ING’s decision to pause new applications for its $3.9 billion Living Super fund aims to safeguard members’ retirement savings from suspicious online activity, but also highlights how security measures can disrupt growth and intensify scrutiny on the third party trustee running the fund.
Anyone trying to join ING’s Living Super online is being redirected to an error page, a situation that has been in place since at least 19 February and follows repeated warnings from regulators for funds to tighten digital defences after last year’s attack on six major super funds. ING is a relatively small superannuation player with about 36,000 customers, but it still sits inside an industry holding around $4.5 trillion in assets, which makes any sign of unusual activity sensitive for regulators, trustees and members alike.
Behind the familiar banking brand, trustee duties for Living Super are outsourced to a separate provider. ING can take the initial step to halt sign ups, but the trustee ultimately has to be satisfied that the risk is resolved before new members are accepted again. Existing customers can still log in and manage their accounts as normal, and ING expects to start processing new applications again within about a week, once investigations into the abnormal spike in application activity are complete and both parties are comfortable with the safeguards in place.
The pause follows a recent credential stuffing cyberattack on six of the country’s largest super funds, where stolen login details from outside sources were used to breach accounts and caused losses of around $750,000 for a small number of members before being reimbursed. Since then, the prudential regulator has pushed funds to adopt tougher information security standards and has expressed irritation that some trustees have been slow to meet those expectations, which has increased the pressure on all players in the super ecosystem to prove their systems are resilient.
This latest issue also comes at a difficult time for ING’s trustee partner, which is already operating under extra licence conditions due to governance and due diligence failures tied to earlier investment offerings, and is being taken to court by the corporate regulator over alleged shortcomings in consumer protections. Several super fund clients that rely on this trustee for back office support appear to be reconsidering their arrangements amid concerns about governance, fee transparency and control over member charges. Another security related disruption looks likely to sharpen questions about whether outsourcing core trustee functions still offers the right balance between efficiency, accountability and member protection.
