In the wake of our previous article on the introduction of Mandatory Breach Reporting for Australian Financial Services (AFS) and Australian Credit (AC) licensees, these obligations have now been in force for a couple of months. Due to these changes, most licensees that we interact with have experienced a very large increase in the volume of their reportable breaches. In the wake of this influx, ASIC is likely to be more active than ever – and they have an extensive toolbox of enforcement options at their disposal.
Due to its flexibility and ease of use, one of the enforcement tools that ASIC has the potential to utilise to a greater extent than Court action is infringement notices. Infringement notices are strict liability offences that are easy for ASIC to issue – essentially, expensive parking tickets. These enable ASIC to hand out fines that act as a strong punitive measure and deterrent to misconduct.
Following the Financial Services Royal Commission, the Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Act 2019 (Penalties Act) was introduced. This increased the financial exposure of both individuals and corporations by consolidating the penalty frameworks in many of Australia’s most significant pieces of legislation, and broadening the scope and severity of their civil penalty provisions.
One of ASIC’s primary enforcement mechanisms as a Government regulator is to use its enforcement powers as a punitive measure and corrective tool to deter misconduct. The introduction of mandatory breach reporting coupled with ASIC’s enhanced enforcement powers combine to create a varied enforcement toolbox. The Penalties Act also expanded the existing infringement notice regime.
If on reasonable grounds, ASIC believes that an individual or corporation has contravened a provision subject to an infringement notice, they can issue an infringement notice for the alleged contravention. All strict and absolute liability offences, prescribed offences and civil penalty provisions are subject to an infringement notice. ASIC has the discretion to issue these notices on a strict liability basis – no defence or challenge can be raised. The notice penalty must be paid, otherwise the business risks ASIC rescinding their licence as a worst-case scenario.
For most offences, including strict and absolute liability offences, the maximum penalty will be half of the pecuniary penalty for the relevant offence. ASIC will issue notices with a maximum penalty of 12 penalty units for individuals and 60 penalty units for corporations for contraventions of civil penalty provisions. Under the NCCP Act, the maximum penalty issued under an infringement notice is one fifth of the pecuniary penalty for the relevant offence, and 50 penalty units for individuals and 250 penalty units for bodies corporate for breaches of civil penalty provisions.
Of the hundreds of civil penalty provisions scattered throughout key credit and financial services legislation, the following are examples of breaches that must be reported to ASIC. If ASIC has reason to believe that they have been contravened, penalties will be payable under an infringement notice. They may not be liable to be prosecuted in a court or for a pecuniary penalty for the alleged contravention.
Individual breaches, such as disclosing incorrect information to a customer over the phone or a system error which results in an annual statement being sent to a client that is inaccurate by $10, are not likely to be pursued by ASIC by way of an infringement notice. However, if there are multiple reports of a similar breach, it may become apparent that the licensee can no longer comply with your obligations under the financial services laws or credit legislation. Frequent breaches will increase the likelihood of ASIC issuing infringement notices to penalise this conduct, as the seriousness of the suspected misconduct is of a greater magnitude, and the licensee has arguably not engaged in appropriate conduct after the alleged contravention(s) occurred. As a result, the following are examples contraventions which may be subject to an infringement notice.
Each of the examples mentioned are contraventions of the relevant provisions and must be reported to ASIC. Failure to do so could potentially result in an infringement notice. It is important to reiterate that these are strict liability offences that will be issued quickly. See our breach reporting article here.
Following the introduction of the Penalties Act, ASIC has had the ability to impose civil penalties for failing to report a breach. Civil penalties for individuals, are up to 5,000 penalty units (currently $1.11 million), and the highest of 50,000 penalty units (currently $11.1 million), three times the benefit obtained, and detriment avoided, or 10% of annual turnover (capped at 2.5 million penalty units or $555 million) for body corporates for each civil penalty provision.
While daunting, the above penalties are not the extent of ASIC’s enforcement powers. In the event of serious or serial misconduct by a licensee, ASIC may resort to imposing conditions on an AFS or AC licensee, or even suspend their licence.
For example, in recent breaches of client money handling provisions by AFS licensees, ASIC has imposed licence conditions including:
Licence conditions of this nature will necessitate greatly increased expenditure on compliance and remediation, and may also result in the licensee having to alter its business practices to adapt to newly imposed licence requirements.
A step further than this is the consequence that every licensee must attempt to avoid at all costs, a suspension or revocation of their licence. Due to the highly regulated nature of the credit and financial services industries in today’s world, this essentially acts as a serious blow to any business, as continuing in the industry without the appropriate licence is impossible.
Due to the powers available to ASIC, and the likelihood of them being utilised more due to the volume of reporting that is likely to occur, it is more important than ever for AFS and AC licensees to have adequate systems in place to ensure they are compliant with breach reporting requirements. This includes measures such as ensuring robust arrangements are in place with all persons acting on behalf of the licensee including authorised representatives and credit representatives, implementing a training scheme for employees to ensure they are aware of the circumstances that may cause a breach to occur, and having robust policies and procedures in place to assign processes, roles and responsibilities within the business.
Gadens is a market leader in the compliance and regulatory space and has developed a number of bespoke RegTech resources to assist AFS and AC licensees to assess and report their activities and pick up on reportable breaches, and assist with both of these processes. See the Gadens Breach manager platform website here: https://breachmanager.gadens.com/.
Otherwise, we encourage you to contact your Gadens lawyer to assist you in preparing for what will be one of the biggest changes to the financial services regulatory landscape in 2021.
If you found this insight article useful and you would like to subscribe to Gadens’ updates, click here.
Liam Hennessy, Partner
Freda Zacharia, Senior Associate
Cameron Jones, Graduate
Georgia Bunz, Vacation Clerk
 Corporations Act 2001 (Cth) (Corporations Act), ASIC Act 2001 (Cth) (ASIC Act), National Consumer Credit Protection Act 2009 (Cth) (NCCP Act) and Insurance Contracts Act 1984 (Cth).
 Corporation Act s1317DAP(2)(a).
 Corporation Act s1317DAP(2)(c).
 NCCP Act s288L.
 Corporation Act s1317DAP(1)(i).
 Corporations Act ss601FC(1), 1311F, 1317DAP(2)(a).
 Corporations Act ss961L, 1317DAP(2)(c).
 National Credit Code s23(1); NCCP Act s288L(s).
 NCCP Act ss99, 288L(s).
 NCCP Act ss95, 288L(s).
 Corporations Act ss912A(1)(b), 912D(5), 1317DAP(2)(c); NCCP Act ss47(1)(c), 50A(5), 288L(s).
 Corporations Act ss912A(1)(d), 1317DAP(2)(c).
 NCCP Act ss46, 47(1)(k).
 NCCP Act s47(1)(l); Corporations Act s912A(1)(h).