By Ian Ramsay and Mihika Upadhyaya

Compliance programs are an established feature of the Australian regulatory landscape. The Australian Securities and Investments Commission (ASIC) has, since the early 2000s, regularly settled enforcement actions on the basis that the alleged offender would, among other matters, implement or improve a compliance program. In addition, courts may, on application by ASIC, order a person who has contravened certain sections of the Australian Securities and Investments Commission Act 2001 (ASIC Act) or the Corporations Act 2001 (Corporations Act) to implement a compliance program.

There are many benefits to an effectively designed and implemented compliance program. The most obvious benefit is that it helps a corporation to avoid breaking the law and then suffering the consequences. This has numerous aspects. First, it ensures employees are aware of the content of the law and reduces the likelihood of them engaging in prohibited conduct. Second, it enables employees to detect behavior that may result (or has resulted) in a contravention before the regulator takes action to remedy the potential breach. Third, it reduces the chance that the corporation will incur significant costs in defending a prosecution or private action. These costs include not only legal costs, but also the costs of negative publicity and disruption to the business. Fourth, even if a corporation is successfully prosecuted, Australian courts have taken the view that corporations that have instituted effective compliance programs may be entitled to a reduction in penalties. Thus, the implementation of an effective compliance program can assist in a plea of mitigation where a penalty is to be imposed following a finding of a breach of the law. Companies with inadequate or poorly implemented compliance programs will not be so rewarded.

In a recent article, we study compliance programs introduced or amended in response to ASIC enforcement from 2016 to 2020, whether required by a court order or an enforceable undertaking (EU).

Compliance programs implemented under ASIC EUs

An EU is a remedy available to ASIC under the ASIC Act for breaches of legislation that ASIC is responsible for enforcing. It is an administrative settlement that ASIC may accept as an alternative to civil court action or other administrative actions. ASIC publishes EUs it has entered into on the ASIC EU register.

A requirement to implement or amend a compliance program was contained in 42% of all ASIC EUs entered into between 2016 and 2020. The most frequently occurring category of misconduct that led to the EUs containing compliance programs was failures relating to the provision of personal financial advice, followed by breaches of responsible lending obligations and inadequacies within wholesale foreign exchange businesses.

Compliance programs required by ASIC EUs contain some notable features. Just under half contain no substantive requirements as to what the compliance program is to contain, instead requiring only that it be sufficient to comply with specified legislation, an ASIC Regulatory Guide or contractual obligations. Just over half do contain substantive requirements.

Nearly all EUs requiring compliance programs also require the promisor to hire an independent expert to review and report on the implementation of the compliance program. In none of these cases is the full text of the expert’s report made publicly available; although, in a small minority of cases, a summary expert report is published on the ASIC EU register. In addition, ASIC will in most cases publish an ASIC compliance report recording the promisor’s compliance with the EU. However, the ASIC compliance reports do not contain enough detail to evaluate why the implementation or revision of the compliance program was deemed to be adequate or not adequate. Expert reports do not seem to ever be published in their entirety, only a few summary expert reports have been published and some of these tend to lack detail on why the compliance program was deemed adequate. This lack of transparency is concerning for several reasons. First, meaningful public information about the assessment of compliance programs is important in terms of accountability, to ensure that the EU framework is working effectively. Second, there are benefits from regulated entities learning about the compliance programs of other regulated entities that have been assessed as effective, including compliance programs implemented as a result of ASIC enforcement. Third, meaningful public information about the assessment of compliance programs can be important for deterrence, that is, so there is an understanding in the regulated community that if ASIC or an independent expert finds compliance is deficient, then ASIC will deal with these deficiencies appropriately. Fourth, ASIC has stated that the publication of summary expert reports will promote the integrity of, and public confidence in, financial markets and corporate governance,[1] but this cannot occur if summary expert reports are published only rarely. Fifth, reviews of ASIC practices regarding the use of EUs have emphasised the importance of publicity regarding compliance with the EUs.[2] Despite these important benefits, the information made available by ASIC on the EU register on the effectiveness of EU-required compliance programs is minimal at best.

Compliance programs ordered by courts on application by ASIC

Compliance programs are less commonly the subject of court orders made under the ASIC Act and the Corporations Act. This is more a reflection of the fact that ASIC has not frequently sought an order for the implementation of a compliance program under these Acts than any reluctance by the courts to grant such orders: in all the cases where ASIC applied for such an order, the court granted one (if not necessarily in the terms sought by ASIC). In contrast to compliance programs required by EUs, all court-ordered compliance programs contained substantive requirements about what the compliance program was to contain. For example, the compliance program ordered in ASIC v Westpac Banking Corporation (No 3), in which Westpac Banking Corporation was found to have manipulated the Bank Bill Swap Reference rate (BBSW), required that Westpac ensure it had explicit policies and procedures in relation to trading Prime Bank Bills in the Bank Bill Market, adequate training of relevant staff to ensure they were not instructed to trade with the sole or dominant purpose of influencing the BBSW, and maintenance of an appropriate information barrier between Westpac’s Group Treasury and Financial Markets divisions.[3]

A majority of these court orders also required the hiring of an independent expert to review the compliance program; again, however, the reports of these experts were not made publicly available.

Relevant considerations for ASIC in deciding whether to have a corporation implement a compliance program by way of a court order or an EU include not only whether ASIC is also seeking other orders, such as penalties that only a court can impose, but also the cost and time associated with litigation compared to an EU. Another consideration is that the new chair of ASIC has recently indicated in media interviews a greater willingness to use EUs.[4]  If ASIC does make a greater use of EUs, then it would be even more important for ASIC to address the deficiencies in EUs identified in our research; namely, that the reports published by ASIC on compliance with EUs contain very little substantive detail on the implementation or revision of compliance programs required by EUs, making it difficult to assess why a compliance program was or was not deemed adequate to comply with the EU. Improving the EU process would, in the opinion of the authors, enhance transparency, accountability, deterrence and public confidence in the EU regulatory framework.

Footnotes

[1] ASIC, Enforceable Undertakings (Regulatory Guide No 100, November 2021) [100.69].

[2] See Senate Economics References Committee, Parliament of Australia, Performance of the Australian Securities and Investments Commission (Final Report, 26 June 2014) [17.54] where the Committee recommends that ASIC ‘consider ways to make the monitoring of ongoing compliance with the undertaking more transparent, such as requiring that reports on the progress of achieving the undertaking’s objectives are, to the extent possible, made public’ and Australian National Audit Office, Administration of Enforceable Undertakings (Auditor-General Report No 38 of 2014-15, 2 June 2015) [4.45]-[4.48]. 

[3] Australian Securities and Investments Commission v Westpac Banking Corporation (No 3) [2018] FCA 1701; (2018) 131 ACSR 585, 629.

[4] ‘Joe Longo’s way: new ASIC chairman vows to litigate’, The Australian, online edition, 2 September 2021; ‘We love litigation, say new ASIC chiefs’, The Australian Financial Review, online edition, 3 September 2021.

Ian Ramsay is is Redmond Barry Distinguished Professor Emeritus, Melbourne Law School, University of Melbourne, Australia. Mihika Upadhyaya is Former Research Assistant, Centre for Corporate Law, Melbourne Law School, University of Melbourne.

Disclaimer

The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.