Page:Cybersecurity Act 2018.pdf/49

50 Unlicensed cybersecurity service provider not to recover fees, etc.

31. Any person who provides any licensable cybersecurity service is not entitled to bring any proceeding in any court to recover any commission, fee, gain or reward for the service provided unless, at the time of providing the service, the person is the holder of a valid cybersecurity service provider’s licence.

Financial penalty

32.—(1) This section applies where a licensee—
 * (a) contravenes a provision of this Part, which contravention is not an offence; or
 * (b) fails to comply with any condition imposed by the licensing officer on the licence.

(2) On the occurrence of a contravention or failure to comply mentioned in subsection (1), the licensing officer may, in addition to or instead of taking any action under section 30(1) or (2), order the licensee to pay a financial penalty of an amount not exceeding $10,000 for each contravention or failure to comply, but not exceeding in the aggregate $50,000.

(3) The order mentioned in subsection (2) must specify the date by which the financial penalty is to be paid.

Licensing officer to give opportunity to make representations before ordering financial penalty

33.—(1) Subsections (2) to (6) apply before the licensing officer makes an order under section 32(2).

(2) The licensing officer must give the licensee written notice of—
 * (a) the licensing officer’s intention to make the order under section 32(2); and
 * (b) the date on which the licensing officer intends to make the order.

(3) The date mentioned in subsection (2)(b) must not be earlier than 21 days after the date of the written notice in subsection (2).