Investigatory powers

What powers do national financial services authorities have to examine and investigate compliance? What enforcement powers do they have for compliance breaches? How is compliance examined and enforced in practice?

ASIC has very broad powers to take action to regulate the financial services industry. Financial services providers have an obligation to keep ASIC informed of any significant breaches of its obligations or the law. However, where ASIC has reason to suspect there has been a potential breach, it has wide investigative powers to require a person or entity to provide documents, information and attend an examination, inspect documents, compel assistance with an investigation and apply for a search warrant. ASIC will consider a range of factors in deciding whether to take enforcement action. Enforcement may take the form of an adverse publicity order, public warning, infringement notice, enforceable undertaking, banning orders or disqualification of persons from managing corporations.

ASIC also has the ability to commence court proceedings against persons or entities, including obtaining injunctive relief, civil or criminal prosecution. Further, the Treasury Laws Amendment (Design and Distribution Obligations and Product Intervention Powers) Bill 2018 (Bill) has proposed the introduction of a product intervention power for ASIC. The Bill proposes to amend the Corporations Act and National Credit Act to provide ASIC the power to prevent or respond to significant consumer detriment in respect of certain financial products and credit products by making public intervention orders. Relevant factors to consider when determining whether risk of detriment is ‘significant’ include the nature and extent of the detriment (eg, whether any actual or potential financial loss is suffered) as well as the impact that the detriment has had, will have or is likely to have, on consumers.

APRA has broad powers to take enforcement action against uncooperative institutions (including associated persons). This may include taking control of the entity, effecting a restructure or exit from the industry. APRA may undertake a formal investigation into the affairs of an institution, with enforcement including additional conditions imposed on an institution’s licence, disqualification of individuals, restraining orders, enforceable undertakings, or criminal prosecution.

A key finding from the Royal Commission was that regulators had failed to take appropriate enforcement action in response to known compliance issues. The financial services industry is expecting more proactive and firmer action to be taken by regulators in the future. Despite both ASIC and APRA’s available powers, the Royal Commission has determined that the regulators have approached enforcement with insufficient stringency. Following these findings, both ASIC and APRA have commenced internal reviews of their enforcement procedures and committed to a firmer approach in the future to resolving issues with non-compliant corporations.

AUSTRAC may pursue a wide range of enforcement sanctions under the AML/CTF Act. These include imposing civil and criminal penalties (which can be significant in value), accepting enforceable undertakings, issuing infringement notices, giving remedial directions, and cancelling or suspending registrations of digital currency exchange providers and designated remittance services. AUSTRAC typically examines compliance through industry-wide or reporting-entity-specific surveillance, and utilises its cooperative enforcement powers (eg, enforceable undertakings, required compliance reviews). However, over the past few years AUSTRAC has become more active in pursuing civil and criminal penalties. In July 2015, the AUSTRAC CEO made an application for a civil penalty order against three related entities. The application was made after AUSTRAC found that there had been ‘extensive, significant and systemic non-compliance’. During proceedings, the group admitted it had insufficient processes for consistent management oversight, assurance and operational execution of its AML/CTF programme, and received a record A$45 million penalty.

More recently in mid 2018, following an AUSTRAC investigation into a major Australian bank’s compliance and risk-management practices, a A$700 million penalty and costs of A$2.5 million were awarded against the financial institution for failure to introduce appropriate controls to manage and mitigate risk. This is the largest civil penalty in Australian corporate history.

Disciplinary powers

What are the powers of national financial services authorities to discipline or punish infractions? Which other bodies are responsible for criminal enforcement relating to compliance violations?

See question 9. There are a range of other bodies that are responsible for compliance enforcement, depending on the law that has been contravened.

ASIC may pursue a variety of enforcement remedies, depending on the seriousness and consequences of the misconduct. These remedies include imposing criminal sanctions (eg, imprisonment or financial penalties, or both), civil penalties and revocation, suspending or varying a licence. APRA may also pursue criminal action against persons or institutions that are unwilling or unable to cooperate.

Additionally, the OAIC is responsible for investigating and taking appropriate enforcement action against contraventions of the Privacy Act and associated data and privacy obligations. Similarly, the ACCC has the power to investigate and take enforcement action for contraventions of the Competition and Consumer Act 2010 (Cth).

Currently, criminal cases under the Corporations Act must be brought in state courts and not at the federal level, with the Royal Commission finding that ASIC primarily instigates criminal proceedings in the financial services sector against individuals. Any criminal prosecutions for misconduct by banks and other financial institutions are heard in state courts and subsequently must compete with state cases for resources and scheduling. In late 2018, the Attorney-General’s Department conducted a review to consider whether the jurisdiction of the Federal Court should be broadened to include corporate crime on the basis that it may be able to manage cases faster and more efficiently than state courts. The outcome of the review is expected to be released in early 2019.


What tribunals adjudicate criminal and civil financial services infractions?

AFCA resolves disputes between consumers and financial services providers and may require a financial services firm to pay compensation, release security over a debt or reinstate, rectify or properly perform a contract. AFCA’s jurisdiction in adjudicating disputes between consumers and financial services firms is up to A$1 million per dispute. The monetary limit on awards the AFCA can make for a claim is A$323,500, except for general insurance broking, income stream product disputes and uninsured third-party motor vehicle claims.

The Administrative Appeals Tribunal (AAT) is an independent body that adjudicates civil financial services infractions by conducting a merits review of administrative decisions of corporation and financial services regulation. The AAT has the power to affirm, vary, set aside or remit a decision.

Criminal infractions are adjudicated in Australian courts only.


What are typical sanctions imposed against firms and individuals for violations? Are settlements common?

See question 10 with respect to sanctions and enforcement remedies.

While the court is never obliged to give effect to agreed settlements, it will always consider whether settlements are appropriate on the basis of materials provided by the parties and the contents of any agreed statement of facts.

Generally, ASIC has demonstrated a willingness for settlements as a way to reach cheaper and faster outcomes in most disputes. For ASIC, they can accept an enforceable undertaking and issue a media release, while the other party is able to avoid litigation and continue business operations. ASIC has also entered into settlement agreements with various banking institutions to provide compensation for losses suffered.

Despite ASIC’s willingness to reach settlement agreements, the Royal Commission has questioned this approach. The Royal Commission has found that ASIC has been too prepared to avoid compulsory enforcement action and instead attempt to settle all disputes by agreement, with such an approach often leaving facts unestablished in court and not challenging the effectiveness of the law.