. Mr Nong provided financial advice to clients as an authorised representative of AMP Financial Planning Pty Ltd. On three occasions between October 2023 and September 2024, Mr Nong signed documents on behalf of four clients without their consent and sent those documents to be processed. As a result, fees were withdrawn from the clients’ superannuation accounts.
• David Mario Valvo has been permanently banned, effective 22 January 2026, from providing financial services, controlling an entity that carries on a financial services business, or carrying on a financial services business. Between July 2019 and January 2020, Mr Valvo dishonestly obtained $110,000 from his clients’ superannuation accounts by falsifying adviser fee forms which authorised withdrawals from their superannuation accounts. He was convicted in 2025 of engaging in dishonest conduct while carrying on a financial services business.
• Neil McPherson has been banned for four years, effective 5 February 2026, from providing financial services, controlling an entity that carries on a financial services business, or carrying on a financial services business. While Mr McPherson was authorised by MWL Financial Services Pty Ltd, ASIC found that he gave inappropriate advice to certain clients that was not in their best interests. ASIC has reason to believe that he is not a fit and proper person, is not competent, and is likely to contravene a financial services law.

Market Disciplinary Panel (MDP)

The MDP handed down one decision:

• Petra Capital Pty Ltd, a stockbroking firm in Sydney, has been fined $205,350 by the MDP for misreporting regulatory data. The MDP found that Petra Capital failed to provide accurate information – specifically, unique codes used to identify client transactions. The inconsistent use of client reference information led to one client appearing as multiple clients on 3,632 occasions, which affected 14,741 trades between 3 March 2022 and 5 December 2023. The MDP found that Petra Capital was careless and should have taken steps to ensure its report complied with the law.

Infringement Notice

ASIC issued one infringement notice to one company:

• Fundhost Limited, as the responsible entity of the Polen Capital Global Growth Fund (Fund), has paid $19,800 after being issued an infringement notice by ASIC. Between 15 March 2021 and 20 February 2025, a performance chart appeared on the website of Fundhost’s agent and the investment manager of the Fund, Montgomery Investment Management Pty Ltd. The performance chart depicted that the Fund had outperformed the MSCI ACWI Net Total Return Index since its inception on 15 March 2021, when this was not true. 

If any of the above is relevant to you or you want to know more, please feel free to get in touch.

‍

The contents of this article do not constitute legal advice and it is not intended to be a substitute for legal advice and should not be relied upon as such.  It is designed and intended as general information in summary form, current at the time of publication, for general informational purposes only.  You should seek legal advice or other professional advice in relation to any particular legal matters you or your organisation may have.

‍