01/12/2022

The recent decision of Justice Downes in Australian Securities and Investments Commission v Commonwealth Bank of Australia [2022] FCA 1422 highlights the ongoing thresholds applicable to regulators in relation to particularising and evidencing contravention proceedings.

Federal Court dismisses ASIC claim

On 29 November 2022, the Federal Court dismissed a claim brought by ASIC against CBA in which ASIC alleged that CBA notifying customers that a monthly account fee had been charged was misleading where, in fact, the customers may have been entitled to a waiver of those fees.

Key takeaways from ASIC v CBA [2022]

In dismissing the proceeding, the Court accepted the submission by CBA that ASIC had failed to properly particularise its case and was too reliant on recent precedents in which ASIC and the other parties had essentially agreed facts and the legal consequences said to flow from those facts. The Court also provided some useful guidance on the admissibility of comments made in breach reports and other statements.

Reliance on precedents

In relation to the systems and processes allegation, ASIC sought to rely on other decisions of the Federal Court, including ASIC v CBA [2020] FCA 790 (Beach J) and ASIC v ANZ [2022] FCA 1251 (O’Callaghan J). 

ASIC submitted that these decisions were demonstrative of where the Federal Court had previously accepted that brochures, application forms and terms and conditions contained implied representations that the CBA and ANZ had, and would continue to have, adequate systems and process to ensure that customers received benefits, fee waivers, and other discounts.

The Court rejected these submissions, observing that the decisions were of questionable reliability in circumstances where those cases proceeded on an agreed basis as to the facts, admissions and legal consequences. In particular, the Court noted that in both decisions, neither judge had been required to determine any of the factual matters on their merits but were rather asked to determine the penalty consequence as if those matters had been established.

The Court’s reasoning in the present case is a reminder of the great care that should be exercised before applying precedents from non-contested proceedings.

Admissibility of breach reports and other statements

ASIC also sought to rely on statements made by CBA in a compulsory breach notification sent by CBA to ASIC, and a statement made by CBA to ASIC under s 912C of the Corporations Act as factual admissions of contraventions or evidence of CBA’s systems and processes. In particular, ASIC sought to rely on statements made by CBA that they did not have ‘appropriate compliance measures’ in place to prevent or detect the conduct.

The Court held that the statements in the responses provided by CBA were inadmissible as evidence of admissions of misconduct. While ASIC sought to rely on the statements as admissions that CBA’s systems were not appropriate, the Court was concerned that it was not clear what CBA was actually admitting in the notice responses. Further and in the Court’s view, CBA’s references to ‘appropriate compliance measures’ raised a number of questions, such as what does ‘appropriate’ mean, what standards of compliance measures were being used as comparisons, and were facts were being relied on to form the conclusions in the responses the same as the ones being relied upon by ASIC.

Given this, the Court held that the statements made by CBA in its responses were not statements of fact, rather they were, at best, statements of opinion, to which limited weight could be attached.

ASIC seeking to rely on CBA’s breach notification and responses to a s 912C notice highlights the importance of the care that should be taken by entities when making breach reports and responding to information requests from regulators. It is clear from the submissions made by ASIC in this case that ASIC does seek to rely upon the statements that are made by entities in breach reporting processes.

Adequacy of systems

ASIC essentially submitted in the proceeding that the standard for ‘adequate systems and processes’ should be 100% success rate of those systems.

In considering these submissions, the Court noted that in its disclosure material CBA had told customers that sometimes it would get things wrong but would ensure that it would correct its mistakes.

In light of the disclosures made by the CBA and the lack of evidence provided by ASIC in relation to the adequacy of systems, the Court in ASIC v CBA [2022] did not accept ASIC’s submissions that the appropriate standard was a success rate was 100% which is a helpful acknowledgment that systems of complete perfection are often unavailable and that it’s not correct that banks will necessarily face a strict liability test where systems fail.

KNOWLEDGE ARTICLES YOU MAY BE INTERESTED IN:

No penalty and no prescriptive cybersecurity standard for Financial Services Licensees in landmark test case brought by ASIC
The Return of Certainty: Negotiated Resolutions in Civil Penalty Proceedings
Court imposes $11 million penalty on Flight Centre for attempted price-fixing
Expertise Area
Disputes + Investigations
Decarbonising Australia

DECARBONISING AUSTRALIA - SURVEY

Learn more
""

Visit SmartCounsel

Learn More