Governance and conduct obligations in financial services [1 ed.] 9780409343489, 040934348X

659 105 4MB

English Pages [612] Year 2017

Report DMCA / Copyright

DOWNLOAD FILE

Polecaj historie

Conduct and Accountability in Financial Services: A Practical Guide 9781526505200, 9781526505231, 9781526505224

Are you fully prepared for the implementation of the Senior Managers and Certification Regime across financial services

169 63 4MB Read more

On Duties: A Guide To Conduct, Obligations, And Decision-Making

656 107 400KB Read more

BPM in Financial Services, Second Edition [2]

This new Edition presents a curated collection of the best and most important chapters on Financial Services recently pu

1,328 139 12MB Read more

Goode on Payment Obligations in Commercial and Financial Transactions [4 ed.] 0414067975, 9780414067974

Goode on Payment Obligations in Commercial and Financial Transactions is the practitioner’s essential source of clear an

189 37 12MB Read more

Islamic Financial Services in the United Kingdom 9780748644872

This is the first book-length study of Islamic financial services in the United Kingdom. It describes the ways in which

159 77 1MB Read more

Financial Services [9 ed.] 9789352607761, 9352607767

The ninth edition of this highly successful reference-cum-textbook on Financial Services has been developed after thorou

2,618 308 12MB Read more

25 Top Financial Services Firms 9781582078014, 9781582078007

177 80 5MB Read more

Essentials of financial services. 9788182090736, 8182090733

1,849 97 21MB Read more

Economic and Financial Crime, Sustainability and Good Governance 3031340817, 9783031340819

This book addresses the most widespread forms of financial crime today, namely corporate fraud, corruption, tax fraud, t

213 45 7MB Read more

Women in Financial Services: Exploring Progress towards Gender Equality (Palgrave Macmillan Studies in Banking and Financial Institutions) 9783030934712, 9783030934705, 3030934713

126 55 2MB Read more

Governance and conduct obligations in financial services [1 ed.]
9780409343489, 040934348X

Author / Uploaded
Leif Gamertsfelder

Table of contents :
Full Title
Copyright
Foreword
Preface
Table of Cases
Table of Statutes
Table of Contents
Part A Outline
Chapter 1 Introduction
Overview
Interpreting and applying values-based laws
Structure of this book
Conclusion
Part B Duties Based on the Status of the Financial Services Participant
Chapter 2 Fiduciary and Equitable Duties at General Law
Introduction
Fiduciary and other equitable duties
Peculiarly fiduciary duties
The content of the duty
Conflict rule
No profit rule
Informed consent
Non-fiduciary obligation imposed by equity
Duty to act in best interests
Duty of care and skill
Duty to act in good faith
Duty to act for a proper purpose
Remedies
Conclusion
Chapter 3 Duties of Directors and Officers
Introduction
Duty to act with care and diligence
The duty at general law
Standard of care
The duty under s 180
Courts’ reluctance to review business judgments
Statutory business judgment rule
Duty to act in good faith
Duty to not improperly use position
Duty to not improperly use information
Reliance on others and non-delegable duties
Disclosures by whistleblowers
Liability and remedies
Ratification
Duty to act with care and diligence: s 180
Duty to act in good faith: s 181
Duty to not improperly use position: s 182
Duty to not improperly use information: s 183
Relief under s 1317S and s 1318 of the Corporations Act
Conclusion
Chapter 4 Duties of a Responsible Entity
Introduction
Duty to act honestly
Duty of care and diligence
Best interests duty
Best interests duty
Priority rule
Treat members equally and fairly
Duty to not use information to gain improper advantage
Duties of officers of a responsible entity
Reporting of breaches
Liability and remedies
Conclusion
Chapter 5 Duties of Registrable Superannuation Entities
Introduction
Duty to act honestly
Duty to exercise care, skill and diligence
Duty to act in the best interests of beneficiaries
Duty to give priority where there is a conflict
Duty to act fairly in dealings between and within classes of beneficiaries
Directors’ duties
Liability and remedies
Prudential standards
Liability and remedies
Duties concerning whistleblowers
The whistleblower regime under the SIS Act
No civil or criminal liability
No victimisation
Compensation
Confidentiality obligations
Conclusion
Chapter 6 Duties of Trustees of Self-managed Superannuation Funds
Introduction
Duty to act honestly
Duty to exercise care, skill and diligence
Duty to act in the best interests of beneficiaries
Covenant imposed on directors
Liability and remedies
Conclusion
Chapter 7 Duties of Insurance Entities
Introduction
Duty of utmost good faith
Statutory form of the duty of utmost good faith
The content of the duty of utmost good faith
Liability and remedies
Duty of priority
Priority over whom?
The meaning of ‘give priority’
Identifying the interests of policy owners
Interests of policy owners as a whole
APRA guidelines
Directors’ duty of priority
Defences, liability and remedies
Duties of directors of life company concerning risk management
The content of the duty
Liability and remedies
Duties concerning whistleblowers
The whistleblower regime under the Life Insurance Act
No civil or criminal liability
No victimisation
Compensation
Confidentiality obligations
Conclusion
Chapter 8 Duties of Authorised Deposit-taking Institutions
Introduction
Responsible lending duties
Disclosure obligations
Evaluating whether a credit contract is unsuitable
Preliminary assessments of unsuitability
Inquiries and verification under s 117
Preliminary assessment under s 116(1)
Final assessments of unsuitability
Substantial hardship
ASIC guidance re assessing substantial hardship
Remedies
Case law regarding responsible lending obligations
Implied duties under the ASIC Act
Duties under prudential standards
Content of the duty
Liability and remedies
Duties in respect to whistleblowers
The whistleblower regime under the Banking Act
Conclusion
Chapter 9 Duties of Entities that Provide Advice
Introduction
Financial product advice
Case law
Regulatory guidance
Financial products
Who provides financial product advice?
Exemptions
Duties concerning the giving of general advice
General advice obligations
Duties concerning the giving of personal advice
Duty to act in the best interests of a client
Duty to provide the client with appropriate advice
Duty to warn the client if the advice is based on incomplete or inaccurate information
Duty of priority
Liability and remedies
Case analysis
Fiduciary duties of advisers
Other duties of advice providers
Conclusion
Chapter 10 Duties of Australian Financial Services Licensees
Introduction
Duty to act provided efficiently, honestly and fairly
Compendious duty
Do all things necessary to ensure
Objective test
Assess conduct by reference to business as a whole
Morally wrong or unethical conduct
Morally wrong business practices
One size fits all advice
Failure to have a reasonable basis for advice
Failure to act diligently and efficiently
Management of conflicts of interest
Chinese walls
Liability and remedies
Conclusion
Part C General Conduct Obligations Imposed on Any Entity that Provides Financial Services
Chapter 11 Obligation of Good Faith
Introduction
The obligation of good faith
The emergence of good faith
Implied term v implied duty
Inconsistency with the contract
The content of the good faith duty
Remedies for breach of the duty of good faith
Conclusion
Chapter 12 Misleading or Deceptive Conduct
Introduction
Misleading or deceptive conduct
The statutory provisions
Peculiar elements regarding the scope of s 1041H — the meaning of ‘in relation to’
Peculiar elements regarding the scope of s 12DA
The ‘trade and commerce’ limit on the scope of s 12DA, ASIC Act and s 18, ACL
Misleading or deceptive conduct — interpretation and application
Meaning of ‘deceptive’ conduct
Meaning of ‘likely to’
Objective test for assessing misleading or deceptive conduct
Statements that are literally true
State of mind
Transitory effect and disclaimers
Careless conduct
Class of persons to whom conduct is directed
Failure to disclose
Opinions
Statements about future matters
Advertising
Social/digital media cases
Financial services cases
Contravention
Conclusion
Chapter 13 Unconscionable Conduct
Introduction
Unconscionable conduct
Equity and unconscionable conduct or dealing
First principles
Defences
Remedies
The statutory provisions prohibiting unconscionable conduct
Prohibition under ASIC Act s 12CA
Prohibition under ASIC Act s 12CB
Remedies for breach of ASIC Act s 12CB
Prohibition in Corporations Act s 991A
Remedies for breach of Corporations Act s 991A
Contracts Review Act 1980 (NSW)
Remedies
Conclusion
Chapter 14 Unfair Contract Terms
Introduction
Unfair contract terms
Unfair contract terms in consumer and small business contracts
Determining whether a contract term is unfair
The Bank Fees case
Other cases dealing with unfair terms under cognate legislation
Determining whether a contract term is transparent
Conclusion
Chapter 15 Anti-Competitive Conduct
Introduction
Anti-competitive conduct
Price fixing and other cartel conduct
Making or giving effect to a contract, arrangement or understanding
Purpose/effect condition
Purpose condition
By parties which are, or would otherwise be, in competition with each other
Exceptions
Penalties
Price signalling laws
Private disclosure prohibition
General prohibition
Penalties
Anti-competitive contracts, arrangements and understandings
Contract, arrangement and understanding
Exclusionary provisions
Purpose, or has or is likely to have the effect, of substantially lessening competition
Severance
Exception
Penalties
Misuse of market power
Substantial degree of power
Market
Taking advantage of market power
Legal rights
Exclusive dealing conduct
Exceptions
Penalties
Exclusive dealing conduct
Supply or acquisition subject to a condition
Substantially lessening competition
Per se breaches
Overlap with s 47
Exceptions
Penalties
Resale price maintenance
Specified price
Exceptions
Penalties
Conclusion
Part D Obligations Relating to the Use and Protection of Customer Information
Chapter 16 Collection, Use and Disclosure of Personal Information
Introduction
Collection, use and disclosure of personal information
Who does the Privacy Act apply to?
Australian Privacy Principles — APPs
What is ‘personal information’?
Information governance
Collection of personal information
Use and disclosure of personal information
Direct marketing
Cross-border disclosure
Government identifiers
Quality and security of personal information
Access to and correction of personal information
Midata initiative (UK)
Privacy and credit information — the obligations of credit providers
Who is a credit provider?
Additional obligations
Information governance
Dealing with credit information
Dealing with credit eligibility information
Integrity of credit eligibility information
Use or disclosure of false or misleading information
Quality and security of information
Access to and correction of information
Credit Reporting Code
Enforcement
Civil penalties
Complaints and investigations
Other powers of the Commissioner
Conclusion
Chapter 17 Cyber Security Obligations
Introduction
The threat environment within which organisations operate
Cyber security and the law
Privacy law
Security provisions
The ‘reasonable steps’ test
Consequence of a breach
Directors’ duties
Consequence of a breach
Data breach notification laws
The evolution of data breach laws
Australian developments
Other laws requiring notification of data breaches
Contract law
Expressing the obligations
Cloud agreements
Law of negligence
Consumer protection laws
Class actions
Damages under Privacy Act
Damages under other laws arising out of a data breach
Copyright and cyber security
Active defence
ePayments Code
Insurance
Evidence
Conclusion
Part E Contemporary Developments in Managing Conduct Risk and Remediation
Chapter 18 The Role of Behavioural Insights and Statistics in a Regulatory Context
Introduction
Behavioural economics
The approach in the United Kingdom
The approach in Australia
Potential issues with behavioural economics
Use of statistics in a regulatory context
Expert evidence
Common law test for admitting expert evidence
Statutory test
Case law
Conclusion
Chapter 19 ASIC Guidance Relating to Remediation Programs
Introduction
Requirements of RG 256
Initiation of review and remediation program
Systemic issues
Factors to consider when initiating, designing and implementing review and remediation programs
Operating efficiently, honestly and fairly
Adequate resources
Determining scope of review
The length of a review period for a program
Testing the scope
Revising the scope
Inviting clients to participate
Design and implementation of the program
Review of advice
Compensation
Communicating with clients
Governance
Record keeping
Public reporting
Conclusion
Chapter 20 Recommendations of Financial System Inquiry
Introduction
Proposed targeted and principles-based product design and distribution obligation
Content of the proposed obligation
Product design
Product distribution process
After sales of a product
Scalability
Penalty
Exceptions
Product markets and behavioural biases
Proposed product intervention power
Content of the proposed power
Engagement and consultation
Duration
Pricing
Behavioural biases
Review
Conclusion
Bibliography
Index

Citation preview

Governance and Conduct Obligations in Financial Services

Leif Gamertsfelder BA, LLB (First Class Honours) (Griffith), MIT (UTS), MAppFin (Kaplan)

LexisNexis Butterworths Australia 2017

AUSTRALIA

ARGENTINA AUSTRIA BRAZIL CANADA CHILE CHINA CZECH REPUBLIC FRANCE GERMANY HONG KONG HUNGARY INDIA ITALY JAPAN KOREA MALAYSIA NEW ZEALAND POLAND SINGAPORE SOUTH AFRICA SWITZERLAND TAIWAN UNITED KINGDOM USA

LexisNexis LexisNexis Butterworths 475–495 Victoria Avenue, CHATSWOOD NSW 2067 On the internet at: www.lexisnexis.com.au LexisNexis Argentina, BUENOS AIRES LexisNexis Verlag ARD Orac GmbH & Co KG, VIENNA LexisNexis Latin America, SAO PAULO LexisNexis Canada, Markham, ONTARIO LexisNexis Chile, SANTIAGO LexisNexis China, BEIJING, SHANGHAI Nakladatelství Orac sro, PRAGUE LexisNexis SA, PARIS LexisNexis Germany, FRANKFURT LexisNexis Hong Kong, HONG KONG HVG-Orac, BUDAPEST LexisNexis, NEW DELHI Dott A Giuffrè Editore SpA, MILAN LexisNexis Japan KK, TOKYO LexisNexis, SEOUL LexisNexis Malaysia Sdn Bhd, PETALING JAYA, SELANGOR LexisNexis, WELLINGTON Wydawnictwo Prawnicze LexisNexis, WARSAW LexisNexis, SINGAPORE LexisNexis Butterworths, DURBAN Staempfli Verlag AG, BERNE LexisNexis, TAIWAN LexisNexis UK, LONDON, EDINBURGH LexisNexis Group, New York, NEW YORK LexisNexis, Miamisburg, OHIO

National Library of Australia Cataloguing-in-Publication entry Author: Title: ISBN: Notes: Subjects:

Gamertsfelder, Leif. Governance and conduct obligations in financial services. 9780409343489 (pbk). 9780409343496 (ebk). Includes index. Corporate governance — Australia. Corporations — Finance. Financial services industry. Obligations (Law).

© 2017 Reed International Books Australia Pty Limited trading as LexisNexis. This book is copyright. Except as permitted under the Copyright Act 1968 (Cth), no part of this publication may be reproduced by any process, electronic or otherwise, without the specific written permission of the copyright owner. Neither may information be stored electronically in any form whatsoever without such permission. Inquiries should be addressed to the publishers. Typeset in Futura and Sabon. Printed in Australia. Visit LexisNexis Butterworths at www.lexisnexis.com.au

Foreword Leif Gamertsfelder is a lawyer with great experience in the financial services sector. However, he does not confine his engagement to solving day-to-day problems and disputes. He is deeply interested in the analysis of the laws and policies that have been adopted in Australia and overseas to govern the relationships between the participants in the financial services sector and their customers. He has not sought to keep his experience and knowledge to himself. He has shared his insights in a number of cuttingedge books. This is the latest of them. It is timely because of the commercial and political sensitivity of the relationships with customers, particularly of financial services organisations. This book affords many insights concerning the complexities that govern these relationships. It is critical for both individuals and the modern economy that these relationships function effectively. Leif Gamertsfelder understands this. His book provides a view of the obligations imposed on financial services organisations which seek to regulate their conduct. The challenge that this book addresses is the examination of the obligations imposed on legal and natural persons in connection with their conduct in the management of other people’s money1 or their financial affairs more generally. As is explained, those obligations tend nowadays to be expressed in open-ended terms that provide many challenges, both to customers and financial service providers alike. Self-evidently, the financial services industry plays a crucial role in the economy and thus for the wellbeing of society as a whole. The law imposes on participants in this industry a wide range of open-ended obligations in recognition of this role. There are many examples of standards or norms of conduct. There are laws imposing obligations to act in the best interests of another; to act fairly; to take reasonable care; to act with utmost good faith; prohibitions on misleading conduct and acting unconscionably, not to mention laws regulating anti-competitive conduct or conduct in relation to the use and management of personal information. These are but a few of the laws that are examined in this book. There are many more.2 The

proper discharge of these obligations requires a comprehensive understanding of applicable statutory requirements. Nothing less will do. And where there are failures to apply their provisions, these can often present crises for those involved. And also serious difficulties for the financial services sector as a whole. As this book demonstrates, developments in both general and statutory law have played a critical role in establishing the applicable standards of conduct. These have operated together to set the contemporary requirements described in this book. For example, in an insurance context, the insured’s duty of good faith identified by Lord Mansfield in Carter v Boehm3 has more recently been subsumed into a reciprocal duty of utmost good faith under the Insurance Contracts Act 1984 (Cth). As I have noted elsewhere, this development ‘played a significant part in promoting the understanding that insurers must operate fairly and transparently, taking account of the interests of policyholders alongside their own’.4 Many of the statutory provisions described in this book have extended the general law in ways that seek to strike a more contemporary balance in protecting the interests of customers, members and beneficiaries. At the same time, there is an overlap in legal norms. Contemporary statutes regularly invite access to the general law in order to interpret their provisions and to determine their content. This book helps to provide practical answers by identifying and seeking to navigate the journey through the inescapable ambiguities. In determining what a standard or norm of conduct expressed in a statute requires of a person, it will often be necessary for a court to place itself in the position of a party, and have regard to all the circumstances that prevailed at the relevant time. This requires an ex ante approach — looking at the circumstances before any problems have arisen. Commonly, an evaluation of open-ended obligations will lead the decision-maker to assess the decision that preceded the time when the parties embarked on a particular course of action which later becomes the subject of complaint. In an administrative law context, I joined with Chief Justice Gleeson in McKinnon v Secretary, Department of Treasury to explain this “immersion” requirement in determining whether a posited decision was reasonably open to a decision-maker at the time:5 [It] involves an evaluation of the known facts, circumstances and considerations which may bear rationally upon the issue in question.

The immersion requirement is equally relevant when one is obliged to assess whether certain conduct discharges an open-ended statutory standard, or falls short, potentially rendering the party concerned susceptible to sanctions and remedies. This approach reflects the way equity commonly solves questions that require its attention. As Lord Stowell pointed out nearly 200 hundred years ago:6 A court of law works its way to short issues, and confines its views to them. A court of equity takes a more comprehensive view, and looks to every connected circumstance that ought to influence its determination upon the real justice of the case.

Determining the content of any of the open-ended obligations described in this book requires a similar approach. This is so whether the obligation arises at law, by equity or from statute. Each connected circumstance must be identified. Then one needs to evaluate whether the relevant decision or conduct was, for example, in the best interests of a person to whom the duty was owed. Or whether the conduct was unconscionable or whether the decision or conduct in question discharged one of the many other standards or norms of conduct covered in this book. The virtue of open-ended obligations, expressed in modern statutes, is that they are flexible. They can evolve with societal values and attitudes. This book makes an important contribution as it gathers the primary obligations of relevance and looks at the requirements of each in isolation and by juxtaposition with one another. Answers as to the requirements of specific obligations emerge. Patterns across the varying obligations can be discerned. The patterns explained by judges in particular cases play an essential vital role in guiding the decision-maker in later and different circumstances. However, whereas the flexibility of value-laden legal principles is a virtue it also carries inescapable risks. There is the risk that one’s own personal values will overwhelm legal principle when interpreting many of the open-ended obligations discussed in this book. This point was emphasised by the Chief Justice of the Federal Court of Australia in a recent address he gave at a conference in honour of Professor Paul Finn:7 The proper balance of values and norms in the fabric of the law and in the creation of certainty in the law must also recognise the requirement that principle and rule conform to moral standards as the gauge of the law’s flexibility and as its avenue for growth, but without confounding law by the suspension of principle and rule and by the drift into a void of sentiment and personal intuitive benevolence, being the antithesis of law — the exercise of personal will.

Leif Gamertsfelder’s book helps the reader to understand the principles enunciated in the cases. It plots a path for decision-makers to follow in evaluating the requirements of the law. It will help readers avoid the treacherous waters of purely personal opinions where that danger arises. But it will remind them of the obligation to give the legislation a purposive reading, so far as the language of the statute permits. This is technical law. The statutory provisions are often obscure. The path to understanding is to be found by the light of the objectives. Yet even these are often obscure. This book breaks new ground. For the insights it offers and the guidance it provides, the author is to be warmly commended. The Hon Michael Kirby AC CMG (Justice of the High Court of Australia 1996–2009; Chairman of the Australian Law Reform Commission 1975–1984) 1 November 2016

1. 2.

3. 4. 5. 6. 7.

Adapted from the title of L D Brandeis’s book first published in 1914, Other People’s Money and How the Bankers Use It, Seven Treasures Publications, USA, 2009. For example, the book also contains helpful extracts from guidance developed by the Australian Securities and Investments Commission and a discussion about contemporary issues such as the role of behavioural economics and statistics in managing conduct risk and remediation. (1766) 3 Burr 1905 at 1909. M D Kirby, ‘Insurance Contract Law Reform — 30 Years On’ (2014) 26 Insurance Law Journal 1 at 13. McKinnon v Secretary, Department of Treasury (2006) 228 CLR 423; [2006] HCA 45 at [11] per Gleeson CJ and Kirby J. ‘The Juliana’ (1822) 2 Dods 504 at 522. Allsop CJ, ‘Conscience, Fair-dealing and Commerce — Parliaments and the Courts’, paper delivered at ‘Finn’s Law: An Australian Justice’, a conference in honour of Professor Paul Finn, Canberra, 25 September 2015 (viewed 1 November 2016).

Preface Governance and conduct obligations play extremely important roles in promoting the interests of consumers and supporting the broader economy. The focus of this book is on the open-ended conduct obligations imposed on entities that provide financial services. There are numerous open-ended conduct obligations that apply to entities participating in the financial services sector. They touch nearly every area of activity. It is, however, often not a straightforward exercise to interpret and apply these types of laws. One is presented with a complex web comprised of (often overlapping) general and statutory laws, compelling one to work through the resulting potential inconsistencies and ambiguities in order to identify what the law requires in all the circumstances. The complexity of working through these issues cannot be overstated, especially when one is required to untangle the interpretive knots created by an amalgam of general and statutory law principles in relevant legislation, such as the Superannuation Industry (Supervision) Act 1993 (Cth). In this context, one can well understand the sentiment expressed by Kirby J in his dissenting judgment in Cook v Benson [2003] HCA 36 at 51: None of the parties suggested that the Court needed to consider any of the provisions of the complicated federal legislation governing superannuation. In the circumstances, I am content to assume that this is so. Only necessity and duty would encourage me to enter once again upon the considerations of those provisions.

Many other laws that create open-ended obligations which set standards or norms of conduct pose similar interpretative challenges. The important thing is to ensure that when one is invited or required to interpret laws that create or set a standard of conduct, that one does not substitute one’s own personal intuition or personal views of what is right or wrong for a principled analysis of what the law requires. As Allsop CJ warns, we must resist the urge to ‘drift into a void of sentiment and personal intuitive benevolence’.1 The heart of the issue is that regulating conduct or behaviour is a complex undertaking. Discerning what is acceptable conduct versus

unacceptable conduct is a highly evaluative exercise whether one is considering fiduciary duties, directors’ duties, prohibitions against unconscionable conduct, prohibitions against anti-competitive conduct or obligations in relation to the use and management of personal information. Indeed, there will be no single correct course of ‘conduct’. We are not evaluating binary outcomes. It will be a matter of fact and degree as to what constitutes acceptable conduct. There will generally be several equally valid courses of conduct in this context. The aim of this book is to examine a range of key open-ended conduct duties that apply to participants in the financial services industry and identify principles that can assist in determining whether particular behaviour will fall within a spectrum of acceptable conduct: to hopefully produce more certainty, to narrow the scope for uncertainty; and to contribute to the debate. I want to thank my wife and children for their ongoing support, MaryJane Oliver for her assistance in editing this book, Georgina Gordon my Commissioning Editor at LexisNexis and Jakob Gamertsfelder for his guidance. I am also grateful to my colleagues and the many others who have over the years inspired me to emulate them and attempt to be a better lawyer. Leif Gamertsfelder 17 November 2016 Sydney

1.

Allsop CJ, ‘Conscience, Fair-dealing and Commerce — Parliaments and the Courts’, a paper delivered at ‘Finn’s Law: An Australian Justice’, a conference in honour of Professor Paul Finn, Canberra, 25 September 2015 (viewed 1 November 2016) at [12].

Table of Cases References are to paragraph numbers

A Abbey National plc v Office of Fair Trading [2009] EWCA Civ 116 …. 14.19 ABN AMRO Bank NV v Bathurst Regional Council [2014] FCAFC 65 …. 12.36 Abu Dhabi National Tanker Co v Product Star Shipping Line Ltd (The Product Star) (No 2) [1993] 1 Lloyd’s Rep 397 …. 2.22 Accounting Systems 2000 (Developments) Pty Ltd v CCH Australia Ltd [1993] FCA 265 …. 17.36 ACN 074 971 109 (as trustee for the Argot Unit Trust) v National Mutual Life Association of Australasia Ltd [2008] VSCA 247 …. 5.14, 7.13 ACN 074 971 109 Pty Ltd (as Trustee for the Argot Unit Trust) v National Mutual Life Association of Australasia Ltd [2013] VSCA 241 …. 7.13 Aequitas v Australian European Finance Corp Ltd [2001] NSWSC 14 …. 2.3 Alcatel Australia Ltd v Scarcella (1998) 44 NSWLR 349; [1998] NSWSC 483 …. 11.15 Allco Funds Management Ltd (recs and mgrs apptd) (in liq) v Trust Company (Re Services) Ltd (in its capacity as responsible entity and trustee of Australian Wholesale Property Fund) [2014] NSWSC 1251 …. 4.18 Ange v First East Auction Holdings Pty Ltd (2011) 284 ALR 638 …. 13.16 Apco Service Stations Pty Ltd v Australian Competition and Consumer Commission [2005] FCAFC 161 …. 15.10, 15.11 Arktos Pty Ltd v Idyllic Nominees Pty Ltd (2004) ATPR 42-005 …. 12.37 Armitage v Nurse [1998] Ch 241 …. 2.22 Armstrong v Jackson [1917] 2 KB 822 …. 9.44

Arnotts Biscuits Ltd v Trade Practices Commission [1990] FCA 473 …. 18.44 Asia Pacific Telecommunications Ltd v Optus Networks Pty Ltd [2007] NSWSC 350 …. 10.18 Astley v Austrust Ltd (1999) 197 CLR 1 …. 8.30, 9.56 ASX Operations Pty Ltd v Pont Data Australia Pty Ltd (No 1) (1990) 27 FCR 460; (1991) ATPR 41-069 …. 15.36, 15.37 Attorney-General v Blake [1998] Ch 439 …. 2.7 Attorney-General (NSW) v World Best Holdings Ltd (2005) 63 NSWLR 557; [2005] NSWCA 261 …. 13.16, 13.17 Austin v Austin (1906) 3 CLR 516; [1906] HCA 5 …. 2.20, 5.7, 6.8 Australian Administration Services Pty Ltd v Korchinski [2007] FCA 12 …. 17.57 Australian Broadcasting Corp v Lenah Game Meats Pty Ltd [2001] HCA 63 …. 17.44 Australian Communications and Media Authority v Clarity1 Pty Ltd [2006] FCA 410 …. 16.53 Australian Competition and Consumer Commission v 4WD Systems Pty Ltd (2003) 200 ALR 491 …. 13.16 — v Allergy Pathway Pty Ltd (No 2) [2011] FCA 74 …. 12.33 — v Allphones Retail Pty Ltd (No 2) (2009) 253 ALR 324 …. 13.16 — v Australia and New Zealand Banking Group Ltd [2015] FCAFC 103 …. 15.15, 15.18, 15.19, 15.20, 15.21, 15.22, 15.23, 15.45, 15.46, 15.67 — v Australian Medical Association Western Australia Branch Inc [2003] FCA 686 …. 15.10 — v CG Berbatis Holdings Pty Ltd (2003) 214 CLR 51 …. 13.16 — v Dell Computers Pty Ltd [2002] FCA 847 …. 12.16 — v Flight Centre Ltd (No 2) [2015] FCAFC 104 …. 15.18 — v Goldy Motors Pty Ltd [2000] FCA 1885 …. 12.17 — v Google Inc [2012] FCAFC 49 …. 12.8 — v Harvey Norman Holdings Ltd [2011] FCA 1407 …. 12.30 — v High Adventure Pty Ltd [2005] FCA 762 …. 15.64

— v IMB Group Pty Ltd (in liq) [2002] FCA 402 …. 15.55 — v Kaye [2004] FCA 1363 …. 12.8, 12.17 — v Liquorland (Australia) Pty Ltd (2006) ATPR 42-123; [2006] FCA 826 …. 15.46 — v Lux Distributors Pty Ltd [2013] FCAFC 90; [2013] ATPR 42-447 …. 1.3, 13.16 — v Samton Holdings Pty Ltd (2002) 117 FCR 301; [2002] FCA 62 …. 13.16 — v Simply No-Knead Franchising Pty Ltd (2000) 104 FCR 253 …. 13.16 — v Telstra Corp Ltd [2004] FCA 987 …. 12.26 — v TPG Internet Pty Ltd [2011] FCA 1254 …. 12.16, 12.28 — v — [2013] HCA 54 …. 12.16, 12.27, 12.28 — v Trading Post Australia Pty Ltd [2011] FCA 1086 …. 12.8, 12.34 Australian Growth Resources Corp Pty Ltd v Van Reesema (1988) 13 ACLR 261; 6 ACLC 529 …. 3.31, 4.5, 5.5, 6.5 Australian Securities and Investments Commission v Activesuper Pty Ltd (in liq) [2015] FCA 342 …. 9.6 — v Adler (2002) 41 ACSR 72; [2002] NSWSC 171 …. 3.11, 3.14, 3.18 — v Australian Lending Centre Pty Ltd (No 3) [2012] FCA 43 …. 12.17 — v Australian Property Custodian Holdings Ltd (recs and mgrs apptd) (in liq) (Controllers appointed) (No 3) [2013] FCA 1342 …. 2.15, 4.13, 4.14, 4.15, 4.16, 4.17, 4.23 — v Camelot Derivatives Pty Ltd (in liq) [2012] FCA 414 …. 9.37, 10.9, 10.11 — v Cash Store Pty Ltd (in liq) [2014] FCA 926 …. 8.19, 8.20, 8.21, 8.23, 18.28 — v — (No 2) [2015] FCA 93 …. 8.24, 8.25, 18.29, 18.30, 18.43 — v Cassimatis (No 8) [2016] FCA 1023 …. 3.18, 3.19, 3.20, 3.21, 3.23, 9.27, 9.36, 9.37, 10.10, 10.11, 10.22 — v Citigroup Global Markets Australia Pty Ltd (No 4) [2007] FCA 963 …. 2.5, 3.35, 10.16, 10.18 — v Citrofresh International Ltd [2007] FCA 1873 …. 12.37 — v Fortescue Metals Group Ltd [2011] FCAFC 19 …. 12.3, 12.24

— v Healey [2011] FCA 717 …. 3.13, 3.41, 3.42, 17.15 — v Hellicar [2012] HCA 17 …. 3.22, 3.42 — v Loiterton [2004] NSWSC 172 …. 17.57 — v Macdonald (No 11) [2009] NSWSC 287 …. 3.42 — v Maxwell (2006) 59 ACSR 373 …. 3.17 — v Monarch FX Group Pty Ltd [2014] FCA 1387 …. 9.6 — v Narain [2008] FCAFC 120 …. 12.5, 12.6, 16.40 — v National Exchange Pty Ltd (2005) 148 FCR 132; [2005] FCAFC 226 …. 13.16 — v Online Investors Advantage Inc [2005] QSC 324 …. 9.6 — v Oxford Investments (Tas) Pty Ltd [2008] FCA 980 …. 9.6 — v Park Trent Properties Group Pty Ltd (No 3) [2015] NSWSC 1527 …. 9.6, 9.7, 9.9 — v Perpetual Trustee Co (Canberra) Ltd [2000] FCA 1726 …. 4.3 — v PFS Business Development Group Pty Ltd [2006] VSC 192 …. 9.6 — v Rich [2009] NSWSC 1229 …. 3.16, 3.25, 3.26, 3.28, 3.29, 3.49 — v Saxby Bridge Financial Planning Pty Ltd [2003] FCAFC 244 …. 10.7 — v Stone Assets Management Pty Ltd [2012] FCA 630 …. 9.6 — v Sydney Investment House Equities Pty Ltd [2008] NSWSC 1224 …. 3.18 — v Vines (2003) 48 ACSR 322 …. 3.16 — v — (2005) 55 ACSR 617 …. 4.5, 5.5, 6.5 Australian Securities Commission v AS Nominees Ltd (1995) 18 ACSR 459 …. 4.9, 5.9, 6.10 — v Gallagher (1993) 10 ACSR 43 …. 2.21 Austress Freyssinet Pty Ltd v Joseph [2006] NSWSC 77 …. 17.57 AWA Ltd v Daniels t/as Deloitte Haskins & Sells (1992) 7 ACSR 759 …. 3.6

B Ball Memorial Hospital Inc v Mutual Hospital Insurance Inc 784 F 2d 1325 (1986) …. 15.1

Baltic Shipping Co v Dillon (The Mikhail Lermontov) (1993) 176 CLR 344 …. 17.44 Bankstown Foundry Pty Ltd v Braistina [1986] HCA 20 …. 17.10 Barescape Pty Ltd (as trustee for V’s Family Trust) v Bacchus Holdings Pty Ltd (as trustee for Bacchus Holdings Trust) (No 9) [2012] NSWSC 984 …. 2.10 Barnes v Addy (1874) LR 9 Ch App 244 …. 2.25, 2.26 Bartlett v Barclays Bank Trust Co Ltd (No 1) [1980] Ch 515 …. 4.10, 5.10, 6.11 Baxter v British Airways (1988) 82 ALR 298 …. 17.44 Bell v Lever Brothers Ltd [1932] AC 161 …. 2.9 Bell Group Ltd (in liq) v Westpac Banking Corp (2008) 39 WAR 1 …. 2.7, 2.25, 5.23, 6.19 Bester v Perpetual Trustee Co Ltd [1970] 3 NSWR 30 …. 13.11 Birtchnell v Equity Trustees Executors and Agency Co Ltd (1929) 42 CLR 384; [1929] ALR 273 …. 2.9 Bliss v South East Thames Regional Health Authority [1987] ICR 700 …. 17.44 Blomley v Ryan (1956) 99 CLR 362; [1956] HCA 81 …. 13.3, 13.4, 13.9 ‘BO’ and AeroCare Pty Ltd [2014] AICmr 32 …. 17.42 Boardman v Phipps [1967] 2 AC 46 …. 2.8, 2.10, 4.18 Boral Besser Masonry Ltd v Australian Competition and Consumer Commission [2003] HCA 5 …. 15.1, 15.44 Boulting v Association of Cinematograph, Television and Allied Technicians [1963] 2 QB 606 …. 2.9 BP Refinery (Westernport) Pty Ltd v Hastings Shire Council (1977) 180 CLR 266 …. 11.6, 11.8, 11.9 Breen v Williams [1996] HCA 57 …. 2.2, 2.6, 2.7 Broderbund Software Inc v Computermate Products (Aust) Pty Ltd (1992) ATPR 41-155 …. 15.44 Brookfield Multiplex Ltd v Owners Corp Strata Plan 61288 [2014] HCA 36 …. 17.34 Bryan v Maloney [1995] HCA 17 …. 17.34 Burger King Corp v Hungry Jack’s Pty Ltd (2001) 69 NSWLR 558; [2001]

NSWCA 187 …. 11.15

C Caltex Refineries (Qld) Pty Ltd v Stavar [2009] NSWCA 258 …. 17.34 Campbell v Backoffice Investments Pty Ltd [2009] HCA 25 …. 12.20 Campbell and Australian Securities and Investments Commission, Re [2001] AATA 205 …. 10.7, 10.12 Campomar Sociedad Limitada v Nike International Ltd [2000] HCA 12 …. 12.14, 12.20, 12.21 Carmichael v Adirondack Bottled Gas Corp of Vermont 635 A 2d 1211 (1993) …. 11.8 Carter v Boehm (1766) 3 Burr 1905 …. 7.3 Cawthorn v Cawthorn [1998] FamCA 37 …. 16.58 CGU Insurance Ltd v AMP Financial Planning Pty Ltd [2007] HCA 36 …. 7.5, 7.6, 7.10 Chan v Zacharia (1984) 154 CLR 178; 53 ALR 417; [1984] HCA 36 …. 2.9, 2.26 Chapman, Re; Cocks v Chapman [1896] 2 Ch 763 …. 2.15, 2.20 Charlton v Baber [2003] NSWSC 745 …. 5.11, 6.13 Chew v R (1991) 5 ACSR 473 …. 3.35 City Equitable Fire Insurance Co Ltd, Re [1925] Ch 407 …. 2.21, 3.3, 3.6 Clapper v Amnesty International USA 133 S Ct 1138 (2013) …. 17.40, 17.42 Codelfa Construction Pty Ltd v State Rail Authority (NSW) [1982] HCA 24 …. 11.9 Coles Supermarkets Australia Pty Ltd v FKP Ltd [2008] FCA 1915 …. 12.25 Collier Constructions Pty Ltd v Foskett Pty Ltd [1990] FCA 392 …. 17.45 Colorado Products Pty Ltd (in prov liq), Re [2014] NSWSC 789 …. 3.31, 4.6, 5.6, 6.6 Commercial Bank of Australia Ltd v Amadio [1983] HCA 14 …. 13.2, 13.3, 13.4, 13.5, 13.6, 13.7, 13.8, 13.9, 13.11 Commonwealth v John Fairfax & Sons Ltd [1980] HCA 44 …. 17.45

Commonwealth Bank of Australia v Friedrich (1991) 5 ACSR 115 …. 3.7, 3.12 — v Smith (1991) 42 FCR 390; 102 ALR 453; [1991] FCA 375 …. 2.3, 2.10, 9.46 Commonwealth Bank Officers Superannuation Corp Pty Ltd v Beck [2016] NSWCA 218 …. 5.11 Concrete Constructions (NSW) Pty Ltd v Nelson [1990] HCA 17 …. 12.8 Con-Stan Industries of Australia Pty Ltd v Norwich Winterthur Insurance (Aust) Ltd (1986) 160 CLR 226 …. 11.9 Conway v O’Brien 111 F 2d 611, 612 (2nd Cir 1940) …. 3.18 Cowan v Scargill [1985] Ch 270; [1984] 2 All ER 750 …. 2.14, 4.12, 5.11, 5.15, 6.13 Cummings v Claremont Petroleum NL (1992) 9 ACSR 583 …. 3.38

D D & J Constructions Pty Ltd v Head (1987) 9 NSWLR 118 …. 10.18 ‘D’ and Wentworthville Leagues Club [2011] AICmr 9 …. 17.42 Daly v Sydney Stock Exchange Ltd (1986) 160 CLR 371; [1986] HCA 25 …. 2.1, 2.3, 9.44, 9.46 Dandy Power Equipment Pty Ltd v Mercury Marine Pty Ltd (1982) 64 FLR 238 …. 15.57 Daniels Corp International Pty Ltd v Australian Competition and Consumer Commission [2002] HCA 49 …. 5.33, 7.35, 8.45 Daniels (formerly practising as Deloitte Haskins & Sells) v Anderson (1995) 37 NSWLR 438; 16 ACSR 607 …. 3.3, 3.8, 3.9, 4.9, 5.9, 6.10 Darvall v North Sydney Brick and Tile Co Ltd (1989) 15 ACLR 230 …. 2.17, 5.11, 6.13 De Bruyne v Equitable Life Assurance Society of the US [1990] USCA7 1116; 920 F 2d 457 (7th Cir 1990) …. 2.15 Deloitte Haskins & Sells v National Mutual Life Nominees (1991) 5 NZCLC 67,418 …. 3.9 Deputy Commissioner of Taxation v Lyons [2014] FCA 1353 …. 6.2 Director General of Fair Trading v First National Bank plc [2002] 1 AC

481 …. 14.20 Director of Consumer Affairs Victoria v AAPT Ltd [2006] VCAT 1493 …. 14.15 — v Backloads.com Pty Ltd (Civil Claims) [2009] VCAT 754 …. 14.15 — v Craig Langley Pty Ltd [2008] VCAT 482 …. 14.8 — v Trainstation Health Clubs Pty Ltd (Civil Claims) [2008] VCAT 2092 …. 14.15 Dovey v Cory [1901] AC 477 …. 3.6 Dowling v Dalgety Australia Ltd (1992) ATPR 41-165 …. 15.44 Doyle v Australian Securities and Investments Commission [2005] HCA 78 …. 3.34 Duracell Australia Pty Ltd v Union Carbide Australia Ltd [1988] FCA 380 …. 12.32

E Eastern Express Pty Ltd v General Newspapers Pty Ltd (1991) 30 FCR 385 …. 15.36 — v — (1992) ATPR 41-167 …. 15.44 Edge v Pensions Ombudsman [2000] Ch 602 …. 5.16 Elders Trustee and Executor Co Ltd v Higgins (1963) 113 CLR 426; [1963] HCA 48 …. 2.20 Elkofairi v Permanent Trustee Co Ltd (2002) 11 BPR 20,841; [2002] NSWCA 413 …. 13.32 Equitiloan Pty Ltd v Australian Securities and Investments Commission, Re (2003) 45 ACSR 278 …. 4.20, 5.16 Esanda Finance Corp Ltd v Peat Marwick Hungerfords (1997) 188 CLR 241 …. 17.34

F Farah Constructions Pty Ltd v Say-Dee Pty Ltd [2007] HCA 22 …. 2.10 Fast Fix Loans Pty Ltd v Samardzic [2011] NSWCA 260 …. 13.30, 13.34 — v — [2011] NSWSC 19 …. 13.31, 13.32, 13.33 Federal Commissioner of Taxation v Lutovi Investments Pty Ltd [1978]

HCA 55 …. 15.6 Forge v Australian Securities and Investments Commission (2004) 213 ALR 574; [2004] NSWCA 448 …. 3.31 Forkserve Pty Ltd v Pacchiarotta [2000] NSWSC 979 …. 3.37 Fortuna Seafoods Pty Ltd v The Ship ‘Eternal Wind’ [2005] QSC 4 …. 17.33 Foster and Australian Securities and Investments Commission, Re [1999] AATA 928 …. 10.7 Fraser v NRMA Holdings Ltd (1995) 15 ACSR 590 …. 12.23 Fryar v Systems Services Pty Ltd (1995) 130 ALR 168 …. 16.58 Furs Ltd v Tomkies (1936) 54 CLR 583 …. 9.48 Futuretronics International Pty Ltd v Gadzhis (1990) ATPR 41-049 …. 12.25

G Gamble v Hoffman (1997) 24 ACSR 369 …. 3.18 GEC Marconi Systems Pty Ltd v BHP Information Technology Pty Ltd [2003] FCA 50 …. 11.6, 11.7, 11.8 General Newspapers Pty Ltd v Telstra Corp (1993) 45 FCR 164 …. 12.30 George v Rockett (1990) 170 CLR 104 …. 17.10 Gibson v Jeyes (1801) 6 Ves Jun 266; 31 ER 1044; [1801] EngR 379 …. 9.44 Gill v Eagle Star Nominees Ltd (NSWSC, Gleeson CJ, 22 September 1993, unreported) …. 4.10, 5.10 Global Sportsman Pty Ltd v Mirror Newspapers Pty Ltd (1984) 2 FCR 82; [1984] FCA 180 …. 8.20, 12.11, 12.24, 12.25 Google Inc v Australian Competition and Consumer Commission [2013] HCA 1 …. 12.33 — v Vidal-Hall [2015] EWCA Civ 311 …. 17.41, 17.42 Grand Enterprises Pty Ltd v Aurium Resources Ltd [2009] FCA 513 …. 3.27 Greynell Investments Pty Ltd v Hunter Douglas Ltd (1979) 4 TPR 173 …. 18.45

Groom v Crocker [1939] 1 KB 194 …. 2.22 Grosse v Purvis (2003) Aust Torts Reports 81-706; [2003] QDC 151 …. 17.44

H Hadley v Baxendale (1854) 9 Ex 341 …. 11.21 Harlowe’s Nominees Pty Ltd v Woodside (Lakes Entrance) Oil Co NL (1968) 121 CLR 483 …. 3.23 Haywood v Roadknight [1927] VLR 512; [1927] VicLawRp 74 …. 9.44 Henjo Investments Pty Ltd v Collins Marrickville Pty Ltd (No 1) (1988) 39 FCR 546 …. 12.19 Hillsdown Holdings plc v Pensions Ombudsman [1997] 1 All ER 862 …. 2.17 Holyoake Industries (Vic) Pty Ltd v V-Flow Pty Ltd [2011] FCA 1154 …. 3.31 Hospital Products Ltd v United States Surgical Corp (1984) 156 CLR 41; [1984] HCA 64 …. 2.2, 2.3, 2.4, 3.33 Houghton v Arms [2006] HCA 59 …. 12.37 Howard Smith Ltd v Ampol Petroleum Ltd [1974] 1 NSWLR 68; [1974] AC 821; (1974) 3 ALR 448 [1974] 1 All ER 1126 …. 2.17, 3.23, 5.11, 6.13 Hres and Australian Securities and Investments Commission, Re [2008] AATA 707 …. 10.8 Hudson Investment Group Ltd v Australian Hardboards Ltd [2005] NSWSC 716 …. 17.57 Hughes Bros Pty Ltd v Trustees of the Roman Catholic Church for the Archdiocese of Sydney (1993) 31 NSWLR 91 …. 11.15 Hurley v McDonald’s Australia Ltd (2000) ATPR 41-741 …. 13.16

I Ingot Capital Investments Pty Ltd v Macquarie Equity Capital Markets Ltd [2005] NSWSC 1174 …. 17.57 Interlego AG v Croner Trading Pty Ltd [1991] FCA 254 …. 18.46

J James v Australian and New Zealand Banking Group Ltd (1986) 64 ALR 347 …. 12.25 James, Ex parte (1803) 8 Ves 337; 32 ER 385; [1803] EngR 536 …. 9.48 Jenyns v Public Curator (Qld) (1953) 90 CLR 113; [1953] HCA 2 …. 11.23 Jetstar Airways Pty Ltd v Free [2008] VSC 539 …. 14.15 Johnson v Hurwitz US CFTC decision, 24 July 2009, Judgment Officer McGuire …. 10.9 Johnson Tiles Pty Ltd v Esso Australia Pty Ltd [2000] FCA 1572 …. 12.12 Jones v Bartlett [2000] HCA 56 …. 17.10 — v Tsige [2012] ONCA 32 …. 17.42 Juliana, The (1822) 165 ER 1560 …. 14.21

K Kakavas v Crown Melbourne Ltd (2013) 250 CLR 392 …. 13.3 Keeble v Hickeringill (1809) 11 East 574; 103 ER 1127; [1809] EngR 7 …. 15.41 King v Yurisich [2005] FCA 1277 …. 12.8 Koala Hydroponics Ltd and Australian Securities and Investments Commission, Re (2002) 40 ACSR 529; [2002] AATA 41 …. 10.7, 10.13 Kowalczuk v Accom Finance Pty Ltd [2008] NSWCA 343 …. 13.30, 13.32 Ku-ring-gai Co-Operative Building Society (No 12) Ltd, Re [1978] FCA 50 …. 12.8

L Lepine, Re [1892] 1 Ch 210 …. 5.16 Lewski v Australian Securities and Investments Commission [2016] FCAFC 96 …. 4.13 Licensing Ordinance, Re (1968) 13 FLR 143 …. 10.4 Liddell v Lembke (t/as Cheryl’s Unisex Salon) (1994) 127 ALR 342 ….

16.58 Links Golf Tasmania Pty Ltd v Sattler [2012] FCA 634 …. 2.9 London & Mashonaland Exploration Co Ltd v New Mashonaland Exploration Co Ltd [1891] WN 165 …. 2.9 Louth v Diprose (1992) 175 CLR 621 …. 13.3 Luna Park (NSW) Ltd v Tramways Advertising Pty Ltd (1938) 61 CLR 286 …. 11.21

M Maguire v Makaronis (1997) 188 CLR 449 …. 2.10 Makawe Pty Ltd v Randwick City Council [2009] NSWCA 41 …. 17.34 Makita v Sprowles (2001) 52 NSWLR 705 …. 18.37 Mallesons Stephen Jaques v KPMG Peat Marwick [1990] 4 WAR 357 …. 10.19 Manglicmot v Commonwealth Bank Officers Superannuation Corp [2010] NSWSC 363 …. 2.11, 2.15, 2.17, 2.20, 5.2, 5.11, 6.13 — v Commonwealth Bank Officers Superannuation Corp Pty Ltd [2011] NSWCA 204 …. 2.20, 5.2, 5.3, 5.7, 5.11, 6.8, 6.13 March v E & M H Stramare Pty Ltd (1991) 171 CLR 506; [1991] HCA 12 …. 11.21, 12.37 Marchesi v Barnes [1970] VR 434 …. 4.5, 5.5, 6.5 Mark Lyons Pty Ltd v Bursill Sportsgear Pty Ltd (1987) 75 ALR 581; ATPR 40-809 …. 15.44 Market Street Associates Ltd Partnership v Frey 941 F 2d 588 (1991) …. 11.5, 11.15 Marks v GIO Australia Holdings Ltd (1998) 196 CLR 494; [1998] HCA 69 …. 8.20 McGellin v Mount King Mining NL (1998) 144 FLR 288 …. 3.27 McGrath, Re; HIH Insurance Ltd (2010) 78 ACSR 405; [2010] NSWSC 404 …. 2.10 McKinnon v Secretary, Department of Treasury (2006) 228 CLR 423 …. 17.10 McPherson v Watt (1877) 3 App Cas 254 …. 9.44

Melway Publishing Pty Ltd v Robert Hicks Pty Ltd [2001] HCA 13 …. 15.47 Mernda Developments Pty Ltd (in liq) v Alamanda Property Investments No 2 Pty Ltd (2011) 86 ACSR 277; [2011] VSCA 392 …. 3.31 Miller & Associates Insurance Broking Pty Ltd v BMW Australia Finance Ltd [2010] HCA 31 …. 12.12 Mills v Mills (1938) 60 CLR 150 …. 2.9, 3.33 Minlabs Pty Ltd v Assaycorp Pty Ltd (2001) 37 ACSR 509 …. 3.18 Morphett Arms Hotel Pty Ltd v Trade Practices Commission [1980] FCA 46 …. 15.5 Mutual Life & Citizens’ Assurance Co Ltd v Evatt (1968) 122 CLR 556 …. 17.34 — v — (1970) 122 CLR 628 …. 17.34

N National Exchange Pty Ltd (ACN 006 079 974) v Australian Securities and Investments Commission [2004] FCAFC 90 …. 12.13, 12.20 National Justice Compania Naviera SA v Prudential Assurance Co Ltd (The Ikarian Reefer) [1993] 2 Lloyd’s Rep 68 …. 18.41 Nationwide News Pty Ltd v Australian Competition and Consumer Commission (1996) 71 FCR 215 …. 12.31 Nestle v National Westminster Bank plc [1994] 1 WLR 1260 …. 2.15 New Zealand Netherlands Society ‘Oranje’ Inc v Kuys [1973] 2 NZLR 163; [1973] 2 All ER 1222; [1973] 1 WLR 1126 …. 2.9, 2.10 News Ltd v South Sydney District Rugby League Football Club Ltd (2003) 215 CLR 563 …. 15.36 Noranda Australia Ltd v Lachlan Resources NL (1988) 14 NSWLR 1 …. 2.3, 2.9 Norcast SárL v Bradken Ltd (No 2) [2013] FCA 235 …. 15.9, 15.14 NT Power Generation Pty Ltd v Power and Water Authority (2001) 184 ALR 481 …. 11.8

O

Obeid v Australian Competition and Consumer Commission [2014] FCAFC 155 …. 15.14 Office of Fair Trading v Abbey National plc [2008] EWHC 875 (Comm) …. 14.18, 14.19 — v — [2009] UKSC 6 …. 14.19 Orison Pty Ltd v Strategic Minerals Corporation NL [1987] FCA 263 …. 12.8 Overend & Gurney Co v Gibb (1872) LR 5 EL 480 …. 2.21

P Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 …. 1.4, 11.15, 13.15, 13.16, 13.17, 13.18, 13.19, 13.20, 13.22, 14.10, 14.11, 14.12, 14.21 — v — [2016] HCA 28 …. 13.15, 13.23, 13.24, 13.25, 14.13 Panama and South Pacific Telegraph Co v India Rubber, Gutta Percha and Telegraph Works Co (1875) LR10ChApp 515 …. 9.48 Parkdale Custom Built Furniture Pty Ltd v Puxu Pty Ltd [1982] HCA 44 …. 12.10, 12.12 Perdaman Chemicals and Fertilisers Pty Ltd v ICICI Bank Ltd [2013] FCA 175 …. 13.16 Permanent Building Society (in liq) v Wheeler (1994) 11 WAR 187; 14 ACSR 109 …. 2.21, 3.32 Perpetual Trustee Co Ltd v Khoshaba [2006] NSWCA 41 …. 13.32 Perre v Apand Pty Ltd [1999] HCA 36 …. 17.33, 17.34 Pihiga Pty Ltd v Roche [2011] FCA 240 …. 12.8 Pilmer v Duke Group Ltd (in liq) (2001) 207 CLR 165; [2001] HCA 31 …. 2.8, 3.33 Portal Software v Bodsworth [2005] NSWSC 1179 …. 17.57 Poseidon Ltd v Adelaide Petroleum NL [1991] FCA 663 …. 12.23 Price v Bouch (1986) 53 P & CR 257 …. 2.22 Prince Jefri Bolkiah v KPMG [1999] 2 AC 222 …. 10.18

Q

Qantas Airways Ltd v Cameron (1996) 66 FCR 246 …. 13.16 Queensland Mines Ltd v Hudson (1978) 18 ALR 1; 52 ALJR 399 …. 2.8, 2.10 Queensland Wire Industries Pty Ltd v Broken Hill Proprietary Co Ltd (1989) ATPR 40-925; [1989] HCA 6 …. 15.41, 15.44, 15.47

R R v Byrnes (1995) 183 CLR 501 …. 3.34, 4.21 — v GK (2001) 125 A Crim R 315 …. 18.40 — v Towey (1996) 21 ACSR 46 …. 3.34 — v Turner [1975] QB 834 …. 18.33 R J Elrington Nominees Pty Ltd v Corporate Affairs Commission (SA) (1989) 1 ACSR 93 …. 10.6, 10.8 Radio 2UE Sydney Pty Ltd v Stereo FM Pty Ltd (1982) 62 FLR 437 …. 15.10 Raffoul v Blood Transfusion Service of the Australian Red Cross Society (1997) 76 IR 383 …. 16.58 Regal (Hastings) Ltd v Gulliver [1967] 2 AC 134 …. 3.33, 3.38 Regentcrest plc (in liq) v Cohen [2001] 2 BCLC 80 …. 2.16, 2.18 Renard Constructions (ME) Pty Ltd v Minister for Public Works (1992) 26 NSWLR 234 …. 11.4, 11.5, 11.15 Rohde and Rohde (1984) 10 Fam LR 56; FLC 91-592 …. 16.57, 16.58 Rosetex Co Pty Ltd v Licata (1994) 12 ACSR 779 …. 3.37 Rummery v Federal Privacy Commissioner [2004] AATA 1221 …. 17.42 Rural Press Ltd v Australian Competition and Consumer Commission (2003) 216 CLR 53 …. 15.36

S Selig v Wealthsure Pty Ltd [2013] FCA 348 …. 8.28, 8.29, 8.30, 8.31, 8.32, 9.39, 9.41, 9.52, 9.54, 9.55, 9.56, 9.57, 9.58 — v — [2015] HCA 18 …. 8.28, 9.39, 9.54 Seven Network Ltd v News Ltd (2007) ATPR (Digest) 42-274; [2007] FCA 1062 …. 15.37

Shaddock & Associates Pty Ltd v Parramatta City Council (No 1) (1981) 150 CLR 225 …. 17.34 Shafron v Australian Securities and Investments Commission [2012] HCA 18 …. 3.22, 3.23 Short v Crawley (No 30) [2007] NSWSC 1322 …. 2.10 Slick v Westpac Banking Corp (No 1) [2006] FCA 1711 …. 17.57 Software AG (Australia) Pty Ltd v Racing & Wagering Western Australia [2009] FCAFC 36 …. 17.46 Solicitor, Re; Ex parte Incorporated Law Society (1894) 1 QB 254 …. 9.44 Sony Computer Entertainment Aust Pty Ltd v Jakopcevic [2001] FCA 1520 …. 17.57 Southern Real Estate Pty Ltd v Dellow (2003) SASR 1; [2003] SASC 318 …. 3.36 Sovereign Capital Ltd and Australian Securities and Investments Commission, Re (2009) 109 ALD 398 …. 4.20, 5.16 Speight v Gaunt (1883) 9 App Cas 1 …. 2.20, 5.7, 6.8 Spellson v George (1992) 26 NSWLR 666; [1992] NSWCA 254 …. 2.10 Steiner v Magic Carpet Tours Pty Ltd (1984) ATPR 45-639 …. 17.44 Stirling Harbour Services Pty Ltd v Bunbury Port Authority [2000] FCA 38 …. 15.57 Story v National Companies and Securities Commission (1988) 13 NSWLR 661 …. 10.4, 10.8, 10.12 Streeter v Western Areas Exploration Pty Ltd (No 2) [2011] WASCA 17 …. 2.9 Stuart Alexander and Co (Interstate) Pty Ltd v Blenders Pty Ltd [1981] FCA 152 …. 12.32 Suncorp General Insurance Ltd v Cheihk [1999] NSWCA 238 …. 7.6

T Taco Co of Australia Inc v Taco Bell Pty Ltd (1982) 42 ALR 177 …. 12.21 Talacko v Talacko [2009] VSC 579 …. 13.12 Telstra Corporation Ltd v Privacy Commissioner [2015] AATA 991 …. 16.14, 16.16, 16.76, 16.79

Tillmanns Butcheries Pty Ltd v Australasian Meat Industry Employees’ Union [1979] FCA 85 …. 12.11 Tobacco Institute of Australia Ltd v Australian Federation of Consumer Organisations Inc, Re [1992] FCA 630 …. 12.30 Tonto Home Loans Australia Pty Ltd v Tavares (2011) 15 BPR 29,699 …. 13.16 Top Performance Motors Pty Ltd v Ira Berk (Qld) Pty Ltd (1975) ATPR 40-004 …. 15.7 Toppro Pty Ltd, Re [2016] NSWSC 1399 …. 3.15 Trade Practices Commission v Australia Meat Holdings Pty Ltd (1988) 83 ALR 299 …. 15.45 — v David Jones (Aust) Pty Ltd (1986) ATPR 40-671 …. 15.37 — v Legion Cabs (Trading) Co-op Society Ltd (1979) 35 FLR 372 …. 15.55 — v Nicholas Enterprises Pty Ltd (No 2) (1979) FLR 83 …. 15.5 — v Parkfield Operations Pty Ltd (1985) ATPR 40-526 …. 15.37 — v Pioneer Concrete (Qld) Pty Ltd (1992) ATPR 41-317 …. 15.44

U Ultra Tune Australia Pty Ltd v McCann (1999) 30 ACSR 651 …. 2.9 United Dominions Corp Ltd v Brian Pty Ltd (1985) 157 CLR 1; 60 ALR 741 …. 2.9 United Group Rail Services Ltd v Rail Corp (NSW) (2009) 74 NSWLR 618; [2009] NSWCA 177 …. 11.15 United States v Socony-Vacuum Oil Co Inc 310 US 150 (1940) …. 15.2

V V-Flow Pty Ltd v Holyoake Industries (Vic) Pty Ltd [2013] FCAFC 16 …. 3.31 Vines v Australian Securities and Investments Commission (2007) 62 ACSR 1 …. 3.16 Vodafone Pacific Ltd v Mobile Innovations Ltd [2004] NSWCA 15 …. 2.23, 11.10, 11.12, 11.13, 11.14, 11.16

Vrisakis v Australian Securities Commission (1993) 9 WAR 395; 11 ACSR 162 …. 2.21, 3.18, 3.21

W Wardley Australia Ltd v Western Australia [1992] HCA 55 …. 12.37 Warman International Ltd v Dwyer [1995] HCA 18 …. 2.9 Wealthsure Pty Ltd v Selig (2014) 221 FCR 1 …. 8.28, 9.39, 9.54 Westpac Banking Corporation v Bell Group Ltd (in liq) (No 3) (2012) 44 WAR 1; [2012] WASCA 157 …. 2.18, 2.19, 3.31 Whiteley, Re (1886) 33 Ch D 347 …. 5.7, 6.8 Wingecarribee Shire Council v Lehman Brothers Australia Ltd (in liq) [2012] FCA 1028 …. 9.45, 9.46, 9.47, 9.48, 9.49, 9.51, 12.35 Winterton Constructions Pty Ltd v Hambros Australia Ltd, Re [1992] FCA 582 …. 12.22 Woodcroft-Brown v Timbercorp Securities Ltd [2013] VSCA 284 …. 12.24, 12.37 Woolcock Street Investments Pty Ltd v CDG Pty Ltd [2004] HCA 16 …. 17.34 Wyong Shire Council v Shirt (1980) 146 CLR 40 …. 3.18

Y Yorke v Lucas (1985) 158 CLR 661 …. 12.11

Z Zhu v Treasurer of the State of New South Wales (2004) 218 CLR 530; [2004] HCA 56 …. 9.49

Table of Statutes References are to paragraph numbers

Commonwealth Australian Consumer Law s 18 …. 17.35 Australian Consumer Law see Competition and Consumer Act 2010 Sch 2 …. 14.5 Australian Securities and Investments Commission Act 2001 …. 3.44, 8.2, 8.28, 9.54, 12.3, 12.7, 12.17, 12.37, 13.13, 13.14, 13.16, 14.2, 14.3, 14.5, 14.6, 14.11, 14.14 Pt 2 Div 2 …. 14.1 Subdiv C …. 13.18 s 5 …. 12.3, 14.5 s 12BAB …. 12.7 s 12BB …. 12.25 s 12BC(1) …. 8.27, 9.53 s 12BC(2) …. 8.27 ss 12BF–12BM …. 14.5 s 12BF(1) …. 14.8 s 12BF(2) …. 14.8, 14.16 s 12BF(3) …. 14.7 s 12BG …. 14.9, 14.11, 14.17 s 12BG(1)(b) …. 14.9 s 12BG(2) …. 14.17 s 12BG(3) …. 14.17 s 12BG(4) …. 14.9 s 12BH …. 14.9

s 12BI(1)(a) …. 14.7 s 12BI(1)(b) …. 14.7 s 12BI(1)(c) …. 14.7 s 12BI(2) …. 14.7 s 12BI(3) …. 14.7 s 12BK(1) …. 14.8 s 12BK(2) …. 14.8 s 12BL(1) …. 14.7 s 12CA …. 1.1, 13.13, 13.14, 13.26 s 12CA(1) …. 13.14 s 12CA(3)(a) …. 13.15 s 12CB …. 1.1, 13.13, 13.15, 13.17, 13.18, 13.19, 13.23, 13.24, 13.26, 13.27, 13.30 s 12CB(1) …. 13.15, 13.16, 13.19, 13.20, 13.21, 13.25 s 12CB(2) …. 13.25 s 12CB(2)(a) …. 13.25 s 12CB(2)(b) …. 13.25 s 12CB(4) …. 13.15 s 12CB(4)(b) …. 13.21 s 12CC …. 13.18, 13.19 s 12CC(1) …. 13.19 s 12CC(2) …. 13.19 s 12CC(6) …. 13.19 s 12CC(7) …. 13.19 s 12CC(8) …. 13.19 s 12CC(9) …. 13.19 s 12DA …. 1.1, 12.3, 12.7, 12.8, 12.37, 16.19, 17.36, 17.44, 20.20 s 12DA(1A) …. 12.3 s 12DB …. 12.3, 12.38 s 12ED …. 8.27, 8.29, 9.53, 9.55 s 12ED(1) …. 8.27, 8.29, 8.30, 8.32, 9.53, 9.55, 9.56, 9.58 s 12GBA …. 13.26

s 12GD …. 13.26 s 12GF …. 12.37, 13.26 s 912D …. 13.14 Banking Act 1959 …. 8.38, 8.39, 8.40, 8.42, 15.26 s 5 …. 8.1 s 9(3) …. 8.1 s 11CA …. 8.33, 8.37 s 30(4) …. 9.12 s 52A …. 8.39, 8.40, 8.41 ss 52A–52E …. 8.38 s 52A(2)(c) …. 8.40 s 52A(2)(c)(ii) …. 8.40 s 52A(2)(d) …. 8.40 s 52A(3) …. 8.40 s 52B(1) …. 8.41 s 52B(2)–(3) …. 8.41 s 52B(4) …. 8.41 s 52C(1) …. 8.42 s 52C(1)–(2) …. 8.42 s 52C(2)(b)(ii) …. 8.42 s 52C(3) …. 8.42 s 52D …. 8.43 s 52E …. 8.44, 8.45 s 52E(2) …. 8.45 Competition and Consumer Act 2010 …. 1.2, 12.33, 12.37, 13.13, 15.1, 15.4, 15.5, 15.17, 15.19, 15.35, 15.38, 15.39, 15.40, 15.43, 15.45, 15.49, 15.53, 15.65, 15.66 Pt IV …. 15.1 Pt IV Div 1 …. 15.2 Pt IV Div 1 Subdiv D …. 15.16 Pt VII …. 15.16 Div 1A …. 15.28, 15.29

s 2 …. 15.1 s 4(1) …. 15.55 s 4C …. 15.55 s 4D …. 15.35, 15.36 s 4D(1)(b) …. 15.36 s 4D(2) …. 15.36 s 4E …. 15.45 s 4F …. 15.48 s 4J …. 15.16 s 4L …. 15.38 s 20 …. 13.13 s 21 …. 13.13 s 44ZZFG(4) …. 15.17 s 44ZZRA …. 15.4 s 44ZZRB …. 15.9, 15.14 s 44ZZRC …. 15.15 s 44ZZRD …. 15.3, 15.15 s 44ZZRD(1) …. 15.3 s 44ZZRD(1)(a) …. 15.9 s 44ZZRD(2) …. 15.9 s 44ZZRD(3) …. 15.13 s 44ZZRD(3)(a) …. 15.14 s 44ZZRD(3)(b) …. 15.14 s 44ZZRD(3)(c)(i) …. 15.14 s 44ZZRD(3)(c)(iii) …. 15.14 s 44ZZRD(4) …. 15.15 s 44ZZRD(6) …. 15.12 s 44ZZRD(8) …. 15.9 s 44ZZRD(9) …. 15.13 s 44ZZRF(3) …. 15.17 s 44ZZRG …. 15.17 s 44ZZRG(3) …. 15.17

s 44ZZRJ …. 15.17 s 44ZZRK …. 15.17 s 44ZZRL …. 15.16 s 44ZZRM …. 15.16 s 44ZZRN …. 15.16 s 44ZZRO …. 15.16 s 44ZZRP …. 15.16 s 44ZZRV …. 15.16 s 44ZZT …. 15.26 s 44ZZU …. 15.28, 15.29 s 44ZZV(2) …. 15.28 s 44ZZV(3) …. 15.28 s 44ZZW …. 15.27 s 44ZZX …. 15.29 s 44ZZY …. 15.28, 15.29 s 44ZZZ …. 15.28 s 45 …. 15.21, 15.24, 15.32, 15.37, 15.38, 15.39, 15.40, 15.52, 15.59 s 45(2) …. 15.32 s 45(3) …. 15.21 s 45(6) …. 15.59 s 45(8) …. 15.39 s 45(8A) …. 15.39 s 45B …. 15.1, 15.52, 15.54 s 45C …. 15.1 s 45D …. 15.1, 15.36 s 45DA …. 15.1 s 45DB …. 15.1 s 45DC …. 15.1 s 45DD …. 15.1 s 45E …. 15.1 s 46 …. 15.37, 15.41, 15.47, 15.49, 15.50, 15.51, 15.52, 15.53

s 46(1) …. 15.45, 15.48, 15.49 s 46(1)(a)–(c) …. 15.48 s 46(1AA) …. 15.49 s 46(2) …. 15.44 s 46(3) …. 15.44 s 46(3A) …. 15.44 s 46(4)(b) …. 15.45 s 46(7) …. 15.48 s 46A …. 15.1 s 47 …. 15.52, 15.54, 15.55, 15.56, 15.57, 15.59, 15.60, 15.61 s 47(2)(d) …. 15.55 s 47(2)(e) …. 15.55 s 47(2)(f)(i) …. 15.55 s 47(2)(f)(ii) …. 15.55 s 47(3)(d) …. 15.55 s 47(3)(e) …. 15.55 s 47(4) …. 15.55 s 47(4)(c) …. 15.55 s 47(4)(d) …. 15.55 s 47(5)(d) …. 15.55 s 47(6) …. 15.55, 15.57, 15.58 s 47(7) …. 15.55, 15.57, 15.58 s 47(8)(c) …. 15.57, 15.58 s 47(9)(d) …. 15.57, 15.58 s 47(10) …. 15.57 s 47(12) …. 15.60 s 47(13) …. 15.56 s 48 …. 15.62, 15.66 s 49 …. 15.1 s 50 …. 15.1, 15.52, 15.54 s 51 …. 15.16, 15.39, 15.60 s 75B …. 12.37

s 76(1) …. 15.40, 15.61, 15.66 s 76(1)(a) …. 15.30 s 76(1A) …. 15.30 s 76(1A)(aa) …. 15.17 s 76(1A)(b) …. 15.40, 15.53, 15.61, 15.66 s 76(1B) …. 15.30 s 76(1B)(b) …. 15.17, 15.40, 15.53, 15.66 s 76(5) …. 15.30, 15.40, 15.53, 15.61, 15.66 s 76C …. 15.36 s 79 …. 15.17 s 79(1)(e) …. 15.17 s 79B …. 15.30 s 80 …. 15.17, 15.40, 15.53, 15.61, 15.66 s 82 …. 12.37, 15.17, 15.30, 15.40, 15.53, 15.61, 15.66 s 84 …. 15.28, 15.29 s 84(1) …. 15.48 s 86E …. 15.17, 15.30, 15.40, 15.53, 15.61, 15.66 s 87 …. 15.17, 15.30, 15.40, 15.53, 15.61, 15.66 s 87CB …. 17.37 s 88 …. 15.39, 15.52, 15.60, 15.65 s 88(1) …. 15.39 s 93 …. 15.60 s 93AB …. 15.39 s 93AB(1A) …. 15.16 s 96(3) …. 15.62 s 96(3)(d) …. 15.65 s 96(3)(f) …. 15.64 s 96A …. 15.62 s 98(2) …. 15.65 s 131 …. 12.3 s 131A …. 12.3 s 236 …. 17.36

s 237 …. 17.36 Sch 2 …. 12.3, 14.5 Sch 2, s 4 …. 12.25 Sch 2, s 18 …. 12.3, 12.8, 12.16, 12.21, 12.25, 12.37 Sch 2, s 29 …. 12.3, 12.38 Sch 2, s 151 …. 12.3, 12.38 Sch 2, s 207 …. 12.3 Sch 2, s 209 …. 12.33 Sch 2, s 236 …. 12.37 Sch 2, s 237 …. 12.37 Competition and Consumer Regulations 2010 reg 48 …. 15.26 reg 49 …. 15.26 Constitution …. 4.16 Copyright Act 1968 …. 17.45, 17.48 s 10 …. 17.45, 17.48 s 47AB …. 17.45 s 47F …. 17.1, 17.45, 17.46, 17.47 s 47F(1)(b)(i) …. 17.47 s 47F(1)(b)(ii) …. 17.47 s 47F(1)(c) …. 17.47 s 47F(1)(d) …. 17.47 s 47H …. 17.47 s 116AN(1) …. 17.48 s 116AN(3) …. 17.48 s 116AN(4) …. 17.48 s 116AN(5) …. 17.48 s 132APC(1) …. 17.48 s 132APC(3) …. 17.48 s 132APC(4) …. 17.48 s 132APC(5) …. 17.48 Corporations Act 2001 …. 3.1, 3.5, 3.12, 3.17, 3.19, 3.24, 3.41, 3.44,

4.2, 4.3, 4.24, 4.25, 4.27, 5.1, 5.28, 7.28, 7.30, 8.3, 8.38, 8.40, 9.1, 9.3, 9.7, 9.12, 9.23, 9.34, 9.37, 9.43, 10.17, 10.18, 12.3, 12.37, 13.13, 17.23, 17.39, 20.13 Pt 2D.1 …. 3.42, 4.18, 4.26, 5.3, 5.12, 5.20 Pt 2D.6 …. 3.49, 3.51, 3.53, 3.55, 4.28 Pt 7 …. 12.3 Pt 7.1 …. 12.7 Pt 7.1 Div 3 …. 12.3, 12.4 Pt 7.1 Div 4 …. 12.3, 12.4 Pt 7.6 Div 4 Subdiv C …. 7.9 Pt 7.6 Div 8 Subdiv A …. 7.9 Pt 7.8 Div 4A …. 20.13 Pt 7.10 …. 12.5 Pt 7.10 Div 2A …. 12.37 Ch 6CA …. 17.23 s 9 …. 3.11, 3.44, 4.22 s 47(1)(a) …. 10.2 s 52 …. 9.11, 12.37 s 79 …. 3.50, 3.52, 3.54, 12.37 s 180 …. 3.5, 3.10, 3.11, 3.14, 3.18, 3.44, 3.49 s 180(1) …. 1.1, 3.11, 3.12, 3.13, 3.14, 3.16, 3.19, 3.20, 3.21, 3.22, 3.24, 3.29, 3.41, 3.42, 4.26, 5.25, 7.27, 8.37, 17.14, 17.17 s 180(2) …. 3.24, 3.27, 3.29, 4.23 s 180(2)(d) …. 3.29 s 180(3) …. 3.24, 3.25, 3.26 s 180(3)(c) …. 3.29 s 181 …. 3.5, 3.31, 3.50 s 181(1) …. 3.30, 3.31, 3.32 s 181(1)(a) …. 3.31 s 181(2) …. 3.50 s 182 …. 3.5, 3.52 s 182(1) …. 3.33

s 182(2) …. 3.52 s 183 …. 3.5, 3.35, 3.36, 3.37, 3.54, 4.21 s 183(1) …. 3.35, 3.36 s 183(2) …. 3.38, 3.39, 3.54 s 184 …. 3.35 s 184(1) …. 3.51 s 184(2) …. 3.53 s 184(3) …. 3.55 s 185 …. 3.11 s 187 …. 3.11, 3.52 s 189 …. 3.40, 3.41 s 190 …. 3.42 s 192A(1)(a) …. 1.6 s 198D …. 3.42 s 206C …. 3.49, 3.51, 3.53, 3.55, 4.28, 17.17 s 601FC …. 4.1, 4.2, 5.16 s 601FC(1) …. 4.3, 4.24, 4.25, 4.26, 4.27, 4.28, 5.8, 6.9 s 601FC(1)(a) …. 4.4, 4.5 s 601FC(1)(a)–(1)(e) …. 4.2 s 601FC(1)(a)–(m) …. 4.3 s 601FC(1)(b) …. 4.7 s 601FC(1)(c) …. 4.11, 4.15, 4.16, 4.17, 4.18 s 601FC(1)(d) …. 4.20, 5.16 s 601FC(1)(e) …. 4.21 s 601FC(1)(f) …. 4.2 s 601FC(1)(g) …. 4.2 s 601FC(1)(h) …. 4.2 s 601FC(1)(i) …. 4.2 s 601FC(1)(j) …. 4.2 s 601FC(1)(k) …. 4.2 s 601FC(1)(l) …. 4.2, 4.24 s 601FC(1)(m) …. 4.2

s 601FC(2) …. 4.2 s 601FC(3) …. 4.18 s 601FC(5) …. 4.27 s 601FD(1) …. 4.2, 4.22, 4.23, 4.26, 4.27, 4.28, 4.29 s 601FD(1)(c) …. 4.16 s 601FD(3) …. 4.27 s 601FD(4) …. 4.29 s 601FE(1) …. 4.22 s 601GA …. 4.2 s 601GB …. 4.2 s 601HA …. 4.2 s 670A …. 12.3 s 728 …. 12.3 s 763A …. 9.10 s 764A …. 9.10 s 764A(1) …. 9.7 s 765A …. 9.10 s 765A(1)(h)(i) …. 9.10 s 766A …. 9.3 s 766A(1) …. 10.16 s 766A(3) …. 9.3, 9.12 s 766B …. 9.3, 9.5, 9.7, 9.9, 9.14, 10.16 s 766B(1) …. 9.3, 9.7, 9.9 s 766B(1A) …. 9.12 s 766B(3) …. 9.14, 9.19, 19.2 s 766B(4) …. 9.14 s 766B(5) …. 9.13 s 766B(6) …. 9.13 s 766B(7) …. 9.13 s 766B(9)(b) …. 9.12 ss 766C–766D …. 9.3 s 766D …. 9.3

s 766E …. 9.3 s 829(f) …. 10.12 s 851 …. 10.8, 10.12 s 911A(1) …. 9.3 s 911A(2) …. 9.3 s 912A …. 10.20, 10.21 s 912A(1) …. 10.2, 10.20 s 912A(1)(a) …. 10.2, 10.3, 10.7, 10.8, 10.9, 10.10, 10.11, 10.13, 20.20 s 912A(1)(aa) …. 10.2, 10.14, 10.15, 10.16, 10.17, 10.19 s 912A(1)(b) …. 10.2 s 912A(1)(d) …. 19.16 s 912A(2) …. 10.2 s 912A(4) …. 10.2 s 912A(5) …. 10.2 s 912D …. 10.20, 17.23 s 914A …. 10.20 s 915B …. 10.20 s 915C …. 10.20 s 920A …. 10.20 s 920A(1)(b) …. 10.20 s 920A(1)(g) …. 10.20 s 920A(1)(h) …. 10.20 s 945A …. 9.37, 10.11 s 945A(1)(b) …. 3.20, 9.27, 9.37, 10.11 s 945A(1)(c) …. 3.20, 9.27, 9.37, 10.11 s 946A …. 9.20 s 949A …. 9.15 s 949A(2) …. 9.16, 9.17 s 949A(3) …. 9.16 s 949A(4) …. 9.17 s 949A(5) …. 9.17

s 949B …. 9.17 s 960B …. 9.43 s 961 …. 9.21 s 961B …. 9.20, 9.26, 9.32, 9.33 s 961B(1) …. 9.21, 9.22, 9.23, 9.25, 9.34, 9.35, 9.38 s 961B(2) …. 9.22, 9.23 s 961B(2)(c) …. 9.23 s 961B(2)(e)(i) …. 9.24 s 961B(2)(g) …. 9.25 s 961B(3) …. 9.23 s 961B(4) …. 9.23 s 961C …. 9.23 s 961D …. 9.23 s 961E …. 9.25 s 961F …. 9.23 s 961G …. 9.20, 9.26, 9.27, 9.32, 9.33 s 961H …. 9.20, 9.28, 9.32, 9.33 s 961J …. 9.20, 9.29, 9.32, 9.33 s 961J(1) …. 9.29 s 961J(2)–(3) …. 9.30 s 961K …. 9.32 s 961K(2) …. 9.32 s 961L …. 9.33 s 961M …. 9.33 s 961N …. 9.33 s 961Q …. 9.32 s 985G …. 8.3 s 991A …. 13.13, 13.27, 13.28, 13.30 s 991A(1) …. 13.28 s 991A(2) …. 13.28 s 1017B …. 7.5 s 1022A …. 12.3

s 1041E …. 12.3, 12.38 s 1041H …. 12.3, 12.4, 12.5, 12.7, 12.37, 16.19, 17.36, 17.44 s 1041H(3) …. 12.3 s 1041I …. 12.37 s 1041I(1) …. 12.37 s 1041K …. 12.3 s 1043F …. 10.17, 10.18 s 1311 …. 3.45, 3.46, 4.29 s 1311(1) …. 9.17 s 1317AA(1)(a) …. 3.44 s 1317AA(1)(b) …. 3.44 s 1317AA(1)(c) …. 3.44 s 1317AA(1)(d) …. 3.44, 5.28, 7.30, 8.40 s 1317AA(1)(e) …. 3.44 s 1317AB …. 3.45 s 1317AC …. 3.45 s 1317E …. 3.49, 3.50, 3.52, 3.54, 4.27, 17.17 s 1317G …. 3.49, 3.51, 3.53, 3.55, 17.17 s 1317G(1) …. 4.28 s 1317H …. 3.49, 3.51, 3.53, 3.55, 4.28, 17.17 s 1317S …. 3.56, 4.30 s 1318 …. 3.56, 4.30 s 1324 …. 3.49, 3.51, 3.53, 3.55, 4.28, 10.21, 12.37, 13.28, 17.17 s 1325 …. 4.28, 13.28 s 1331(1A) …. 13.28 Sch 3 …. 3.45, 3.46, 4.29, 9.17 Corporations Law s 784(2) …. 10.13 Corporations Regulations 2001 Pt 7.9 …. 9.12 Pt 9.2 …. 9.12 reg 7.1.08 …. 9.12

reg 7.1.29(1) …. 9.12 reg 7.1.29(3) …. 9.12, 10.16 reg 7.1.29(3A) …. 9.12 reg 7.1.29(4) …. 9.12 reg 7.1.29(5) …. 9.12 reg 7.1.29(5)(c)(ii) …. 9.12 reg 7.1.29A …. 9.12 reg 7.1.29A(2) …. 9.12 reg 7.1.30 …. 9.12 reg 7.1.31 …. 9.12 reg 7.1.32 …. 9.12 reg 7.1.33(1) …. 9.12 reg 7.1.33A …. 9.12 reg 7.1.33B …. 9.12 reg 7.1.33E …. 9.12 reg 7.1.33F …. 9.12 reg 7.1.33G …. 9.12 reg 7.1.33H …. 9.12 reg 7.6.01(1) …. 9.3 reg 7.6.01(1)(u) …. 9.12 reg 7.9.07CA …. 9.17 Crimes Act 1914 s 4AA …. 3.45, 3.46, 3.51, 3.53, 3.55, 4.29, 5.30, 5.32, 7.32, 7.34, 8.7, 8.8, 8.14, 8.42, 8.44, 9.17, 15.17, 17.13 s 4AA(3) …. 3.45, 3.46, 3.51, 3.53, 3.55, 4.29, 5.30, 5.32, 7.32, 7.34, 8.7, 8.8, 8.14, 8.42, 8.44, 9.17, 15.17, 17.13 s 4B(3) …. 17.13 Criminal Code 1995 …. 17.50 s 474.17 …. 17.50 s 477.3(1) …. 17.50 s 478.1(1) …. 17.50 Do Not Call Register Act 2006 …. 16.61

Evidence Act 1995 …. 18.36, 18.39, 18.40, 18.41 s 79 …. 18.36, 18.37 s 135 …. 18.38 s 136 …. 18.38 Extradition Act 1988 …. 17.2 Family Law Act 1975 s 79A …. 16.57 Federal Court Rules 2011 Pt 23 …. 18.41 Industrial Relations Act 1988 …. 16.58 Insurance Act 1973 …. 7.28, 7.36 ss 38A–38E …. 7.28 s 104(1) …. 7.27 Insurance Contracts Act 1984 …. 7.1, 7.3, 7.5, 7.8, 7.36 s 9 …. 7.3 s 10 …. 7.3 s 11 …. 7.4 s 13 …. 7.6 s 13(1) …. 7.4, 7.5 s 13(3) …. 7.4 s 14 …. 7.4, 7.6 s 14A …. 7.9 s 15 …. 7.4 s 22(1) …. 7.6 s 37 …. 7.6, 14.20 s 54(1) …. 7.7 s 55 …. 7.7 s 55A …. 7.8 s 55A(2) …. 7.8 s 55A(3) …. 7.8 s 60 …. 7.7 s 63 …. 7.7

Life Insurance Act 1995 …. 7.11, 7.12, 7.28, 7.29, 7.30, 7.32, 7.36 Pt 7 Subdiv A …. 3.44 s 32 …. 7.11, 7.12, 7.13 s 32(1)(b) …. 7.10, 7.21 s 32(2) …. 7.21 s 32(4) …. 7.14 s 34(5) …. 7.10 s 35 …. 7.23 s 48 …. 7.17 s 48(4) …. 7.14, 7.20 s 49(1) …. 7.22 s 50(1) …. 7.22 s 50(2) …. 7.22 s 156A …. 7.29, 7.30, 7.31 ss 156A–156E …. 7.28 s 156A(2)(c) …. 7.30 s 156A(2)(c)(ii) …. 7.30 s 156A(2)(d) …. 7.30 s 156B(1) …. 7.31 s 156B(2)–(3) …. 7.31 s 156B(4) …. 7.31 s 156C(1) …. 7.32 s 156C(2) …. 7.32 s 156C(2)(b)(ii) …. 7.32 s 156C(3) …. 7.32 s 156D …. 7.33 s 156E …. 7.34, 7.35 s 156E(2) …. 7.34, 7.35 s 230A …. 7.23 s 230B …. 7.23, 7.27 Managed Investments Act 1998 …. 4.1, 10.13 Pt 7.12 Div 5 …. 4.1

National Consumer Credit Protection Act 2009 …. 8.3, 8.4, 8.5, 8.6, 8.16, 8.17, 10.2, 16.93, 16.97, 20.13 Ch 3 …. 8.4 Pt 3 …. 8.24 Pt 3-1 …. 8.6, 8.7 Pt 3-2 …. 8.6 Pt 3-2 Div 3 …. 8.12 s 4 …. 8.5 s 5 …. 8.3, 8.5, 8.14 s 6 …. 8.3 s 8 …. 8.3 s 35 …. 8.3 s 76 …. 8.17 ss 115–118 …. 8.14 s 115(1) …. 8.7 s 115(1)(d) …. 8.8, 8.23 s 115(2) …. 8.7 s 116(1) …. 8.7, 8.9 s 117 …. 8.7, 8.8 s 117(1) …. 8.8, 8.11 s 117(1)(b) …. 16.104 s 117(1)(c) …. 8.23 s 118(2) …. 8.10 s 118(2)(a) …. 8.11, 8.20 s 118(3) …. 8.11 s 128 …. 8.13, 8.14 ss 128–131 …. 8.14 s 129 …. 8.14 s 130 …. 8.14 s 131(2)(a) …. 8.20 s 177 …. 8.17 s 178 …. 8.17

s 180(1) …. 8.18 s 180A …. 8.17 Sch 1 …. 8.4 National Credit Code see National Consumer Credit Protection Act 2009 …. 14.12 Privacy Act 1988 …. 16.2, 16.3, 16.6, 16.12, 16.13, 16.14, 16.15, 16.16, 16.18, 16.26, 16.27, 16.29, 16.33, 16.43, 16.46, 16.52, 16.54, 16.59, 16.70, 16.79, 16.84, 16.85, 16.87, 16.107, 16.110, 16.115, 16.116, 17.1, 17.8, 17.42, 17.43, 17.58 Pt IIIA …. 16.87, 16.90, 16.97, 16.101, 16.106, 16.108, 16.113, 16.114 Pt IIIA Subdiv F …. 10.106 s 2A …. 16.59 s 5B(3) …. 17.11 s 6 …. 16.6 s 6(1) …. 16.27, 16.75 s 6C …. 16.3 ss 6G–6K …. 16.88 s 13(2)(b) …. 16.107 s 13B …. 16.42 s 13G …. 16.108, 17.13 s 15 …. 16.4 s 16C …. 16.64, 16.65, 16.66 s 21A(2) …. 16.90 s 21B …. 16.91 s 21B(3) …. 16.91 s 21B(4) …. 16.91 s 21B(5) …. 16.91 s 21B(7) …. 16.91 s 21C …. 16.92 s 21D …. 16.93, 16.96, 16.97, 16.101, 16.102 s 21D(3) …. 16.93 s 21D(6) …. 16.93

s 21D(7) …. 16.93 s 21E …. 16.94 s 21F …. 16.95 s 21G …. 16.93, 16.96, 16.97, 16.98 s 21G(2) …. 16.96, 16.97 s 21G(3) …. 16.96, 16.97 s 21G(4) …. 16.97 s 21G(5) …. 16.97 s 21G(7) …. 16.98 s 21P …. 16.99 s 21Q …. 16.100 s 21Q(3) …. 16.90 s 21R …. 16.101, 16.102 s 21S …. 16.104, 16.105, 17.9, 17.13 s 21S(1) …. 17.9 s 21S(3) …. 17.9 s 33E …. 17.11 s 36 …. 16.110 s 38 …. 17.39 s 41 …. 16.110 s 52(1)(b) …. 17.42 s 52(1AB) …. 17.42 s 55 …. 16.111 s 55A(1) …. 16.112 Sch 1, APP 1 …. 16.17, 16.61, 16.62, 16.110 Sch 1, APP 1.2 …. 16.17, 16.18, 16.19 Sch 1, APP 1.3 …. 16.19, 16.91 Sch 1, APP 1.4 …. 16.20, 16.21, 16.91 Sch 1, APP 2 …. 16.21 Sch 1, APP 2.1 …. 16.21 Sch 1, APP 2.2 …. 16.21 Sch 1, APP 3 …. 16.29

Sch 1, APP 3–APP 5 …. 16.22 Sch 1, APP 3.2 …. 16.22, 16.23, 16.24, 16.27, 16.38 Sch 1, APP 3.3 …. 16.25, 16.26 Sch 1, APP 3.4 …. 16.26 Sch 1, APP 3.5 …. 16.26 Sch 1, APP 3.6 …. 16.28 Sch 1, APP 4 …. 16.29 Sch 1, APP 5 …. 16.30, 16.92 Sch 1, APP 5–APP 13 …. 16.29 Sch 1, APP 5.1 …. 16.30 Sch 1, APP 5.2 …. 16.30, 16.34 Sch 1, APP 5.2(b) …. 16.31 Sch 1, APP 5.2(d) …. 16.34, 16.38 Sch 1, APP 5.2(e) …. 16.35 Sch 1, APP 5.2(f) …. 16.36 Sch 1, APP 5.2(i) …. 16.37 Sch 1, APP 5.2(j) …. 16.37 Sch 1, APP 6 …. 16.42, 16.43, 16.45, 16.93, 16.97 Sch 1, APP 6.1 …. 16.38, 16.39 Sch 1, APP 6.2 …. 16.39, 16.41 Sch 1, APP 6.2(a) …. 16.40 Sch 1, APP 6.2(b) …. 16.41 Sch 1, APP 6.2(c) …. 16.41 Sch 1, APP 6.2(d) …. 16.41 Sch 1, APP 6.2(e) …. 16.41 Sch 1, APP 6.6 …. 16.42 Sch 1, APP 6.7 …. 16.42 Sch 1, APP 7 …. 16.42, 16.43, 16.45, 16.61 Sch 1, APP 7.1 …. 16.42, 16.43, 16.45, 16.47, 16.50 Sch 1, APP 7.2 …. 16.47, 16.49, 16.51 Sch 1, APP 7.2(a) …. 16.48 Sch 1, APP 7.2(b) …. 16.48, 16.49

Sch 1, APP 7.2(c) …. 16.49 Sch 1, APP 7.2(d) …. 16.49 Sch 1, APP 7.3 …. 16.50, 16.51, 16.59 Sch 1, APP 7.3(a)(i) …. 16.51 Sch 1, APP 7.3(a)(ii) …. 16.51 Sch 1, APP 7.3(b) …. 16.51, 16.52 Sch 1, APP 7.3(c) …. 16.51, 16.60 Sch 1, APP 7.3(d) …. 16.60 Sch 1, APP 7.4 …. 16.61 Sch 1, APP 7.6 …. 16.61 Sch 1, APP 8 …. 16.63, 16.93 Sch 1, APP 8.1 …. 16.62, 16.63, 16.64, 16.65, 16.69 Sch 1, APP 8.2 …. 16.63, 16.65 Sch 1, APP 8.2(a) …. 16.67, 16.68 Sch 1, APP 8.2(b) …. 16.69 Sch 1, APP 8.2(c) …. 16.69 Sch 1, APP 8.2(d) …. 16.69 Sch 1, APP 9 …. 16.42, 16.70 Sch 1, APP 9.1 …. 16.71 Sch 1, APP 9.2 …. 16.71, 16.98 Sch 1, APP 9.2(a) …. 16.72 Sch 1, APP 10 …. 16.73, 16.90, 16.100 Sch 1, APP 11 …. 16.105 Sch 1, APP 11.1 …. 16.74, 17.9, 17.13 Sch 1, APP 11.2 …. 16.75 Sch 1, APP 12 …. 16.16, 16.76 Sch 1, APP 12.1 …. 16.76, 16.77 Sch 1, APP 12.3 …. 16.77 Sch 1, APP 12.10 …. 16.78 Sch 1, APP 13 …. 16.83 Sch 1, APP 13.2 …. 16.83 Sch 1, APP 13.3 …. 16.83

Sch 1, APP 13.4 …. 16.83 Sch 1, APP 13.5 …. 16.83 Privacy (Credit Reporting) Code 2014 …. 16.107 Privacy and Electronic Communications Regulations …. 16.33 reg 6 …. 16.33 reg 6(4) …. 16.33 Social Security Act 1991 …. 8.16 Spam Act 2003 …. 16.52, 16.61 Sch 2 cl 2 …. 16.52 Superannuation Guarantee (Administration) Act 1992 …. 9.8 Superannuation Industry (Supervision) Act 1993 …. 1.1, 5.1, 5.2, 5.11, 5.14, 5.26, 5.28, 5.30, 5.34, 6.19 s 10 …. 5.25, 5.28 s 29E(1)(a) …. 5.25 s 29EB …. 5.25 s 34C(1) …. 5.24 s 52 …. 5.1, 5.3 s 52(1) …. 5.3 s 52(2) …. 5.11, 5.18, 6.13 s 52(2)(a) …. 5.1, 5.4, 5.5 s 52(2)(b) …. 5.1, 5.7, 6.8 s 52(2)(c) …. 5.1, 5.11, 6.13 s 52(2)(d) …. 5.1, 5.3, 5.12 s 52(2)(e) …. 5.1, 5.15, 5.17 s 52(2)(f) …. 5.1, 5.15, 5.17 s 52(3) …. 5.7 s 52(4) …. 5.3, 5.12 s 52(7) …. 5.1 s 52A …. 5.1, 5.18 s 52A(2) …. 5.3, 5.12, 5.18 s 52A(2)(d) …. 5.20 s 52A(2)(f) …. 5.19

s 52A(3) …. 5.3, 5.20 s 52A(5) …. 5.19 s 52B …. 6.14 s 52B(1) …. 6.2 s 52B(2)(a) …. 6.3, 6.5 s 52B(2)(b) …. 6.7, 6.8, 6.9 s 52B(2)(c) …. 6.12 s 52B(2)(d)–(h) …. 6.2 s 52C(2) …. 6.14, 6.15 s 52C(3) …. 6.15 s 55(1) …. 5.21, 6.17 s 55(2) …. 5.21, 6.17 s 55(3) …. 5.21, 5.22, 6.17, 6.18 s 55(4) …. 5.21, 6.17 s 55(4A) …. 5.21, 6.17 s 55(4B) …. 5.21, 6.17 s 62 …. 6.2 s 65 …. 6.2 s 84 …. 6.2 s 109 …. 6.2 s 323(2) …. 5.22, 6.18 s 323(4) …. 5.22, 6.18 s 336A …. 5.27, 5.28, 5.29 ss 336A–336E …. 5.26 s 336A(2)(c) …. 5.28 s 336A(2)(c)(ii) …. 5.28 s 336A(2)(d) …. 5.28 s 336B(1) …. 5.29 s 336B(2)–(3) …. 5.29 s 336B(4) …. 5.29 s 336C(1) …. 5.30 s 336C(2) …. 5.30

s 336C(2)(b)(ii) …. 5.30 s 336C(3) …. 5.30 s 336D …. 5.31 s 336E …. 5.32, 5.33 s 336E(2) …. 5.32, 5.33 s 350 …. 5.2, 5.23, 6.19 Superannuation Industry (Supervision) Regulations 1994 reg 6.01(5)(a)(ii) …. 8.16 Trade Practices Act 1974 …. 12.37, 15.5, 15.51 s 45A …. 15.2, 15.10, 15.19 s 46 …. 15.41 s 46(1) …. 15.41, 15.42 s 46(1)(c) …. 15.41 s 46(1A) …. 15.42 s 46A …. 15.42 s 51AC …. 13.17 s 52 …. 12.10, 12.16, 12.23, 12.25 s 52(1) …. 12.25 s 82(1) …. 12.37 s 85(3) …. 12.33

Australian Capital Territory Evidence Act 2011 …. 18.36, 18.39, 18.40, 18.41 s 79 …. 18.36, 18.37 s 135 …. 18.38 s 136 …. 18.38

New South Wales Civil Liability Act 2002 s 3A(2) …. 17.27

ss 5B–5D …. 17.32 Contracts Review Act 1980 …. 1.7, 8.17, 13.29, 13.30, 13.31, 13.33, 13.35 s 4 …. 13.30 s 6 …. 13.30 s 7 …. 13.29, 13.30, 13.33, 13.35 s 8 …. 13.35 s 9 …. 13.30 s 9(2) …. 13.30 Sch 1 …. 13.35 Evidence Act 1995 …. 18.36, 18.39, 18.40, 18.41 s 79 …. 18.36, 18.37 s 135 …. 18.38 s 136 …. 18.38 Fair Trading Act 1987 s 28 …. 14.5 Retail Leases Act 1994 s 62B …. 13.17 Uniform Civil Procedure Rules 2005 …. 18.41 Sch 7 …. 18.41

Northern Territory Evidence Act …. 18.36, 18.39, 18.40, 18.41 s 79 …. 18.36, 18.37 s 135 …. 18.38 s 136 …. 18.38

Queensland Fair Trading Act 1989 s 16 …. 14.5

Tasmania Evidence Act 2001 …. 18.36, 18.39, 18.40, 18.41 s 79 …. 18.36, 18.37 s 135 …. 18.38 s 136 …. 18.38

Victoria Evidence Act 2008 …. 18.36, 18.39, 18.40, 18.41 s 79 …. 18.36, 18.37 s 135 …. 18.38 s 136 …. 18.38 Fair Trading Act 1999 …. 14.11, 14.12, 14.13, 14.15 s 32W …. 14.11 s 32X …. 14.11 s 32Y …. 14.11

Western Australia Fair Trading Act 2010 s 19 …. 14.5

India Information Technology (Amendment) Act 2008 …. 16.68

United Kingdom Consumer Credit Act 1974 Pt 3 …. 18.29 Data Protection Act 1998 …. 16.68 s 1 …. 17.21

s 7 …. 16.79 s 13 …. 17.41 Enterprise and Regulatory Reform Act 2013 …. 16.79 s 89 …. 16.79 s 89(3) …. 16.79 Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 reg 5A …. 17.21 Privacy and Electronic Communications (EC Directive) Regulations 2003 reg 1 …. 17.21 reg 5 …. 17.21

United States of America Unfair Terms in Consumer Contracts Regulations 1999 …. 14.18 reg 6(2) …. 14.18 Uniform Commercial Code §1–102(3) …. 11.8

Contents Foreword Preface Table of Cases Table of Statutes

Part A Chapter 1

Outline Introduction

Overview Interpreting and applying values-based laws Structure of this book Conclusion

Part B Chapter 2

Duties Based on the Status of the Financial Services Participant Fiduciary and Equitable Duties at General Law

Introduction Fiduciary and other equitable duties Peculiarly fiduciary duties The content of the duty Conflict rule No profit rule Informed consent Non-fiduciary obligation imposed by equity Duty to act in best interests Duty of care and skill

Duty to act in good faith Duty to act for a proper purpose Remedies Conclusion

Chapter 3

Duties of Directors and Officers

Introduction Duty to act with care and diligence The duty at general law Standard of care The duty under s 180 Courts’ reluctance to review business judgments Statutory business judgment rule Duty to act in good faith Duty to not improperly use position Duty to not improperly use information Reliance on others and non-delegable duties Disclosures by whistleblowers Liability and remedies Ratification Duty to act with care and diligence: s 180 Duty to act in good faith: s 181 Duty to not improperly use position: s 182 Duty to not improperly use information: s 183 Relief under s 1317S and s 1318 of the Corporations Act Conclusion

Chapter 4

Duties of a Responsible Entity

Introduction Duty to act honestly Duty of care and diligence Best interests duty

Best interests duty Priority rule Treat members equally and fairly Duty to not use information to gain improper advantage Duties of officers of a responsible entity Reporting of breaches Liability and remedies Conclusion

Chapter 5

Duties of Registrable Superannuation Entities

Introduction Duty to act honestly Duty to exercise care, skill and diligence Duty to act in the best interests of beneficiaries Duty to give priority where there is a conflict Duty to act fairly in dealings between and within classes of beneficiaries Directors’ duties Liability and remedies Prudential standards Liability and remedies Duties concerning whistleblowers The whistleblower regime under the SIS Act No civil or criminal liability No victimisation Compensation Confidentiality obligations Conclusion

Chapter 6

Duties of Trustees of Self-managed Superannuation Funds

Introduction Duty to act honestly

Duty to exercise care, skill and diligence Duty to act in the best interests of beneficiaries Covenant imposed on directors Liability and remedies Conclusion

Chapter 7

Duties of Insurance Entities

Introduction Duty of utmost good faith Statutory form of the duty of utmost good faith The content of the duty of utmost good faith Liability and remedies Duty of priority Priority over whom? The meaning of ‘give priority’ Identifying the interests of policy owners Interests of policy owners as a whole APRA guidelines Directors’ duty of priority Defences, liability and remedies Duties of directors of life company concerning risk management The content of the duty Liability and remedies Duties concerning whistleblowers The whistleblower regime under the Life Insurance Act No civil or criminal liability No victimisation Compensation Confidentiality obligations Conclusion

Chapter 8

Duties of Authorised Deposit-taking Institutions

Introduction Responsible lending duties Disclosure obligations Evaluating whether a credit contract is unsuitable Preliminary assessments of unsuitability Inquiries and verification under s 117 Preliminary assessment under s 116(1) Final assessments of unsuitability Substantial hardship ASIC guidance re assessing substantial hardship Remedies Case law regarding responsible lending obligations Implied duties under the ASIC Act Duties under prudential standards Content of the duty Liability and remedies Duties in respect to whistleblowers The whistleblower regime under the Banking Act Conclusion

Chapter 9

Duties of Entities that Provide Advice

Introduction Financial product advice Case law Regulatory guidance Financial products Who provides financial product advice? Exemptions Duties concerning the giving of general advice General advice obligations Duties concerning the giving of personal advice Duty to act in the best interests of a client

Duty to provide the client with appropriate advice Duty to warn the client if the advice is based on incomplete or inaccurate information Duty of priority Liability and remedies Case analysis Fiduciary duties of advisers Other duties of advice providers Conclusion

Chapter 10 Duties of Australian Financial Services Licensees Introduction Duty to act provided efficiently, honestly and fairly Compendious duty Do all things necessary to ensure Objective test Assess conduct by reference to business as a whole Morally wrong or unethical conduct Morally wrong business practices One size fits all advice Failure to have a reasonable basis for advice Failure to act diligently and efficiently Management of conflicts of interest Chinese walls Liability and remedies Conclusion

Part C

General Conduct Obligations Imposed on Any Entity that Provides Financial Services

Chapter 11 Obligation of Good Faith Introduction

The obligation of good faith The emergence of good faith Implied term v implied duty Inconsistency with the contract The content of the good faith duty Remedies for breach of the duty of good faith Conclusion

Chapter 12 Misleading or Deceptive Conduct Introduction Misleading or deceptive conduct The statutory provisions Peculiar elements regarding the scope of s 1041H — the meaning of ‘in relation to’ Peculiar elements regarding the scope of s 12DA The ‘trade and commerce’ limit on the scope of s 12DA, ASIC Act and s 18, ACL Misleading or deceptive conduct — interpretation and application Meaning of ‘deceptive’ conduct Meaning of ‘likely to’ Objective test for assessing misleading or deceptive conduct Statements that are literally true State of mind Transitory effect and disclaimers Careless conduct Class of persons to whom conduct is directed Failure to disclose Opinions Statements about future matters Advertising Social/digital media cases Financial services cases

Contravention Conclusion

Chapter 13 Unconscionable Conduct Introduction Unconscionable conduct Equity and unconscionable conduct or dealing First principles Defences Remedies The statutory provisions prohibiting unconscionable conduct Prohibition under ASIC Act s 12CA Prohibition under ASIC Act s 12CB Remedies for breach of ASIC Act s 12CB Prohibition in Corporations Act s 991A Remedies for breach of Corporations Act s 991A Contracts Review Act 1980 (NSW) Remedies Conclusion

Chapter 14 Unfair Contract Terms Introduction Unfair contract terms Unfair contract terms in consumer and small business contracts Determining whether a contract term is unfair The Bank Fees case Other cases dealing with unfair terms under cognate legislation Determining whether a contract term is transparent Conclusion

Chapter 15 Anti-Competitive Conduct Introduction

Anti-competitive conduct Price fixing and other cartel conduct Making or giving effect to a contract, arrangement or understanding Purpose/effect condition Purpose condition By parties which are, or would otherwise be, in competition with each other Exceptions Penalties Price signalling laws Private disclosure prohibition General prohibition Penalties Anti-competitive contracts, arrangements and understandings Contract, arrangement and understanding Exclusionary provisions Purpose, or has or is likely to have the effect, of substantially lessening competition Severance Exception Penalties Misuse of market power Substantial degree of power Market Taking advantage of market power Legal rights Exclusive dealing conduct Exceptions Penalties Exclusive dealing conduct Supply or acquisition subject to a condition

Substantially lessening competition Per se breaches Overlap with s 47 Exceptions Penalties Resale price maintenance Specified price Exceptions Penalties Conclusion

Part D

Obligations Relating to the Use and Protection of Customer Information

Chapter 16 Collection, Use and Disclosure of Personal Information Introduction Collection, use and disclosure of personal information Who does the Privacy Act apply to? Australian Privacy Principles — APPs What is ‘personal information’? Information governance Collection of personal information Use and disclosure of personal information Direct marketing Cross-border disclosure Government identifiers Quality and security of personal information Access to and correction of personal information Midata initiative (UK) Privacy and credit information — the obligations of credit providers Who is a credit provider?

Additional obligations Information governance Dealing with credit information Dealing with credit eligibility information Integrity of credit eligibility information Use or disclosure of false or misleading information Quality and security of information Access to and correction of information Credit Reporting Code Enforcement Civil penalties Complaints and investigations Other powers of the Commissioner Conclusion

Chapter 17 Cyber Security Obligations Introduction The threat environment within which organisations operate Cyber security and the law Privacy law Security provisions The ‘reasonable steps’ test Consequence of a breach Directors’ duties Consequence of a breach Data breach notification laws The evolution of data breach laws Australian developments Other laws requiring notification of data breaches Contract law Expressing the obligations Cloud agreements

Law of negligence Consumer protection laws Class actions Damages under Privacy Act Damages under other laws arising out of a data breach Copyright and cyber security Active defence ePayments Code Insurance Evidence Conclusion

Part E

Contemporary Developments in Managing Conduct Risk and Remediation

Chapter 18 The Role of Behavioural Insights and Statistics in a Regulatory Context Introduction Behavioural economics The approach in the United Kingdom The approach in Australia Potential issues with behavioural economics Use of statistics in a regulatory context Expert evidence Common law test for admitting expert evidence Statutory test Case law Conclusion

Chapter 19 ASIC Guidance Relating to Remediation Programs Introduction Requirements of RG 256

Initiation of review and remediation program Systemic issues Factors to consider when initiating, designing and implementing review and remediation programs Operating efficiently, honestly and fairly Adequate resources Determining scope of review The length of a review period for a program Testing the scope Revising the scope Inviting clients to participate Design and implementation of the program Review of advice Compensation Communicating with clients Governance Record keeping Public reporting Conclusion

Chapter 20 Recommendations of Financial System Inquiry Introduction Proposed targeted and principles-based product design and distribution obligation Content of the proposed obligation Product design Product distribution process After sales of a product Scalability Penalty Exceptions Product markets and behavioural biases

Proposed product intervention power Content of the proposed power Engagement and consultation Duration Pricing Behavioural biases Review Conclusion Bibliography Index

[page 1]

Part A Outline

[page 3]

Chapter 1 Introduction OVERVIEW 1.1 The conduct of participants in the financial services industry is the key driver of trust placed in those participants by customers, politicians and society generally. Discharging conduct obligations is imperative to maintaining trust. However, ascertaining just what applicable conduct obligations require is not always a straightforward matter. Reasonable minds will differ in this context. A key aim of this book is to provide clarity regarding the content of open-ended conduct obligations which participants in financial services are subject to as well as in relation to some ancillary matters. This book examines a range of laws that govern or relate to conduct. The book does not intend to identify every conduct-related duty that may be imposed on a person or corporation. The emphasis of the work is on the primary laws that relate to financial services or may apply in a financial services context. A key focus is on laws that establish a norm or standard of conduct, for example, laws that impose on a fiduciary the duty to act in the best interests of a principal or beneficiary, laws that prohibit conduct that is misleading or likely to mislead1 and laws that prohibit unconscionable conduct.2 Upon commencing a review of conduct-related obligations a number of things become apparent. First, the conduct-related obligations that are the focus of this book often have an open-ended nature in that determining what is required to comply with the obligation in any given situation is not a binary operation. Second, it is apparent that there is a range of laws that govern conduct in relation to financial services which overlap and share similarities [page 4]

but do not apply in the same way. For example, the law imposes a best interests obligation on: fiduciaries — see Chapter 2; company directors — see Chapter 3; responsible entities of managed investment schemes — see Chapter 4; registrable superannuation entities — see Chapter 5; trustees of self-managed superannuation funds — see Chapter 6; and the providers of personal advice — see Chapter 9. However, while the term ‘best interests’ is used across all of these areas, the cases show that the content of the duty is different, in some cases materially different, depending on the context in which the duty applies. It is essential to understand these differences in determining what the duty requires in any given situation. Third, the overlapping but inconsistent content of the laws that apply in this context is brought into sharp relief when one appreciates that one entity can be simultaneously subject to multiple duties. For example, a corporate entity that is a responsible entity for a managed investment scheme and a corporate trustee of a registrable superannuation scheme is subject immediately to four over-lapping but distinct best interest obligations.3 In these circumstances, compliance with the duties becomes an exacting task. Finally, a feature that many of the open-ended obligations examined in this work share is that they are protean in nature. They are intended to reflect the values of society and community expectations of, among other things, the boundaries of generally acceptable conduct when managing, among other things, a financial services organisation. 1.2 In determining the content of any obligation it is therefore essential to examine a range of factors in evaluating what is required in any given context. For example, many of the laws discussed in this work require ‘all the circumstances’ to be identified and carefully weighed before one can reach a conclusion as to what the law requires in a given situation. A number of laws also require consideration of what is reasonable in the circumstances which are usually examined through an objective lens, but in

some cases through a subjective lens. These assessments need to [page 5] be conducted in a way that restrains any inclination to apply hindsight; they have to be conducted on an ex ante basis. They also need to be performed in a manner that does not substitute one’s own conceptions of what is right or just for legal principle. This is an issue we will return to in the following section. In addition to the focus on open-ended obligations, this book also covers key obligations that relate to conduct which goes to the core of any relationship between participants in the financial services industry and customers. Examples of such conduct obligations are those that govern the use and management of a customer’s personal information as well as laws that seek to promote competition and fair trading generally (for example, obligations imposed on corporations under the Competition and Consumer Act 2010 (Cth)). The book closes with a review of emerging developments concerning conduct-related issues, including: ASIC’s guidance regarding remediation programs which are designed to make good any loss that customers have incurred due to poor conduct; the potential role of behavioural economics (or behavioural insights) in managing conduct risk; and recommendations made by the Financial Services Inquiry to manage conduct and related issues associated with the supply of financial services and products.

INTERPRETING AND APPLYING VALUES-BASED LAWS 1.3 Business people, lawyers and the courts must have regard to these values when interpreting and applying these laws. In Australian Competition and Consumer Commission v Lux Distributors Pty Ltd [2013] FCAFC 90 at [23] Allsop CJ referred to the task of the court in

interpreting laws governing unconscionable conduct in this way: The task of the court is the evaluation of the facts by reference to a normative standard of conscience. That normative standard is permeated with accepted and acceptable community values. In some contexts, such values are contestable. Here, however, they can be seen to be honesty and fairness in the dealing with consumers. The content of those values is not solely governed by the legislature, but the legislature may illuminate, elaborate and develop those norms and values by the act of legislating, and thus standard setting. The existence of State legislation directed to elements of fairness is a fact to be taken into account. It assists the court in appreciating some aspects of the publicly recognised content of fairness, without in any way constricting it. Values, norms and community expectations can develop and change over time. Customary morality develops “silently and unconsciously from one age to another”,

[page 6] shaping law and legal values: Cardozo, The Nature of the Judicial Process (Newhaven, Yale University Press, 1921) pp 104–105. These laws of the States and the operative provisions of the [Australian Consumer Law] reinforce the recognised societal values and expectations that consumers will be dealt with honestly, fairly and without deception or unfair pressure. These considerations are central to the evaluation of the facts by reference to the operative norm of required conscionable conduct.

1.4 Allsop CJ was addressing laws governing unconscionable conduct. However, the message here has broader application when one is considering the content of other open-ended conduct obligations. Invariably when one is required to interpret and apply an open-ended obligation of the kind which this book takes as its subject, one must resist the urge to rely on one’s own personal conceptions of what the law requires. Speaking extra-judicially, Allsop CJ made this point:4 The proper balance of values and norms in the fabric of the law and in the creation of certainty in the law must also recognise the requirement that principle and rule conform to moral standards as the gauge of the law’s flexibility and as its avenue for growth, but without confounding law by the suspension of principle and rule and by the drift into a void of sentiment and personal intuitive benevolence, being the antithesis of law — the exercise of personal will.

In the Full Federal Court’s decision in Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 at [306] Allsop CJ also stressed that a values-based approach did not mean that the evaluative exercise became an exercise in the application of personal views: [Legal] relations in trade or commerce … should be governed by law, and not some mix of judicial discretion or the subjective views as to who should win based on the formless void of individual moral opinion. … The notions of conscience, justice and fairness are based on

enunciated and organised norms and values, including the organised principles of law and Equity, taken from the legal context of the statutes in question and the words of the statutes themselves. Employing judicial technique involving a close examination of the complete attendant facts and rational justification, the Court must assess and characterise the conduct of an impugned party in trade or commerce against the standard of business conscience, reflecting the values and norms recognised by Parliament … .

1.5 It is paramount to keep these notions in mind when interpreting and applying the conduct laws discussed in this book. One must avoid [page 7] the temptation to substitute personal views for legal reasoning, which can often be a challenging stipulation when the concepts involved (such as fairness and what is in a person’s best interests) and the factual circumstances in which they arise can often evoke very personal reactions. It is important to guard against imposing ‘idiosyncratic or personal moral judgment’ in this context.

STRUCTURE OF THIS BOOK 1.6 This book is structured into four main parts, which groups the subject matter of applicable chapters into broad categories. Part B (Duties Based on the Status of the Financial Services Participant) contains chapters that focus on laws that may be imposed on a person or corporation because of their status, role or function that they are performing. This part contains Chapters 2 to 10. Chapter 2 outlines obligations that apply to fiduciaries. The fiduciary concept has existed for hundreds of years. The obligations imposed on fiduciaries play a significant role in the regulation of conduct in commerce generally but in particular they play a crucial role in financial services. Chapter 2 seeks to provide some clarity about the content of those obligations, especially the best interests duty owed by a fiduciary, the content of which is often subject to much debate in a business context. Chapter 3 reviews the duties of directors and officers in managing a corporation. Chapter 4 outlines the conduct duties of responsible entities and directors of responsible entities. Chapter 5 examines the duties of

restorable superannuation entities. The focus of Chapter 6 is on the duties of trustees of self-managed superannuation funds. Chapter 7 discusses the conduct-related duties of authorised deposit-taking institutions (or banks). Chapter 8 turns to review the conduct-related duties of insurance entities. Chapter 9 examines the duties of entities that provide personal advice to clients. Chapter 10, the final chapter in Part B, reviews the conduct-related duties imposed on holders of an Australian Financial Services Licence, with a focus on the duty to act ‘honestly, efficiently and fairly’.5 1.7 Part C (General Conduct Obligations Imposed on any Entity that Provides Financial Services) contains chapters that review conduct laws which apply generally to any person or entity engaged in business or commerce. This part contains Chapters 11 to 15. Chapter 11 reviews the concept of good faith and the law relating to that principle. Chapter 12 outlines the law relating to misleading conduct. [page 8] Chapter 13 examines the law relating to unconscionable conduct, including unjust conduct prohibited by the Contracts Review Act 1980 (NSW). Chapter 14 explores the law concerning unfair contracts. Chapter 15 is the final chapter in this part and outlines key laws relating to anticompetitive conduct. 1.8 Part D (Obligations Relating to the Use and Protection of Customer Information) examines laws relating to the use and management of personal and other information. This part contains Chapter 16 which discusses laws regulating the use and management of personal information and Chapter 17 which focuses on cyber security issues, or the obligations of entities to maintain secure information systems. 1.9 Part E (Contemporary Developments in Managing Conduct Risk and Remediation) contains chapters that discuss topical issues and developments relating to conduct risk. Chapter 18 reviews recent developments concerning behavioural economics and statistics and the potential implications relating to the management of conduct risk. Chapter 19 reviews regulatory guideless recently issued by the Australian Securities and Investments Commission in relation to remediation programs that aim

to identify and make good losses which may arise from poor conduct in a financial advice context. Chapter 20 closes this part with a review of two recommendations contained in the Financial Services Inquiry Final Report relating to conduct issues.

CONCLUSION 1.10 Conduct-related issues have been subject to close scrutiny, particularly over the last decade. Among other things, the need to understand and comply with conduct-related duties or obligations is essential if the sector is going to restore and maintain trust in the industry. However, complying with conduct-related laws is not always a straightforward task; people’s views of what constitutes appropriate conduct are often not aligned. It is imperative, however, to apply the law and not ‘idiosyncratic or personal moral judgment’ in this context. The aim of this book is to outline the primary laws that impose a conductrelated duty or obligation on a participant in the financial services industry. It also seeks to identify the gist of each law and the approach required to understand and correctly apply the law. The book also examines some recent and emerging developments in this context so that participants in the financial services industry are informed of matters that may or will have a bearing on conduct-related issues over the near to medium term. The hope is that the book provides a useful contribution in this context.

1. 2. 3.

4.

5.

See Australian Securities and Investments Commission Act 2001 (Cth) (ASIC Act) s 12DA. See ASIC Act ss 12CA and 12CB. Owed: (1) by the directors as fiduciaries to the company; (2) by the directors to the company under s 180(1) of the Corporations Act 2001 (Cth); (3) by the responsible entity (and directors) under the managed investment scheme regime; and (4) by a registrable superannuation entity (and directors) under the Superannuation (Industry Supervision) Act 1993 (Cth). Allsop CJ, ‘Conscience, Fair-dealing and Commerce — Parliaments and the Courts’, paper delivered at ‘Finn’s Law: An Australian Justice’, a conference in honour of Professor Paul Finn, 25 September 2015, see (viewed 8 October 2016). See Corporations Act 2001 (Cth) s 192A(1)(a).

[page 9]

Part B Duties Based on the Status of the Financial Services Participant

[page 11]

Chapter 2 Fiduciary and Equitable Duties at General Law INTRODUCTION 2.1 The focus of this chapter is on fiduciary duties (and other nonfiduciary equitable duties) which are imposed under general law. The fiduciary concept applies in a range of situations in a financial services context. A range of actors in the industry have fiduciary obligations at equity, including directors of corporations which participate in the industry, trustees of investment vehicles and, in certain circumstances, stockbrokers.1 These general law duties arise in addition to any statutory duties that the fiduciary may owe. This chapter examines the nature and content of the ‘peculiarly’ fiduciary obligations (duty to avoid conflicts and the no profit principle) and the content of other equitable duties that are also imposed on fiduciaries but which are non-fiduciary in nature, for example, the best interests duty and the duty to exercise care and skill. It is important to note that a fiduciary could be a corporate entity as well as an individual.

FIDUCIARY AND OTHER EQUITABLE DUTIES Peculiarly fiduciary duties 2.2 A fiduciary relationship arises where certain circumstances arise. Whether a fiduciary relationship exists and the scope of that duty will be determined by reference to factual circumstances and potentially conditioned by any contractual arrangements between the [page 12]

parties.2 In Breen v Williams [1996] HCA 57 at [14] Brennan CJ stated that ‘[f]iduciary duties arise from either of two sources, which may be distinguished one from the other but which frequently overlap. One source is agency; the other is a relationship of ascendancy or influence by one party over another, or dependence or trust on the part of that other’.3 Mason J identified the critical feature of fiduciary relationships in Hospital Products Ltd v United States Surgical Corporation [1984] HCA 64 at [68] in the following way: … that the fiduciary undertakes or agrees to act for or on behalf of or in the interests of another person in the exercise of a power or discretion which will affect the interests of that other person in a legal or practical sense. The relationship between the parties is therefore one which gives the fiduciary a special opportunity to exercise the power or discretion to the detriment of that other person who is accordingly vulnerable to abuse by the fiduciary of his position.

In the same case, Deane J observed that that while no test would identify a fiduciary relationship:4 There is, however, the notion underlying all the cases of fiduciary obligation that inherent in the nature of the relationship itself is a position of disadvantage or vulnerability on the part of one of the parties which causes him to place reliance upon the other and requires the protection of equity acting upon the conscience of that other …

2.3 Certain relationships have been recognised as inherently fiduciary in nature in that those relationships exhibit the critical feature identified by Mason J in Hospital Products Ltd v United States Surgical Corporation. These relationships are referred to as status-based fiduciary relationships and they include company directors/company, solicitors/clients, trustees/beneficiaries, partners and guardians.5 However, the categories of case are not closed. The decision of Daly v Sydney Stock Exchange Ltd [1986] HCA 25 is a good example. The relationship between a stockbroker and client is not recognised as a status-based fiduciary relationship. On the facts of that case, however, the court held that there was a fiduciary relationship. Commonwealth Bank of Australia v Smith6 is an example of [page 13] a case where a non-status-based fiduciary relationship was held to exist between a bank and a customer. Under Australian law, a bank–customer

relationship is normally characterised as one of debtor–creditor. However, in Commonwealth Bank of Australia v Smith the bank was held to be in a fiduciary relationship with the customer. In that case, the Full Federal Court comprising Davies, Sheppard and Gummow JJ noted that:7 It is not a novel proposition that where a bank gives to a customer advice upon financial affairs, then in addition to any contractual rights the customer may have (something which does not arise on this appeal) the relationship between the parties may be such as to found either or both a common law duty of care and a fiduciary duty …

A bank may be expected to act in its own interests in ensuring the security of its position as lender to its customer but it may have created in the customer the expectation that nevertheless it will advise in the customer’s interests as to the wisdom of a proposed investment. This may be the case where the customer may fairly take it that to a significant extent his or her interest is consistent with that of the bank in financing the customer for a prudent business venture. In such a way the bank may become a fiduciary and occupy the position of what Brennan J has called an ‘investment adviser’: Daly v Sydney Stock Exchange Ltd (1986) 160 CLR 371 at 384–5. The court held that the bank was a fiduciary in the circumstances because the customer had had a relationship with the bank for 24 years, the bank’s representative had introduced the customer to an investment opportunity and ‘he then acted as the respondents’ financial adviser in the matter, and that they evinced complete faith in him’.8 Aequitas v Australian European Finance Corp Ltd [2001] NSWSC 14 was another case involving a financial adviser and client. In that decision, Austin J said that:9 The fiduciary relationship between financial adviser and client arises because the financial adviser, having held itself out as an adviser on matters of investment, undertakes a particular financial advisory role for the client: Daly v Sydney Stock Exchange Ltd (1986) 160 CLR 371 at 377 per Gibbs CJ; 384–385 per Brennan J. The advisory fiduciary relationship may arise whether or not there is an anterior fiduciary relationship between the parties, such as the relationship of broker and client. The relationship can arise even where parties are dealing with one another in a transaction in which the adviser has an obvious commercial selfinterest. Thus, ‘a bank may be expected to act in its own interests in ensuring the security of its position as lender to its customer, but it may have created in the customer the expectation that it will nevertheless advise in the customer’s

[page 14]

interests as to the wisdom of a proposed investment’: Commonwealth Bank of Australia v Smith (1991) 42 FCR 390, 391. But unless there is, in all the circumstances, the requisite undertaking, the adviser is under no fiduciary duty and is free to pursue its own interests: Noranda Australia Ltd v Lachlan Resources NL (1988) 14 NSWLR 1, 15–17.

2.4 Where it does exist, a fiduciary relationship must accommodate itself to the terms of any contract which forms the basis of the relationship:10 That contractual and fiduciary relationships may co-exist between the same parties has never been doubted. Indeed, the existence of a basic contractual relationship has in many situations provided a foundation for the erection of a fiduciary relationship. In these situations it is the contractual foundation which is all important because it is the contract that regulates the basic rights and liabilities of the parties. The fiduciary relationship, if it is to exist at all, must accommodate itself to the terms of the contract so that it is consistent with, and conforms to, them. The fiduciary relationship cannot be superimposed upon the contract in such a way as to alter the operation which the contract was intended to have according to its true construction.

2.5 Indeed, a contract may ultimately preclude a fiduciary relationship arising altogether. This occurred in Australian Securities and Investments Commission v Citigroup Global Markets Australia Pty Ltd (No 4) [2007] FCA 963. In that case the relevant contract or mandate letter provided that:11 The Company acknowledges that Citigroup has been retained hereunder solely as an adviser to the Company, and not as an adviser to or agent of any other person, and that the Company’s engagement of Citigroup is as an independent contractor and not in any other capacity including as a fiduciary.

Jacobson J held that this clause precluded the finding of a fiduciary relationship:12 [B]ut for the express terms of the mandate letter, the pre-contract dealings between Citigroup and Toll would have pointed strongly towards the existence of a fiduciary relationship in Citigroup’s role as an adviser.

The content of the duty 2.6 Since the High Court decision in Breen v Williams [1996] HCA 57 it has been generally accepted that a fiduciary owes two duties in her [page 15] capacity as a fiduciary: a duty to avoid conflicts of interests and a duty to not profit from their fiduciary position (the no profit rule). It is important

to note that these duties are proscriptive, not prescriptive in nature. These duties prohibit a fiduciary from engaging in certain conduct; they do not require a fiduciary to do anything. The proscriptive nature of these duties was discussed in Breen v Williams. Gaudron and Hugh JJ expressed the duties in this way:13 In this country, fiduciary obligations arise because a person has come under an obligation to act in another’s interests. As a result, equity imposes on the fiduciary proscriptive obligations — not to obtain any unauthorised benefit from the relationship [no profit rule] and not to be in a position of conflict [conflict rule]. If these obligations are breached, the fiduciary must account for any profits and make good any losses arising from the breach. But the law of this country does not otherwise impose positive legal duties on the fiduciary to act in the interests of the person to whom the duty is owed.

2.7 Dawson and Toohey JJ also made statements that supported the proscriptive/prescriptive distinction14 as did Gummow J.15 Professor Conaglen states that the two purely fiduciary obligations are proscriptive in nature: fiduciary doctrine ‘tells the fiduciary what [she] must not do. It does not tell [her] what [she] ought to do’.16 The importance of the distinction is said to lie in what remedies are available for a breach of fiduciary duty. As Heydon, Leeming and Turner point out, the ‘significance goes to remedy’.17 If one of the two fiduciary duties is breached, the ‘situation can be remedied by injunction, rescission, account of profits, equitable compensation and proprietary remedies’.18 On the other hand, if a fiduciary breaches a non-fiduciary duty that it owes to a principal or beneficiary (for example, the duty of care and skill or the best interests duty), the usual remedy would be ‘equitable compensation and, in certain [page 16] circumstances, injunctive relief’.19 In insolvency situations, the distinction can have material implications due to the impact it has on remedies.20

Conflict rule 2.8 In Pilmer v Duke Group Ltd (in liq) [2001] HCA 31 at [78] McHugh, Gummow, Hayne and Callinan JJ expressed the confiict rule in the following terms:

[T]he fiduciary is under an obligation, without informed consent, not to promote the personal interests of the fiduciary by making or pursuing a gain in circumstances in which there is ‘a conflict or a real or substantial possibility of a conflict’ between personal interests of the fiduciary and those to whom the duty is owed. … Similar reasoning applies where the alleged conflict is between competing duties …

For the conflict rule to apply there must be a real sensible possibility of conflict between an interest of the principal or beneficiary and a duty of the fiduciary (or between duties owed by the fiduciary). A classic example of a conflict situation is a solicitor acting for both parties to a transaction. In Phipps v Boardman [1967] 2 AC 46 Lord Upjohn said that the test was whether ‘the reasonable [person] looking at the relevant facts and circumstances of the particular case would think that there was a real sensible possibility of conflict; not that you could imagine some situation arising which might, in some conceivable possibility in events not contemplated as real sensible possibilities by any reasonable person, result in a conflict’.21

No profit rule 2.9 The High Court explained the purpose of the no profit rule in Warman International Ltd v Dwyer [1995] HCA 18. That case involved a claim of breach of fiduciary duty against a former senior executive. The High Court observed that:22 The stringent rule that the fiduciary cannot profit from his trust is said to have two purposes: (1) that the fiduciary must account for what has been acquired at the expense of the trust, and (2) to ensure that fiduciaries generally conduct themselves “at a level higher than that trodden by the crowd”. The objectives which the rule seeks to achieve are to preclude the fiduciary from being swayed by considerations of personal interest and from accordingly misusing the fiduciary position for personal advantage.

[page 17] Ultimately, the scope of the no profit rule and the conflicts rule is to be determined in each case based on the circumstances of the case as Hansen J pointed out in Ultra Tune Australia Pty Ltd v McCann (1999) 30 ACSR 651 at [80]: The concept of a fiduciary and the duties owed lie in equity. The actual scope of the fiduciary’s obligations, and in particular whether they have been breached, is determined by

reference to the facts of each case. The nature and terms of the relationship are critical. See Birtchnell v Equity Trustees Executors and Agency Co Ltd (1929) 42 CLR 384 at 480; [1929] ALR 273, referred to in Noranda Australia Ltd v Lachlan Resources NL (1988) 14 NSWLR 1 at 15; P D Finn, Fiduciary Obligations, LBC, Sydney, 1977, paras 540–7. In para 542 Dr Finn refers to the observation of Upjohn LJ in Boulting v Association of Cinematograph, Television and Allied Technicians [1963] 2 QB 606 at 637–8 that the conflict of duty and interest rule: … must be applied with common sense and with an appreciation of the sort of circumstances in which over the last 200 years and more it has been applied and thrived. It must be applied realistically to a state of affairs which discloses a real conflict of duty and interest and not to some theoretical or rhetorical conflict.

A factor that will also have a bearing on the scope of a fiduciary duty will be the type of business the fiduciary undertakes or offers. In Links Golf Tasmania Pty Ltd v Sattler [2012] FCA 634 at [481] Jessup J expressed the issue in these terms: The scope of the duty and, it seems, the very existence of the relationship, may depend on the line of business in which the putative fiduciary is engaged … As the Privy Council said in Kuys [New Zealand Netherlands Society ‘Oranje’ Inc v Kuys [1973] 1 WLR 1126], a person may be in a fiduciary position [with respect to] part only of his or her activities. That case provides an example of one in which, to the clear understanding of the putative principal, the putative fiduciary has his or her own interests parallel to, and separate from, those of the principal, and is allowed to pursue them.

This issue was also canvassed by McLure P in Streeter v Western Areas Exploration Pty Ltd (No 2) [2011] WASCA 17 at [69]–[70] where his Honour commented on the more liberal approach taken with respect to company directors: It has been observed that in the case of company directors, the conflict rule is not strictly applied: Ford’s Principles of Corporations Law (13th ed) [9.060]. Thus a director can also be a shareholder and act with a personal interest even though the director cannot be shown to have freed his or her mind of that personal interest: Mills v Mills (1938) 60 CLR 150. It is also said that a director is permitted to occupy board positions in competing companies: London & Mashonaland Exploration Co Ltd

[page 18] v New Mashonaland Exploration Co Ltd [1891] WN 165; Bell v Lever Brothers Ltd [1932] AC 161 at 195. There are similar examples in other types of fiduciary relationships. For example, real estate agents are entitled to act for multiple vendors of real estate even though the vendors are in competition for purchasers in the same geographic or other relevant market. Of course, the scope of the rules can be narrowed or excluded by contract or other

instrument which defines the duties and powers of the fiduciary. … The High Court has said that the content of fiduciary duties are moulded to the character of the particular relationship so that even within an established fiduciary relationship, the content of the duties will not be uniform for all cases: United Dominions Corp Ltd v Brian Pty Ltd (1985) 157 CLR 1 at 11 [(1985) 60 ALR 741 at 747]. Further, the subject matter over which fiduciary obligations extend can be ascertained from the course of dealing between the parties or the circumstances of the appointment of the fiduciary: Chan v Zacharia (1984) 154 CLR 178 at 196 and 204 [(1984) 53 ALR 417 at 431]. In my view, these authorities provide the principled basis for any narrowing of the fiduciary rules applying to directors.

Informed consent 2.10 The principal defence to an allegation of breach of fiduciary duty is fully informed consent.23 For example, a principal or beneficiary may consent to the fiduciary making a profit by agreeing to pay fees under a contract or may consent to a solicitor acting for another party to the same transaction. Spellson v George (1992) 26 NSWLR 666 is authority for the proposition that a court will need to scrutinise the alleged consent in order to determine if it is effective. In that case Handley J observed that:24 [C]onsent is only a prima facie defence and that the Court must consider in detail “all the circumstances” in order to determine whether it would be “fair and equitable” for that beneficiary to be permitted to complain of that breach.

In Barescape Pty Ltd (as trustee for V’s Family Trust) v Bacchus Holdings Pty Ltd (as trustee for Bacchus Holdings Trust) (No 9) [2012] NSWSC 984 at [154] Black J explained what is required in these terms: Informed consent generally requires that a fiduciary disclose to the beneficiary all information in his or her possession in relation to the proposed transaction which was relevant to the beneficiary’s consideration of whether or not to consent to it, and at least the material facts: Boardman v Phipps [1967] 2 AC 46 at 93, 98 and 112; New Zealand Netherlands

[page 19] Society “Oranje” Inc v Kuys [1973] 2 NZLR 163; 1 WLR 1126; 2 All ER 1222 at 1227; Spellson v George [1992] NSWCA 254; (1992) 26 NSWLR 666 at 670 per Handley JA; at 685 per Young AJA. It is not sufficient for a fiduciary to disclose information which is sufficient only to “put the principal on inquiry”: New Zealand Netherlands Society “Oranje” Inc v Kuys at 1227. The nature of existing legal rights between the parties may be material circumstances in respect of such consent: Short v Crawley (No 30) [2007] NSWSC 1322 at [619]. In Re McGrath (In their capacity as liquidators of HIH Insurance Ltd) [2010] NSWSC 404; (2010) 78 ACSR 405, Barrett J referred to that decision in noting that “the task of explanation inherent in a request to be excused from a fiduciary requirement is an onerous

and exacting one”.

In considering whether fully informed consent had been given, in Commonwealth Bank of Australia v Smith (1991) 102 ALR 453 at 477–8, Gummow J emphasised the need to examine ‘all the material facts and circumstances of the case’. The High Court reinforced this approach in Maguire v Makaronis (1997) 188 CLR 449 at 455: [W]hat is required for a fully informed consent is a question of fact in all the circumstances of each case and there is no precise formula which will determine in all cases if fully informed consent has been given.

The relevant circumstances could include an assessment of the experience, intelligence and sophistication (or the lack of sophistication) of the principals or beneficiaries.25 In summary, the requirement to obtain fully informed consent is an onerous one and fiduciaries need to take particular care in obtaining it.26 The next section will discuss the non-fiduciary duties that are imposed on a fiduciary.

Non-fiduciary obligation imposed by equity 2.11 There is a range of non-fiduciary duties which a fiduciary also owes to a principal or beneficiary. Key non-fiduciary duties owed by a fiduciary include: duty to act in best interests; duty of care and skill; duty to act in good faith; and duty to act for a proper purpose.27 [page 20] 2.12 This chapter will focus on the first duty as it gives rise to a significant amount of debate in terms of the content of the duty.

Duty to act in best interests 2.13 The best interests duty is a duty imposed on a fiduciary by equity

(and more recently by statute as we will see in subsequent chapters). The best interests duty applies to all fiduciaries, although the circumstances in which it applies may affect the content of the duty. 2.14 In a trust context, the duty gained prominence after the decision in Cowan v Scargill [1985] Ch 270 where Megarry V-C stated (at 287–9): The starting point is the duty of trustees to exercise their power in the best interests of the present and future beneficiaries of the trust, holding the scales impartially between different classes of beneficiaries. This duty is paramount.

Megarry V-C then went on to say that the duty required trustees to do more than simply avoid harm to the beneficiaries’ interests:28 Trustees must do the best they can for the benefit of their beneficiaries, and not merely avoid harming them …

2.15 Best outcome? The term ‘best’ as used in Megarry VC’s formulation of the duty does not mean that a fiduciary must achieve the best or optimal outcome for a principal or beneficiary. Writing extracurially, Justice Stone expressed the view that the best interests duty was another way of describing the duty of undivided loyalty, which requires trustees to act in their beneficiaries’ interests and to avoid conflicts of interest. Her Honour thought that the adjective ‘best’ did not add anything to the content of the duty. Rather, her Honour was of the view that the adjective may generate uncertainty by directing attention away from the process a fiduciary followed in making a decision toward outcomes that result from a decision.29 In Manglicmot v Commonwealth Bank Officers Superannuation Corporation [2010] NSWSC 363 at [51] Rein J was of the view that the best interests test was ‘concerned with process, not outcome’. Professor Conaglen is of the view that ‘[t]he duty is not a duty to act in the best interests of the principal per se but rather a duty to make a reasonable attempt to pursue the best interests of the principal’.30 Professor Thomas also agrees that the duty does not require the fiduciary to achieve the best or optimal outcome. He says that would [page 21] be an unworkable situation.31 However, he does conclude that the word ‘best’ does indicate that a trustee ought to seek to achieve to pursue the

best possible outcome, but ‘in judging both effort and outcome, what matters is the reasonableness of the trustee’s judgment at the time and in the then prevailing circumstances, and not what turns out to be the better outcome in retrospect’.32 In Australian Securities and Investments Commission v Australian Property Custodian Holdings Ltd (No 3) [2013] FCA 1342 at [488] Murphy observed that: I do not though wish to be seen as accepting the proposition that to act in the members’ best interests a trustee must actually achieve the best outcome. A trustee is not required to be prescient.33

2.16 Objective test Subject to 2.18 below, in evaluating whether the duty is discharged, one has to have regard to whether the person subject to the duty honestly believed that her act or omission was in the interests of the principal.34 2.17 Ex ante test The test in determining whether a decision of a fiduciary (at least for trustees) was in the best interests is an objective one.35 The duty is owned to principals and beneficiaries ‘as a whole’; not to each principal or beneficiary individually.36 Clearly, where there is more than one principal or beneficiary the fiduciary will inevitably be required to balance the interests (known and assumed) of all classes of individuals.37 The test must be applied ex ante.38 The trustee is not [page 22] required to be prescient.39 Many may be better off as a result of a decision, but some may lose benefits.40 2.18 Directors — a nuance to the application of best interests In the context of directors, the best interests duty imposed by equity is somewhat more liberal in its application. In relation to directors, Conaglen is of the view that the ‘cases emphasise that the duty to act in the best interests of the principal, is fundamentally a subjective duty’.41 This aspect of the duty was also examined in Westpac Banking Corporation v Bell Group Ltd (in liq) (No 3) [2012] WASCA 157. In that case, Drummond AJA stated:42 In my opinion, the duty of directors to act bona fide in the interests of the company is subjective in that whether it has been fulfilled depends on thedirectors honestly believing that their actions were in the interests of the company. However, the test for determining whether the duty of directors to exercise their powers for proper purposes has been complied with is

an objective one for the court, not the directors. I think the law was correctly stated by Jonathan Parker J in Regentcrest plc (in liq) v Cohen [2001] 2 BCLC 80 where his Honour said [120]–[123]: The duty imposed on directors to act bona fide in the interests of the company is a subjective one … The question is not whether, viewed objectively by the court, the particular act or omission which is challenged was in fact in the interests of the company; still less is the question whether the court, had it been in the position of the director at the relevant time, might have acted differently. Rather, the question is whether the director honestly believed that his act or omission was in the interests of the company. The issue is as to the director’s state of mind. No doubt, where it is clear that the act or omission under challenge resulted in substantial detriment to the company, the director will have a harder task persuading the court that he honestly believed to be in the company’s interests; but that does not detract from the subjective nature of the test …

2.19 Lee and Carr AJJA made similar findings.43 Carr AJA in particular noted the need to not dampen entrepreneurial spirit by imposing an objective standard: It might be thought that a purely objective standard, such as that applied to trustees, should be the touchstone. But the underlying policy of the rule

[page 23] is quite easily understood. There are other duties, both at common law and statutory, which provide remedies in cases of fraud and negligence. Directors are not trustees; they are entrepreneurs and the general law gives them considerable leeway in the conduct of a company’s affairs.44

Duty of care and skill 2.20 A fiduciary owes a duty to of care and skill to principals and beneficiaries. In a trust context, the courts have said that this duty will be discharged if it ‘takes in managing trust affairs all those precautions which an ordinary prudent man of business would take in managing similar affairs of his own’.45 2.21 In relation to directors, the test is similar. In Vrisakis v Australian Securities Commission (1993) 11 ACSR 162 at 212 Ipp J stated that: [T]he question whether a director has exercised a reasonable degree of care and diligence can only be answered by balancing the foreseeable risk of harm against the potential benefits that could reasonably have been expected to accrue to the company from the conduct in question.

The proper test to be applied in determining whether directors have exercised a reasonable degree of care and diligence in accordance with the requisite standard is that laid down more than a century ago by Lord Hatherley LC in Overend & Gurney Co v Gibb (1872) LR 5 EL 480 at 486–7 and referred to by Romer J in Re City Equitable Fire Insurance Co [1925] Ch 107 at 428, namely whether: … they (ie the directors) were cognisant of circumstances of such a character, so plain, so manifest, and so simple of appreciation, that no men with any ordinary degree of prudence, acting on their own behalf, would have entered into such a transaction as they entered into?

It was put this way by Pidgeon J (with whom Franklyn and Walsh JJ agreed) in Australian Securities Commission v Gallagher (1993) 10 ACSR 43 at 44: [page 24] The test is basically objective, in the sense that the question is what an ordinary person, with the knowledge and experience of the defendant, might be expected to have done in the circumstances if he was acting on his own behalf.

Inherent in this test is the balancing exercise, referred to above, involving the risk of harm (on the one hand) and potential benefits (on the other). Ipp J then made the point in Permanent Building Society (in liq) v Wheeler (1994) 14 ACSR 109 at 159, that: Irrespective of whether the claim against a director for failure to exercise care in the discharge of his duties is for restitutionary compensation in equity, or whether the claim lies in damages at law, the test for determining whether there has been a breach of duty of a director remains as stated.

Duty to act in good faith 2.22 A fiduciary must act honestly and in good faith.46 The duty of good faith requires the fiduciary to act bona fide,47 honestly and not for some improper purpose,48 and not act arbitrarily, capriciously or unreasonably.49 The courts have identified that the duty to act in good faith is part of the ‘irreducible core of obligations owed by trustees’.50

Duty to act for a proper purpose 2.23 A fiduciary must exercise their power with due consideration for the purpose for which the power was conferred and not some ulterior purpose.51

REMEDIES 2.24 The remedies that are available in relation to a breach of a fiduciary duty differ from the remedies that may usually be granted in relation to a breach of a non-fiduciary duty. The word ‘may’ is used with some caution as leading lawyers have queried whether the distinction between the two categories of duties will always have significant remedial consequences.52 [page 25] 2.25 The general position though is as discussed above in 2.7. That is, if one of the two peculiarly fiduciary duties is breached, the ‘situation can be remedied by injunction, rescission, account of profits, equitable compensation and proprietary remedies’.53 On the other hand, if a fiduciary breaches a non-fiduciary duty that it owes to a principal or beneficiary (for example, the duty of care and skill or the best interests duty), the usual remedy would be ‘equitable compensation and, in certain circumstances, injunctive relief’.54 In insolvency situations, the distinction can have material implications due to the impact it has on remedies.55

CONCLUSION 2.26 The peculiarly fiduciary duties (and related non-fiduciary but nevertheless equitable duties) have played a key role in the law over hundreds of years. They are some of the oldest laws governing conduct on the books. These laws are heavily rooted in values and norms and mould themselves to the contours of a given relationship or case. While the flexibility inherent in these laws is one of their virtues, it does mean that it

is not always a straightforward task to identify the content of these laws or apply them. Adopting the words of Professor Thomas, these laws ‘may leave us with an imprecise notion[s], but [they] are no more vague than the notion of “prudence” or “reasonableness” or “unconscionable”’.56 Indeed, seeking rigid rules in this context would be folly. As Deane J reminds us in Chan v Zacharia [1984] HCA 36 at [78]–[79]: [O]ne cannot but be conscious of the danger that the over-enthusiastic and unnecessary statement of broad general principles of equity in terms of inflexibility may destroy the vigour which it is intended to promote in that it will exclude the ordinary interplay of the doctrines of equity and the adjustment of general principles to particular facts and changing circumstances and convert equity into an instrument of hardship and injustice in individual cases … There is “no better mode of undermining the sound doctrines of equity than to make unreasonable and inequitable applications of them”: per Lord Selborne LC, Barnes v Addy [(1874) LR 9 Ch App 244 at 251].

1. 2.

3.

4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15.

16.

Daly v Sydney Stock Exchange Ltd [1986] HCA 25. See also T Damian, ‘Chapter 2 — The Accidental Joint Venture’ in T Damian and J W Carter (eds), Before You Tie the Knot: Commercial Issues in Joint Venture Law, Ross Parsons Centre of Commercial, Corporate and Taxation Law Monograph Series, Herbert Smith Freehills, Sydney, 2015 at section 2.2. For a very good account of fiduciary duties, see also C D Wood and A Bartlett, ‘Fiduciary Duties’, unpublished paper (viewed 8 October 2016). Hospital Products Ltd v United States Surgical Corporation [1984] HCA 64 at [55]. See also R T Langford, Directors’ Duties: Principles and Application, Federation Press, Sydney, 2014, p 11. Commonwealth Bank of Australia v Smith (1991) 102 ALR 453. Commonwealth Bank of Australia v Smith (1991) 102 ALR 453 at 476. Commonwealth Bank of Australia v Smith (1991) 102 ALR 453 at 477. Aequitas Ltd v Australian European Finance Corp Ltd [2001] NSWSC 14 at [307]. Hospital Products Ltd v United States Surgical Corporation [1984] HCA 64 at [70] per Mason J. Australian Securities and Investments Commission v Citigroup Global Markets Australia Pty Ltd (No 4) [2007] FCA 963 at [145]. Australian Securities and Investments Commission v Citigroup Global Markets Australia Pty Ltd (No 4) [2007] FCA 963 at [325]. Breen v Williams [1996] HCA 57 at [41] per Gaudron and McHugh JJ. Breen v Williams [1996] HCA 57 at [24] per Dawson and Toohey JJ. Breen v Williams [1996] HCA 57 at [71] per Gummow J. Although note arguments that the duty may be fiduciary in nature: Langford, see note 5 above. See also Hon J D Heydon, ‘The Duty to Act in Good Faith in the Best Interests of the Company, in Light of Bell Group’, paper delivered at ‘Directors’ Duties: New Perspectives’ Supreme Court of New South Wales Annual Corporate Law Conference, Sydney, 27 August 2013. M Conaglen, ‘Interaction Between Statutory and General Law Duties Concerning Company Director Conflicts’ (2013) 31(7) Company and Securities Law Journal 403 citing Attorney-

17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27.

28. 29. 30. 31. 32. 33.

34. 35. 36. 37.

38.

39. 40. 41. 42. 43. 44.

General v Blake [1998] Ch 439 at 455 (CA). J D Heydon, M J Leeming and P G Turner, Meagher, Gummow & Lehane’s Equity: Doctrines and Remedies, 5th ed, LexisNexis Butterworths, Sydney, 2015 at [5-375]. See note 17 above at [5-375]. See note 17 above at [5-375]. See for example Bell Group Ltd (in liq) v Westpac Banking Corporation (2008) 39 WAR 1. Phipps v Boardman [1967] 2 AC 46 at 124, referred to with approval by the Privy Council in Queensland Mines Ltd v Hudson (1978) 18 ALR 1 at 3. Warman International Ltd v Dwyer [1995] HCA 18 at [23]. Phipps v Boardman [1967] 2 AC 46; Queensland Mines Ltd v Hudson (1978) 52 ALJR 399. Spellson v George (1992) 26 NSWLR 666 at 669. See Hope AJA’s comments at 674–5. Farah Constructions Pty Ltd v Say-Dee Pty Ltd [2007] HCA 22 at [107]. Re McGrath; HIH Insurance Ltd [2010] NSWSC 404. See also Manglicmot v Commonwealth Bank Officers Superannuation Corporation[2010] NSWSC 363 at [20] and M Conaglen, Fiduciary Loyalty: Protecting the Due Performance of Non-Fiduciary Duties, Hart Publishing, Oxford, 2010, pp 32–58. Cowan v Scargill [1985] Ch 270 at 287–9. M Stone, ‘The Superannuation Trustee: Are Fiduciary Obligations and Standards Appropriate?’ (2006–2007) 1 Journal of Equity 167 at 172. See Conaglen, note 27 above, p 54. See also Langford, note 5 above, pp 61ff. Professor G W Thomas, ‘The Duty of Trustees to Act in the “Best Interests” of their Beneficiaries’ (2008) 2 Journal of Equity 177 at 183. See note 31 above at 202. See also cases cited there: Re Chapman [1896] 2 Ch 763 at 778; De Bruyne v Equitable Life Assurance Society of the US [1990] USCA7 1116; 920 F2d 457 (7th Cir 1990) at 465; Nestle v National Westminster Bank Plc [1994] 1 WLR 1260 at 1282. See Regentcrest plc (in liq) v Cohen [2001] 2 BCLC 80 at [120]. Hillsdown Holdings plc v Pensions Ombudsman [1997] 1 All ER 862. See also M S Donald, ‘“Best” Interests’ (2008) 2 Journal of Equity 1 at 14. M Vrisakis, ‘Fund Governance: The Best Interests of Beneficiaries Viewed as a Whole’, Australian Superannuation Law Bulletin, December 2008–January 2009, p 72. A topical issue is whether the interests of beneficiaries extend to environmental, social and governance issues. There is some support for this view. See, for example, R Sullivan, W Martindale, E Feller and A Bordon, ‘Fiduciary Duty in the 21st Century’ (viewed 31 November 2016). See P Hanrahan, Funds Management in Australia: Officers’ Duties and Liabilities, LexisNexis Butterworths, Sydney, 2007 at [8.7] citing Howard Smith Ltd v Ampol Petroleum Ltd [1974] AC 821 at 832 (Privy Council) and Darvall v North Sydney Brick and Tile Co Ltd (1989) 15 ACLR 230 at 247 per Kirby P. See also R Austin, ‘APRA-regulated Entities: Giving Priority to Policyholders and Beneficiaries’, Supreme Court of New South Wales Annual Corporate Law Conference, Sydney, 8 September 2015, p 24. See 2.15 above. Manglicmot v Commonwealth Bank Officers Superannuation Corporation [2010] NSWSC 363 at [41]. See Conaglen, note 27 above, p 55. Westpac Banking Corporation v Bell Group Ltd (in liq) (No 3) [2012] WASCA 157 at [1988]. Westpac Banking Corporation v Bell Group Ltd (in liq) (No 3) [2012] WASCA 157 at [923] per Lee AJA and at [2795]–[2797] per Carr AJA. Westpac Banking Corporation v Bell Group Ltd (in liq) (No 3) [2012] WASCA 157 at [2797]

45.

46. 47. 48. 49. 50. 51. 52. 53.

54. 55. 56.

per Carr AJA. See Manglicmot v Commonwealth Bank Officers Superannuation Corporation[2010] NSWSC 363 at [20] (an appeal from this decision was dismissed: Manglicmot v Commonwealth Bank Officers Superannuation Corporation [2011] NSWCA 204) and the cases cited there, namely Speight v Gaunt (1883) 9 App Cas 1 at 19 per Lord Blackburn, adopted in Austin v Austin [1906] HCA 5; (1906) 3 CLR 516 at 525; see also Elders Trustee and Executor Co Ltd v Higgins [1963] HCA 48; (1963) 113 CLR 426 at 448; ‘[A] trustee is not a surety, nor is he an insurer’: Re Chapman; Cocks v Chapman [1896] 2 Ch 763 at 775 per Lindley LJ. See also L M Butler, ‘The Priority of the Trust in the Age of Superannuation’, PhD thesis, Faculty of Law, University of Tasmania, Hobart, 2003 at [5.3.3]. See J D Heydon and M J Leeming, Jacobs’ Law of Trusts in Australia, 7th ed, 2006, LexisNexis Butterworths, Sydney, 2006 at [1608] and the cases there cited. Groom v Crocker [1939] 1 KB 194 at 203. Price v Bouch (1986) 53 P & CR 257 at 261 (ChD). Abu Dhabi National Tanker Co v Product Star Shipping Line Ltd (The ‘Product Star’) (No 2) [1993] 1 Lloyd’s Rep 397 at 404 (CA). Armitage v Nurse [1998] Ch 241 at 253–4 (ChD). Vodafone Pacific Ltd v Mobile Innovations Pty Ltd [2004] NSWCA 15 at [208] per Giles J. See also note 45 above at [1608]. See note 17 above at [5-430]; also Langford, note 5 above, pp 166–7. See note 17 above at [5-375]. See the following chapters of Equity: Doctrines and Remedies for details on the nature of these remedies: Chapter 21 (Injunctions); Chapter 25 (Rescission); Chapter 26 (Account); and Chapter 23 (Equitable Compensation). For a discussion about how the Barnes v Addy type proprietary remedy may be argued for where a non-fiduciary duty is breached, see [5-430]. See note 17 above at [5-375]. See for example Bell Group Ltd (in liq) v Westpac Banking Corporation (2008) 39 WAR 1. See note 31 above at 202.

[page 27]

Chapter 3 Duties of Directors and Officers INTRODUCTION 3.1 Directors and officers have a number of duties imposed on them under both statute and by the general law. The focus of this chapter is on the duties that are imposed on directors and officers by the Corporations Act 2001 (Cth) (Corporations Act). The cognate obligations imposed by the general law (including the strict fiduciary obligations imposed on a director and other equitable duties) were discussed in Chapter 2 but will also be referred to in this chapter where relevant. 3.2 The policy reasons for imposing legal obligations on directors and senior management are explained by Redmond in the following terms:1 Under managerialist theories of the corporation, the prescription of legal standards protects against hazards inherent in a firm structure that has one group managing the funds of another — the dual dangers of self-dealing and shirking by the managers. These dangers are the more egregious where the funds are contributed by numerous dispersed investors whose individual stakes are insufficient to justify close monitoring of the common fund, even if that lay within their capacities as holders. Protection against management self-dealing is afforded by fiduciary duties of loyalty which impose obligations of good faith and conflict avoidance upon directors and senior officers. Duties of care and diligence are directed towards the problem of shirking. In relation to both species of duty, the general law obligation is reinforced by a statutory duty in similar terms but with wider sanctions and remedies. Under managerialist theories therefore, legal duties serve to insinuate an accountability mechanism to constrain management power and to strengthen shareholder controls. This strategy of strengthening shareholder influence and establishing appropriate modalities for management

[page 28] accountability has been the leitmotif of corporate law reform in North America, the United Kingdom and Australia during the past half century.

3.3 As we saw in Chapter 2, while the duties share similarities, there are some significant differences between the duties imposed on a director and those imposed on a trustee: see 2.18. For example, in Daniels (formerly

practising as Deloitte Haskins & Sells) v Anderson (1995) 16 ACSR 607 at 664 the court noted that: The courts have recognised that directors must be allowed to make business judgments and business decisions in a spirit of enterprise untrammelled by the concerns of a conservative investment trustee.

This difference influences the manner in which the scope and extent of duties imposed on directors are interpreted. The context of the commercial undertakings engaged in by a company and the entrepreneurial flair required of directors lead courts to interpret the duties in a more liberal manner. Directors (and officers) are not subject to the same standards of prudence that apply to trustees.2 3.4 In general, the duties owed by directors and officers are owed to the shareholders as a corporate entity:3 The better view seems to be that the directors must act in good faith for the interest of all the shareholders of the company as a corporate entity, but that those shareholders should be considered as a group and with regard to the association created by the company’s constitution.

However, directors are also required to take into account the interests of creditors in some circumstances4 and when construing the relevant duties it is permissible to take into account a wider range of interests than solely the interests of shareholders:5 There is a reasonably wide consensus that, although directors owe their duties to the corporation, it is legitimate for directors to have regard to a range of interests including the interests of the community, the environment, employees, customers and suppliers in exercising those duties.

3.5 The primary duties that are imposed on directors and officers under the Corporations Act are the following duties: duty to act with care and diligence: s 180; duty to act in good faith: s 181; [page 29] duty to not improperly use position: s 182; and duty to not improperly use information: s 183. The following sections will primarily discuss each of these statutory

duties, but refer to cognate general law obligations (for example, fiduciary obligations) where applicable. The chapter will also discuss the law relating to directors placing reliance on others and non-delegable duties. Duties that arise where a corporation is insolvent or approaching insolvency will not be discussed.6 The chapter will also include an overview of the obligations arising in the context of the management of whistleblower disclosures, and will close with a general discussion concerning liability and remedies generally.

DUTY TO ACT WITH CARE AND DILIGENCE The duty at general law 3.6 At a high level, the director owes a duty to ‘manage and conduct the business of a company in the best interests of the company’.7 In order to determine what is required of a director, one must look to the circumstances:8 It is indeed impossible to describe the duty of directors in general terms, whether by way of analogy or otherwise. The position of a director of a company carrying on a small retail business is very different from that of a director of a railway company. The duties of a bank director may differ widely from those of an insurance director, and the duties of a director of one insurance company may differ from those of a director of another. In one company, for instance, matters may normally be attended to by the manager or other members of the staff that in another company are attended to by the directors themselves. The larger the business carried on by the company the more numerous, and the more important, the matters that must of necessity be left to the managers, the accountants and the rest of the staff. The manner in which the work of the company is to be distributed between the board of directors and the staff is in truth a business matter to be decided on business lines. To use the words of Lord Macnaghten in Dovey v Cory [1901] AC 477 [at 488]: I do not think it desirable for any tribunal to do that which Parliament has abstained from doing — that is, to formulate precise rules for the guidance or embarrassment of business men in the conduct of business affairs. There never has been, and I think there never will be, much difficulty in dealing with any particular

[page 30] case on its own facts and circumstances; and, speaking for myself, I rather doubt the wisdom of attempting to do more.

In order, therefore, to ascertain the duties that a person appointed to the board of an established company undertakes to perform, it is necessary to consider not only the nature of the company’s business, but also the manner in which the work of the company is in fact distributed between the directors and the other officials of the company, provided always that this distribution is a reasonable one in the circumstances, and is not inconsistent with any express provisions of the articles of association.

In AWA Ltd v Daniels trading as Deloitte Haskins & Sells (1992) 7 ACSR 759 at 865–6 Rogers CJ observed the main duties of directors: A board’s functions, apart from statutory ones, are said to be usually four-fold: (1) to set goals for the corporation; (2) to appoint the corporation’s chief executive; (3) to oversee the plans of managers for the acquisition and organisation of financial and human resources towards attainment of the corporation’s goals; and (4) to review, at reasonable intervals, the corporation’s progress towards attaining its goals: cf Ford and Austin Ford’s Principles of Corporations Law 6th ed, 1992, p 429; Brown & Grogan Company Director 3rd ed, 1974, p 6.

Standard of care 3.7 Once the scope of the duty is identified, one must identify the standard required to discharge the duty. Again, the circumstances of the case have a bearing on the standard required to discharge the duty. In Commonwealth Bank of Australia v Friedrich (1991) 5 ACSR 115 at 125 Tadgell J stated: What constitutes the proper performance of the duties of a director of a particular company will be dictated by a host of circumstances, including, no doubt, the type of company, the size and nature of its enterprise, the provisions of its articles of association, the composition of its board and the distribution of its work between the board and other officers.

3.8 Directors must take reasonable steps to place themselves in a position to guide and monitor the management of the company ‘and at least to obtain a general understanding of the business of the company and the effect which the changing economy may have on the business [page 31] of that company’.9 The Court of Appeal in Daniels (formerly practising as Deloitte Haskins & Sells) v Anderson (1995) 16 ACSR 607 observed that modern cases ‘demonstrate that the director’s duty of care is not merely

subjective, limited by the director’s knowledge and experience or ignorance or inaction’.10 Later in the same judgment the court noted that:11 A person who accepts the office of director of a particular company undertakes the responsibility of ensuring that he or she understands the nature of the duty a director is called upon to perform. That duty will vary according to the size and business of the particular company and the experience or skills that the director held himself or herself out to have in support of appointment to the office. None of this is novel. It turns upon the natural expectations and reliance placed by shareholders on the experience and skill of a particular director. The duty is a common law duty to take reasonable care owed severally by persons who are fiduciary agents bound not to exercise the powers conferred upon them for private purpose or for any purpose foreign to the power and placed … at the apex of the structure of direction and management.

3.9 The Court of Appeal approved the rejection in Deloitte Haskins and Sells v National Mutual Life Nominees (1991) 5 NZCLC 67,418 at 67,442 of the proposition that ‘a lower standard of care should be applied to a non executive director than to executive directors and that a non executive director should be entitled to rely on information provided to him’.12 However, this does not mean that this an immutable rule or principle. Indeed, it merely reflects the fact that strict rules should not apply. It may be in given cases that a lower standard of care may be imposed on a nonexecutive director when all the circumstances of the case are considered. 3.10 As well as the duty of care imposed at common law, directors also have corresponding duties at equity and under negligence law.13 This duty is also reflected in s 180 of the Corporations Act, which is discussed below. [page 32]

The duty under s 180 3.11 Section 180(1) of the Corporations Act provides as follows:14 A director or other officer of a corporation must exercise their powers and discharge their duties with the degree of care and diligence that a reasonable person would exercise if they: (a) were a director or officer of a corporation in the corporation’s circumstances; and (b) occupied the office held by, and had the same responsibilities within the corporation as, the director or officer.

The duties described in s 180(1) are in addition to and not derogation of duties imposed at general law or otherwise: s 185. The words ‘director’ and ‘officer’ are defined in s 9 of the Act. In Australian Securities and

Investments Commission v Adler (2002) 41 ACSR 72 Santow J expressed the view that the duty in s 180(1) was essentially the same as the duty of care under general law.15 3.12 The Act does not define the content of the duty set out in s 180(1), which is to be determined by reference to the cases dealing with that provision and predecessor provisions.16 Again, determining the content and standard of the duty will require analysis of all the circumstances. As the court said in Commonwealth Bank of Australia v Friedrich (1991) 5 ACSR 115 at 125 one must consider: … a host of circumstances, including, no doubt, the type of company, the size and nature of its enterprise, the provisions of its articles of association, the composition of its board and the distribution of its work between the board and other officers.

3.13 In Australian Securities and Investments Commission v Healey [2011] FCA 717 at [166] Middleton J observed that a range of matters had to be taken into considering when determining whether the duty in s 180(1) had been breached: Directors are required to take reasonable steps to place themselves in a position to guide and monitor the management of the company. A director must become familiar with the fundamentals of the business in which the corporation is engaged; a director is under a continuing obligation to keep informed about the activities of the corporation; directorial management requires a general monitoring of corporate affairs and policies, and a director should maintain familiarity with the financial position of the corporation.

[page 33] 3.14 In Australian Securities and Investments Commission v Adler (2002) 41 ACSR 72 at [372] Santow J set out the following principles applicable to s 180: [D]irectors owe a duty of care and skill at common law and in equity … [H]owever, the equitable duty to exercise reasonable care and skill is not properly classified as a fiduciary duty … [I]n determining whether a director has exercised reasonable care and diligence one must ask what an ordinary person, with the knowledge and experience of the defendant might be expected to have done in the circumstances if he or she was acting on their own behalf … [A]lthough the standard of reasonable care is generally said to be that of an ordinary prudent person … there is some suggestion that directors of a professional trustee company owe a higher duty of care … [I]n determining whether a director has breached the statutory standard of care and diligence

(s 180(1)), the court will have regard to the company’s circumstances and the director’s position and responsibilities within the company … [I]n accordance with these responsibilities directors are required to take reasonable steps to place themselves in a position to guide and monitor the management of the company …: (a) a director should become familiar with the fundamentals of the business in which the corporation is engaged; (b) a director is under a continuing obligation to keep informed about the activities of the corporation; (c) directorial management requires a general monitoring of corporate affairs and policies, by way of regular attendance at board meetings; and (d) a director should maintain familiarity with the financial status of the corporation by a regular review of financial statements. Indeed, he or she will be unable to avoid liability for insolvent trading by claiming that they had never learned to read financial statements … [A] director appointed to a company because of special expertise in an area of the company’s business is not relieved of the duty to pay attention to the company’s affairs which might reasonably be expected to attract inquiry, even outside that area of expertise …

3.15 The decision of Re Toppro Pty Ltd [2016] NSWSC 1399 highlights that the duty of care can be breached even if no harm is suffered as a result of the breach of duty:17 Although the statutory duty of care and diligence is contravened if a director has not exercised a reasonable degree of care and diligence in the exercise of his or her powers or the discharge of his or her duties, even if

[page 34] no actual damage results, that is only so if it was reasonably foreseeable that the relevant conduct might harm the interests of the company — the corporate entity itself, being the shareholders and, where the financial position of the company is precarious, the creditors.

3.16 In Australian Securities and Investments Commission v Vines (2003) 48 ACSR 322 at [30] Austin J expressed the view that the duty of care under s 180(1) ‘establish[es] an objective duty’. His Honour went on to say that in order to determine whether the objective standard was satisfied one would need to refer to ‘what a reasonable man of ordinary prudence would do, enhanced where the directorial appointment is based on special skill by an objective standard of skill referable to the circumstances’.18 This objective standard can also be influenced by the particular role, knowledge and skills of the director: Vines v Australian Securities and Investments Commission (2007) 62 ACSR 1. In Australian

Securities and Investments Commission v Rich [2009] NSWSC 1229 at [7206] Austin J, after accepting the general principles for determining the content of the duty of care under s 180(1), drew a distinction between how that duty is to be evaluated with respect to an executive director and a non-executive director: I accept these propositions, though they have somewhat different consequences for executive and non-executive directors. In the case of nonexecutive directors, the objective duty of minimum skill and competence may not extend much beyond financial matters, but in the case of an executive director, the statutory standard seems generally to reflect what is objectively expected of a person appointed to the designated executive office held by the defendant (in this case, joint chief executive and finance director respectively), and also any additional responsibilities acquired by the defendant.

3.17 In Australian Securities and Investments Commission v Maxwell (2006) 59 ACSR 373 at [104] Brereton J noted that a director (or officer) may breach her duties by permitting a company to contravene the Corporations Act where that contravention is likely to be injurious to the company’s interests: Relevant jeopardy to the interests of the company may be found in the actual or potential exposure of the company to civil penalties or other liability under the Act and it may no doubt be a breach of a relevant duty for a director to embark on or authorise a course which attracts the risk of that exposure, at least if the risk is clear and the countervailing potential benefits insignificant.

[page 35] 3.18 The reference to the interests of the corporation is best understood as a reference to all or any of the interests of the corporation.19 All of these interests are relevant when considering the process of ‘balancing the foreseeable risk of harm against the potential benefits that could reasonably have been expected to accrue to the company from the conduct in question’.20 The concept of balancing risks with the prospect of a corresponding benefit was emphasied in Australian Securities and Investments Commission v Sydney Investment House Equities Pty Ltd [2008] NSWSC 1224 at [28] where Hamilton J noted that:21 One way in which the duty of care owed pursuant to s 180 may be breached is by causing the company to enter into transactions that expose it to risks without the prospect of producing any benefit for the company.

In Australian Securities and Investments Commission v Cassimatis (No

8) [2016] FCA 1023 at [485] Edleman J cautioned that a strict or literal approach ought not to be taken when undertaking this balancing task: The factors to be considered are not to be balanced or weighed as though by a common metric. Even one of the godfathers of United States law and economics said that in weighing the factors of likelihood of injury, seriousness of potential injury, and interest to be sacrificed to avoid the risk, the considerations are “practically not susceptible of any quantitative estimate” and “a solution always involves some preference, or choice between incommensurables”: Conway v O’Brien 111 F 2d 611, 612 (2nd Cir, 1940) (Learned Hand J).

[page 36] His Honour expressed the view that the ‘balancing’ required in this context should be understood as a reference to the decision of Mason J in Wyong Shire Council v Shirt (1980) 146 CLR 40 at 47–8:22 [T]he tribunal of fact must first ask itself whether a reasonable man in the defendant’s position would have foreseen that his conduct involved a risk of injury to the plaintiff or to a class of persons including the plaintiff. If the answer be in the affirmative, it is then for the tribunal of fact to determine what a reasonable man would do by way of response to the risk. The perception of the reasonable man’s response calls for a consideration of the magnitude of the risk and the degree of the probability of its occurrence, along with the expense, difficulty and inconvenience of taking alleviating action and any other conflicting responsibilities which the defendant may have. It is only when these matters are balanced out that the tribunal of fact can confidently assert what is the standard of response to be ascribed to the reasonable man placed in the defendant’s position. The considerations to which I have referred indicate that a risk of injury which is remote in the sense that it is extremely unlikely to occur may nevertheless constitute a foreseeable risk. A risk which is not far-fetched or fanciful is real and therefore foreseeable. But, as we have seen, the existence of a foreseeable risk of injury does not in itself dispose of the question of breach of duty. The magnitude of the risk and its degree of probability remain to be considered with other relevant factors.

A topic du jure is the extent to which s 180 requires directors to consider environmental issues, including climate change risks. There is certainly commentary that indicates that it should be a factor that directors consider when guiding and monitoring the management of the company:23 There is a reasonably wide consensus that, although directors owe their duties to the corporation, it is legitimate for directors to have regard to a range of interests including the interests of the community, the environment, employees, customers and suppliers in exercising those duties.

In a recent legal opinion, Mr Noel Hutley SC and Mr Sebastian Hartford-Davis express the view that ‘[i]t is conceivable that directors who

fail to consider “climate change risks” now could be found liable for breaching their duty of care and diligence in the future’.24 [page 37] 3.19 The issue of whether contraventions or potential contraventions of the law could constitute a breach of s 180(1) was carefully considered by Edelman J in Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023. That case involved a business model whereby a financial services firm (Storm Financial Ltd) provided ‘one size fits all’ recommendations to investors, including recommendations about double gearing and investing in growth (that is, higher risk) index funds. The relevant directors were Mr and Mrs Cassimatis. While the business model was not inherently flawed (that is, the advice that was provided may have been suitable for some investors) it would also be provided to persons who were retired, or approaching retirement, and who were particularly vulnerable to losses.25 Edelman J observed that:26 I have serious doubt whether an actual breach by a corporation is a necessary requirement for breach of s 180(1) by an officer. For instance, suppose a director unreasonably (within the terms of s 180(1)) and intentionally commits acts which are extremely likely to involve a serious breach of the Corporations Act perhaps even threatening the very existence of the corporation. … [I]t might be seriously doubted whether the director could escape liability simply because, by some good fortune, no actual breach eventuates. Loss is not a required element of an action for contravention of s 180(1) of the Corporations Act.

3.20 Edelman J also expressed the view that while potential contraventions of other laws may constitute a breach of s 180(1), it did not necessarily follow that an actual contravention of a law would automatically constitute a breach of s 180(1). Whether a breach of s 180(1) would attend a breach of another law (that is, the so-called stepping stone principle where a breach of another law is a stepping stone to a breach of s 180(1)) was a matter to be determined in all the circumstances.27 Edelman J said that a contravention of s 180(1) ‘involves consideration of all circumstances including the foreseeable risk of harm to any of the interests of [the company] and the magnitude of that harm, together with the potential benefits that could reasonably have been expected to accrue to the company from the conduct in question, and any burdens of further alleviating action’.28 Ultimately, his Honour was

satisfied that the business model used by Storm Financial Ltd resulted in contraventions of obligations [page 38] to provide suitable advice29 and to provide the financial services covered by Storm Financial Limited’s licence honestly, efficiently and fairly.30 This, in turn, led to the finding that the directors were in breach of s 180(1):31 For the reasons explained in detail later, a reasonable director with Mr and Mrs Cassimatis’ responsibilities, and in Storm’s circumstances, would have realised that the application of the model to people in the pleaded circumstances was likely to involve inappropriate advice. The reasonable director would have taken some alleviating precautions to prevent the giving of that advice. I reach this conclusion … with a strong awareness that it is made in the context that a director’s powers to act are, of the very nature of corporations, ones which often require risks to be taken. Mr and Mrs Cassimatis should have been reasonably aware that the application of the Storm model would be likely to (and did) cause contraventions of s 945A(1)(b) and s 945A(1)(c). The contraventions of s 945A(1)(b) occurred because Storm did not give such consideration to the subject matter of the advice and did not conduct such investigation of the subject matter of the advice as was reasonable in the circumstances. The contraventions of s 945A(1) (c) occurred because Storm provided financial advice which was not appropriate to the investors having regard to the consideration and investigation of the subject matter of the advice that ought to have been undertaken. Those contraventions were not merely likely to occur. They were contraventions which could have (and did have) devastating consequences for many investors in that class and the discovery of those breaches would have threatened the continuation of Storm’s Australian Financial Services Licence (AFSL) licence and Storm’s very existence.

3.21 Echoing earlier decisions, Edelman J also expressed the view that harm to an entity’s reputation and other interests ought to be taken into consideration when determining whether a course of conduct will lead to a contravention of s 180(1):32 [A]ll the corporation’s interests are relevant when considering … the process of “balancing the foreseeable risk of harm against the potential benefits that could reasonably have been expected to accrue to the company from the conduct in question” … One reason why the concept of harm should not be confined narrowly is that the overarching question is that of due care and diligence in the exercise of powers or discharge of duties. The broad terms of the

[page 39]

legislation do not confine the relevant interests of the corporation which fall for consideration. Further, s 180(1) does not require any proof of actual loss to the company. Harm to its interests including reputation might also occur without prospective loss. There is a strong indication that the scope of possible harm to the corporation … [is] not limited to pecuniary loss and might extend to unlawful conduct which can cause nonpecuniary consequences for a corporation. … [In Vrisakis v Australian Securities Commission (1993) 9 WAR 395] Ipp J referred to the lack of intention by the legislature to “dampen business enterprise and penalise legitimate but unsuccessful entrepreneurial activity” … A corporation has a real and substantial interest in the lawful or legitimate conduct of its activity independently of whether the illegitimacy of that conduct will be detected or would cause loss. One reason for that interest is the corporation’s reputation. Corporations have reputations, independently of any financial concerns, just as individuals do. Another is that the corporation itself exists as a vehicle for lawful activity. For instance, it would be hard to imagine examples where it could be in a corporation’s interests for the corporation to engage in serious unlawful conduct even if that serious unlawful conduct was highly profitable and was reasonably considered by the director to be virtually undetectable during a limitation period for liability. For these reasons, I conclude that the foreseeable risk of harm to the corporation which falls to be considered in s 180(1) is not confined to financial harm. It includes harm to all the interests of the corporation. The interests of the corporation, including its reputation, include its interests which relate to compliance with the law. Although these non-financial concerns about legality of conduct are relevant considerations, in this case the potential consequences of the alleged failures to comply with the law were also serious financial threats to Storm including a potential threat to its very existence by the loss of its [Australian Financial Services Licence].

3.22 In Australian Securities and Investments Commission v Hellicar [2012] HCA 17 the High Court held that approving directors breached the duty of care by approving a misleading announcement which was subsequently submitted to the Australian Securities Exchange. In Shafron v Australian Securities and Investments Commission [2012] HCA 18 the High Court upheld the finding that an officer holding the joint roles of company secretary and general counsel had breached s 180(1) by ‘failing to provide adequate advice to the company’s board and chief executive officer in respect of compliance with its disclosure obligations’.33 The court observed that:34 [page 40] The degree of care and diligence that is required by s 180(1) is fixed as an objective standard identified by reference to two relevant elements — the element identified in par (a): “the corporation’s circumstances”, and the element identified in par (b): the office and the responsibilities within the corporation that the officer in question occupied and had. No

doubt, those responsibilities include any responsibility that is imposed on the officer by the applicable corporations legislation. But the responsibilities referred to in s 180(1) are not confined to statutory responsibilities; they include whatever responsibilities the officer concerned had within the corporation, regardless of how or why those responsibilities came to be imposed on that officer.

The court rejected a ‘division of role’ argument where the appellant argued that his duty of care under s 180(1) should be assessed by reference to his company secretary role rather than his general counsel role. Rather, the court was of the view that the duty had to be assessed by reference to the circumstances as a whole and, in particular, by reference to what a reasonable person in the same position as the officer in question would do (having both legal and company secretarial skills and experience).35

Courts’ reluctance to review business judgments 3.23 Historically, courts have been reticent to intervene when it comes to business judgments. In Harlowe’s Nominees Pty Ltd v Woodside (Lakes Entrance) Oil Co NL (1968) 121 CLR 483 at 492 the High Court stated that:36 Directors in whom are vested the right and duty of deciding where the company’s interests lie and how they are to be served may be concerned with a wide range of practical considerations, and their judgment, if exercised in good faith and not for irrelevant purposes, is not open to review in the courts.

In Howard Smith Ltd v Ampol Petroleum Ltd [1974] 1 NSWLR 68 at 74; (1974) 3 ALR 448 at 452; [1974] AC 821 at 822; [1974] 1 All ER 1126 at 1131 Lord Wilberforce (speaking for the Judicial Committee of the Privy Council) observed that: [I]t would be wrong for the court to substitute its opinion for that of the management, or indeed to question the correctness of the management’s decision … if bona fide arrived at. There is no appeal on merits from management decisions to courts of law: nor will courts of law assume to act as a kind of supervisory board over decisions within the powers of management honestly arrived at.

[page 41] Accordingly, the courts will generally not look to interfere in business judgments where directors can show evidence of a bona fide for a proper purpose. It is more likely that the courts will interfere though in cases

where there has been a failure to act as the Shafron and Cassimatis cases demonstrate.

Statutory business judgment rule 3.24 The Corporations Act provides a defence to contravention proceedings under s 180(1). Section 180(2) provides as follows: A director or other officer of a corporation who makes a business judgment is taken to meet the requirements of subsection (1), and their equivalent duties at common law and in equity, in respect of the judgment if they: (a) make the judgment in good faith for a proper purpose; and (b) do not have a material personal interest in the subject matter of the judgment; and (c) inform themselves about the subject matter of the judgment to the extent they reasonably believe to be appropriate; and (d) rationally believe that the judgment is in the best interests of the corporation. The director’s or officer’s belief that the judgment is in the best interests of the corporation is a rational one unless the belief is one that no reasonable person in their position would hold. Note: This subsection only operates in relation to duties under this section and their equivalent duties at common law or in equity (including the duty of care that arises under the common law principles governing liability for negligence) — it does not operate in relation to duties under any other provision of this Act or under any other laws.

Section 180(3) contains the definition of the term ‘business judgment’: In this section: “business judgment” means any decision to take or not to take action in respect of a matter relevant to the business operations of the corporation.

Accordingly, the five key elements of the defence are: a business judgment, made in good faith for a proper purpose, in circumstances where the director does not have a material personal interest in the subject matter of the judgment, where the directors have taken steps to inform themselves about the subject matter of the judgment to the extent they reasonably believe to be appropriate, and the directors rationally believe that the judgment is in the best interests of the corporation. [page 42]

3.25 Business judgment In Australian Securities and Investments Commission v Rich [2009] NSWSC 1229 at [7277] Austin J noted that: For the statutory defence to be available in Australia, there must be a “decision to take or not to take action”, consciously made so that judgment has actually been exercised … A director who “simply neglected to deal with proper safeguards, with no evidence that he even turned his mind to a judgment of what safeguards there should be” has not made a business judgment and accordingly cannot invoke the defence … It is plain from the statutory definition in s 180(3) that a decision does not have to be a decision to take action; a decision to refrain from doing something may constitute a business judgment according to the definition. The important question is whether the director or officer has turned his or her mind to the matter.

However, Austin J was also of the view that oversight duties would not fall within the scope of the defence:37 [T]he discharge by directors of their “oversight” duties, including their duties to monitor the company’s affairs and policies and to maintain familiarity of the company’s financial position, is not protected by the business judgment rule, because the discharge or failure to discharge those duties does not involve any business judgment as defined. … Monitoring the company’s affairs and maintaining familiarity with its financial position are not in themselves matters that involve a “decision to take or not to take action” in respect of a matter relevant to the company’s business operations. An application of this … is that the defence is not available to protect failure by an officer to oversee the conduct of the company’s business by not considering the need for an effective audit process, as there is no business decision-making involved.

3.26 In good faith for a proper purpose Whether a director has acted in good faith will be a matter to be established by evidence. If a director has not turned her mind to an issue and made a decision to act or refrain from acting, it will be unlikely that she will have made a business judgment for the purposes of s 180(3).38 3.27 Material personal interest For the defence in s 180(2) to be available to a director they must not have a material personal interest in the judgment. In McGellin v Mount King Mining NL (1998) 144 FLR 288 at 304 Murray J set out a test for determining whether an interest constitutes a material personal interest:39 [page 43] “Material” in this context, I think, means that the interest involves a relationship of some real substance to the matter under consideration or the contract or arrangement which is proposed. In that way the nature of the interest should be seen to have a capacity to influence the vote of the particular director upon the decision to be made, bearing in mind that both the

article and the section are concerned with that aspect of a director’s fiduciary duties which relates to the resolution of conflict of interest which must, of itself, be of a real or substantial kind. The interest with which both the article and the section are concerned should be of a kind as to give rise to a conflict of that character. If that test is met, it seems to me not to matter that the nature of the interest may be described as direct or indirect, or vested in interest or contingent. It is the substance of the interest, its nature and capacity to have an impact upon the ability of the director to discharge his or her fiduciary duty which will be important.

3.28 Informing oneself about the subject matter In Australian Securities and Investments Commission v Rich [2009] NSWSC 1229 at [7283] Austin J accepted the Commission’s submissions that matters relevant to a director taking steps to inform themselves about the subject matter of the judgment include the following: the importance of the business judgment to be made; the time available for obtaining information; the costs related to obtaining information; the director or officer’s confidence in those exploring the matter; the state of the company’s business at that time and the nature of competing demands on the board’s attention …; and whether or not material information is reasonably available to the director … 3.29 Rational belief as to the best interests of the corporation Austin J described the content of this element in the following terms: The element of the business judgment rule set out in s 180(2)(d) is that the director or officer rationally believes that the judgment is in the best interests of the corporation. The section then explains that the director’s or officer’s belief that this is so is a rational one unless it is one that no reasonable person in his or her position would hold.40

Austin J then stated that the element will be satisfied if the evidence demonstrates that ‘the defendant believed that his or her judgment was in the best interests of the corporation, and that belief was supported by a reasoning process sufficient to warrant describing it as a rational belief, as defined, whether or not the reasoning process is objectively [page 44] a convincing one’.41 According to his Honour, when considering the

element set out in subpara 180(3)(c):42 The director or officer’s belief about the best interests of the corporation is to be formed, and its rationality assessed, on the basis of the information obtained through compliance with subpara (c). It is not to be assumed, for the purpose of applying subpara (d), that the director or officer knew everything that he or she ought to have known, but only the things that he or she reasonably believed to be appropriate to find out.

Interestingly, Mr Neil Young QC has observed that the business judgment rule arguably offers nothing more than ‘window dressing’ to directors. He states that the defence to s 180(1) that is set out in s 180(2) sets a standard that is no less stringent than that set out in s 180(1) itself. Accordingly, the argument is that it is difficult therefore to conceive of a situation in which a director makes a judgment which satisfies the elements in s 180(2) and would be in breach of s 180(1).43 In other words, the elements in s 180(2) set a standard similar to that set out in s 180(1).

DUTY TO ACT IN GOOD FAITH 3.30 Section 181(1) of the Corporations Act sets out the duty to act in good faith. It provides as follows: A director or other officer of a corporation must exercise their powers and discharge their duties: (a) in good faith in the best interests of the corporation; and (b) for a proper purpose.

3.31 Good faith and in the best interests of the corporation In relation to the first limb of the duty, there is some confusion in the cases as to whether the duty under s 181(1) is a subjective duty or an objective duty. In Re Colorado Products Pty Ltd (in prov liq) [2014] NSWSC 789 at [420] Black J set out the different views without deciding which one was to be preferred: The case law is divided as to whether a contravention of s 181(1)(a) of the Corporations Act requires that it be established that a director engaged

[page 45] deliberately in conduct which he or she knew was not in the company’s best interests: for example, Forge v Australian Securities and Investments Commission [2004] NSWCA 448; (2004) 213 ALR 574 at [245] per McColl JA (with whom Handley and Santow JJA agreed);

Holyoake Industries (Vic) Pty Ltd v V-Flow Pty Ltd [[2011] FCA 1154] at [150], varied on appeal on another point in V-Flow Pty Ltd v Holyoake Industries (Vic) Pty Ltd [[2013] FCAFC 16]. In Westpac Banking Corporation v Bell Group Ltd (in liq) (No 3) [2012] WASCA 157; (2012) 44 WAR 1, the Court of Appeal of the Supreme Court of Western Australia unanimously held that the corresponding general law duty to act in good faith in the company’s best interests was subjective and would be complied with if directors honestly believed they acted in the company’s best interests (at [923] per Lee AJA, at [1988] per Drummond AJA, [2027], at [2772], [2795] per Carr AJA). The alternative view is that a contravention of that limb of s 181 can be established if the law objectively considers that what the director did was improper, even if the director subjectively believed that he or she was acting in the company’s best interests: see, for example, Australian Growth Resources Corporation Pty Ltd v Van Reesema (1988) 13 ACLR 261 at 270–271; 6 ACLC 529 per King CJ; Mernda Developments Pty Ltd (in liq) v Alamanda Property Investments No 2 Pty Ltd [2011] VSCA 392; (2011) 86 ACSR 277 at [32]–[33].

Needless to say, this level of uncertainty makes it hard for directors to know which standard is to be applied in order to satisfy the duty. Accordingly, the cautious approach would be to ensure that the objective standard can be satisfied. The term ‘best interests’ has its heritage in equity. The content of the duty was discussed in Chapter 2: see 2.13ff. Much of the discussion there is applicable in this context. The term ‘the best interests of the corporation’ may ‘require consideration of which constituencies are relevant, for example, the company’s shareholders as a whole, its creditors in the case of a company that is insolvent or close to insolvency, and possibly its employees’.44 3.32 Proper purpose The second limb of s 181(1) requires directors and officers to exercise their powers or duties for a proper purpose. It reflects the case law concerning the proper purpose requirement. Directors and officers must only exercise their powers for the purpose for which they were conferred and not for any collateral or improper purpose. The test for determining if this is the case in any given situation is to be determined on an objective basis and by reference to the substantial purpose of the exercise of the power.45 [page 46]

DUTY TO NOT IMPROPERLY USE POSITION

3.33 The obligation to not improperly use a director’s position for personal gain has at least a partial genesis in fiduciary law, namely the rules relating to conflicts and the no profit rule. The conflict rule was outlined in Pilmer v Duke Group Ltd (in liq) (2001) 207 CLR 165 at 197– 9 as follows:46 The fiduciary is under an obligation, without informed consent, not to promote the personal interests of the fiduciary by making or pursing a gain in circumstances where there is “a conflict” or a real or substantial possibility of a conflict “between personal interest of the fiduciary and those to whom the duty is owed”.

Regal (Hastings) Ltd v Gulliver [1967] 2 AC 134 is authority for the proposition that a director who makes a profit by use of her position as a director or who uses information acquired as a director to benefit herself must account to the company for that profit or benefit. However, the scope of the provision does also cover ground beyond fiduciary concepts. For example, it applies to secretaries, other officers and employees as well as directors. Section 182(1) provides as follows: A director, secretary, other officer or employee of a corporation must not improperly use their position to: (a) gain an advantage for themselves or someone else; or (b) cause detriment to the corporation.

3.34 It is not essential that the director, secretary officer or employee is not ultimately successful in achieving the gain; an attempt will suffice to ground a contravention.47 A person can make an improper use of their position even if the conduct falls short of conscious wrongdoing. Conduct can be improper if it ‘can be established by a breach of the standards of conduct which would be expected of a person in the position of the director or officer, by a reasonable person with knowledge of the duties, powers and authority of the position and the circumstances of the case’.48 In R v Byrnes (1995) 183 CLR 501 the ‘majority of the High Court held that an objective standard was to be applied in determining what amounts to an “improper” use of position … and the accused’s conduct should be tested against the standard of conduct which a reasonable person, who had knowledge of the duties, powers and authority of the [page 47]

accused’s position and the circumstances of the case, would expect of a person in the position of the accused’.49 In Doyle v Australian Securities and Investments Commission [2005] HCA 78 the High Court affirmed the objective test to be applied in this context. In a case involving cognate legislation, Gleeson CJ noted in R v Towey (1996) 21 ACSR 46 at 57 that it would be sufficient to establish a breach if a director: … knows all the facts which the law considers it necessary to know in order to judge the propriety of the director’s conduct by reference to the legal standards applicable to fiduciaries then the circumstance that the director is not aware of those standards or is mistaken as to their requirements is beside the point.

DUTY TO NOT IMPROPERLY USE INFORMATION 3.35 The rule against conflicts is reflected in the duty set out in s183(1) of the Corporations Act, which prohibits the improper use of information. A key obligation that arises in connection with a fiduciary’s duty of good faith is that directors and other officers who owe the duty must not exploit company assets or information to make a profit or to obtain some other advantage.50 This is a core obligation of the duty. It is important to note in this context that a very high duty is imposed, ‘[i]n particular, the fiduciary duty with respect to information does not depend on showing that the information is confidential’.51 Although a fiduciary’s duty in this context can be excluded or modified with the fully informed consent of the principal,52 it is unlikely however that a company would ever permit a director to use company information in a manner that allowed the director to make a profit or obtain some other advantage.53 Indeed, the prohibition in s 183 (and s 184, which imposes criminal sanctions) would seem to preclude that situation from arising. 3.36 Section 183(1) provides as follows: A person who obtains information because they are, or have been, a director or other officer or employee of a corporation must not improperly use the information to:

[page 48] (a) gain an advantage for themselves or someone else; or

(b) cause detriment to the corporation.

There is some debate as to the extent to which s 183 reflects or extends the general rules of equity. In Southern Real Estate Pty Ltd v Dellow (2003) SASR 1; [2003] SASC 318 at [25], Debelle J stated that: Section 183 prohibits a director of a company from improperly using information obtained as a director to gain advantage for themselves or someone else or to cause detriment to the company. That obligation is also a fiduciary duty. It is an instance of the fiduciary duty to act in good faith.

3.37 This approach suggests s 183 merely reflects the general laws. Also, in Forkserve Pty Ltd v Pacchiarotta [2000] NSWSC 979 Young J observed that there were no major differences between the two regimes. His Honour characterised this similarity as follows: [T]he general coverage of the obligations under [s 183] are not to any major extent wider than the duties under the general rules of equity. There are some extensions made by the statute in that there is taken away some problems of privity, there is conferred a statutory right to receive damages or compensation where under the general law there would only be an account of profits and other ancillary advantages. However, generally speaking, if there has been no improper use of information under the general equitable principles, there is no improper use of information under the statute.54

3.38 However, Austin and Ramsay believe the statutory provision is wider than the general law in a number of specific respects, namely as follows: The provision applies to any officer or employee. Liability arises under the provision if an advantage flows to any other person, whereas under the general law a director is not liable to account for profits gained by another.55 The statutory provision is a civil penalty provision that imposes consequences well beyond those imposed by the general law. Section 183(2) is deemed to apply to anyone involved in the contravention (whether that person is an officer, employee or any other person for that matter), whereas the general law principles only apply to fiduciaries and those who knowingly assist them. [page 49] The obligations in s 183(2) continue indefinitely, whereas under the

general law principles may not continue indefinitely.56 Section 183(2) allows a company to recover an amount equal to the profit made by the person who contravenes (or any other person)57 whereas at general law the company may only recover profit from a fiduciary. In this context the company may also be able to impose a constructive trusteeship on a third party who assists the fiduciary with knowledge of the breach. However, the general law does not permit the company to recover from the fiduciary an amount equivalent to the profit obtained by the third party.58 3.39 Austin and Ramsay then go on to note that s 183(2) is narrower in scope than the general law in two respects: First, the statutory provision only applies where the improper use of the information relates to the gaining of an advantage for the officer or employee (or any other person) or causing detriment to the company. In this connection, the general law does not require either the advantage or detriment elements. Second, the statutory provision applies only where use is made of the relevant person’s position, whereas the general law indicates a move away from a strict causal connection.59

The differences that Austin and Ramsay point out are significant ones that clearly demonstrate dissimilarities between the two regimes. It is essential to be aware of these differences in order to manage legal risk in this context.

RELIANCE ON OTHERS AND NON-DELEGABLE DUTIES 3.40 Section 189 of the Corporations Act provides that a director’s reliance on the information provided by others will be reasonable in certain circumstances. The section provides: If: (a) a director relies on information, or professional or expert advice, given or prepared by:

[page 50] (i)

an employee of the corporation whom the director believes on reasonable grounds to be reliable and competent in relation to the matters concerned; or (ii) a professional adviser or expert in relation to matters that the director believes on

reasonable grounds to be within the person’s professional or expert competence; or (iii) another director or officer in relation to matters within the director’s or officer’s authority; or (iv) a committee of directors on which the director did not serve in relation to matters within the committee’s authority; and (b) the reliance was made: (i) in good faith; and (ii) after making an independent assessment of the information or advice, having regard to the director’s knowledge of the corporation and the complexity of the structure and operations of the corporation; and (c) the reasonableness of the director’s reliance on the information or advice arises in proceedings brought to determine whether a director has performed a duty under this Part or an equivalent general law duty; the director’s reliance on the information or advice is taken to be reasonable unless the contrary is proved.

3.41 However, the provision requires care to be taken and an active assessment made of the information having regard to the matters set out in s 189. In Australian Securities and Investments Commission v Healey [2011] FCA 717 at [167], [174]–[175] Middleton J made a number of observations about the reliance on information provided by others in the context of the duty set out in s 180(1): While directors are required to take reasonable steps to place themselves in a position to guide and monitor the management of the company, they are entitled to rely upon others, at least except where they know, or by the exercise of ordinary care should know, facts that would deny reliance. There was no suggestion in this proceeding that the reliance on others was not warranted, nor was there any prior alerting to cause trust in those whom the directors had relied upon was misplaced. … … The salient feature here is that each director armed with the information available to him was expected to focus on matters brought before him and to seriously consider such matters and take appropriate action. This task demands critical and detailed attention, and not just “going through the motions” or sole reliance on others, no matter how competent or trustworthy they may appear to be. Directors cannot substitute reliance upon the advice of management for their own attention and examination of an important matter that

[page 51] falls specifically within the Board’s responsibilities as with the reporting obligations. The Act places upon the Board and each director the specific task of approving the financial statements. Consequently, each member of the board was charged with the responsibility of attending to and focusing on these accounts and, under these circumstances, could not delegate or “abdicate” that responsibility to others.

3.42 The latter part of the passage cited above refers to some duties of a director being non-delegable.60 The concept of non-delegable duties was also a feature of the decision in Australian Securities and Investments Commission v Macdonald (No 11) [2009] NSWSC 287. In that case, Gzell J held that a certain market announcement was ‘a key statement in relation to a highly significant restructure of the James Hardie group’. Therefore, given that management had brought the matter to the board, the directors were not entitled to ‘abdicate responsibility by delegating his or her duty to a fellow director’.61 Further, Gzell J was of the view that ‘[n]or was this a case of reliance upon management, a co-director or expert adviser. Management had sought the board’s approval and the task of approving the Draft ASX Announcement involved no more than an understanding of the English language used in the document’. These findings were not disturbed by the High Court when it ultimately heard an appeal in this matter.62 Accordingly, it can be seen that non-delegable duties under s 180(1) include at least the review and approval of financial statements (Healey) and key market statements concerning a corporation which management bring to a board for approval (Macdonald). No doubt the courts will identify others over time, but directors need to turn their mind to this issue when delegating duties that may fall under s 180(1) or any other duties under Part 2D.1 of the Corporations Act or equivalent general law duties.

DISCLOSURES BY WHISTLEBLOWERS 3.43 Disclosures by whistleblowers are mentioned here because they help to bring to light potential misconduct by a corporation or an officer of a corporation. Whistleblowing legislation is clearly justified on public policy grounds. Directors and officers play a critical role in ensuring that corporations have effective whistleblower policies and procedures. [page 52] 3.44 Whistleblower legislation provides protection in connection with disclosures of any information (including confidential corporate

information) where five elements are satisfied. First, to fall within the terms of the relevant provisions, a whistleblower must be a current officer of a company, a current employee of a company or a person who has an existing contract for the supply of goods or services to a company (or an employee of such a person).63 Second, a qualifying disclosure must be made to the Australian Securities and Investments Commission (ASIC), an auditor of the company, or a director, secretary or senior manager or other person who is authorised by the company to receive disclosures of the relevant kind.64 Third, the discloser must reveal their identify to the person to whom the disclosure is made.65 Fourth, the discloser must have reasonable grounds for suspecting that certain information indicates that the company or an officer66 or employee of the company may have contravened a provision of the Corporations legislation.67 Section 9 of the Corporations Act defines ‘Corporations legislation’ to include, among other things, the Corporations Act and the Australian Securities and Investments Commission Act 2001 (Cth). Fifth, the disclosure must be made in good faith.68 It must be noted that once a disclosure satisfies all of these elements, the statutory regime is engaged automatically. A disclosure does not need to be styled or expressed as a whistleblower disclosure under the Corporations Act or otherwise to attract protection, although it may in practice.69 Accordingly, many disclosures may qualify for protection and a corporation may inadvertently be unaware of it. 3.45 If a qualifying disclosure is made under the relevant provisions, the person making the disclosure cannot, among other things, be subject to any civil or criminal liability nor can any contractual or other remedy (for example, equitable) be enforced against that person.70 In addition, [page 53]

the law prohibits a person causing or threatening detriment to another person because a whistleblower disclosure has been made.71 A breach of this prohibition attracts a maximum fine of 25 penalty units or six months in prison or both.72 This immunity applies irrespective of whether the suspicions of the whistleblower are ultimately substantiated. 3.46 Further, subject only to specified exceptions, once a qualifying disclosure is made, strict confidentiality provisions apply making it an offence to reveal any of the following: the subject matter of the whistleblower’s disclosure; the whistleblower’s identity; or information that is likely to lead to the identification of the whistleblower. The exceptions relate to disclosures of any of the above matters to ASIC, the Australian Prudential Regulation Authority, the Australian Federal Police or to another person with the consent of the whistleblower. Consent in this context would include express and implicit consent. A breach of this prohibition attracts a maximum fine of 25 penalty units.73 Interestingly, the statute provides that the identity of a whistleblower and the subject matter of the disclosure can be discussed with a regulatory authority or the Federal Police, yet the statute does not expressly permit a person to discuss the matter with a lawyer. This is notwithstanding the fact that obtaining legal advice would be a necessary prerequisite to effectively dealing with the matter that the whistleblower has raised.74 3.47 The allegations levelled at the management of Autonomy Corp plc (prior to its acquisition by Hewlett-Packard) are an example of the serious type of conduct that whistleblower provisions are designed to bring to light. The allegations relate to the internal accounting practices of Autonomy. Put simply, the allegations were that Autonomy overstated [page 54] its book value by at least US$5 billion by misstating revenue and by utilising other accounting devices in breach of accounting standards.75 Presumably this was in order to justify a higher sale price to Hewlett-

Packard which bought Autonomy in late 2011. The relevant allegations came to light through disclosure by a whistleblower (who was an employee of the merged Hewlett-Packard– Autonomy entity at the time of making the allegations).

LIABILITY AND REMEDIES Ratification 3.48 In some circumstances ‘a fully informed general meeting can prospectively or retrospectively validate the actions of directors of the company, although those actions involve negligence, breach of fiduciary duty or the exercise of the directors’ powers for an improper purpose’.76 The ability to ratify breaches of duty is subject to some exceptions. In general, ratification may be effective in relation to general law duties but it will not generally be a complete defence to contraventions arising under statute.77

Duty to act with care and diligence: s 180 3.49 The law only provides for civil sanctions of a breach of the duty under s 180 of the Corporations Act. Section 180 is a civil penalty provision.78 A breach attracts a pecuniary penalty up to $200,000.79 A person may also be disqualified from managing a corporation for a contravention of a civil penalty provision.80 In addition, a compensation order may be made under s 1317H that allows a court to order a person who has breached a civil penalty provision to compensate a corporation for damage suffered as a result of the breach.81 Injunctions may also be available.82 [page 55]

Duty to act in good faith: s 181 3.50 Section 181 is a civil penalty provision.83 Liability is imposed on

any person who contravenes the provision or any person who is involved in the contravention.84 3.51 A breach attracts a pecuniary penalty up to $200,000.85 In addition, a compensation order may be made under s 1317H that allows a court to order a person who has breached a civil penalty provision to compensate a corporation for damage suffered as a result of the breach. Injunctions may also be available.86 A person may also be disqualified for a contravention of a civil penalty provision.87 Further, s 184(1) provides for a criminal sanction in certain cases. That section provides as follows: A director or other officer of a corporation commits an offence if they: (a) are reckless; or (b) are intentionally dishonest; and fail to exercise their powers and discharge their duties: (c) in good faith in the best interests of the corporation; or (d) for a proper purpose. The maximum penalty for a breach of s 184(1) is 2000 penalty units and/or five years’ imprisonment.88

Duty to not improperly use position: s 182 3.52 Section 182 is a civil penalty provision.89 Liability is imposed on any person who contravenes the provision or any person who is involved in the contravention.90 3.53 A breach attracts a pecuniary penalty up to $200,000.91 In addition, a compensation order may be made under s 1317H that allows a court to order a person who has breached a civil penalty [page 56] provision to compensate a corporation for damage suffered as a result of the breach. Injunctions may also be available.92 A person may also be disqualified for a contravention of a civil penalty provision.93 Further, s 184(2) provides for a criminal sanction in certain cases. That section provides as follows: A director, other officer or employee of a corporation commits an offence if they use their position dishonestly:

with the intention of directly or indirectly gaining an advantage for themselves, or (a) someone else, or causing detriment to the corporation; or (b) recklessly as to whether the use may result in themselves or someone else directly or indirectly gaining an advantage, or in causing detriment to the corporation. The maximum penalty for a breach of s 184(2) is 2000 penalty units and/or five years’ imprisonment.94

Duty to not improperly use information: s 183 3.54 Section 183 is a civil penalty provision.95 Liability is imposed on any person who contravenes the provision or any person who is involved in the contravention.96 3.55 A breach attracts a pecuniary penalty up to $200,000.97 In addition, a compensation order may be made under s 1317H that allows a court to order a person who has breached a civil penalty provision to compensate a corporation for damage suffered as a result of the breach. Injunctions may also be available.98 A person may also be disqualified for a contravention of a civil penalty provision.99 Further, if a current or past director, officer or employee dishonestly uses a company’s information with the intention of gaining an advantage or causing detriment (or is reckless to such matters), they may be subject to criminal sanction under s 184(3). Section 184(3) provides as follows: [page 57] A person who obtains information because they are, or have been, a director or other officer or employee of a corporation commits an offence if they use the information dishonestly: (a) with the intention of directly or indirectly gaining an advantage for themselves, or someone else, or causing detriment to the corporation; or (b) recklessly as to whether the use may result in themselves or someone else directly or indirectly gaining an advantage, or in causing detriment to the corporation. The maximum penalty for a breach of s 184(3) is 2000 penalty units and/or five years’ imprisonment.100

Relief under s 1317S and s 1318 of the Corporations Act 3.56 A court may provide relief from liability for a civil penalty

provision under s 1317S or in any civil proceeding for negligence, default, breach of trust or breach of duty in certain cases under s 1318. The key factors that the court will have regard to under either provision include whether the person acted honestly and whether, having regard to all the circumstances of the case, the person ought fairly be excused from liability.

CONCLUSION 3.57 This chapter reviewed the key duties that are imposed on directors and officers in the conduct of the corporation. The recurring themes that can be identified in this context are the need to continually refer to common law and equitable duties in defining the content of the statutory duties. It is also important in nearly every case to assess the standard of conduct required by reference to an objective standard. And, finally, it is evident that a standard of conduct in each case requires evaluation of the circumstances as a whole.

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19.

P Redmond, ‘The Reform of Directors’ Duties’ (1991) 15 University of New South Wales Law Journal 86 at 90. Re City Equitable Fire Insurance Co Ltd [1925] Ch 407 at 426 per Romer LJ. LexisNexis, Australian Corporation Law Principles & Practice, online, at [3.2A.0010]. See note 3 above at [3.2A.0025]. See note 3 above at [3.2A.0010]. For a discussion about the obligations imposed on directors in an insolvency context, see note 3 above at [3.2A.0300]. See note 3 above at [3.2A.0035]. Re City Equitable Fire Insurance Co Ltd [1925] Ch 407 at 426 per Romer J. See note 3 above at [3.2A.0040]. Daniels (formerly practising as Deloitte Haskins & Sells) v Anderson (1995) 16 ACSR 607 at 666. Daniels (formerly practising as Deloitte Haskins & Sells) v Anderson (1995) 16 ACSR 607 at 668. Daniels (formerly practising as Deloitte Haskins & Sells) v Anderson (1995) 16 ACSR 607 at 664. See note 3 above at [3.2A.0045]. See also 2.21ff above. Note s 187 of the Corporations Act allows a director to have regard to the interests of a holding company in a group context when exercising this duty. Australian Securities and Investments Commission v Adler (2002) 41 ACSR 72 at [372]. See note 3 above at [3.2A.0050]. Re Toppro Pty Ltd [2016] NSWSC 1399 at [63] per Brereton J. Australian Securities and Investments Commission v Vines (2003) 48 ACSR 322 at [38]. Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023 at

20. 21.

22. 23. 24.

25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41.

[480]. Vrisakis v Australian Securities and Investments Commission (1993) 9 WAR 395 at 449–50 per Ipp J. See also Gamble v Hoffman (1997) 24 ACSR 369 at 373–4 per Carr J and Minlabs Pty Ltd v Assaycorp Pty Ltd (2001) 37 ACSR 509 at 518 per Roberts-Smith J. Note the observations of Santow J in Australian Securities and Investments Commission v Adler [2002] NSWSC 171 at [372] regarding the special vigilance required where a transaction involves the potential for a conflict between interest and duty: ‘Where there is a transaction involving the potential for conflict between interest and duty, as here arose, the duty of care and diligence falls to be exercised in a context requiring special vigilance, calling for scrupulous concern on the part of those officers who become aware of that transaction to ensure that any necessary corporate approvals are obtained and safeguards put in place. While the primary responsibility will fall on the director or officer proposing to enter into the transaction, this does not excuse other directors or officers who become aware of the transaction.’ Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023 at [486]. See note 3 above at [3.2A.0010]. N Hutley and S Hartford-Davis, ‘Memorandum of Opinion — Climate Change and Directors’ Duties’, The Centre for Policy Development/The Future Business Council, 7 October 2016 at [3.5], available at (viewed 31 October 2016). See also R Sullivan, W Martindale, E Feller and A Bordon, ‘Fiduciary Duty in the 21st Century’ (viewed 31 October 2016). Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023 at [32]. Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023 at [5]. Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023 at [529]–[530]. Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023 at [675]. Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023 at [23]. Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023 at [672]. Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023 at [22]–[23]. Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023 at [480]–[484]. See note 3 above at [3.2A.0050]. Shafron v Australian Securities and Investments Commission [2012] HCA 18 at [18] per French CJ, Gummow, Hayne, Crennan, Kiefel and Bell JJ. Shafron v Australian Securities and Investments Commission [2012] HCA 18 at [10]–[20] per French CJ, Gummow, Hayne, Crennan, Kiefel and Bell JJ. Harlowe’s Nominees Pty Ltd v Woodside (Lakes Entrance) Oil Co NL (1968) 121 CLR 483 at 492 per Barwick CJ, McTiernan and Kitto JJ. Australian Securities and Investments Commission v Rich [2009] NSWSC 1229 at [7278]. Australian Securities and Investments Commission v Rich [2009] NSWSC 1229 at [7281]. See also Grand Enterprises Pty Ltd v Aurium Resources Ltd [2009] FCA 513 at [64]. Australian Securities and Investments Commission v Rich [2009] NSWSC 1229 at [7285]. Australian Securities and Investments Commission v Rich [2009] NSWSC 1229 at [7290].

42. 43.

44. 45. 46.

47. 48. 49. 50. 51. 52. 53. 54. 55. 56.

57. 58. 59. 60.

61. 62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72.

73.

Australian Securities and Investments Commission v Rich [2009] NSWSC 1229 at [7291]. N Young, ‘Has Directors’ Liability Gone Too Far or Not Far Enough? A Review of the Standard of Conduct Required of Directors Under Sections 180–184 of the Corporations Act’ (2008) 26(4) Company and Securities Law Journal 216. Contrast Australian Securities and Investments Commission v Rich [2009] NSWSC 1229 at [7294]–[7295] per Austin J. See note 3 above at [3.2A.0070]. Permanent Building Society (in liq) v Wheeler (1994) 11 WAR 187 at 218. See also the general law duty to not misappropriate corporate opportunities: Hospital Products Ltd v US Surgical Corporation (1984) 156 CLR 41 at 68 per Gibbs CJ, at 96 per Mason J, at 141 per Dawson J; Mills v Mills (1938) 60 CLR 150 at 185 per Dixon J. See note 3 above at [3.2A.0095]. See note 3 above at [3.2A.0095]. See note 3 above at [3.2A.0095]. See Chew v R (1991) 5 ACSR 473 at 499 per Malcolm CJ. R P Austin and I M Ramsay, Ford’s Principles of Corporations Law, 15th ed, LexisNexis Butterworths, Sydney, 2013 at [9.210]. Australian Securities and Investments Commission v Citigroup Global Markets Australia Pty Ltd (No 4) [2007] FCA 963 at [293]–[294] per Jacobson J. Indeed, directors have a duty to use company resources only for the benefit of the company: see note 51 above at [8.080]. Forkserve Pty Ltd v Pacchiarotta [2000] NSWSC 979 at [28], repeating what his Honour had said in Rosetex Co Pty Ltd v Licata (1994) 12 ACSR 779. See Regal (Hastings) Ltd v Gulliver [1967] 2 AC 134n for an illustration of this principle. Indeed, an employee’s obligations post-employment may narrow significantly in this context, especially in the absence of written restrictive covenants: see L Gamertsfelder, Corporate Information and the Law, 2nd ed, LexisNexis Butterworths, Sydney, 2016 at 4.31ff. See Cummings v Claremont Petroleum NL (1992) 9 ACSR 583 for an example of recovery against a third party. See note 51 above at [9.290]. See note 51 above at [9.290]. This would seem to be the case notwithstanding s 198D of the Corporations Act which allows directors to delegate powers to other persons. See also s 190 for the directorial responsibility for delegated powers. Australian Securities and Investments Commission v Macdonald (No 11) [2009] NSWSC 287 at [260]. Australian Securities and Investments Commission v Hellicar [2012] HCA 17. See Corporations Act s 1317AA(1)(a). See Corporations Act s 1317AA(1)(b). See Corporations Act s 1317AA(1)(c). Note that s 9 defines an ‘officer’ to include, among other things, a director. See Corporations Act s 1317AA(1)(d). See Corporations Act s 1317AA(1)(e). Note that whistleblower regimes are set out in other statutes. See for example Subdiv A, Pt 7 of the Life Insurance Act 1995 (Cth). See Corporations Act s 1317AB. See Corporations Act s 1317AC. See Corporations Act s 1311 and Sch 3. One penalty unit currently means an amount of $180: s 4AA of the Crimes Act 1914 (Cth). Commencing 1 July 2018, penalty units will be subject to the triennial indexation regime set out in s 4AA(3) of the Crimes Act. See Corporations Act s 1311 and Sch 3. One penalty unit currently means an amount of $180:

s 4AA of the Crimes Act 1914 (Cth). Commencing 1 July 2018, penalty units will be subject to the triennial indexation regime set out in s 4AA(3) of the Crimes Act. 74. See also the fundamental rights upheld at common law to access the courts and by implication obtain legal advice: J J Spigelman, ‘Principle of Legality and the Clear Statement Principle’ (2005) 79 Australian Law Journal 769 at 775. 75. See for example P Svensson, ‘HP Says Fraud Prompted $5 Billion Overpayment’, 21 November 2012 at (viewed 10 October 2016). 76. See note 3 above at [3.2A.0130]. 77. See note 3 above at [3.2A.0130] and [3.2A.0135]. 78. See Corporations Act s 1317E. 79. See Corporations Act s 1317G. 80. See Corporations Act s 206C and Pt 2D.6 generally. 81. Note that damages are the gist of an action for breach of the duty of care at common law: see Australian Securities and Investments Commission v Rich [2009] NSWSC 1229 at [7193] per Austin J. 82. See Corporations Act s 1324. 83. See Corporations Act s 1317E. 84. See Corporations Act s 181(2) and s 79 for the definition of ‘involved’. 85. See Corporations Act s 1317G. 86. See Corporations Act s 1324. 87. See Corporations Act s 206C and Pt 2D.6 generally. 88. Section 4AA of the Crimes Act 1914 (Cth) currently provides that one penalty unit means an amount of $180. Commencing 1 July 2018, penalty units will be subject to the triennial indexation regime set out in s 4AA(3) of the Crimes Act. 89. See Corporations Act s 1317E. Section 187 deals with the situation of directors of whollyowned subsidiaries. 90. See Corporations Act s 182(2) and s 79 for the definition of ‘involved’. 91. See Corporations Act s 1317G. 92. See Corporations Act s 1324. 93. See Corporations Act s 206C and Pt 2D.6 generally. 94. Section 4AA of the Crimes Act 1914 (Cth) currently provides that one penalty unit means an amount of $180. Commencing 1 July 2018, penalty units will be subject to the triennial indexation regime set out in s 4AA(3) of the Crimes Act. 95. See Corporations Act s 1317E. 96. See Corporations Act s 183(2) and s 79 for the definition of ‘involved’. 97. See Corporations Act s 1317G. 98. See Corporations Act s 1324. 99. See Corporations Act s 206C and Pt 2D.6 generally. 100. Section 4AA of the Crimes Act 1914 (Cth) currently provides that one penalty unit means an amount of $180. Commencing 1 July 2018, penalty units will be subject to the triennial indexation regime set out in s 4AA(3) of the Crimes Act.

[page 59]

Chapter 4 Duties of a Responsible Entity INTRODUCTION 4.1 Responsible entities are the controlling bodies of managed investment schemes. The duties of a responsible entity have their genesis in general law, particularly fiduciary duties. More recently they have found expression in statutory form. The statutory duties were introduced by the Managed Investments Act 1998 (Cth). The Explanatory Memorandum to the Managed Investments Bill 1997 (Cth) explained the provenance of the statutory duties in the following manner:1 The responsible entity of a managed investment scheme will be subject to extensive statutory duties (proposed section 601FC). The duties will reflect both the fundamental duties of a fiduciary, as well as certain of the duties currently imposed on the management company and trustee under the covenant provisions of Division 5 of Part 7.12 of the Law. [Emphasis added]

Given Chapter 2 explored equitable duties of fiduciaries, the focus of this chapter is on the statutory duties that are imposed on responsible entities, but as we will see reference to cognate general law obligations is inevitable as the cases discussed below will show. It is also important to note that general law duties and obligations continue to apply to responsible entities, so they need to be considered alongside the statutory regime when evaluating conduct. 4.2 The statutory duties of responsible entities that this chapter will review are those set out in s 601FC (Duties of a responsible entity) of the Corporations Act 2001 (Cth) (Corporations Act), with a specific focus on those in s 601FC(1)(a)–(e) as the requirements set out in those provisions are broad, open-ended obligations regarding the manner in [page 60] which a responsible entity conducts itself.2 The chapter will also consider similar duties that are imposed on officers of a responsible entity by s

601FD(1).3 4.3 Section 601FC(1) requires that ‘[i]n exercising its powers and carrying out its duties, the responsible entity of a registered scheme must’ comply with all of the duties listed in s 601FC(1)(a)–(m). This phrase clearly refers to powers and duties conferred on the responsible entity by the Corporations Act as well as those that ‘arise under the constitution, and arguably those which arise from the terms of any offer document, the compliance plan for the scheme and the terms of any application to invest in the scheme would be included’.4 Accordingly, officers of a responsible entity should ensure that they comply with the requirements of s 601FC(1) when exercising any duty or power conferred on them. For example, ‘[i]n addition to duties arising under the Corporations Act and the scheme documents, there will also be powers and duties which arise under the general law, in particular the law relating to trusts but also the law of contract and the law relating to fiduciaries’.5 [page 61] In Australian Securities and Investments Commission v Perpetual Trustee Co (Canberra) Ltd [2000] FCA 1726 the Australian Securities and Investments Commission (ASIC) sought to compel the trustee to exercise certain rights available to it. Ultimately, the court held that those rights were not actually available to the trustee in that case, but the decision does stand for the proposition that the prefatory words in s 601FC(1) have a very wide ambit.

DUTY TO ACT HONESTLY 4.4 The first duty set out in s 601FC(1)(a) of the Corporations Act relates to honest conduct. The section provides that in exercising its powers and carrying out its duties, the responsible entity of a registered scheme must ‘act honestly’. Ford and Lee note that ‘[t]he courts have refrained from developing any general rules or principles in determining whether any given pattern of conduct is honest and reasonable’.6 The word ‘honestly’ means ‘with honesty; in an honest manner’. The word ‘honestly’

means ‘1. the quality or fact of being honest; uprightness, probity, or integrity. 2. truthfulness, sincerity, or frankness. 3. freedom from deceit or fraud …’: Macquarie Dictionary. 4.5 An unresolved issue is whether one uses an objective or subjective standard when evaluating whether a person has acted honestly. While there are no cases that have considered the meaning of the duty under s 601FC(1)(a), in Marchesi v Barnes [1997] VR 434 at 438 Gowans J explored the meaning of the word ‘honestly’ in the context of provisions that required directors to ‘act honestly’: [T]o “act honestly” refers to acting bona fide in the interests of the company in the performance of the functions attaching to the office of director. A breach of the obligation to act bona fide in the interests of the company involves a consciousness that what is being done is not in the interests of the company, and deliberate conduct in disregard of that knowledge.

In Australian Securities and Investments Commission v Vines (2005) 55 ACSR 617 at [1099] Austin J interpreted this statement to mean: His Honour’s observations [in Marchesi v Barnes [1997] VR 434] had been taken to mean that a defendant would not be held to have breached the statutory duty of honesty unless it was shown that he or she was conscious that what was being done was not in the interests of the company. Conversely, directors who honestly believed their decision to be in the interests of the company did not contravene this section even

[page 62] though they acted for a purpose that, judged objectively, was not a proper purpose …

However, Austin J noted (at [1100]) that ‘a different approach was taken in Australian Growth Resources Corp Pty Ltd v Van Reesema (1988) 13 ACLR 261 … where King CJ said (at 272)’: The section therefore embodies a concept analogous to constructive fraud, a species of dishonesty which does not involve moral turpitude. I have no doubt that a director who exercises his powers for a purpose which the law deems to be improper, infringes this provision notwithstanding that according to his own lights he may be acting honestly.

4.6 This tension is not dissimilar to the kind of tension identified by Black J in Re Colorado Products Pty Ltd (in prov liq) [2014] NSWSC 789 at [420] in respect to whether a subjective or objective standard ought to apply in determining a director’s duty to act in good faith and in the best interests of the corporation: see 3.31. Ultimately, from the perspective of proving where a breach has occurred, a subjective standard is a higher

standard and the objective standard a lower one.7

DUTY OF CARE AND DILIGENCE 4.7 Section 601FC(1)(b) of the Corporations Act provides that: In exercising its powers and carrying out its duties, the responsible entity of a registered scheme must … exercise the degree of care and diligence that a reasonable person would exercise if they were in the responsible entity’s position.

4.8 The terms of the duty invite a court to assess the conduct of the responsible entity from an objective perspective. In considering what is the responsible entity’s position:8 [I]t is obviously relevant to take into account the terms of the scheme constitution. Equally, it would seem relevant to take into account the terms of the offer document under which investors invested in the scheme, as well as the nature of the investors. For example, if it is clear from the terms of an offer document that the scheme will invest in ways which carry risks of loss, then provided the nature of the prospective investments and warnings about the possibility of loss are plainly expressed, there should be no grounds for suggesting that there is a breach of the “care and diligence” duty where scheme assets are invested in the manner contemplated. When investing within the scope of what has been represented, of course the responsible entity

[page 63] must act with “care and diligence” having regard to what investors have been led to expect.

4.9 However, the duties of trustees contrast with those owed by company directors. In Daniels (formerly practising as Deloitte Haskins & Sells) v Anderson (1995) 37 NSWLR 438 at 494 Clarke and Sheller JJA observed: However for reasons well documented in the text books it became apparent that the duty and function of a director did not correspond with those of a trustee. While the duty of a trustee is to exercise a degree of restraint and conservatism in investment judgments the duty of a director may be to display entrepreneurial flair and accept commercial risks to produce a sufficient return on the capital invested.

The concept of restraint and conservatism referred to by Clarke and Sheller JJA in Daniels was expanded on by Finn J in Australian Securities Commission v AS Nominees Ltd (1995) 18 ACSR 459 at 470 where his Honour referred to the ‘requirement of caution’ and said: I would add that underlying the distinction today is, probably, not merely an historical

assumption about the separate purposes of companies and of trusts, but also a generalisation about the different risks that persons who invest their assets in companies on the one hand and in trusts on the other are considered likely to have assumed.

In any given case what ‘constitutes the exercise of prudence or caution will differ according to the nature of the scheme, the nature and range of investments it is proposed to acquire, borrowings, derivative contracts and other features described in the relevant offer document (which normally draws attention to relevant risks). The requirement of caution does not prevent a responsible entity from adopting a high-risk investment strategy; rather, the responsible entity is required to implement the chosen strategy taking into account the requirement of caution’.9 4.10 The standard of the duty owed by a responsible entity will also be affected by the responsible entity holding itself out as having any special skills. In Bartlett v Barclays Bank Trust Co Ltd (No 1) [1980] Ch 515 at 534 the court stated that ‘a professional corporate trustee is liable for a breach of trust if loss is caused to the trust fund because it neglects to exercise the special care and skill which it professes to have’. The standard may also be impacted by any statements in offer documents or advertising that relate to the skills possessed by a responsible entity.10 [page 64]

BEST INTERESTS DUTY 4.11 In exercising its powers and carrying out its duties, a responsible entity must ‘act in the best interests of the members and, if there is a conflict between the members’ interests and its own interests, give priority to the members’ interests’: Corporations Act s 601FC(1)(c). There are two elements to this duty: a duty to act in the best interests of members and a duty of priority.

Best interests duty 4.12 The best interests of members will generally be the best financial interests where the purpose of the trust is to provide financial benefits:11 When the purpose of the trust is to provide financial benefits for the beneficiaries, as is

usually the case, the best interests of the beneficiaries are normally their best financial interests.

4.13 This duty was the subject of judicial consideration in Australian Securities and Investments Commission v Australian Property Custodian Holdings Ltd (recs and mgrs apptd) (in liq) (Controllers appointed) (No 3) [2013] FCA 1342 (Custodian Holdings). While that case was reversed on appeal,12 that was for reasons other than Murphy J’s summaries of the content of the best interests duty. 4.14 In Custodian Holdings, Australian Property Custodian Holdings Ltd (APCHL) was the responsible entity of the Prime Retirement and Aged Care Property Trust (the trust). At the relevant time, steps had already been taken to list the trust. The directors of the responsible entity (RE) resolved to pay the RE (in its personal capacity) a listing fee of about $33 million, which was to come from trust assets. There was no countervailing benefit to unitholders for the payment of the listing fee to the RE (although there was an obvious benefit to APCHL). 4.15 In assessing the requirements of s 601FC(1)(c), Murphy J observed as follows:13 It is difficult to discern the outer boundaries of the best interests duty from the text of the provisions alone. For example, the expression may be argued to indicate a requirement that the RE meet the “highest” standard rather than just a high standard. It may also be argued to set a requirement for the RE to obtain an objectively determined “best” outcome rather than requiring the best efforts of the RE. I am disinclined

[page 65] to such a view because such meanings may cause real difficulties for a trustee in performing his or her role. It is not clear to me how in many common circumstances the “highest” standard is to be determined let alone met, or how any requirement to achieve an objectively determined “best” outcome sits with the general law obligation on a trustee to act with care, competence and caution. The language of the statute alone does not make clear where the boundary lies and it is appropriate to consider the meaning of the term under general law.

4.16 After reviewing cases relating to the general law on best interests duties, Murphy J made the following conclusion:14 I conclude that the imposition of a duty to act in the best interests of the members in ss 601FC(1)(c) and 601FD(1)(c) does not extend its content beyond previously understood general law boundaries. I see the best interest duty as foundational and operating in combination with other duties. It encompasses the fundamental duty of undivided loyalty

which in the present case required APCHL and the Directors to use their best efforts to pursue solely the members’ interests, to act honestly and to exercise care, competence and prudence in doing so, and to eschew any conflict of interests between the members’ interests and its own. If any conflict of interests arose they were required to prefer the interests of the members to APCHL’s own interests. The duty also required APCHL to adhere to the terms of the Constitution.

4.17 His Honour stated that in determining whether the best interests duty in s 601FC(1)(c) has been satisfied, one applies an objective test. The test requires one to evaluate what is objectively in the interests of members.15 Obviously, this process of identifying the interests of members would, among other things, require one to refer to the applicable scheme documents, including the constitution and offer documents. Murphy J also recognised that the duty was not to secure the best outcome: ‘I do not though wish to be seen as accepting the proposition that to act in the members’ best interests a trustee must actually achieve the best outcome. [page 66] A trustee is not required to be prescient.’16 In applying this objective test, the RE and directors in Custodian Holdings were required, at the very least, to consider all the obvious issues involved in approving the listing fee and give those issues careful consideration17 and undertake a process of comparison regarding different courses of action.18 As we saw in Chapter 2, in evaluating whether the best interests duty has been discharged the objective test is to be applied ex ante.19

Priority rule 4.18 The second duty imposed under s 601FC(1)(c) is the priority rule, the duty to give priority to the members’ interests if there is a conflict between the members’ interests and the responsible entity’s own interests. This is a different formulation of the conflict rule from the one that applies to fiduciaries at general law. No doubt it reflects the ‘inherent tension between the interests of the responsible entity to maximise its return from operating the scheme and the interests of the scheme members to maximise their return and minimise their costs’.20 The priority duty implicitly permits a responsible entity to have regard to its own interests just so long

as it prioritises the interests of the members where there is a conflict. This is very different to the scope of the fiduciary duty to avoid conflicts of interests (see 2.8ff) and is ‘less demanding than a duty to avoid a real and sensible [possibility of] conflict of interest arising in equity, although the latter duty may be excluded or limited by the terms of the trust: Boardman v Phipps [1967] 2 AC 46 at 124’.21 However, the scope of the conflict provision in s 601FC(1)(c) is narrower in scope than the general law:22 [The priority rule in s 610FC(1)(c)] … does not address a conflict between the interests of members and the interests of a director or associate of the responsible entity, a conflict of duties, or a conflict of duty and interest, and does not extend to potential as distinct from actual conflicts of interests, and to that extent is narrower than the general law: Allco Funds Management Ltd (recs and mgrs apptd) (in liq) v Trust Company (Re Services) Ltd (in its capacity as responsible entity and trustee of Australian Wholesale Property Fund) [2014] NSWSC 1251 … at [169] (holding that s 601FC(1)(c) is confined to a contest between the interests of scheme members and interests of the responsible entity).

[page 67] Section 601FC(3) provides that the duties of a responsible entity under s 601FC(1)(c) override any conflicting duty or an officer or employee of the responsible entity under Pt 2D.1, but that subsection does not expressly address a responsible entity’s general law duties.

4.19 An interesting issue is whether informed consent by members (for example, by way of disclosures made in the constitution and other scheme documents) could be used to address or condition the application of the duty of priority. While it is unclear whether the statutory duty could be excluded,23 Hanrahan suggests that if a scheme constitution permitted a responsible entity to charge an expense to the scheme, there would be no conflict that would prevent the directors of the scheme from doing so.24

TREAT MEMBERS EQUALLY AND FAIRLY 4.20 In exercising its powers and carrying out its duties, a responsible entity must ‘treat the members who hold interests of the same class equally and members who hold interests of different classes fairly’: s 601FC(1)(d). This ‘requirement is not, presumably, to be treated literally, but is interpreted to mean that members are treated equally having regard to the size of the interests which they hold’.25 The duty set out in s 601FC(1)(d) ‘reflects the general law duty of a trustee to act impartially as between trust

beneficiaries’.26 In Re Equitiloan Pty Ltd v Australian Securities and Investments Commission (2003) 45 ACSR 278 Member McCabe was required to determine if differential fees levied on different classes of members breached s 601FC(1)(d). Member McCabe expressed the following view in respect to that issue:27 ASIC says that differential withdrawal fees are objectionable, but I do not agree. Where the fees vary according to the amount invested or the point in the investment term at which the withdrawal is made, there is a clear economic explanation for imposing differential fees. ASIC also says the discretion to waive the withdrawal fees is objectionable because it will result in investors being treated differently, without the difference being explicable on an economic basis.

[page 68] That view proceeds on the assumption there must be an equality of outcomes in every case in order to satisfy the statutory obligation to act equally. That is not necessarily so. If the criteria guiding the discretion are widely known and applied equally to all who seek the benefit of the discretion, and if ASIC can be satisfied: the criteria are directed towards legitimate objectives such as the relief of hardship or inequality; and the criteria will be administered fairly as between members and with integrity, there is no basis for objection. (One way in which ASIC might be confident in the administration of the criteria is by ensuring that the exercise of discretion is open to review by an independent person or entity.)

DUTY TO NOT USE INFORMATION TO GAIN IMPROPER ADVANTAGE 4.21 Section 601FC(1)(e) of the Corporations Act provides: In exercising its powers and carrying out its duties, the responsible entity of a registered scheme must … not make use of information acquired through being the responsible entity in order to: (i) gain an improper advantage for itself or another person; or (ii) cause detriment to the members of the scheme …

This duty is similar to the duty set out in s 183 of the Corporations Act which prohibits directors, officers or employees of a corporation from improperly using information to gain an advantage for themselves or another person or cause detriment to the corporation: see 3.35ff. Interestingly, s 183 does not apply to the corporate entity itself, unlike s

601FC(1)(e). In determining whether the section is contravened, one has regard to standards of conduct. In R v Byrnes (1995) 183 CLR 501 at [25] Brennan, Deane, Toohey and Gaudron JJ made the following observations in connection with the phrase ‘improper use’: Impropriety does not depend on an alleged offender’s consciousness of impropriety. Impropriety consists in a breach of the standards of conduct that would be expected of a person in the position of the alleged offender by reasonable persons with knowledge of the duties, powers and authorities of the position and the circumstances of the case.

DUTIES OF OFFICERS OF A RESPONSIBLE ENTITY 4.22 Section 601FD(1) of the Corporations Act imposes certain obligations on officers of a responsible entity.28 Section 9 of the [page 69] Corporations Act defines ‘officer’ to include a director, secretary or other person who participates in the management of the organisation. The duties imposed by s 601FD(1) are as follows: An officer of the responsible entity of a registered scheme must: (a) act honestly; and (b) exercise the degree of care and diligence that a reasonable person would exercise if they were in the officer’s position; and (c) act in the best interests of the members and, if there is a conflict between the members’ interests and the interests of the responsible entity, give priority to the members’ interests; and (d) not make use of information acquired through being an officer of the responsible entity in order to: (i) gain an improper advantage for the officer or another person; or (ii) cause detriment to the members of the scheme; and (e) not make improper use of their position as an officer to gain, directly or indirectly, an advantage for themselves or for any other person or to cause detriment to the members of the scheme; and (f) take all steps that a reasonable person would take, if they were in the officer’s position, to ensure that the responsible entity complies with: (i) this Act; and (ii) any conditions imposed on the responsible entity’s Australian financial services licence; and (iii) the scheme’s constitution; and

(iv) the scheme’s compliance plan.

These duties reflect the duties of the responsible entity discussed above. That discussion is equally applicable to interpreting and applying the duties imposed on officers under s 601FD(1). 4.23 In Australian Securities and Investments Commission v Australian Property Custodian Holdings Ltd (recs and mgrs apptd) (in liq) (Controllers appointed) (No 3) [2013] FCA 1342 Murphy J held that the business judgment rule in s 180(2) of the Corporations Act does not apply to the duties set out in s 601FD(1).29

REPORTING OF BREACHES 4.24 A responsible entity has a duty to report any breach of the Corporations Act that relates to the scheme in certain circumstances, [page 70] including but not limited to breaches of the duties set out in s 601FC(1). Section 601FC(1)(l) provides that an entity must: … report to ASIC any breach of this Act that: (i) relates to the scheme; and (ii) has had, or is likely to have, a materially adverse effect on the interests of members; as soon as practicable after it becomes aware of the breach …

4.25 Clearly this obligation could apply to a breach of the duties set out in s 601FC(1), but it applies to all breaches of the Corporations Act. The key elements of this requirement are to determine: whether a breach of the Corporations Act has occurred; whether it relates to the scheme; and whether the breach has had or is likely to have a materially adverse effect on the interests of members. It would seem that an entity would have to have actual knowledge of a breach for the provision to be engaged. Further, they would have to have actual knowledge of whether the breach has had or is likely to have a materially adverse effect on the interests of members. Once an entity has

the requisite knowledge, it would need to report the breach as soon as practicable. Again, the requirements in this context are somewhat vague and leave it open to an entity to assess whether a report is necessary in light of all the circumstances.

LIABILITY AND REMEDIES 4.26 When considering issues of liability it is important to note that both the duties imposed under s 601FC(1) and s 601FD(1) of the Corporations Act have primacy over any duties imposed on directors and officers by Pt 2D.1 (Duties and powers), for example, the duty of care and diligence imposed under s 180(1). 4.27 The Corporations Act provides that s 601FC(1) and s 601FD(1) are civil penalty provisions.30 Any person involved in a contravention of s 601FC(1) or s 601FD(1) will also contravene the relevant provision.31 4.28 As they are both civil penalty provisions, a breach of s 601FC(1) or s 601FD(1) attracts a pecuniary penalty up to $200,000.32 A person may [page 71] also be disqualified from managing a corporation for a contravention of a civil penalty provision.33 In addition, a compensation order may be made under s 1317H that allows a court to order a person who has breached a civil penalty provision to compensate a scheme for damage suffered as a result of the breach. Injunctions and other remedies may also be available.34 4.29 In addition to the above, criminal liability is imposed on a person under s 601FD(4). That section provides that a ‘person must not intentionally or recklessly contravene, or be involved in a contravention of [s 601FD(1)]’.35 The maximum penalty for a breach of s 601FD(4) is 2,000 penalty units and/or imprisonment for 5 years.36 4.30 A court may provide relief from liability for a civil penalty provision under s 1317S or in any civil proceeding for negligence, default, breach of trust or breach of duty in certain cases under s 1318. The key

factors that the court will have regard to under either provision include whether the person acted honestly and whether, having regard to all the circumstances of the case, the person ought fairly be excused from liability.

CONCLUSION 4.31 The general conduct duties that are imposed on responsible entities and their officers have been the focus of this chapter. Much of the content of the duties reflects the principles and themes from earlier chapters, especially Chapter 2 (fiduciary and equitable duties at general law) and Chapter 3 (duties of directors and officers). This is not surprising as the Explanatory Memorandum to the bill that introduced the applicable duties acknowledged that these duties ‘reflect … the fundamental duties of a fiduciary’.37 Owing much of their provenance to fiduciary principles and concepts, it is not surprising that many of the issues seen in earlier chapters affect the interpretation and application of duties discussed in this section, but obviously with the caveat that there exist unique statutory overlays (for example, the uniquely statutory concept of the duty of priority). These overlays are foreign to the law concerning fiduciary principles and a careful approach is needed in order to construe the meaning of these provisions.

1. 2.

3.

Explanatory Memorandum to the Managed Investments Bill 1997 (Cth) at [8.8]. Other obligations set out in Corporation Act s 601FC relate to specific activities: s 601FC(1) (f) ensures that the scheme’s constitution meets the requirements of ss 601GA and 601GB; s 601FC(1)(g) ensures that the scheme’s compliance plan meets the requirements of s 601HA; s 601FC(1)(h) complies with the scheme’s compliance plan; s 601FC(1)(i) ensures that scheme property is: (i) clearly identified as scheme property; and (ii) held separately from property of the responsible entity and property of any other scheme; s 601FC(1)(j) ensures that the scheme property is valued at regular intervals appropriate to the nature of the property; s 601FC(1)(k) ensures that all payments out of the scheme property are made in accordance with the scheme’s constitution and the Act; s 601FC(1)(l) reports to ASIC any breach of the Act that: (i) relates to the scheme; and (ii) has had, or is likely to have, a materially adverse effect on the interests of members, as soon as practicable after it becomes aware of the breach; s 601FC(1) (m) carries out or complies with any other duty, not inconsistent with the Act, that is conferred on the responsible entity by the scheme’s constitution. Note also that because Corporations Act s 601FC(2) imposes a trust on scheme property, a responsible entity will also have the duties, powers, rights and liabilities of a trustee under the general law as supplemented by state trustee legislation. Duties under general law include the duty to: become acquainted with the terms of the trust and its affairs; comply with the terms

4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15.

16. 17. 18. 19. 20. 21. 22. 23.

24. 25. 26. 27.

28. 29.

of the trust; collect/get in the trust property; preserve and protect trust property; administer the trust with fidelity and prudence; invest the trust property in the manner prescribed by the trust instrument or by statute; act personally, jointly and unanimously; keep accounts and records and allow beneficiaries access to trust documents; avoid mixing the trustee’s own property with property held on trust; and distribute trust property according to the terms of the trust. These duties and the duties, powers, rights and liabilities imposed under state trustee legislation will not be discuss here. LexisNexis, Australian Corporation Law Principles & Practice, online, at [7.12.0095]. See note 4 above at [7.12.0095]. H A J Ford and W A Lee, Principles of the Law of Trusts, Law Book Co, Sydney, 1983 at [1804.1]. See note 4 above at [7.12.0095]. See note 4 above at [7.12.0095]. See note 4 above at [7.12.0095]. Gill v Eagle Star Nominees Ltd (unreported, SC(NSW), Gleeson CJ, No 4222 of 1989, 22 September 1993) at 13. Cowan v Scargill [1985] Ch 270 at 286–7 per Megarry V-C. Lewski v Australian Securities and Investments Commission [2016] FCAFC 96. Custodian Holdings [2013] FCA 1342 at [463]. Custodian Holdings [2013] FCA 1342 at [484]. Custodian Holdings [2013] FCA 1342 at [485]–[487]. A topical issue concerning the interests of members is whether they extend beyond immediate financial interests (see 4.12 above) and encompass environmental issues, including climate change risks, relating to investments of the fund. Girgis considers that there is a ‘growing likelihood of legal challenge for trustee directors who ignore analysis and evidence of global warming in their investment decisions’, although he goes on to qualify that statement by pointing out that ‘any decision to include or exclude carbon-intensive assets must be one that involves analysis, deliberation and information gathering’: M Girgis, ‘What Are a Trustee’s Legal Obligations on Climate Change?’, Investment Magazine, 1 June 2015 (viewed 31 October 2016). See also R Sullivan, W Martindale, E Feller and A Bordon, ‘Fiduciary Duty in the 21st Century’ (viewed 31 October 2016). Custodian Holdings [2013] FCA 1342 at [488]. Custodian Holdings [2013] FCA 1342 at [571]–[572]. Custodian Holdings [2013] FCA 1342 at [660]. See 2.13ff. See note 4 above at [7.12.0095]. LexisNexis, Austin & Black’s Annotations to the Corporations Act, online, at [5C.601FC]. See note 21 above at [5C.601FC]. Dr R Austin, ‘APRA-regulated Entities: Giving Priority to Policyholders and Beneficiaries’, Supreme Court of New South Wales Annual Corporate Law Conference, 8 September 2015, p 30. P Hanrahan, Managed Investment Schemes Law & Practice, CCH, loose-leaf, at [8.63]. See note 4 above at [7.12.0095]. See note 4 above at [7.12.0095]. Re Equitiloan Pty Ltd v Australian Securities and Investments Commission (2003) 45 ACSR 278 at [35]–[37]. Contrast Re Sovereign Capital Ltd and Australian Securities and Investments Commission (2009) 109 ALD 398 where the responsible entity was held to have breached s 601FC(1)(d) by permitting a single member to withdraw from a scheme. See also duties imposed on employees by Corporations Act s 601FE(1). Australian Securities and Investments Commission v Australian Property Custodian Holdings

30. 31. 32. 33. 34. 35. 36.

37.

Ltd (recs and mgrs apptd) (in liq) (Controllers appointed) (No 3) [2013] FCA 1342 at [528]. See Corporations Act s 1317E. See Corporations Act s 601FC(5) and s 601FD(3), respectively. See Corporations Act s 1317G(1). See Corporations Act s 206C and Pt 2D.6 generally. See Corporations Act s 1324 and s 1325. See Corporations Act s 601FD(4). See Corporations Act s 1311 and Sch 3. Section 4AA of the Crimes Act 1914 (Cth) currently provides that one penalty unit means an amount of $180. Commencing 1 July 2018, penalty units will be subject to the triennial indexation regime set out in s 4AA(3) of the Crimes Act. Explanatory Memorandum to the Managed Investments Bill 1997 (Cth) at [8.8].

[page 73]

Chapter 5 Duties of Registrable Superannuation Entities INTRODUCTION 5.1 A corporate trustee of a registrable superannuation entity has all the duties of trustee under the general law of trusts as statute trustee legislation. In addition, directors and officers of a corporate trustee will have all the duties imposed on directors and officers under the Corporations Act 2001 (Cth) (Corporations Act) as well as general law duties.1 Many of the laws that impose open-ended standards or norms of conduct have been discussed in previous chapters. Accordingly, the duties of a registrable superannuation entity (RSE) that this chapter will examine are those that are imposed on such entities by s 52 of the Superannuation Industry (Supervision) Act 1993 (Cth) (SIS Act). In particular the chapter will focus on the open-ended duties that are imposed under that provision: duties that impose standards or norms of conduct on RSEs (as well as directors).2 These include the duty to: act honestly: s 52(2)(a); exercise care, skill and diligence: s 52(2)(b); act in the best interests of the beneficiaries: s 52(2)(c);3 [page 74] give priority where there is a conflict: s 52(2)(d); act fairly in dealing with classes of beneficiaries: s 52(2)(e); act fairly in dealing with beneficiaries within a class: s 52(2)(f); manage risk under prudential standards; and manage whistleblower disclosures in accordance with the SIS Act.

5.2 In Manglicmot v Commonwealth Bank Officers Superannuation Corp Pty Ltd [2011] NSWCA 204 at [117] Giles JA (with whom Young and Whealy JJA agreed) noted the following when discussing the provenance of the laws that introduced the SIS Act:4 In the second reading speech for the Bill for the SIS Act the Parliamentary Secretary to the Treasurer, Mr Johns, relevantly said that the Bill “provides … for trustees and investment managers to be made subject to adequate legislative sanctions for the proper performance of their fiduciary responsibilities and increasing their accountability to their members; clear delineation of the basic duties and responsibilities of trustees …”… In the course of later debate the Parliamentary Secretary … said that: … what we have done [in the Bill] is simply to transcribe already existing trust law that will govern the behaviour of these people and codify it and write it down. This is perhaps the first time an effort has been made to make nice and clear the way we expect these people to act the meaning of acting properly, carefully and prudently.

Accordingly, in determining the content of these duties, it is necessary to draw heavily on the general law5 and, where appropriate, cases which have considered cognate legislation. 5.3 Prior to examining the relevant duties, it is necessary to briefly mention the manner in which the duties set out above are imposed on RSEs. Section 52(1) of the SIS Act provides that: ‘If the governing rules of a registrable superannuation entity do not contain covenants to the effect of the covenants set out in this section, those governing rules are taken to contain covenants to that effect.’ Accordingly, the duties are therefore implied into the governing rules of each RSE rather than imposed by direct operation of law.6 [page 75]

DUTY TO ACT HONESTLY 5.4 The first duty set out in s 52(2)(a) of the SIS Act relates to honest conduct. It is expressed in the form of a covenant. The trustee of the entity gives a covenant that it will ‘act honestly in all matters concerning the entity’. Ford and Lee note that ‘[t]he courts have refrained from developing any general rules or principles in determining whether any given pattern of conduct is honest and reasonable’.7 The word ‘honestly’ means ‘with

honesty; in an honest manner’. In turn, the word ‘honestly’ means ‘1. the quality or fact of being honest; uprightness, probity, or integrity. 2. truthfulness, sincerity, or frankness. 3. freedom from deceit or fraud …’: Macquarie Dictionary. 5.5 An unresolved issue in this context is whether one uses an objective or subjective standard when evaluating whether an entity or person has acted honestly. While there are no cases that have considered the meaning of the duty under s 52(2)(a), in Marchesi v Barnes [1997] VR 434 at 438 Gowans J explored the meaning of the word ‘honestly’ in the context of provisions that required directors to ‘act honestly’: [T]o “act honestly” refers to acting bona fide in the interests of the company in the performance of the functions attaching to the office of director. A breach of the obligation to act bona fide in the interests of the company involves a consciousness that what is being done is not in the interests of the company, and deliberate conduct in disregard of that knowledge.

In Australian Securities and Investments Commission v Vines (2005) 55 ACSR 617 at [1099] Austin J interpreted this statement to mean: His Honour’s observations [in Marchesi v Barnes [1997] VR 434] had been taken to mean that a defendant would not be held to have breached the statutory duty of honesty unless it was shown that he or she was conscious that what was being done was not in the interests of the company. Conversely, directors who honestly believed their decision to be in the interests of the company did not contravene this section even though they acted for a purpose that, judged objectively, was not a proper purpose …

However, Austin J noted (at [1100]) that ‘a different approach was taken in Australian Growth Resources Corp Pty Ltd v Van Reesema (1988) 13 ACLR 261 … where King CJ said (at 272)’: The section therefore embodies a concept analogous to constructive fraud, a species of dishonesty which does not involve moral turpitude. I have no

[page 76] doubt that a director who exercises his powers for a purpose which the law deems to be improper, infringes this provision notwithstanding that according to his own lights he may be acting honestly.

5.6 This tension is not dissimilar to the kind of tension identified by Black J in Re Colorado Products Pty Ltd (in prov liq) [2014] NSWSC 789 at [420] in respect to whether a subjective or objective standard ought to apply in determining a director’s duty to act in good faith and in the best

interests of the corporation: see 3.31. Ultimately, from the perspective of proving whether a breach has occurred, a subjective standard is a higher standard and the objective standard a lower one.8

DUTY TO EXERCISE CARE, SKILL AND DILIGENCE 5.7 Section 52(2)(b) of the SIS Act contains a covenant which requires the trustee of an entity: … to exercise, in relation to all matters affecting the entity, the same degree of care, skill and diligence as a prudent superannuation trustee would exercise in relation to an entity of which it is trustee and on behalf of the beneficiaries of which it makes investments …

Section 52(3) of the SIS Act defines a ‘superannuation trustee’ for the purposes of this covenant as ‘a person whose profession, business or employment is or includes acting as a trustee of a superannuation entity and investing money on behalf of beneficiaries of the superannuation entity’. In Manglicmot v Commonwealth Bank Officers Superannuation Corp Pty Ltd [2011] NSWCA 204 at [120] Giles JA (with whom Young and Whealy JJA agreed) observed as follows: Section 52(2)(b) does not in my opinion materially add to breach by the respondent of its general law duty to exercise reasonable care. The terms of the covenant appear to have been taken from Re Whiteley (1886) 33 Ch D 347. The respondent was obliged to exercise the care, skill and diligence in insuring pursuant to the powers in rr A4.1(b) and A4.1(c)(6) and obtaining insurance on terms and conditions acceptable to it under r F8.4(a). The former were acknowledged as discretionary powers, the latter was of the same kind. The exercise of a discretionary power is approached through the s 52(2)(b) covenant in no different way from its exercise in accordance with the respondent’s general law obligation. …

In Speight v Gaunt (1883) 9 App Cas 1 Lord Blackburn said that the duty of a fund to exercise reasonable care will be discharged if the fund ‘takes in [page 77] managing trust affairs all those precautions which an ordinary prudent man of business would take in managing similar affairs of his own’.9 5.8 Similar to the position under Corporations Act s 601FC(1) discussed at 4.7ff, the terms of the covenant invite a court to assess the conduct of

the entity from an objective perspective. In considering what the duty requires in any given case it would obviously be relevant to take into account the terms of all the governing rules of the entity. For instance, if it is clear from the terms of the governing rules that the entity will invest in a specific manner or undertake (or not undertake) certain activities, then there should be no grounds for suggesting that there is a breach of the care, skill and diligence covenant if the conduct corresponds to the governing rules. The expectations on an RSE are different from those that apply to a company director, though. 5.9 In Daniels (formerly practising as Deloitte Haskins & Sells) v Anderson (1995) 37 NSWLR 438 at 494 Clarke and Sheller JJA observed that: However for reasons well documented in the text books it became apparent that the duty and function of a director did not correspond with those of a trustee. While the duty of a trustee is to exercise a degree of restraint and conservatism in investment judgments the duty of a director may be to display entrepreneurial flair and accept commercial risks to produce a sufficient return on the capital invested.

The concept of restraint and conservatism referred to by Clarke and Sheller JJA was expanded on by Finn J in Australian Securities Commission v AS Nominees Ltd (1995) 18 ACSR 459 at 470 where his Honour referred to the ‘requirement of caution’ and said: I would add that underlying the distinction today is, probably, not merely an historical assumption about the separate purposes of companies and of trusts, but also a generalisation about the different risks that persons who invest their assets in companies on the one hand and in trusts on the other are considered likely to have assumed.

In any given case what constitutes the exercise of prudence or caution will differ according to the nature of the entity, the nature and range of its stated investment activities. The requirement of caution does not prevent an entity from adopting its stated investment strategy. However, the entity is required to implement the applicable strategy having regard to the requirement of caution. 5.10 The standard of the duty owed by an entity will also be affected by the responsible entity holding itself out as having any special skills. [page 78]

In Bartlett v Barclays Bank Trust Co Ltd (No 1) [1980] Ch 515 at 534 the court stated that ‘a professional corporate trustee is liable for a breach of trust if loss is caused to the trust fund because it neglects to exercise the special care and skill which it professes to have’. The standard may also be impacted by any statements in governing rules of the entity or advertising that relates to the skills possessed by a responsible entity.10

DUTY TO ACT IN THE BEST INTERESTS OF BENEFICIARIES 5.11 The covenant concerning acting in the best interests of beneficiaries is set out in s 52(2)(c) of the SIS Act. That covenant requires the trustee ‘to perform the trustee’s duties and exercise the trustee’s powers in the best interests of the beneficiaries’. The general law duty to act in the best interests of beneficiaries was discussed at 2.13ff. In Manglicmot v Commonwealth Bank Officers Superannuation Corp Pty Ltd [2011] NSWCA 204 at [121] Giles JA stated that: Nor in my opinion does s 52(2)(c) materially add to breach by the respondent of its general law duty to act in the best interests of members of the Fund. The respondent’s general law obligation could be expressed, in the language of s 52(2)(c), as an obligation to perform and exercise its duties and powers in the best interests of the beneficiaries. … There is liability if the discretionary power is exercised improperly, but otherwise there is not.

The New South Wales Court of Appeal in Commonwealth Bank Officers Superannuation Corporation Pty Ltd v Beck [2016] NSWCA 218 also considered that the best interests duty under the SIS Act does not expand the general law duty of a trustee to act in the best interests of beneficiaries.11 The seminal statement of the best interests duty was made by Sir Robert Megarry V-C in Cowan v Scargill [1984] 2 All ER 750 at 760: The starting point is the duty of trustees to exercise their powers in the best interests of the present and future beneficiaries of the trust, holding the scales impartially between the different classes of beneficiaries. This duty of the trustees towards their beneficiaries is paramount. They must, of course, obey the law; but subject to that, they must put the interests of their beneficiaries first. When the purpose of the trust is to provide financial benefits for the beneficiaries, as is usually the case,

[page 79]

the best interest of the beneficiaries are normally their best financial interests.

As discussed in previous chapters,12 there has been much debate about what the term ‘best interest’ actually means or requires one who is subject to the duty to actually do.13 The first instance decision in Manglicmot v Commonwealth Bank Officers Superannuation Corp Pty Ltd [2010] NSWSC 363 discussed the content of the best interests covenant.14 In that case, Rein J was of the view that the best interests test was concerned with process, not outcome. Rein J expressed his view in the following terms:15 I do not accept that the trustee is made liable for any outcome which turns out to be unbeneficial to members, even if the original decision which led to that outcome was taken with the best interests of all members in mind. Another way of describing this approach is to say that s 52(2) is concerned with process, not outcome.

In Charlton v Baber [2003] NSWSC 745 at [46] Barrett J observed that ‘[t]he expression “best interests”, taken literally, is apt to create a false impression that some absolute or superlative is in contemplation. Its true meaning emerges from a consideration of other contexts in which [page 80] it is used’. In the course of reviewing analogous case law, his Honour expressed the following views:16 In the field of unconscionability and undue influence, the relevant inquiry is whether a person is able “to make a worthwhile judgment as to what is in his best interests” … or suffers from “a disabling condition which seriously affects his ability to make a judgment as to his own best interests” … “Best interests” is thus an expression concerned with a person’s separate and independent welfare. Where the concern to which the “best interests” assessment is relevant centres upon possibilities of undue influence and, perhaps, improper purpose, the task is to consider what the putative victim would have done in seeking to protect his or her own position and promote his or her own advantages with such a degree of selfishness as the circumstances will admit.

As we saw in Chapter 2, in evaluating whether the best interests duty has been discharged an objective test is applied ex ante.17

DUTY TO GIVE PRIORITY WHERE THERE IS A CONFLICT

5.12 The covenant in s 52(2)(d) of the SIS Act deals with conflicts and the duty of the trustee to give priority in circumstances set out in the covenant. The covenant provides as follows:18 … where there is a conflict between the duties of the trustee to the beneficiaries, or the interests of the beneficiaries, and the duties of the trustee to any other person or the interests of the trustee or an associate of the trustee: (i) to give priority to the duties to and interests of the beneficiaries over the duties to and interests of other persons; and (ii) to ensure that the duties to the beneficiaries are met despite the conflict; and (iii) to ensure that the interests of the beneficiaries are not adversely affected by the conflict; and (iv) to comply with the prudential standards in relation to conflicts …

As a matter of construction, the priority duty set out in the covenant applies only to actual conflicts not possible conflicts: see also 4.18. [page 81] It is important to note that the duty expressed in this covenant prevails over any conflicting duties including, among other things, any conflicting duties set out in Pt 2D.1 of the Corporations Act: s 52(4). 5.13 Austin identifies the four situations of conflict covered by the covenant in these terms:19 (a) conflict between the duties of the trustee to the beneficiaries, and the duties of the trustee to any other person; (b) conflict between the duties of the trustee to the beneficiaries, and the interests of the trust or an associate of the trustee; (c) conflict between the interests of the beneficiaries and the duties of the trustee to any other person; (d) conflict between the interests of the beneficiaries and the interests of the trustee or an associate of the trustee.

One of the most obvious areas in which the duty or priority will apply will be where an actual conflict arises between a duty of the trustee to act in the best interests of the beneficiaries and a duty that a corporate trustee owes to its shareholders. Austin notes that a difficulty with the obligations in subparas (ii)–(iv) is that they are not ‘obviously different from the priority obligation in

subparagraph (i)’.20 5.14 Obviously, a critical first step in applying the covenant is to identify the interests of the beneficiaries. Austin states:21 Ascertaining the interests of the beneficiaries is an important component of the statutory duties of the trustee and directors. A court interpreting and applying the SIS Act provisions is likely to be influenced by the observations of the Victorian Court of Appeal in ACN 074 971 109 (as trustee for the Argot Unit Trust) v The National Mutual Life Association of Australasia [2008] VSCA 247, at [146], to the effect that the interest of the beneficiaries of the entity’s and directors’ duties are framed by their entitlements under the relevant documentation, in this case the trust instrument and any other contractual or offer documents relating to the beneficiary’s investment.

Austin concludes: Perhaps the best general formulation of the requirements has been the one given by the Final Report of the Super System Review (at [2.2.1]), which identities two elements of the duty, namely for trustees to place member interests ahead of other interests, and for them to actively endeavor to

[page 82] achieve the best outcome for members. But the application of such general sentiments to practical problems will always be challenging.22

DUTY TO ACT FAIRLY IN DEALINGS BETWEEN AND WITHIN CLASSES OF BENEFICIARIES 5.15 The covenant set out in s 52(2)(e) of the SIS Act provides that an entity has a duty ‘to act fairly in dealing with classes of beneficiaries within the entity’. The covenant in s 52(2)(f) provides that an entity has a duty ‘to act fairly in dealing with beneficiaries within a class’. The origins of this duty can be traced back to statements made by Sir Robert Megarry V-C in Cowan v Scargill [1984] 2 All ER 750. In that case, his Honour said:23 The starting point is the duty of trustees to exercise their powers in the best interests of the present and future beneficiaries of the trust, holding the scales impartially between the different classes of beneficiaries. This duty of the trustees towards their beneficiaries is paramount. They must, of course, obey the law; but subject to that, they must put the interests of their beneficiaries first. When the purpose of the trust is to provide financial benefits for the beneficiaries, as is usually the case, the best interest of the beneficiaries are normally their best financial interests.

5.16 A first step in this context is to determine what the word ‘fairly’

means. The Macquarie Dictionary defines the word to mean ‘in a fair manner; justly; impartially … properly; legitimately’. The concept of impartiality reflects the general law position. In Edge v Pensions Ombudsman [2000] Ch 602 the English Court of Appeal considered the general law position regarding ‘holding the scales impartially between different classes of members’. The court stated (at 615–16): The trustees’ duty to act impartially between the different beneficiaries does not equate with a duty to exercise their discretion on all occasions in such a way as to produce equal benefits of equal value to all beneficiaries. Nor does it even require that all beneficiaries receive some benefit from an exercise of a discretion. It is permissible to exercise a discretion in such a manner as to omit particular beneficiaries, or a class thereof. But the decision to exclude those beneficiaries must not be the result of undue partiality towards the interests of the preferred beneficiaries.

Re Equitiloan Pty Ltd v Australian Securities and Investments Commission (2003) 45 ACSR 278 was a tribunal case concerned with the meaning of s 601FC(1)(d) of the Corporations Act. The section imposes an obligation on a responsible entity to treat members in the same class [page 83] equally and different classes fairly. In that case, Member McCabe was of the view that the provision did no more than reflect the general law:24 Section 601FC of the Corporations Act 2001 (Cth) sets out the duties of a responsible entity of a registered scheme. In particular, s 601FC(1)(d) says the responsible entity must “treat the members who hold interests of the same class equally and members who hold interests of different classes fairly …”. The legislation echoes the requirement of impartiality imposed on trustees in their dealings with beneficiaries: see Re Lepine [1892] 1 Ch 210 at 219 per Fry LJ. That rule prevents trustees from treating beneficiaries differently on the basis of irrelevant criteria.

The last sentence of this statement shines a light on the central purpose of the covenants and cognate legislation. A trustee should ensure that they do not treat beneficiaries differently on the basis of irrelevant criteria. However, the rule does not prevent beneficiaries in the same class or in different classes being treated differently, so long as there is a rational and impartial basis for doing so. The issues of whether cognate provisions prevent differential treatment has been the subject of debate. Although the duty expressed in s 601FC(1) (d) of the Corporations Act is expressed in different terms (that is,

members in the same class to be treated equally and different classes to be treated fairly), commentary relating to that duty is pertinent here. Commentators have expressed the view that the ‘requirement [under s 601FC(1)(d)] is not, presumably, to be treated literally, but is interpreted to mean that members are treated equally having regard to the size of the interests which they hold’.25 These commentators have observed that the duty ‘reflects the general law duty of a trustee to act impartially as between trust beneficiaries’.26 The covenants would not seem to suggest a different standard in the RSE context. The comment must be equally applicable to the covenants. In Re Equitiloan Pty Ltd v Australian Securities and Investments Commission (2003) 45 ACSR 278 Member McCabe was required to determine if differential fees levied on different classes of members breached s 601FC(1)(d). Member McCabe expressed the following view in respect to that issue:27 ASIC says that differential withdrawal fees are objectionable, but I do not agree. Where the fees vary according to the amount invested or the point

[page 84] in the investment term at which the withdrawal is made, there is a clear economic explanation for imposing differential fees. ASIC also says the discretion to waive the withdrawal fees is objectionable because it will result in investors being treated differently, without the difference being explicable on an economic basis. That view proceeds on the assumption there must be an equality of outcomes in every case in order to satisfy the statutory obligation to act equally. That is not necessarily so. If the criteria guiding the discretion are widely known and applied equally to all who seek the benefit of the discretion, and if ASIC can be satisfied: the criteria are directed towards legitimate objectives such as the relief of hardship or inequality; and the criteria will be administered fairly as between members and with integrity, there is no basis for objection. (One way in which ASIC might be confident in the administration of the criteria is by ensuring that the exercise of discretion is open to review by an independent person or entity.)

Again, the statements of Member McCabe could be applied to the duties set out in the covenants. 5.17 Austin has indicated that in determining what is ‘fair’ under the covenants set out in s 52(2)(e) and s 52(2)(f), an objective approach ought

to be adopted.28

DIRECTORS’ DUTIES 5.18 The covenants set out in s 52(2) of the SIS Act are imposed on an entity. Covenants similar to the ones discussed in this chapter are imposed on directors of a corporate trustee of an entity under s 52A. The applicable covenants that are imposed under s 52A(2) are duties: (a) to act honestly in all matters concerning the entity; (b) to exercise, in relation to all matters affecting the entity, the same degree of care, skill and diligence as a prudent superannuation entity director would exercise in relation to an entity where he or she is a director of the trustee of the entity and that trustee makes investments on behalf of the entity’s beneficiaries; (c) to perform the director’s duties and exercise the director’s powers as director of the corporate trustee in the best interests of the beneficiaries; (d) where there is a conflict between the duties of the director to the beneficiaries, or the interests of the beneficiaries, and the duties of

[page 85] the director to any other person or the interests of the director, the corporate trustee or an associate of the director or corporate trustee: (i) to give priority to the duties to and interests of the beneficiaries over the duties to and interests of other persons; and (ii) to ensure that the duties to the beneficiaries are met despite the conflict; and (iii) to ensure that the interests of the beneficiaries are not adversely affected by the conflict; and (iv) to comply with the prudential standards in relation to conflicts; (e) not to enter into any contract, or do anything else, that would: (i) prevent the director from, or hinder the director in, properly performing or exercising the director’s functions and powers as director of the corporate trustee; or (ii) prevent the corporate trustee from, or hinder the corporate trustee in, properly performing or exercising the corporate trustee’s functions and powers as trustee of the entity; (f) to exercise a reasonable degree of care and diligence for the purposes of ensuring that the corporate trustee carries out the covenants referred to in section 52.

5.19 Section 52A(5) provides that ‘[t]he reference in paragraph [52A](2) (f) to a reasonable degree of care and diligence is a reference to the degree of care and diligence that a superannuation entity director would exercise

in the circumstances of the corporate trustee’. 5.20 Among other things, s 52A(3) provides that ‘[t]he obligations of the director under paragraph [52A](2)(d) override any conflicting obligations the director has under … Part 2D.1 of the Corporations Act 2001 [Directors’ duties and powers]’.

LIABILITY AND REMEDIES 5.21 Section 55(1) of the SIS Act provides that ‘[a] person must not contravene a covenant contained, or taken to be contained, in the governing rules of a superannuation entity’. Section 55(2) states that a ‘contravention of subsection (1) is not an offence and a contravention of that subsection does not result in the invalidity of a transaction’. Section 55(3) provides that a person who suffers loss or damage as a result of conduct of another person who engaged in a contravention of a covenant may recover the amount of the loss or damage by action against that other person or against any person involved in the contravention, subject to s 55(4A). Section 55(4A) provides that an [page 86] action for damages against a director may only be commenced with the leave of the court. An action must be commenced within six years of the day on which the cause of action arose: s 55(4).29 5.22 There is a defence to an action under s 55(3). Section 323(2) of the SIS Act provides that: [I]n proceedings against a person (the defendant) in respect of a contravention, it is a defence if the defendant establishes: (a) that the contravention was due to reasonable mistake; or (b) that the contravention was due to reasonable reliance on information supplied by another person; or (c) that: (i) the contravention was due to: (A) the act or default of another person; or (B) an accident; or

(C) some other cause beyond the defendant’s control; and (ii) the defendant took reasonable precautions and exercised due diligence to avoid the contravention.

This defence is subject to s 323(4) which provides that: If a defence provided by subsection (2) involves an allegation that a contravention was due to: (a) reliance on information supplied by another person; or (b) the act or default of another person; the defendant is not entitled to rely on that defence unless: (c) the court grants leave; or (d) both: (i) the defendant has served on the person by whom the proceedings were instituted a written notice giving such information: (A) that would identify, or assist in the identification of, the other person; and (B) as was then in the defendant’s possession; and (ii) that notice is served not later than 7 days before the day on which the hearing of the proceedings begins.

5.23 An action may also be available to beneficiaries based on the same conduct that may be alleged to contravene a covenant. Section 350 [page 87] of the SIS Act provides that ‘[i]t is the intention of the Parliament that this Act is not to apply to the exclusion of a law of a State or Territory to the extent that that law is capable of operating concurrently with this Act’. Accordingly, beneficiaries may also commence an action to recover any loss or damage for a breach of a general law obligation if it were available on the facts. If one of the two peculiarly fiduciary duties is breached, the ‘situation can be remedied by injunction, rescission, account of profits, equitable compensation and proprietary remedies’.30 On the other hand, if a fiduciary breaches a non-fiduciary duty that it owes to a principal or beneficiary (for example, the duty of care and skill or the best interests duty), the usual remedy would be ‘equitable compensation and, in certain circumstances, injunctive relief’.31 In insolvency situations, the distinction can have material implications due to the impact it has on remedies.32

PRUDENTIAL STANDARDS

5.24 Under prudential standards, a board of a registrable superannuation entity is ultimately responsible for risk management for the entity.33 Section 34C(1) of the SIS Act requires an RSE to comply with a prudential standard. The rationale for imposing risk management obligations on the board of directors is set out in the applicable standard, Prudential Standard SPS 220 Risk Management. The Prudential Standard SPS 220 imposes risk management requirements on the board of directors in order to ensure that the RSE has ‘systems for identifying, assessing, managing, mitigating and monitoring material risks that may affect its ability to meet its obligations to beneficiaries’.34 At a minimum, an RSE must ‘ensure that its risk management framework covers all material risks, both financial and non-financial, to the RSE licensee’s business operations, having regard to the size, business mix and complexity of those operations’.35

Liability and remedies 5.25 If the board of directors breach their obligations under the prudential standard, the Australian Prudential Regulation Authority [page 88] (APRA) may issue a direction to remedy that failure36 or the directors may be exposed to ASIC bringing a civil action against them for a breach of their duty of care under s 180(1) of the Corporations Act seeking compensation or disqualification orders: see further 3.49.

DUTIES CONCERNING WHISTLEBLOWERS 5.26 In light of the effect misconduct can have on the value of funds managed by an insurer either directly or indirectly due to the impact on its reputation, ‘whistleblower policies should be a key area of consideration for any company’.37 The SIS Act provides its own whistleblower regime for RSEs.38 Needless to say, directors of RSEs need to ensure that the company maintains compliance policies in respect to a whistleblower regime, including by virtue of its risk management system.

The whistleblower regime under the SIS Act 5.27 Section 336A of the SIS Act provides as follows: (1) This section applies to a disclosure of information by a person (the discloser) who is, in relation to a superannuation entity, any of the following: (a) a trustee of the superannuation entity; (b) an officer of a body corporate that is a trustee, custodian or investment manager of the superannuation entity; (c) an employee of an individual referred to in paragraph (a) or a body corporate referred to in paragraph (b); (d) a person who has a contract for the supply of services or goods to an individual referred to in paragraph (a) or a body corporate referred to in paragraph (b); (e) an employee of a person referred to in paragraph (d). (2) The disclosure of the information by the discloser qualifies for protection under this Division if: (a) the disclosure is made to any of the following: (i) the Regulator; (ii) the actuary or auditor of the superannuation entity; (iii) an individual who is a trustee of the superannuation entity; (iv) a director of a body corporate that is the trustee of the superannuation entity;

[page 89] (v) a person authorised by the trustee or trustees of the superannuation entity to receive disclosures of that kind; and (b) the discloser informs the person to whom the disclosure is made of the discloser’s name before making the disclosure; and (c) both: (i) the information concerns misconduct, or an improper state of affairs or circumstances, in relation to the superannuation entity or a trustee of the entity; and (ii) the discloser considers that the information may assist a person referred to in paragraph (a) to perform the person’s functions in relation to the superannuation entity or trustee; and (d) the discloser makes the disclosure in good faith. (3) In this section, officer has the same meaning as it has in the Corporations Act 2001.

5.28 Note that the requirement in s 336A(2)(c) is that the information that the discloser reveals must concern ‘misconduct, or an improper state of affairs or circumstances, in relation to the superannuation entity or a trustee of the entity’. The information that qualifies under this section is

much wider in scope than the whistleblower regime in the Corporations Act. That whistleblower regime is engaged where:39 … the discloser has reasonable grounds to suspect that the information indicates that: (i) the company has, or may have, contravened a provision of the Corporations legislation; or (ii) an officer or employee of the company has, or may have, contravened a provision of the Corporations legislation …

Under the SIS Act, the discloser must only ‘consider’ that the information may assist: a regulator;40 the actuary or auditor of the superannuation entity; an individual who is a trustee of the superannuation entity; a director of a body corporate that is the trustee of the superannuation entity; or a person authorised by the trustee or trustees of the superannuation entity to receive whistleblower disclosures, to perform the person’s functions or duties in relation to the body.41 [page 90] However, like the Corporations Act, a disclosure made under s 336A must be made in good faith.42

No civil or criminal liability 5.29 If a person makes a disclosure under s 336A, s 336B(1) provides that:43 (1) If a person makes a disclosure that qualifies for protection under this Division: (a) the person is not subject to any civil or criminal liability for making the disclosure; and (b) no contractual or other remedy may be enforced, and no contractual or other right may be exercised, against the person on the basis of the disclosure.

No victimisation 5.30 Section 336C(1) makes it an offence to cause detriment to a

whistleblower in certain circumstances. Threatening to cause detriment to another person is also on offence if that conduct is motivated by the fact that a person has made or may make a disclosure under the Act.44 These offences carry a maximum penalty of 25 penalty units or imprisonment for six months or both.45

Compensation 5.31 Section 336D provides that a person may recover damages arising from a contravention of the whistleblower regime.

Confidentiality obligations 5.32 Section 336E imposes strict confidentiality obligations in respect to disclosures made under the whistleblower regime. Subject to other requirements set out in s 336E, any person who communicates the information initially disclosed by the whistleblower or reveals the whistleblower’s identity (or reveals information that would be likely to [page 91] lead to the identification of the whistleblower) is liable to a maximum penalty of 25 penalty units.46 The only express exceptions that apply are if the relevant information is communicated to APRA, a member of the Australian Federal Police or a person with the consent of the whistleblower.47 5.33 It is arguable s 336E may prevent a person to whom a whistleblower discloses information from communicating that information or the identity of the whistleblower to a lawyer even though the very circumstances may logically indicate that such a course of action would be extremely prudent, for example, where it would be prudent to obtain legal advice in relation to the matters raised by the whistleblower.48 The High Court in Daniels Corporation International Pty Ltd v Australian Competition and Consumer Commission [2002] HCA 49 noted that legal professional privilege is a rule of substantive law and an important common law immunity.49 Impliedly, it follows that the right to

communicate with a lawyer also has those characteristics. The High Court in that case also noted ‘that statutory provisions are not to be construed as abrogating important common law rights, privileges and immunities in the absence of clear words or a necessary implication to that effect’.50 While the position is not certain, one view is that Parliament, having turned its mind in drafting s 336E(2) to the issue of to whom confidential information could be communicated, left no room for the implication of a right to communicate to a lawyer. An alternative view is that in the context of the whistleblower regime there is a necessary implication that issues relating to the whistleblower’s disclosure can and should be communicated to a lawyer in order to obtain advice as to the nature of the disclosures (including what steps need to be taken to address the relevant issues). A further view is that the lawyer may be an agent of the life company and therefore there is no disclosure to another person in that context.

CONCLUSION 5.34 The open-ended duties imposed on entities through covenants under the SIS Act broadly reflect the duties that trustees have at general law. It is essential to have regard to the case law regarding the general law duties in order to seek to interpret and apply the content of the covenants.

1. 2. 3.

4. 5.

6.

See M S Donald, ‘“Best” Interests’ (2008) 2 Journal of Equity 1 at 8–10. See SIS Act s 52A. The chapter will not discuss other covenants set out in s 52 including specific covenants regarding investments (s 52(6)), insurance (s 52(7)) and risk (s 52(8)). For commentary regarding the specific duty of a trustee in relation to insurance, including the duty to do everything that is reasonable to pursue an insurance claim for the benefit of a beneficiary under s 52(7) of the SIS Act, see A Clarke, ‘Part 1: Upstairs — A Superannuation Member’s Insurance Interest and the Trustee’s Duties’, paper presented at Law Council Superannuation Conference — The Calm before the Storm, Melbourne, 26 February 2016, pp 19–22. See also Manglicmot v Commonwealth Bank Officers Superannuation Corp Pty Ltd [2010] NSWSC 363 at [102] per Rein J. See Manglicmot v Commonwealth Bank Officers Superannuation Corp Pty Ltd [2011] NSWCA 204 at [120]–[122]. Note also s 350 of the SIS Act which provides: ‘It is the intention of the Parliament that this Act is not to apply to the exclusion of a law of a State or Territory to the extent that that law is capable of operating concurrently with this Act.’ Note also that the duty in SIS Act s 52(2)(d) (duty of priority) overrides any obligations owed under Pt 2D.1 of the Corporations Act and duties under legislation relating to general duties of public officials: s 52(4). See also s 52A(3) with respect to the covenants in s 52A(2). For a

7. 8. 9. 10. 11. 12.

13.

14. 15.

16. 17.

18. 19. 20. 21. 22. 23. 24.

discussion about the provenance of the covenants in s 52 see Manglicmot v Commonwealth Bank Officers Superannuation Corp Pty Ltd [2011] NSWCA 204 at [110]–[117]. H A J Ford and W A Lee, Principles of the Law of Trusts, Law Book Co, Sydney, 1983 at [1804.1]. LexisNexis, Australian Corporation Law Principles & Practice, online, at [7.12.0095]. Speight v Gaunt (1883) 9 App Cas 1 at 19 per Lord Blackburn: adopted in Austin v Austin [1906] HCA 5; (1906) 3 CLR 516 at 525. Gill v Eagle Star Nominees Ltd (unreported, SC(NSW), Gleeson CJ, No 4222 of 1989, 22 September 1993) at 13. Commonwealth Bank Officers Superannuation Corporation Pty Ltd v Beck [2016] NSWCA 218 at [136] per Bathurst CJ, [189] per Macfarlan JA and [196] per Gleeson JA. See for example 2.13ff and 4.11ff. Obviously, this process of identifying the interests of members would, among other things, require one to refer to the applicable trust documents, including the constitution, as well as having regard, in this context, to the unique purposes of superannuation and its compulsory nature. For commentary regarding the unique purposes of superannuation see J Furlan, ‘Chairperson’s Report’, Superannuation Complaints Tribunal, Quarterly Bulletin, Issue 78, 1 Oct–31 Dec 2014; and J Furlan, ‘The Super Death Trap’, The Australian Journal of Financial Planning, February 2009, online at (viewed 21 October 2016), p 1. A topic de jure is whether the best interests duty requires trustees to consider issues extending past the immediate financial interests of beneficiaries (see comments of Sir Robert Megarry VC in Cowan v Scargill at 5.11 above) and contemplate environmental issues, including climate change risks, relating to investments of the fund. Girgis considers that there is a ‘growing likelihood of legal challenge for trustee directors that ignore analysis and evidence of global warming in their investment decisions’ although he goes on to qualify that statement by pointing out that ‘any decision to include or exclude carbon-intensive assets must be one that involves analysis, deliberation and information gathering’: M Girgis, ‘What Are a Trustee’s Legal Obligations on Climate Change?’, Investment Magazine, 1 June 2015 (viewed 31 October 2016). See also R Sullivan, W Martindale, E Feller and A Bordon, ‘Fiduciary Duty in the 21st Century’ (viewed 31 October 2016). An appeal from that decision was dismissed: Manglicmot v Commonwealth Bank Officers Superannuation Corp Pty Ltd [2011] NSWCA 204. Manglicmot v Commonwealth Bank Officers Superannuation Corp Pty Ltd [2010] NSWSC 363 at [51]. An appeal from this decision was dismissed: Manglicmot v Commonwealth Bank Officers Superannuation Corp Pty Ltd [2011] NSWCA 204. Charlton v Baber [2003] NSWSC 745 at [51]–[52]. See 2.13ff. See also R Austin, ‘APRA-regulated Entities: Giving Priority to Policyholders and Beneficiaries’, Supreme Court of New South Wales Annual Corporate Law Conference, Sydney, 8 September 2015, p 24; P Hanrahan, Funds Management in Australia: Officers’ Duties and Liabilities, LexisNexis Butterworths, Sydney, 2007 at [8.7] citing Howard Smith Ltd v Ampol Petroleum Ltd [1974] AC 821 at 832 (Privy Council) and Darvall v North Sydney Brick and Tile Co Ltd (1989) 15 ACLR 230 at 247 per Kirby P. Similar duties are imposed on directors of trustee entities under SIS Act s 52A(2). See Austin, note 17 above, p 22. See Austin, note 17 above, p 24. See Austin, note 17 above, p 22. See Austin, note 17 above, p 26. Cowan v Scargill [1984] 2 All ER 750 at 760. Re Equitiloan Pty Ltd v Australian Securities and Investments Commission (2003) 45 ACSR

25. 26. 27.

28. 29. 30. 31. 32. 33. 34. 35. 36.

37. 38. 39. 40. 41. 42. 43.

44. 45.

46.

47. 48. 49. 50.

278. See note 8 above at [7.12.0095]. See note 8 above at [7.12.0095]. Re Equitiloan Pty Ltd v Australian Securities and Investments Commission (2003) 45 ACSR 278 at [35]–[37]. Contrast Re Sovereign Capital Ltd and Australian Securities and Investments Commission (2009) 109 ALD 398 which is a case where the responsible entity was held to have breached s 601FC(1)(d) by permitting a single member to withdraw from a scheme. R Austin, ‘The Concept and Role of Fairness in Superannuation Law’, paper delivered to the Law Council of Australia Conference, Sydney, 25 February 2016, pp 5–6. See also SIS Act s 55(4B) in relation to seeking leave from the court to commence an action against a director. J D Heydon, M J Leeming and P G Turner, Meagher, Gummow & Lehane’s Equity: Doctrines and Remedies, 5th ed, LexisNexis Butterworths, Sydney, 2015 at [5-375]. See note 30 above at [5-375]. See for example Bell Group Ltd (in liq) v Westpac Banking Corporation (2008) 39 WAR 1. See para 7, Prudential Standard SPS 220 Risk Management. See SPS 220-1 Risk Management. See para 10, SPS 220 Risk Management. See SIS Act s 29EB under which APRA may issue a direction to an RSE licensee. See also s 29E(1)(a) which provides that it is a condition that all RSE licensees must comply with RSE licensee laws. See s 10 for the definition of ‘RSE licensee laws’. G Farrant and A Emmerson, ‘Whistleblowing in the Private Sector’ (2013) 17(3) Inhouse Counsel 52. See SIS Act ss 336A–336E; cf the whistleblower regime under the Corporations Act: see 3.43ff. See Corporations Act s 1317AA(1)(d). As defined in SIS Act s 10. See SIS Act s 336A(2)(c)(ii). See SIS Act s 336A(2)(d); cf Corporations Act s 1317AA(1)(d). Other protections are set out in SIS Act s 336B(2)–(3). Note that s 336B(4) provides that ‘[i]f an individual makes a disclosure of information that qualifies for protection under this Division, the information is not admissible in evidence against the individual in criminal proceedings or in proceedings for the imposition of a penalty, other than proceedings in respect of the falsity of the information’. Recklessly causing someone to fear a threat is also caught by the prohibition: SIS Act s 336C(2)(b)(ii). ‘Threats’ are defined in s 336C(3). See SIS Act s 336C(1) and (2). Section 4AA of the Crimes Act 1914 (Cth) currently provides that one penalty unit means an amount of $180. Commencing 1 July 2018, penalty units will be subject to the triennial indexation regime set out in s 4AA(3) of the Crimes Act. Section 4AA of the Crimes Act 1914 (Cth) currently provides that one penalty unit means an amount of $180. Commencing 1 July 2018, penalty units will be subject to the triennial indexation regime set out in s 4AA(3) of the Crimes Act. See SIS Act s 336E(2). No doubt this is why the carve-outs for communicating with APRA and a member of the Australian Federal Police were included in SIS Act s 336E(2). See Daniels Corporation International Pty Ltd v Australian Competition and Consumer Commission [2002] HCA 49 at [11] per Gleeson CJ, Gaudron, Gummow and Hayne JJ. Daniels Corporation International Pty Ltd v Australian Competition and Consumer Commission [2002] HCA 49 at [11] per Gleeson CJ, Gaudron, Gummow and Hayne JJ.

[page 93]

Chapter 6 Duties of Trustees of Self-managed Superannuation Funds INTRODUCTION 6.1 Self-managed superannuation funds are becoming an increasingly large part of the superannuation landscape.1 This chapter will briefly set out the open-ended conduct obligations that are imposed on trustees of self-managed superannuation funds. 6.2 The key obligations are similar to those that have been reviewed in earlier chapters, particularly Chapters 2, 3, 4 and 5. The key duties that will be described in this chapter are those that are imposed through covenants under s 52B(1) of the Superannuation Industry (Supervision) Act 1993 (Cth) (SIS Act). The duties that will be discussed in this chapter are the duty to: act honestly; exercise care, skill and diligence; and act in the best interests of the beneficiaries.2 [page 94]

DUTY TO ACT HONESTLY 6.3 Under s 52B(2)(a) of the SIS Act a covenant to ‘act honestly in all matters concerning the fund’ is imposed on self-managed superannuation funds. The words ‘all matters concerning the fund’ would have a wide import and should be given a broad meaning. 6.4 Ford and Lee note that ‘[t]he courts have refrained from developing any general rules or principles in determining whether any given pattern of conduct is honest and reasonable’.3 The word ‘honestly’ means ‘with

honesty; in an honest manner’. In turn, the word ‘honestly’ means ‘1. the quality or fact of being honest; uprightness, probity, or integrity. 2. truthfulness, sincerity, or frankness. 3. freedom from deceit or fraud …’: Macquarie Dictionary. 6.5 An unresolved issue in this context is whether one uses an objective or subjective standard when evaluating whether an entity or person has acted honestly. While there are no cases that have considered the meaning of the duty under s 52B(2)(a), in Marchesi v Barnes [1997] VR 434 at 438 Gowans J explored the meaning of the word ‘honestly’ in the context of provisions that required directors to ‘act honestly’: [T]o “act honestly” refers to acting bona fide in the interests of the company in the performance of the functions attaching to the office of director. A breach of the obligation to act bona fide in the interests of the company involves a consciousness that what is being done is not in the interests of the company, and deliberate conduct in disregard of that knowledge.

In Australian Securities and Investments Commission v Vines (2005) 55 ACSR 617 at [1099] Austin J interpreted this statement to mean: His Honour’s observations [in Marchesi v Barnes [1997] VR 434] had been taken to mean that a defendant would not be held to have breached the statutory duty of honesty unless it was shown that he or she was conscious that what was being done was not in the interests of the company. Conversely, directors who honestly believed their decision to be in the interests of the company did not contravene this section even though they acted for a purpose that, judged objectively, was not a proper purpose …

However, Austin J noted that ‘a different approach was taken in Australian Growth Resources Corp Pty Ltd v Van Reesema (1988) 13 ACLR 261 … where King CJ said (at 272 )’: The section therefore embodies a concept analogous to constructive fraud, a species of dishonesty which does not involve moral turpitude. I have no

[page 95] doubt that a director who exercises his powers for a purpose which the law deems to be improper, infringes this provision notwithstanding that according to his own lights he may be acting honestly.

6.6 This tension is not dissimilar to the kind of tension identified by Black J in Re Colorado Products Pty Ltd (in liq) [2014] NSWSC 789 at [420] in respect to whether a subjective or objective standard ought to apply in determining a director’s duty to act in good faith and in the best

interests of the corporation: see 3.31. Ultimately, from the perspective of proving whether a breach has occurred, a subjective standard is a higher standard and the objective standard a lower one.4

DUTY TO EXERCISE CARE, SKILL AND DILIGENCE 6.7 Section 52B(2)(b) of the SIS Act imposes a duty on self-managed superannuation funds ‘to exercise, in relation to all matters affecting the fund, the same degree of care, skill and diligence as an ordinary prudent person would exercise in dealing with property of another for whom the person felt morally bound to provide’. As we have seen in previous chapters dealing with similar duties, the statutory covenant does not materially alter the general law in terms of the content of this duty. 6.8 In Manglicmot v Commonwealth Bank Officers Superannuation Corp Pty Ltd [2011] NSWCA 204 at [120] Giles JA (with whom Young and Whealy JJA agreed) made the following observations when considering the content of the duty set out in s 52(2)(b), an obligation that is framed in similar terms to s 52B(2)(b): Section 52(2)(b) does not in my opinion materially add to breach by the respondent of its general law duty to exercise reasonable care. The terms of the covenant appear to have been taken from Re Whiteley (1886) 33 Ch D 347. The respondent was obliged to exercise the care, skill and diligence in insuring pursuant to the powers in rr A4.1(b) and A4.1(c)(6) and obtaining insurance on terms and conditions acceptable to it under r F8.4(a). The former were acknowledged as discretionary powers, the latter was of the same kind. The exercise of a discretionary power is approached through the s 52(2)(b) covenant in no different way from its exercise in accordance with the respondent’s general law obligation. …

In Speight v Gaunt (1883) 9 App Cas 1 Lord Blackburn said that the duty of a fund to exercise reasonable care will be discharged if the fund ‘takes in managing trust affairs all those precautions which an ordinary prudent man of business would take in managing similar affairs of his own’.5 [page 96] 6.9 Similar to the position under Corporations Act s 601FC(1) discussed at 4.7ff, the terms of the covenant in s 52B(2)(b) invite a court to assess the conduct of the entity from an objective perspective. In considering what

the duty requires in any given case it would obviously be relevant to take into account the terms of all the governing rules of the self-managed superannuation fund. For instance, if it is clear from the terms of the governing rules that the fund will invest in a specific manner or undertake (or not undertake) certain activities, then there should be no grounds for suggesting that there is a breach of the care, skill and diligence covenant if the conduct corresponds to the governing rules. The expectations on a selfmanaged superannuation fund are, however, different to those that apply to a company director. 6.10 In Daniels (formerly practising as Deloitte Haskins & Sells) v Anderson (1995) 37 NSWLR 438 at 494 Clarke and Sheller JJA observed that: However for reasons well documented in the text books it became apparent that the duty and function of a director did not correspond with those of a trustee. While the duty of a trustee is to exercise a degree of restraint and conservatism in investment judgments the duty of a director may be to display entrepreneurial flair and accept commercial risks to produce a sufficient return on the capital invested.

The concept of restraint and conservatism referred to by Clarke and Sheller JJA was expanded on by Finn J in Australian Securities Commission v AS Nominees Ltd (1995) 18 ACSR 459 at 470 where his Honour referred to the ‘requirement of caution’ and said: I would add that underlying the distinction today is, probably, not merely an historical assumption about the separate purposes of companies and of trusts, but also a generalisation about the different risks that persons who invest their assets in companies on the one hand and in trusts on the other are considered likely to have assumed.

In any given case what constitutes the exercise of prudence or caution will differ according to the nature of the fund, and the nature and range of its stated investment activities. The requirement of caution does not prevent an entity from adopting its stated investment strategy. However, the fund would be required to implement the applicable strategy having regard to the requirement of caution. 6.11 The standard of the duty owed by an entity will also be affected by the fund having any special skills. In Bartlett v Barclays Bank Trust Co Ltd (No 1) [1980] Ch 515 at 534 the court stated that ‘a professional corporate trustee is liable for a breach of trust if loss is caused to the [page 97]

trust fund because it neglects to exercise the special care and skill which it professes to have’.

DUTY TO ACT IN THE BEST INTERESTS OF BENEFICIARIES 6.12 The covenant in s 52B(2)(c) of the SIS Act provides that a selfmanaged superannuation fund has a duty ‘to perform the trustee’s duties and exercise the trustee’s powers in the best interests of the beneficiaries’. As we saw in earlier chapters, this covenant does not materially add to the general law. 6.13 In Manglicmot v Commonwealth Bank Officers Superannuation Corp Pty Ltd [2011] NSWCA 204 at [121] Giles JA (with whom Young and Whealy JJA agreed) stated that: Nor in my opinion does s 52(2)(c) materially add to breach by the respondent of its general law duty to act in the best interests of members of the Fund. The respondent’s general law obligation could be expressed, in the language of s 52(2)(c), as an obligation to perform and exercise its duties and powers in the best interests of the beneficiaries. … There is liability if the discretionary power is exercised improperly, but otherwise there is not.

The seminal statement of the best interests duty was made by Sir Robert Megarry V-C in Cowan v Scargill [1984] 2 All ER 750 at 760: The starting point is the duty of trustees to exercise their powers in the best interests of the present and future beneficiaries of the trust, holding the scales impartially between the different classes of beneficiaries. This duty of the trustees towards their beneficiaries is paramount. They must, of course, obey the law; but subject to that, they must put the interests of their beneficiaries first. When the purpose of the trust is to provide financial benefits for the beneficiaries, as is usually the case, the best interest of the beneficiaries are normally their best financial interests.

As discussed in previous chapters, there has been much debate about what the term ‘best interests’ actually means or requires one who is subject to the duty to actually do. The first instance decision in Manglicmot v Commonwealth Bank Officers Superannuation Corp Pty Ltd [2010] NSWSC 363 discussed the content of the best interests covenant.6 In that case, Rein J was of the view that the best interests test [page 98]

was concerned with process, not outcome. Rein J expressed his view in the following terms:7 I do not accept that the trustee is made liable for any outcome which turns out to be unbeneficial to members, even if the original decision which led to that outcome was taken with the best interests of all members in mind. Another way of describing this approach is to say that s 52(2) is concerned with process, not outcome.

In Charlton v Baber [2003] NSWSC 745 at [46] Barrett J observed that ‘[t]he expression “best interests”, taken literally, is apt to create a false impression that some absolute or superlative is in contemplation. Its true meaning emerges from a consideration of other contexts in which it is used’. In the course of reviewing analogous case law, his Honour expressed the following views:8 In the field of unconscionability and undue influence, the relevant inquiry is whether a person is able “to make a worthwhile judgment as to what is in his best interests” … or suffers from “a disabling condition which seriously affects his ability to make a judgment as to his own best interests” … “Best interests” is thus an expression concerned with a person’s separate and independent welfare. Where the concern to which the “best interests” assessment is relevant centres upon possibilities of undue influence and, perhaps, improper purpose, the task is to consider what the putative victim would have done in seeking to protect his or her own position and promote his or her own advantages with such a degree of selfishness as the circumstances will admit.

As we saw in Chapter 2, in evaluating whether the best interests duty has been discharged an objective test is applied ex ante.9

COVENANT IMPOSED ON DIRECTORS 6.14 Section 52C(2) of the SIS Act imposes a covenant on directors of a corporate trustee of a self-managed superannuation fund. [page 99] Under s 52C(2), each director of a corporate trustee of the fund provides a covenant to: … exercise a reasonable degree of care and diligence for the purposes of ensuring that the corporate trustee carries out the covenants referred to in section 52B.

6.15 Section 52C(3) provides that the reference in s 52C(2) ‘to a

reasonable degree of care and diligence is a reference to the degree of care and diligence that a reasonable person in the position of director of the corporate trustee would exercise in the corporate trustee’s circumstances’.

LIABILITY AND REMEDIES 6.16 An interesting feature of the legislative landscape in Australia is that self-managed superannuation funds are regulated by the Australian Tax Office and not the Australian Prudential Regulation Authority. That means that the Tax Office is responsible for administering the relevant superannuation laws for self-managed superannuation funds. This does raise potential issues about consistency of enforcement outcomes. 6.17 Section 55(1) of the SIS Act provides that ‘[a] person must not contravene a covenant contained, or taken to be contained, in the governing rules of a superannuation entity’. That provision applies to the covenants discussed in this chapter. Section 55(2) states that a ‘contravention of subsection (1) is not an offence and a contravention of that subsection does not result in the invalidity of a transaction’. Section 55(3) provides that a person who suffers loss or damage as a result of conduct of another person who engaged in a contravention of a covenant may recover the amount of the loss or damage by action against that other person or against any person involved in the contravention, subject to s 55(4A). Section 55(4A) provides that an action for damages against a director may only be commenced with the leave of the court. An action must be commenced within six years of the day on which the cause of action arose: s 55(4).10 6.18 There is a defence to an action under s 55(3). Section 323(2) of the SIS Act provides that: [I]n proceedings against a person (the defendant) in respect of a contravention, it is a defence if the defendant establishes: (a) that the contravention was due to reasonable mistake; or

[page 100] (b) that the contravention was due to reasonable reliance on information supplied by

another person; or (c) that: (i) the contravention was due to: (A) the act or default of another person; or (B) an accident; or (C) some other cause beyond the defendant’s control; and (ii) the defendant took reasonable precautions and exercised due diligence to avoid the contravention.

This defence is subject to s 323(4) which provides that: If a defence provided by subsection (2) involves an allegation that a contravention was due to: (a) reliance on information supplied by another person; or (b) the act or default of another person; the defendant is not entitled to rely on that defence unless: (c) the court grants leave; or (d) both: (i) the defendant has served on the person by whom the proceedings were instituted a written notice giving such information: (A) that would identify, or assist in the identification of, the other person; and (B) as was then in the defendant’s possession; and (ii) that notice is served not later than 7 days before the day on which the hearing of the proceedings begins.

6.19 An action may also be available to beneficiaries based on the same conduct that may be alleged to contravene a covenant. Section 350 of the SIS Act provides that ‘[i]t is the intention of the Parliament that this Act is not to apply to the exclusion of a law of a State or Territory to the extent that that law is capable of operating concurrently with this Act’. Accordingly, beneficiaries may also commence an action to recover any loss or damage for a breach of a general law obligation if it were available on the facts. As noted in 2.25, if one of the two peculiarly fiduciary duties is breached, the ‘situation can be remedied by injunction, rescission, account of profits, equitable compensation and proprietary remedies’.11 On the other hand, if a fiduciary breaches a non-fiduciary duty that it owes to a principal or beneficiary (for example, the duty of care and skill or the best interests duty), the usual remedy would be [page 101]

‘equitable compensation and, in certain circumstances, injunctive relief’.12 In insolvency situations, the distinction can have material implications due to the impact it has on remedies.13

CONCLUSION 6.20 In light of the increasing number of self-managed superannuation funds (over 1 million members at the date of publication) and the level of investments in those funds (over $620 billion), the duties imposed on selfmanaged superannuation funds and directors of corporate trustees take on increasing relevance.

1. 2.

3. 4. 5. 6. 7.

8. 9.

10. 11.

A Ferguson, ‘Shadow Selfie Super Funds Face Spotlight’, Sydney Morning Herald, Business Day, 1 October 2016 (viewed 13 October 2016). See also covenants containing more specific obligations: SIS Act s 52B(2)(d)–(h). Self-managed superannuation funds would also be subject to state trustee legislation. Trustees of selfmanaged superannuation funds also need to take great care in complying with specific obligations in the administration of funds, including complying with the sole purpose test (SIS Act s 62), not breaching the prohibition on lending to members of a regulated super fund (SIS Act s 65), complying with the in-house asset rule (SIS Act s 84) and complying with the arm’s length rule (SIS Act s 109). These seem to be particularly problematic for self-managed superannuation funds: see for example Deputy Commissioner of Taxation v Lyons [2014] FCA 1353. H A J Ford and W A Lee, Principles of the Law of Trusts, Law Book Co, Sydney, 1983 at [1804.1]. LexisNexis, Australian Corporation Law Principles & Practice, online, at [7.12.0095]. Speight v Gaunt (1883) 9 App Cas 1 at 19 per Lord Blackburn: adopted in Austin v Austin [1906] HCA 5; (1906) 3 CLR 516 at 525. An appeal from that decision was dismissed: Manglicmot v Commonwealth Bank Officers Superannuation Corp Pty Ltd [2011] NSWCA 204. Manglicmot v Commonwealth Bank Officers Superannuation Corp Pty Ltd [2010] NSWSC 363 at [51]. An appeal from this decision was dismissed: Manglicmot v Commonwealth Bank Officers Superannuation Corp Pty Ltd [2011] NSWCA 204. Charlton v Baber [2003] NSWSC 745 at [51]–[52]. See 2.13ff. See also R Austin, ‘APRA-regulated Entities: Giving Priority to Policyholders and Beneficiaries’, Supreme Court of New South Wales Annual Corporate Law Conference, Sydney, 8 September 2015, p 24; P Hanrahan, Funds Management in Australia: Officers’ Duties and Liabilities, LexisNexis Butterworths, Sydney, 2007 at [8.7] citing Howard Smith Ltd v Ampol Petroleum Ltd [1974] AC 821 at 832 (Privy Council) and Darvall v North Sydney Brick and Tile Co Ltd (1989) 15 ACLR 230 at 247 per Kirby P. See also SIS Act s 55(4B) in relation to seeking leave from the court to commence an action against a director. J D Heydon, M J Leeming and P G Turner, Meagher, Gummow & Lehane’s Equity: Doctrines & Remedies, 5th ed, LexisNexis Butterworths, Sydney, 2015 at [5-375].

12. 13.

See note 11 above at [5-375]. See for example Bell Group Ltd (in liq) v Westpac Banking Corporation (2008) 39 WAR 1.

[page 103]

Chapter 7 Duties of Insurance Entities INTRODUCTION 7.1 This chapter will examine two open-ended duties imposed on insurers. A key duty that will be examined includes the duty of utmost good faith imposed on both general and life insurers under the Insurance Contracts Act 1984 (Cth) (Insurance Contracts Act). The other duty that will be covered in this chapter will be the duty of priority imposed on a life insurance entity (and its directors). 7.2 Other duties that will be reviewed include the duties prudential standards impose on boards with respect to risk management generally and the duties of insurance entities in respect to whistleblowers.

DUTY OF UTMOST GOOD FAITH 7.3 Unlike the position with respect to almost all other kinds of contracts,1 an insurance contract is a contract uberrimae fidei or, in plain English, a contract under which each party must act in utmost good faith to the other. It is a reciprocal duty, although the focus in this section will be on the obligations of an insurer under that duty. In an insurance context, the duty of utmost good faith arose at common law and has been modified by the Insurance Contracts Act. The duty applies to all contracts of insurance.2 [page 104] The duty of good faith was first enunciated by Lord Mansfield in 1766 in Carter v Boehm (1766) 3 Burr 1905 at 109. However, the Hon Michael Kirby AC CMG notes that:3 [T]he specific examples of that duty were originally confined to precontract presentation of the risk by the insured. Furthermore, the sole remedy for the breach of duty was avoidance.

As Kirby has observed, that position changed under the Insurance Contracts Act:4 A major and innovative feature of the [Insurance Contracts Act] ICA was the creation of an implied term of utmost good faith on the part of the insurer … It has played a significant part in promoting the understanding that insurers must operate fairly and transparently, taking account of the interests of policyholders alongside their own. The duty has been particularly important in shaping the processes adopted by insurers when handling claims or exercising discretions belonging to them. The general duty so imposed was supplemented by specific examples contained in the ICA, whereby failure to act with the utmost good faith, in relying upon a policy term and in particular a term that had not been clearly notified to the insured, precluded reliance on that term.

Statutory form of the duty of utmost good faith 7.4 The reciprocal duty of utmost good faith finds statutory expression in s 13(1) of the Insurance Contracts Act: A contract of insurance is a contract based on the utmost good faith and there is implied in such a contract a provision requiring each party to it to act towards the other party, in respect of any matter arising under or in relation to it, with the utmost good faith.

A party to a contract of insurance is prevented from relying on a provision of the contract if doing so would constitute a failure to act with utmost good faith.5 Section 13(3) of the Act provides that a reference in s 13(1) ‘to a party to a contract of insurance includes a reference to a third party beneficiary under the contract’ thereby extending the scope of the duty.6 It is important to note that the duty of utmost good faith excludes the operation of other legislation providing for relief in respect of harsh, oppressive, unconscionable, unjust, unfair or inequitable contracts.7 [page 105] Accordingly, the open-ended obligations that have been explored in other chapters of this book do not apply in relation to contracts of insurance.

The content of the duty of utmost good faith 7.5 The scope of the obligation to act in utmost good faith was reviewed by the High Court in CGU Insurance Ltd v AMP Financial Planning Pty

Ltd [2007] HCA 36. In that case, Gleeson CJ and Crennan J (at [15]) expressed the following view in relation to the duty: We accept the wider view of the requirement of utmost good faith adopted by the majority in the Full Court, in preference to the view that absence of good faith is limited to dishonesty. In particular, we accept that utmost good faith may require an insurer to act with due regard to the legitimate interests of an insured, as well as to its own interests. The classic example of an insured’s obligation of utmost good faith is a requirement of full disclosure to an insurer, that is to say, a requirement to pay regard to the legitimate interests of the insurer. Conversely, an insurer’s statutory obligation to act with utmost good faith may require an insurer to act, consistently with commercial standards of decency and fairness, with due regard to the interests of the insured. Such an obligation may well affect the conduct of an insurer in making a timely response to a claim for indemnity.

In the same case, Callinan and Heydon JJ made the following observations:8 At the outset we should say that we agree with the Chief Justice and Crennan J that a lack of utmost good faith is not to be equated with dishonesty only. The analogy may not be taken too far, but the sort of conduct that might constitute an absence of utmost good faith may have elements in common with an absence of clean hands according to equitable doctrine which requires that a plaintiff seeking relief not himself be guilty of tainted relevant conduct. We have referred to the doctrine of clean hands because, as with another equitable doctrine, that he who seeks equity must do equity, it invokes notions of reciprocity which are of relevance here. That is not to say that conduct falling short of actual impropriety might not constitute an absence of utmost good faith of the kind which the Insurance Act demands. Something less than that might well do so. Utmost good faith will usually require something more than passivity: it will usually require affirmative or positive action on the part of a person owing a duty of it.

In relation to the observation regarding honesty in the above passages from the decision, it has been noted that ‘[y]ou can act honestly although be blundering and careless’.9 [page 106] In a powerful dissent in CGU Insurance Ltd v AMP Financial Planning Pty Ltd, Kirby J was of the view that the duty in s 13(1) required an insurer to process claims in an efficient, reasonably prompt, candid and business-like manner and characterised the manner in which CGU acted in the following terms:10 The dilatory, prevaricating, confused, uncertain, inattentive and misleading way in which, over two years, CGU, with its four successive firms of solicitors, delayed and postponed its decision to deny indemnity amounts to a very sorry story.

The decision in CGU Insurance Ltd v AMP Financial Planning Pty Ltd is also authority for the following proposition:11 [T]he duty of utmost good faith requires that the insurer’s rights and obligations must be assessed strictly in accordance with the contract — nothing less but also nothing more.

However, ‘[b]ecause the wording of the policy is usually in the control of the insurer, the insurer will rarely be able to rely successfully on the Act to depart from the policy wording.’12 The duty of utmost good faith ‘may require the insurer in some circumstances to bring to the insured’s attention the consequences of a breach of a term of the contract, particularly where the term imposes obligations on the insured to notify the insurer of changes to the risk during the term of the contract’.13 The duty is also reinforced by s 1017B of the Corporations Act 2001 (Cth) (Corporations Act) under which, relevantly, insurers have an ongoing obligation of disclosure to retail clients of material changes and significant events. From an insured’s perspective, it is arguable in the age of big data that the duty of utmost good faith requires an insured to disclose to a potential insurer data that he or she causes to be generated or recorded about their genetics, driving habits (through telematics) or other data relating to the insured that is collected through a digital tracking device.14

Liability and remedies 7.6 Without limiting the scope of the duty set out in s 13 of the Insurance Contracts Act, s 14 provides that a party may not rely on a provision if reliance on that provision would constitute a failure to act in accordance with the duty of utmost good faith. A court must have regard [page 107] to any notifications provided to an insured under s 3715 or otherwise16 in determining whether reliance on a particular provision would be a failure to act in utmost good faith. 7.7 If an insurer is in breach of the duty of utmost good faith, ‘the insured is entitled to all the normal contractual remedies for a breach of

the term of a contract’.17 If an insured is in breach of the duty of utmost good faith, the insurer may cancel the contract18 and, where a claim is made, the insurer may reduce the claim.19 Those are only remedies available to the insurer.20 7.8 The Insurance Contracts Act also provides that the Australian Securities and Investments Commission (ASIC) may intervene in relation to a contract of insurance in a range of circumstances. For example, s 55A provides as follows: If: (a) an insured has entered into a contract of insurance with an insurer; and

[page 108] (b) ASIC is satisfied that the insured or any third party beneficiary under the contract has suffered damage, or is likely to suffer damage, because the terms of the contract, or the conduct of the insurer, breaches the requirements of this Act; ASIC may, by application, if ASIC is of the opinion that it is in the public interest to do so: (c) bring an action against the insurer on behalf of the insured or third party beneficiary under or in respect of that contract; or (d) take over and continue, on behalf of the insured or third party beneficiary, an action brought against the insurer by the insured or third party beneficiary under or in respect of that contract.

ASIC may also take action where more than one insured is involved.21 ASIC must, however, obtain the written consent of the insured parties in order to intervene in this context.22 7.9 In addition, where an insurer fails to comply with the duty of utmost good faith in relation to the handling or settlement of claims, ASIC may also exercise its powers under Subdiv C of Div 4 of Pt 7.6 of the Corporations Act (when a licence can be varied, suspended or cancelled) or Subdiv A of Div 8 of Pt 7.6 of the Corporations Act (banning orders).23 In relation to this power, the Hon Michael Kirby has made the following observation:24 Although such a sanction would be rarely used, the very possibility ensures the general implementation of protective procedures and outcomes.

DUTY OF PRIORITY

7.10 As discussed above, in CGU Insurance Ltd v AMP Financial Planning Pty Ltd [2007] HCA 36 at [15] Gleeson CJ and Crennan J expressed the view that the duty of utmost good faith requires a balancing of the interests of the insurer as well as the insured: [W]e accept that utmost good faith may require an insurer to act with due regard to the legitimate interests of an insured, as well as to its own interests.

However, where an insurer provides a life insurance product, it must give priority to the interests of an insured. Relevantly, s 32(1)(b) of the Life Insurance Act 1995 (Cth) provides that in the investment, administration and management of the assets of a statutory fund, a life company ‘must [page 109] give priority to the interests of owners and prospective owners of policies referable to the fund’. The so-called duty of priority is a peculiarly statutory creature and the conflicts of interests analysis relating to fiduciaries must be applied with caution. As Austin notes, ‘giving meaning to the concept of priority is a matter of statutory construction, and so any analogy to the fiduciary idea must yield to the words of the statute’.25 The duty of priority applies in relation to the ‘investment, administration and management of the assets of a statutory fund’. These are ‘broad words which do not convey any obvious limitation (so, for example, the duties would continue to apply if a life company outsourced administrative or financial management functions)’.26 The duty contemplates the interests of both current owners and prospective owners of insurance policies. This conveys the idea that ‘the [life] company … must consider how present-day decisions might affect the financial position of the fund in the future’.27

Priority over whom? 7.11 Section 32 of the Life Insurance Act does not stipulate the ‘class of claimants over whom priority is to be given. One obvious class is the shareholders of the life company … but others might be the shareholders

of the parent company of the life company, and executive management and employees and creditors of the life company’.28 The Act does not permit policyholders to waive the life company’s obligations under the duty of priority,29 but it is likely that the terms of the policy may condition the interpretation of the content of the duty in the circumstances of a case.

The meaning of ‘give priority’ 7.12 Austin has observed that the ‘requirement to “give priority” to the interests of policy owners sits somewhat uneasily with the idea that s 32 may be a statutory approximation of the fiduciary obligation … [A]s a [page 110] matter of analysis, it is notable that as a concept, giving priority seems significantly weaker than the duty of the fiduciary’.30 Austin then observes that the duty of priority under the Life Insurance Act contemplates that:31 (a) there are two completing claims and the decision-maker ranks one above the other, while remaining in a decision-making role; (b) the life company’s priority duty will not arise until there is an actual competition of claimants, and so the statutory duty will not be enlivened if there is only a possibility of conflict …;32 (c) a life company must give priority to the interests of the owners and prospective owners of policies referable to [a] fund, where a fiduciary must avoid actual or possible conflict between, on the one hand, personal interest or a competing duty, and on the other hand, the fiduciary’s duty to act in the interests of the beneficiary; and (d) as the priority is only to give priority to one claimant over another, a claimant who does not have priority is not necessarily excluded from any benefit.

These limitations on the concept of giving priority soften the obligation, without helping to explain what precisely is meant by giving priority to the interests of policy owners. Policy owners might be put ahead of shareholders in a strong or weak way, and arguably any element of priority will suffice to satisfy the duty.

Identifying the interests of policy owners 7.13 The duty of priority requires that a life company identify the interests of policy owners. The ‘interests of policy owners would include

maintaining and enhancing the value of their policies, bearing in mind (that except in the case of statutory funds containing solely risk-only policies) the value of a policy reflects only what is actually credited to the policy account’.33 A primary determinant of the nature of the interests of policy owners will be the contract of insurance itself. In ACN 074 971 109 (as trustee for the Argot Unit Trust) v National Mutual Life Association of Australasia Ltd [2008] VSCA 247 the appellants (one group of policy owners in a fund) had engaged in arbitrage activities to make profits at the expense of the company and other policy owners. The respondents took action to prevent the arbitrage continuing. The [page 111] appellants argued that the action taken by the respondent resulted in the respondent giving priority to its interests over the interests of the appellants. The Court of Appeal rejected the argument. Buchanan, Nettle and Dodds-Streeton JJA observed that:34 The plain and ordinary meaning of the ‘interests of owners and prospective owners of policies referable to the fund’ is their interests as framed by their entitlements under the policies. That interpretation was supported by evidence given by [an expert] that life companies generally understand s 32 as requiring the treatment of all policy holders with reference to their entitlements under their policies. Section 32 does not require a life company to confer benefits for which policies do not provide.

The court went on to explain that the relevant policy did not confer a right on the appellants such that they would continue to be able to engage in the arbitrage activities at the expense of the other policy owners or the respondent itself.35 After a retrial, the case returned to the Victorian Court of Appeal based on a similar argument. In ACN 074 971 109 Pty Ltd (as Trustee for the Argot Unit Trust) v National Mutual Life Association of Australasia Ltd [2013] VSCA 241 at [108] Nettle and Neave JJA held that: The answer to that is essentially the same as this court’s response to the appellants’ invocation of s 32 on the last occasion. It is that the plain and ordinary meaning of the ‘interests of owners and prospective owners of policies referable to the fund’ in s 32 is their interests as framed by their entitlements under the Policies. As has been explained, they had no entitlement to arbitrage profits under the Policies. The suggestion that liquidating non-cash assets in anticipation of completion gave priority to NML’s own interests over Argot’s interests is for that reason misplaced. In effect, it just repeats the claim, already rejected, that NML was bound by an implied contractual obligation to allow Argot to derive arbitrage

profits from the exploitation of cl 1.8.

In addition to the terms of the applicable policies, the terms of product disclosure statements and statutory fund life contracts ought to be considered in evaluating the interests of policy owners.36

Interests of policy owners as a whole 7.14 When evaluating the interests of policy owners, s 32(4) of the Act requires a life company to view the interests of policy owners as a group. Section 32(4) provides that a ‘reference … to the interests of owners of [page 112] policies referable to a statutory fund is a reference to the interests of such persons viewed as a group’.37

APRA guidelines 7.15 A factor that the Australian Prudential Regulation Authority (APRA) considers should be borne in mind when identifying the interests of policy owners is the risk appetite of the relevant policy owners.38 As risk appetite is a ‘financially oriented concept’ it is unlikely that when assessing the interests of policy owners as a whole, one should have regard to nonfinancial issues such as concerns for the environment.39 7.16 In ‘Prudential Practice Guide LPG 260 — Conflicts of Interest under Section 48’ APRA outlines considerations that it believes ought to be taken into account when applying the priority rule. Austin groups these considerations into three broad areas, namely: The apportionment of income or outgoings between the statutory fund and other businesses conducted by the company;40 The design and implementation of a capital management strategies;41 and Transactions between the life company and related parties.42

Directors’ duty of priority 7.17 In addition to the duty of priority imposed on life companies, s 48 of the Life Insurance Act imposes a similar duty on directors: (1) A director of a life company has a duty to the owners of policies referable to a statutory fund of the company. (2) The director’s duty is a duty to take reasonable care, and use due diligence, to see that, in the investment, administration and management of the assets of the fund, the life company: (a) complies with this Part; and (b) gives priority to the interests of owners and prospective owners of policies referable to the fund.

[page 113] (3) In order to avoid doubt, it is declared that, in the event of conflict between the interests of owners and prospective owners of policies referable to a statutory fund and the interests of shareholders of a life company, a director’s duty is to take reasonable care, and use due diligence, to see that the company gives priority to the interests of owners and prospective owners of those policies over the interests of shareholders.

7.18 A duty of care A key difference between the duty imposed on a life company and the duty of directors, is that the duty imposed on a life company is absolute (subject to the defence discussed at 7.21 below) while the duty imposed on directors is a duty of care. The duty of care also only relates to giving priority where actual conflicts arise, not potential conflicts.43 7.19 Directors cannot avoid duty through disclosure The directors of a life company cannot avoid giving priority to the interests of policy owners simply by ‘disclosing to prospective policy owners that shareholders will be given priority’.44 7.20 Interests viewed as a group Section 48(4) provides that when directors are considering the interests of the policy owners, they need to consider the interests of the policy owners as a group.

Defences, liability and remedies 7.21 Section 32(2) of the Life Insurance Act provides a defence to a claim that a life company failed to discharge its duty or priority in the

following terms: An act or decision of a life company in relation to a statutory fund does not contravene [s 32(1)(b)] if, having regard to the circumstances existing at the time of the act or decision, it is reasonable to believe that the act or decision gives priority to the interests of owners and prospective owners of policies referable to the fund.

An argument that policy owners have waived their rights would not be effective to resist a claim that the duty was not discharged.45 7.22 The consequences for failing to discharge the duties are significant. In relation to a life company, APRA may issue a notice46 requiring the [page 114] company to comply with what ‘APRA thinks appropriate and reasonable to overcome the effects of the contravention’. Section 50(1) of the Act imposes significant burdens on directors. That section provides as follows: (1) If: (a) APRA has given a notice to a life company under section 49 in respect of a contravention of this Part; and (b) the contravention has resulted in a loss to a statutory fund; and (c) the company has failed to comply with the notice within the period specified in it or within that period as extended under subsection 49(4); the persons who were the directors of the company when the contravention occurred are jointly and severally liable to pay the company an amount equal to the amount of the loss.

Accordingly, s 50(1) fixes directors with prima facie ‘liability without proof of a breach of their duty of care’.47 However, s 50(2) provides that a ‘person is not liable under [s 50(1)] if the person proves that he or she used due diligence to ensure that the company complied with the notice’.48

DUTIES OF DIRECTORS OF LIFE COMPANY CONCERNING RISK MANAGEMENT 7.23 Directors of life and general insurance companies have broad duties under prudential standards in relation to risk management. ‘Prudential Standard CPS 220 — Risk Management’ (CPS 220) sets out the obligations a board of a life49 or general50 insurance company has in relation to risk

management. CPS 220 explains the rationale for having effective risk management in place in the following terms:51 This Prudential Standard requires an APRA-regulated institution to have systems for identifying, measuring, evaluating, monitoring, reporting, and controlling or mitigating material risks that may affect its ability, or the ability of the group it heads, to meet its obligations to depositors and/or policyholders. These systems, together with the structures, policies, processes and people supporting them, comprise an institution’s risk management framework.

[page 115]

The content of the duty 7.24 Paragraph 13 of CPS 220 imposes the following duties on the board of directors: The Board of an APRA-regulated institution is ultimately responsible for the institution’s risk management framework and is responsible for the oversight of its operation by management. In particular, the Board must ensure that: (a) it sets the risk appetite within which it expects management to operate and approves the institution’s risk appetite statement and risk management strategy (RMS); (b) it forms a view of the risk culture in the institution, and the extent to which that culture supports the ability of the institution to operate consistently within its risk appetite, identifies any desirable changes to the risk culture and ensures the institution takes steps to address those changes; (c) senior management monitor and manage all material risks consistent with the strategic objectives, risk appetite statement and policies approved by the Board; (d) the operational structure of the institution facilitates effective risk management; (e) policies and processes are developed for risk-taking that are consistent with the RMS and the established risk appetite; (f) sufficient resources are dedicated to risk management; and (g) it recognises uncertainties, limitations and assumptions attached to the measurement of each material risk.

7.25 The word ‘ensure’ as used in the prefatory words of para 13 of CPS 220 are not to be construed as requiring the board to guarantee a particular outcome. In this context, the word ‘ensure’ is defined as follows:52 Ensure when used in relation to a responsibility of the board, means to take all reasonable steps and make all reasonable enquiries as are appropriate for a board so that the board can determine, to the best of its knowledge, that the stated matter has been properly addressed.

7.26 From 1 July 2017 the duties imposed on directors in connection

with risk management will be recast. From that date, para 9 of CPS 220 will provide that: The Board of an APRA-regulated institution is ultimately responsible for the institution’s risk management framework and is responsible for the

[page 116] oversight of its operation by management. In particular, the Board must ensure that: (a) it sets the risk appetite within which it expects management to operate and approves the institution’s risk appetite statement and risk management strategy (RMS); (b) it forms a view of the risk culture in the institution, and the extent to which that culture supports the ability of the institution to operate consistently within its risk appetite, identify any desirable changes to the risk culture and ensures the institution takes steps to address those changes; (c) senior management of the institution monitor and manage all material risks consistent with the strategic objectives, risk appetite statement and policies approved by the Board; (d) the operational structure of the institution facilitates effective risk management; (e) policies and processes are developed for risk-taking that are consistent with the RMS and the established risk appetite; (f) sufficient resources are dedicated to risk management; and (g) it recognises uncertainties, limitations and assumptions attached to the measurement of each material risk.

Liability and remedies 7.27 If directors breach their obligations under the prudential standard, APRA may issue a direction to remedy that failure53 or the directors may be exposed to ASIC bringing a civil action against them for a breach of their duty of care under s 180(1) of the Corporations Act seeking compensation or disqualification orders.

DUTIES CONCERNING WHISTLEBLOWERS 7.28 In light of the effect misconduct can have on the value of funds managed by an insurer either directly or indirectly due to the impact on its reputation, ‘whistleblower policies should be a key area of consideration for any company’.54 The Life Insurance Act provides its own whistleblower regime for life insurers,55 and a similar regime is set out

under the Insurance Act 1973 (Cth) (Insurance Act) in respect to [page 117] general insurers.56 This section will discuss the provisions set out under the Life Insurance Act but the commentary can be read across to the regime set out under the Insurance Act as the regimes are similar in all material respects. Needless to say, directors of insurance companies need to ensure that the company maintains compliance policies in respect to the whistleblower regime, including by virtue of its risk management system.

The whistleblower regime under the Life Insurance Act 7.29 Section 156A of the Life Insurance Act provides as follows: (1) This section applies to a disclosure of information by a person (the discloser) who is, in relation to a body corporate that is a life company or a registered [NOHC — nonoperating holding company], any of the following: (a) an officer of the body; (b) an employee of the body; (c) a person who has a contract for the supply of services or goods to the body; (d) an employee of a person who has a contract for the supply of services or goods to the body. (2) The disclosure of information by the discloser qualifies for protection under this Subdivision if: (a) the disclosure is made to any of the following: (i) APRA; (ii) an auditor of the body, or a member of an audit team conducting an audit of the body; (iii) the appointed actuary of the body, if the body is a life company; (iv) a director or senior manager of the body; (v) a person authorised by the body to receive disclosures of the kind made; and (b) the discloser informs the person to whom the disclosure is made of the discloser’s name before making the disclosure; and (c) both: (i) the information concerns misconduct, or an improper state of affairs or circumstances, in relation to the body; and (ii) the discloser considers that the information may assist a person referred to in paragraph (a) to perform the person’s functions or duties in relation to the

body; and

[page 118] (d) the discloser makes the disclosure in good faith. (3) In this section, officer has the same meaning as it has in the Corporations Act 2001.

7.30 Note that the requirement in s 156A(2)(c) is that the information that the discloser reveals must concern ‘misconduct, or an improper state of affairs or circumstances, in relation to the body’. The information that qualifies under this section is much wider in scope than the whistleblower regime in the Corporations Act. That whistleblower regime is engaged where:57 … the discloser has reasonable grounds to suspect that the information indicates that: (i) the company has, or may have, contravened a provision of the Corporations legislation; or (ii) an officer or employee of the company has, or may have, contravened a provision of the Corporations legislation …

Under the Life Insurance Act, the discloser must only ‘consider’ that the information may assist: APRA, an auditor of the body (or a member of an audit team conducting an audit of the body), the appointed actuary of the body (if the body is a life company), or a director or senior manager of the body or a person authorised by the body to receive whistleblower disclosures, to perform the person’s functions or duties in relation to the body.58 However, like the Corporations Act, a disclosure made under s 156A must be made in good faith.59

No civil or criminal liability 7.31 If a person makes a disclosure under s 156A, s 156B(1) provides that:60 If a person makes a disclosure that qualifies for protection under this Subdivision:

[page 119] (a) the person is not subject to any civil or criminal liability for making the disclosure; and (b) no contractual or other remedy may be enforced, and no contractual or other right may be exercised, against the person on the basis of the disclosure.

No victimisation 7.32 Section 156C(1) makes it an offence to cause detriment to a whistleblower in certain circumstances. Threatening to cause detriment to another person is also an offence if that conduct is motivated by the fact that a person has made or may make a disclosure under the Act.61 These offences carry a maximum penalty of 25 penalty units or imprisonment for six months or both.62

Compensation 7.33 Section 156D of the Act provides that a person may recover damages arising from a contravention of the whistleblower regime.

Confidentiality obligations 7.34 Section 156E imposes strict confidentiality obligations in respect to disclosures made under the whistleblower regime. Subject to other requirements set out in s 156E, any person who communicates the information initially disclosed by the whistleblower or reveals the whistleblower’s identity (or reveals information that would be likely to lead to the identification of the whistleblower) is liable to a maximum penalty of 25 penalty units.63 The only express exceptions that apply are if the relevant information is communicated to APRA, a member of the Australian Federal Police or a person with the consent of the whistleblower.64 7.35 It is arguable that s 156E may prevent a person to whom a whistleblower discloses information from communicating that [page 120]

information or the identity of the whistleblower to a lawyer even though the very circumstances may logically indicate that such a course of action would be extremely prudent, for example, where it would be prudent to obtain legal advice in relation to the matters raised by the whistleblower.65 The High Court in Daniels Corporation International Pty Ltd v Australian Competition and Consumer Commission [2002] HCA 49 noted that legal professional privilege is a rule of substantive law and an important common law immunity.66 Impliedly, it follows that the right to communicate with a lawyer also has those characteristics. The court also noted ‘that statutory provisions are not to be construed as abrogating important common law rights, privileges and immunities in the absence of clear words or a necessary implication to that effect’.67 While the position is not certain, one view is that Parliament, having turned its mind in drafting s 156E(2) to the issue of to whom confidential information could be communicated, left no room for the implication of a right to communicate to a lawyer. An alternative view is that in the context of the whistleblower regime there is a necessary implication that issues relating to the whistleblower’s disclosure can and should be communicated to a lawyer in order to obtain advice as to the nature of the disclosures (including what steps need to be taken to address the relevant issues). A further view is that the lawyer may be an agent of the life company and therefore there is no disclosure to another person in that context.

CONCLUSION 7.36 The Insurance Contracts Act, the Life Insurance Act, and the Insurance Act impose a number of broad-ranging duties on insurance companies and, in some cases, their directors. This chapter highlighted a number of these duties and identified issues that insurance companies and directors need to be cognisant of in order to be in a position to comply with those duties.

1.

2.

Other contracts of utmost good faith include contracts between persons in a fiduciary relationship such as partnerships, principal and agent, solicitor and client, and trustee and beneficiary: see LexisNexis, Halsbury’s Laws of Australia, online, at [235-415]. The term ‘contract of insurance’ is defined in s 10 of the Insurance Contracts Act. Section 9 of the Act specifies contracts that are excluded from the operation of the Act.

3. 4. 5. 6.

7. 8. 9. 10. 11. 12. 13. 14. 15.

16.

17.

18. 19.

20. 21. 22. 23. 24. 25.

M Kirby, ‘Insurance Contract Law Reform — 30 Years On’ (2014) 26 Insurance Law Journal 1 at 12. See note 3 above at 13. See Insurance Contracts Act s 14. ‘“third party beneficiary”, under a contract of insurance, means a person who is not a party to the contract but is specified or referred to in the contract, whether by name or otherwise, as a person to whom the benefit of the insurance cover provided by the contract extends’: Insurance Contracts Act s 11. See Insurance Contracts Act s 15. CGU Insurance Ltd v AMP Financial Planning Pty Ltd [2007] HCA 36 at [257] per Callinan and Heydon JJ. See note 1 above at [16.0055]. CGU Insurance Ltd v AMP Financial Planning Pty Ltd [2007] HCA 36 at [139]. R Bowley, ‘The Progressive Evolution of Australian Insurers’ Duty of Utmost Good Faith to Third Party Claimants’ (2016) 27 Insurance Law Journal 194 at 201. See note 1 above at [235-410]. See note 1 above at [235-410]. J Maher, ‘Big Data May Make Insurance Cheaper’, Australian Financial Review, 14 November 2016, p 4. Under s 37 of the Insurance Contracts Act an insurer has a duty to explain the effect of a provision that is not usually included (or would be ‘unexpected’ if included) in contracts of insurance that provide similar cover. Assessing legal obligations under this obligation would require expert evidence (that is, evidence relating to how far out of step or ‘unusual’ a particular provision may be compared to standard industry practice). For example, under s 22(1) of the Insurance Contracts Act. This subsection provides that the insurer is required to ‘clearly inform’ the insured in writing of the nature and effect of the duty of disclosure: see Suncorp General Insurance Ltd v Cheihk [1999] NSWCA 238 at [14]–[17]. See note 1 above at [235-410]. See also CGU Insurance Ltd v AMP Financial Planning Pty Ltd [2007] HCA 36 at [16] per Gleeson CJ and Crennan J. Compare the bad faith doctrine in the United States. Under that doctrine ‘[i]nsurance bad faith describes a tort claim that an insured individual may bring against an insurance company for its bad acts. In most jurisdictions in the United States, the law provides that insurance companies owe a duty of good faith and fair dealing to those they insure. This obligation is often referred to as the “implied covenant of good faith and fair dealing” which exists by operation of law in all insurance contracts. If an insurance company violates that covenant, the insured policyholder may bring an action against the insurance company on a tort claim in addition to a standard breach of contract claim. The outcome is that a plaintiff in an insurance bad faith case may be able to recover an amount greater than the initial face value of the policy if the insurance company’s conduct was particularly intentional or malicious’: HG.org, ‘Bad Faith Insurance Law’, see (viewed 13 October 2016). See Insurance Contracts Act ss 60 and 63. See Insurance Contracts Act s 54(1): an insurer may reduce the amount of its liability ‘by the amount that fairly represents the extent to which the insurer’s interests were prejudiced as a result of that [breach of duty by an insured]’. See Insurance Contracts Act s 55. See Insurance Contracts Act s 55A(2). See Insurance Contracts Act s 55A(3). See Insurance Contracts Act s 14A. See note 3 above at 13. See also R Austin, ‘APRA-regulated Entities: Giving Priority to Policyholders and

26. 27.

28. 29. 30.

31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42.

43. 44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54.

Beneficiaries’, Supreme Court of New South Wales Annual Corporate Law Conference, Sydney, 8 September 2015, p 11. Note also that s 34(5) of the Life Insurance Act declares that ‘nothing in this Act is intended to constitute a life company or the directors of a life company a trustee or trustees of the assets of the statutory funds of the company’. See Austin note 25 above, p 12. See Austin note 25 above, p 12. For a discussion regarding who constitutes a prospective policy owner see C James and M Vrisakis, ‘Defining an Undefined Class of Beneficiary Under the Life Insurance Act’ (2016) 28 Insurance Law Journal 23. See Austin note 25 above, p 13. See Austin note 25 above, p 13. Fiduciaries are required to avoid putting themselves in a position where there is a conflict or a real sensible possibility of conflict between their duty to the beneficiary and their personal interest or a duty to someone else: see Austin note 24 above, p 14. See Austin note 25 above, p 15. This is similar to the position discussed in relation to the duty of priority in managed investment schemes (see 4.18ff) and registrable superannuation entities (see 5.12ff). See Austin note 25 above, p 15 citing P C Wickens, The Law of Life Insurance in Australia, Thomson Reuters, loose-leaf, at [10A.640]. ACN 074 971 109 (as trustee for the Argot Unit Trust) v National Mutual Life Association of Australasia Ltd [2008] VSCA 247 at [146]. ACN 074 971 109 (as trustee for the Argot Unit Trust) v National Mutual Life Association of Australasia Ltd [2008] VSCA 247 at [146]–[147]. See Austin note 25 above, p 16. See also Life Insurance Act s 48(4) in respect to the duty of priority imposed on the directors of a life company: discussed at 7.17ff below. APRA, ‘Prudential Practice Guide LPG 260 — Conflicts of Interest under Section 48’, March 2007 at [6]–[7]. See Austin note 25 above, p 16. See Austin note 25 above, p 17. For example, when proposals to transfer capital to shareholder funds are considered: see Austin note 25 above, p 18. For example, whether service fees charged by a related party of the life company are competitive or the related party is performing the services satisfactorily: see Austin note 25 above, pp 18–19. See Austin note 25 above, p 15. See Austin note 25 above, p 13. See also APRA, ‘Prudential Practice Guide LPG 260 — Conflicts of Interest under Section 48’, March 2007 at [4]. See Austin note 25 above, p 13. See Life Insurance Act s 49(1). See Austin note 25 above, p 13. See also James and Vrisakis, note 27 above. Section 230A of the Life Insurance Act provides that a life insurer must comply with prudential standards. See also s 230B of that Act. Section 35 of the Life Insurance Act provides that general insurers must comply with prudential standards. APRA, ‘Prudential Standard CPS 220 — Risk Management’, January 2015 at CPS 22-1. APRA, ‘Prudential Standard GPS 001 — Definitions’ at para 4. See Life Insurance Act s 230B and Insurance Act s 104(1). G Farrant and A Emmerson, ‘Whistleblowing in the Private Sector’ (2013) 17(3) Inhouse Counsel 52.

55. 56. 57. 58. 59. 60.

61. 62.

63.

64. 65. 66. 67.

See Life Insurance Act ss 156A–156E; cf the whistleblower regime under the Corporations Act: see 3.43ff. See Insurance Act ss 38A–38E. See Corporations Act s 1317AA(1)(d). See Life Insurance Act s 156A(2)(c)(ii). See Life Insurance Act s 156A(2)(d); cf Corporations Act s 1317AA(1)(d). Other protections are set out in Life Insurance Act s 156B(2)–(3). Note that s 156B(4) provides that ‘[i]f an individual makes a disclosure of information that qualifies for protection under this Subdivision, the information is not admissible in evidence against the individual in criminal proceedings or in proceedings for the imposition of a penalty, other than proceedings in respect of the falsity of the information’. Recklessly causing someone to fear a threat is also caught by the prohibition: Life Insurance Act s 156C(2)(b)(ii). ‘Threats’ are defined in s 156C(3). See Life Insurance Act s 156C(1)–(2). Section 4AA of the Crimes Act 1914 (Cth) currently provides that one penalty unit means an amount of $180. Commencing 1 July 2018, penalty units will be subject to the triennial indexation regime set out in s 4AA(3) of the Crimes Act. Section 4AA of the Crimes Act 1914 (Cth) currently provides that one penalty unit means an amount of $180. Commencing 1 July 2018, penalty units will be subject to the triennial indexation regime set out in s 4AA(3) of the Crimes Act. See Life Insurance Act s 156E(2). No doubt this is why the carve-outs for communicating with APRA and a member of the Australian Federal Police were included in s 156E(2) of the Life Insurance Act. See Daniels Corporation International Pty Ltd v Australian Competition and Consumer Commission [2002] HCA 49 at [11] per Gleeson CJ, Gaudron, Gummow and Hayne JJ. Daniels Corporation International Pty Ltd v Australian Competition and Consumer Commission [2002] HCA 49 at [11] per Gleeson CJ, Gaudron, Gummow and Hayne JJ.

[page 121]

Chapter 8 Duties of Authorised Deposit-taking Institutions INTRODUCTION 8.1 Authorised deposit-taking institutions (ADIs) are those body corporates that the Australian Prudential Regulation Authority (APRA) has authorised under s 9(3) of the Banking Act 1959 (Cth) (Banking Act) to carry on banking business in Australia.1 In this chapter the term ADI and bank will be used interchangeably. 8.2 The duties of a bank that will be examined in this chapter include: responsible lending duties of a bank;2 implied duties under the Australian Securities and Investments Commission Act 2001 (Cth) (ASIC Act); duties under prudential standards; and duties in respect to whistleblowers.

RESPONSIBLE LENDING DUTIES 8.3 Any entity, such as a bank, needs to hold a credit licence under s35 of the National Consumer Credit Protection Act 2009 (Cth) (Credit Act) in order to engage in particular credit activities.3 The key duties of [page 122] entities that hold credit licences under the Credit Act that this section will examine are those that relate to responsible lending.4 The responsible lending obligations have been summarised in the following manner:5 Responsible lending involves letting a consumer know exactly who they are dealing with and the costs they are likely to incur and not recommending or lending to a consumer under an

“unsuitable” credit contract. In brief, the responsible lending obligations consist of two types of obligations: disclosure obligations; and the obligation to make a “not unsuitable” assessment before providing or assisting with credit.

Disclosure obligations 8.4 Chapter 3 of the Credit Act requires licensees to provide specified documents to consumers at certain stages of the credit process. The documents that need to be provided will depend on the nature of the credit contract and may include:6 a credit guide; a key facts sheet for home loans or credit cards; a quote for providing credit assistance; a credit or lease proposal disclosure document; and a written preliminary assessment or final assessment that a credit contract is ‘not unsuitable’. The issuing of disclosure documents does not, in relative terms, present complex legal issues. The focus of this section will be on the obligation of licensees under the Credit Act7 to evaluate whether a credit contract is unsuitable for the purposes of the Credit Act.

Evaluating whether a credit contract is unsuitable 8.5 The Credit Act imposes obligations on all holders of an Australian credit licence when they engage in particular credit-related activities to [page 123] ensure that credit contracts are not unsuitable.8 In summary, licensees under the Credit Act must not:9 enter into a credit contract with a consumer, suggest a credit contract to a consumer, or assist a consumer to enter into a credit contract

if that credit contract will be ‘unsuitable’ for the consumer. A credit contract will be unsuitable where either: it does not meet the consumer’s requirements and objectives; or the consumer will be unable to meet repayment requirements without ‘substantial hardship’. 8.6 There are two main ‘unsuitability’ regimes under the Credit Act: one that applies to the activities of credit assistance providers (which includes mortgage brokers but can also apply to lenders acting on their own behalf)10 and another that applies to the activities of credit providers (for example, entities that actually provide credit).11 Under the Credit Act:12 A credit assistance provider must make a “preliminary” assessment that a credit contract is “not unsuitable” for a consumer before suggesting a credit contract to that consumer or assisting that consumer to apply for the credit contract. A credit provider must make a “final” assessment that a credit contract is “not unsuitable” for a consumer before entering in a credit contract with that consumer …

As we will see below, the requirement to assess unsuitability is a highly evaluative obligation which requires a credit licensee to have regard to all the circumstances when applying the test. [page 124]

Preliminary assessments of unsuitability 8.7 Under Pt 3-1 of the Credit Act, a credit assistance provider must conduct a preliminary assessment of unsuitability. Section 115(1) of the Credit Act provides as follows: A licensee must not provide credit assistance to a consumer on a day (the assistance day) by: (a) suggesting that the consumer apply, or assisting the consumer to apply, for a particular credit contract with a particular credit provider; or (b) suggesting that the consumer apply, or assisting the consumer to apply, for an increase to the credit limit of a particular credit contract with a particular credit provider; unless the licensee has, within 90 days (or other period prescribed by the regulations) before the assistance day: (c) made a preliminary assessment that: (i) is in accordance with subsection 116(1); and (ii) covers the period proposed for the entering of the contract or the increase of the credit limit; and

(d) made the inquiries and verification in accordance with section 117.

The preliminary assessment obligation must be satisfied prior to any suggestion being made to a consumer to apply for a credit contract or apply for an increase in the credit limit of an existing product. A failure to do so attracts a civil penalty of up to 2,000 penalty units.13 The preliminary assessment of unsuitability must be made in accordance with s 116(1). Certain inquiries and verification must also be undertaken under s 117. Both of these activities must be conducted within 90 days of making a relevant suggestion.14

Inquiries and verification under s 117 8.8 Before making a preliminary assessment under s 115(1)(d), a licensee must make a number of reasonable inquiries.15 Section 117(1) provides as follows: For the purposes of paragraph 115(1)(d) or 115(2)(b), the licensee must, before making the preliminary assessment:

[page 125] (a) make reasonable inquiries about the consumer’s requirements and objectives in relation to the credit contract; and (b) make reasonable inquiries about the consumer’s financial situation; and (c) take reasonable steps to verify the consumer’s financial situation; and (d) make any inquiries prescribed by the regulations about any matter prescribed by the regulations; and (e) take any steps prescribed by the regulations to verify any matter prescribed by the regulations.

Preliminary assessment under s 116(1) 8.9 Section 116(1) provides that: For the purposes of paragraph 115(1)(c), the licensee must make a preliminary assessment that: (a) specifies the period the assessment covers; and (b) assesses whether the credit contract will be unsuitable for the consumer if the contract is entered or the credit limit is increased in that period.

8.10 Section 118(2) provides that:

The contract will be unsuitable for the consumer if, at the time of the preliminary assessment, it is likely that: (a) the consumer will be unable to comply with the consumer’s financial obligations under the contract, or could only comply with substantial hardship; or (b) the contract will not meet the consumer’s requirements or objectives; or (c) if the regulations prescribe circumstances in which a credit contract is unsuitable — those circumstances will apply to the contract; if the contract is entered in the period proposed for it to be entered or the credit limit is increased in the period proposed for it to be increased.

8.11 The two key issues, then, in determining whether a credit contract will be unsuitable are whether: the consumer will be unable to comply with the consumer’s financial obligations under the contract, or could only comply with substantial hardship (that is, the consumer will not have the capacity to repay the loan);16 or [page 126] the contract will not meet the consumer’s requirements or objectives. A licensee should use the information it has collected about the consumer for the purposes of s 117(1) to answer these two principal questions as part of its preliminary assessment.

Final assessments of unsuitability 8.12 A credit provider has an obligation under Div 3, Pt 3-2 to make a final assessment concerning the unsuitability of a potential credit contract. 8.13 The obligation to assess unsuitability is set out in s 128 of the Credit Act. That section provides as follows: A licensee must not: (a) enter a credit contract with a consumer who will be the debtor under the contract; or (aa) make an unconditional representation to a consumer that the licensee considers that the consumer is eligible to enter a credit contract with the licensee; or (b) increase the credit limit of a credit contract with a consumer who is the debtor under the contract; or (ba) make an unconditional representation to a consumer that the licensee considers that the

credit limit of [a] credit contract between the consumer and the licensee will be able to be increased; on a day (the credit day) unless the licensee has, within 90 days (or other period prescribed by the regulations) before the credit day: (c) made an assessment that: (i) is in accordance with section 129; and (ii) covers the period in which the credit day occurs; and (d) made the inquiries and verification in accordance with section 130.

8.14 In summary, a credit provider must not do one of the four things listed in subparas (a), (aa), (b) or (ba) on a specified day (that is, the credit day) unless the credit provider has within 90 days before the credit day made an assessment that complies with s 129 and made inquiries and verification in accordance with s 130. A contravention of the obligations attracts a maximum civil penalty of 2,000 penalty units.17 The nature of [page 127] the assessment and the inquiries that the credit provider must make are in the same terms as those that a credit assistance provider must make.18

Substantial hardship 8.15 A credit contract will be unsuitable if:19 … it is likely that the consumer will be unable to make the repayments or will only be able to make the repayments with substantial hardship. A credit provider or credit assistance provider will assess the consumer’s ability to repay based on the inquiries they have made about the consumer’s financial situation. They should consider the likely maximum amount to be repaid under the credit contract, including all fees, charges and transaction costs. Factors that could be taken into account include: the money the consumer is likely to have remaining after their living expenses have been deducted from their after-tax income; consistency and reliability of the consumer’s income (and the size of the loan relative to their income level); the consumer’s other debt repayment obligations; and other financial obligations (eg, child support).

ASIC guidance re assessing substantial hardship

8.16 In ‘Regulatory Guide 209 — Credit Licensing: Responsible Lending Conduct’, the Australian Securities and Investments Commission (ASIC) states that:20 ‘Substantial hardship’ is not defined in the [National Consumer Credit Protection Act 2009 (Cth)]. We do not propose to give any definitive formulation of what substantial hardship means. The law about the meaning of ‘substantial hardship’ will develop and become clearer as cases come before the courts and judgments are handed down.

Although ASIC states that the meaning of the term ‘substantial hardship’ will become clearer as cases come before the courts, it does observe that:21 Case law and other legislation provide some guidance on the interpretation of ‘hardship’ in different contexts. For example, in the superannuation context, one of the tests for whether a person is in ‘severe financial hardship’ is that ‘the person is unable to meet reasonable and

[page 128] immediate family living expenses’: Superannuation Industry (Supervision) Regulations 1994, reg 6.01(5)(a)(ii).

ASIC does, however, provide guidance about factors that a licensee should consider in making an assessment:22 In determining whether a credit contract or consumer lease is likely to result in substantial hardship for the consumer, we expect you will take into account information obtained about the consumer’s financial situation as part of the ‘reasonable inquiries’ process [adopted by the licensee]. Therefore, in administering the law, we will take the following factors into account when considering whether a transaction is likely to result in substantial hardship: (a) how much of a surplus there is between the money the consumer is likely to have remaining after their ongoing expenses have been deducted from their after-tax income and the proposed additional repayments. This helps indicate how sensitive the consumer is to the effect of an increase in interest rates on their repayment obligations (eg as a result of the end of a ‘honeymoon’ interest rate period) or a requirement to make a balloon payment at the end of a contract; (b) the source of the consumer’s income (including whether all or part of the consumer’s gross income is sourced from payments under the Social Security Act 1991); (c) how consistent and reliable the consumer’s income is (and the size of the payment obligations relative to their income level); (d) whether the consumer’s expenses are likely to be significantly higher than average (eg because they live in a remote area); (e) the consumer’s other debt repayment obligations and similar commitments (eg child support); and (f) whether the consumer is likely to have to sell their assets, such as a car, to meet their payment obligations.

ASIC also observes that benchmarks may also be valuable in assessing questions regarding substantial hardship:23 Benchmarks can be useful tools in the process of determining whether a particular consumer is likely to experience substantial hardship as a result of meeting their financial obligations under a credit contract or consumer lease. Incorporating benchmarks into the assessment process, may provide a credit licensee with an indication of whether a consumer may be exposed to substantial hardship. For example, such benchmarks could indicate whether a consumer’s available income is: (a) below a level where they do not have funds to meet their realistic living costs and those of their dependants;

[page 129] (b) below an amount based on a particular objective indicator (eg the Henderson Poverty Index plus a certain margin); or (c) below the maximum applicable level of government benefits for a person in the financial and family situation of the consumer.

ASIC expresses the view that ‘[g]enerally, consumers should be able to meet a credit contract’s obligation from income rather than equity in an asset. However, there may be circumstances where this is not a reasonable position (eg bridging loans and reverse mortgages)’.24

Remedies 8.17 In addition to the civil penalty provisions discussed above in relation to responsible lending, the Credit Act provides a range of remedies where a person contravenes a civil penalty provision or commits an offence against the Act and a person suffers loss as a result. The remedies include injunctions,25 compensation orders26 and orders to remedy unfair or dishonest conduct by credit service providers.27 Further remedies are available under the National Credit Code (NCC). For example, s 76 of the NCC permits a court to reopen unjust credit contracts:28 The court may, if satisfied on the application of a debtor, mortgagor or guarantor that, in the circumstances relating to the relevant credit contract, mortgage or guarantee at the time it was entered into or changed (whether or not by agreement), the contract, mortgage or guarantee or change was unjust, reopen the transaction that gave rise to the contract, mortgage or guarantee or change.

8.18 It is also important to note that if there is a systemic or significant

failure of a licensee to take reasonable care to ensure compliance with the reasonable lending laws, it could itself constitute a breach of the duty of directors under s 180(1): see 3.19ff.

Case law regarding responsible lending obligations 8.19 Among other things, responsible lending obligations were the subject of the decision in Australian Securities and Investments Commission v The Cash Store Pty Ltd (in liq) [2014] FCA 926. In that case, the proceedings were undefended by a small amount lender, but Davies J did express views regarding the approach to interpreting the content of the obligations that have been discussed above. The defendant [page 130] in the proceedings was both a credit assistance provider and a credit provider. 8.20 As discussed above, s 118(2)(a) provides that a ‘contract will be unsuitable for the consumer if, at the time of the preliminary assessment, it is likely that … the consumer will be unable to comply with the consumer’s financial obligations under the contract, or could only comply with substantial hardship’.29 In respect to the phrase ‘it is likely’ Davies J stated that:30 The expression “it is likely” imports as a matter of ordinary meaning “a real chance or possibility”: Marks v GIO Australia Holdings Limited [1998] HCA 69; (1998) 196 CLR 494 at 505 per McHugh, Hayne and Callinan JJ; Global Sportsman Pty Ltd v Mirror Newspapers Pty Ltd [1984] FCA 180; (1984) 2 FCR 82 at 87.

8.21 Davies J expressed the view that ‘[r]easonable enquiries about the consumer’s requirements and objectives in relation to [a] credit contract must be such enquiries as will be sufficient to enable the [licensee] to make an informed assessment as to whether the credit contract will meet the consumer’s requirements or objectives’.31 His Honour added:32 There are 28 contracts where the “purpose” for which the customer sought the loan was completed on the application form but the information provided was too general to enable the loan officers sufficiently to understand the customer’s requirements and objectives in obtaining the credit and there is nothing else on the file to indicate that … any inquiry at all was made about the customer’s objectives or requirements in relation to the credit contract.

8.22 The descriptions that the court was referring to included: ‘personal/personal needs’, ‘living/living expenses/personal — living expenses’, ‘monthly expenses’, ‘monthly expenses — food’ (when the credit amount was $907.95), ‘to pay bill & live til payday’, ‘bills & other’ (when the credit amount was $894.50), ‘lives in share house/share expenses’, ‘shortfall/cash shortage’, ‘travel’, ‘entertainment’, ‘buy stuff for home’, ‘shopping’, ‘wedding/sister’s wedding’, ‘washing’ (when the loan amount was $251.69) and ‘buy a car’ (when the credit amount was $117). It is clear, that if a loan amount of $117 is sufficient to ‘buy a car’, one is potentially put on notice of a failure in responsible lending process. [page 131] 8.23 Davies J also noted that:33 Assessing whether there is a real chance of a person being able to comply with his or her financial obligations under the contract requires, at the very least, a sufficient understanding of the person’s income and expenditure. It is axiomatic that “reasonable inquiries” about a customer’s financial situation must include inquiries about the customer’s current income and living expenses. The extent to which further information and additional inquiries may be needed in order to assess the consumer’s financial capacity to service and repay the proposed loan and determine loan suitability will be a matter of degree in each particular case.

Davies J also found that the defendant in the proceeding failed to comply with its verification obligations:34 Having reviewed the 151 contracts in question, I agree with ASIC. An examination of the files relating to those contracts showed that there was either nothing on the file to indicate that any steps were taken to seek verification of the customer’s income and/or expenses, or the supporting documentation on the file about the customer’s financial position was patently inadequate as verification. Having reviewed each of the contracts, I am satisfied that [the defendant] in relation to those 151 contracts failed to take reasonable steps to verify the consumer’s financial information in contravention of ss 117(1)(c) and 115(1)(d).

8.24 Interestingly, in the penalty hearing in this case, Australian Securities and Investments Commission v The Cash Store Pty Ltd (in liq) (No 2) [2015] FCA 93, the court took into consideration the statistical likelihood of the identified breaches being more widespread and therefore indicating that a higher penalty ought to be imposed. The number of actual contracts that the court reviewed in the case was 281, straddling two periods being periods relating to contracts entered into by the defendant

and consumers between 1 July 2010 and 6 March 2012 and contracts entered into between 7 March 2012 and 24 September 2012.35 The period was broken into two periods:36 … because on or around 6 March 2012, [the defendant] changed some of its policies and practices in response to a non-binding suggestion from ASIC and made some attempt at corrective action. However … even after

[page 132] the introduction of revised policies and procedures there was continued systemic failure by [the defendant] to comply with its obligations under Part 3 of the Credit Act.

8.25 In admitting the statistical evidence, Davies J made the following observations about the contracts that the defendant, TCS, entered into with consumers:37 ASIC … has submitted that the Court, in setting the penalties, should take into account the statistical likelihood that similar contraventions on the same scale would be found in respect of those other contracts. ASIC led evidence from Professor Ian Gordon of the Statistical Consulting Centre at the University of Melbourne about the statistical likelihood of similar contraventions in respect of those other contracts. In summary, according to Professor Gordon it can be said with 95% confidence that, based on the findings of the Court in relation to the 281 sample contracts: (a) in the first period (288,799 contracts in total entered into): – TCS failed to make reasonable inquiries about a customer’s requirements and objectives in respect of between 229,921 to 271,118 contracts; – TCS failed to make reasonable inquiries about a customer’s financial situation in respect of between 271,737 to 288,720 contracts; – TCS failed to verify a customer’s financial situation in respect of between 204,622 to 254,063 contracts; – TCS failed to make a preliminary assessment in respect of between 279, 546 to 288,799 contracts; – TCS failed to provide the TCS credit guide to the customer in respect of between 63,725 to 71,203 contracts … (b) in the second period (36,958 contracts in total entered into): – TCS failed to make reasonable inquiries about a customer’s requirements and objectives in respect of between 22,300 to 29,273 contracts; – TCS failed to make reasonable inquiries about a customer’s financial situation in respect of between 29,414 to 34,559 contracts; – TCS failed to verify a customer’s financial situation in respect of between 4,780 to 10,993 contracts; – TCS failed to make a preliminary assessment in respect of between 33,217 to 36,543 contracts;

–

TCS failed to provide the TCS credit guide to the customer in respect of between 8,692 to 15,843 contracts …

[page 133] I consider that it is appropriate in setting the penalty to take into account the analysis conducted by Professor Gordon and the statistical likelihood of similar contraventions in respect of all contracts entered into over the period. As stated at [63] of the liability judgment, TCS in its 2012 credit licence annual compliance certificate signed on 30 May 2012 candidly admitted that its arrangements were deficient in various crucial respects. TCS admitted, amongst other things, that it did not have “adequate arrangements and systems in place to ensure that it complied with the conditions of its licence” and the credit legislation, and that it did not have “adequate arrangements and systems in place to maintain the competence to engage in the credit activities authorised by its licence” or “to ensure that its representatives were adequately trained and competent to engage in the credit activities authorised by its license”. It is well apparent that the contravening conduct of TCS … was neither isolated nor confined and that their lending practices disregarded, and fell well short of, the statutory requirements for “responsible lending”. The contraventions were very serious. TCS … were major players in the payday lending industry before their operations ceased, deriving substantial fees and interest through lending to financially vulnerable persons, many of whom were unemployed.

8.26 The use of statistics and expert evidence in this way indicates the approach courts are willing to adopt to penalties in cases where largescale contraventions occur.

IMPLIED DUTIES UNDER THE ASIC ACT 8.27 Section 12ED of the ASIC Act contains an implied warranty in relation to the supply of financial services to consumers. Section 12ED(1) provides as follows: In every contract for the supply of financial services by a person to a consumer in the course of a business, there is an implied warranty that: (a) the services will be rendered with due care and skill; and (b) any materials supplied in connection with those services will be reasonably fit for the purpose for which they are supplied.

Section 12BC(1) provides the definition of what constitutes a consumer: For the purposes of this Division, unless the contrary intention appears, a person is taken to have acquired particular financial services as a consumer if, and only if: (a) the price of the services did not exceed the prescribed amount [being $40,000]; or

if the price of the services exceeded the prescribed amount — the services were of a kind (b) ordinarily acquired for personal, domestic or household use or consumption; or

[page 134] (c) if the services were acquired for use or consumption in connection with a small business (see subsection (2)) and the price of the services exceeded the prescribed amount — the services were of a kind ordinarily acquired for business use or consumption.

8.28 The warranty implied by operation of the ASIC Act was considered in Selig v Wealthsure Pty Ltd [2013] FCA 348,38 a case concerning financial planning advice provided by the defendants. The plaintiffs, Mr and Mrs Selig, invested in Neovest Limited (Neovest) on the advice of the second defendant, David Bertram, who was an authorised representative of the first respondent, Wealthsure Pty Ltd (Wealthsure). Wealthsure was the holder of an Australian Financial Services Licence. The scheme proposed in the prospectus issued by Neovest was in effect a Ponzi scheme. Neovest became insolvent and the plaintiffs lost their investment and suffered other loss. 8.29 In that case Lander J was of the view that the defendants were providing a financial service as required by s 12ED(1)39 and that the plaintiffs were consumers for the purposes of s 12ED:40 The plaintiffs were consumers because Mr Bertram’s and Wealthsure’s commissions were less than $40,000.

8.30 Lander J then went on to state that:41 In my opinion, the effect of s 12ED(1) was to imply into the contract between Mr and Mrs Selig and Mr Bertram and Wealthsure, a warranty that Mr Bertram and Wealthsure would render their services with due care and skill. Even without the statutory warranty an implied term of reasonable care will arise by law in a contract for professional services: Astley v Austrust Ltd (1999) 197 CLR 1 (“Astley v Austrust”). In that decision, the plurality, Gleeson CJ, McHugh, Gummow and Hayne JJ, said at [47]: The implied term of reasonable care in a contract of professional services arises by operation of law. It is one of those terms that the law attaches as an incident of contracts of that class. It is part of the consideration that the promisor pays in return for the express or implied agreement of the promise to pay for the services of the person giving the promise. Unlike the duty of care arising under the law of tort, the promise in contract always gives consideration for the implied term. And it is a term that the parties can, and often do, bargain away or limit as they choose.

(Footnotes omitted)

[page 135] 8.31 In the event, Lander J held that:42 In my opinion, Mr Bertram and Wealthsure breached … the implied term. They did not recommend an investment that was suitable for the plaintiffs’ needs, objectives and circumstances, and they did not give proper consideration to those needs, objectives and circumstances. Although the product was on Wealthsure’s [Approved Product List], it had not been carefully researched and approved by a team of research experts. It had only been researched by Mr Norton and Norton Capital, which was not “a team of research experts” and the research was not carried out with reasonable care or, indeed, any care. It had not been researched at all by Wealthsure. The first and second defendants also breached the implied term, because they failed to exercise the care and skill required of an ordinarily competent financial adviser. Wealthsure failed to carry out an appropriate inquiry into the Neovest prospectus and the Neovest offering, and relied upon the inadequate inquiry carried out by Mr Norton and Norton Capital. Mr Bertram failed to carry out any inquiry at all in relation to the financial product. Mr Bertram also gave inappropriate advice to Mr and Mrs Selig. He also gave advice inconsistent with the instructions given to him by Wealthsure itself …

8.32 A breach of the implied warranty under s 12ED(1) sounds in contractual damages.43

DUTIES UNDER PRUDENTIAL STANDARDS 8.33 Directors of an ADI have broad duties under prudential standards in relation to risk management. ‘Prudential Standard CPS 220 — Risk Management’ (CPS 220) sets out the obligations a board of an ADI has in relation to risk management.44 CPS 220 explains the rationale for having effective risk management in place in the following terms:45 This Prudential Standard requires an APRA-regulated institution to have systems for identifying, measuring, evaluating, monitoring, reporting, and controlling or mitigating material risks that may affect its ability, or the ability of the group it heads, to meet its obligations to depositors and/

[page 136]

or policyholders. These systems, together with the structures, policies, processes and people supporting them, comprise an institution’s risk management framework.

Content of the duty 8.34 Paragraph 13 of CPS 220 imposes the following duties on the board of directors: The Board of an APRA-regulated institution is ultimately responsible for the institution’s risk management framework and is responsible for the oversight of its operation by management. In particular, the Board must ensure that: (a) it sets the risk appetite within which it expects management to operate and approves the institution’s risk appetite statement and risk management strategy (RMS); (b) it forms a view of the risk culture in the institution, and the extent to which that culture supports the ability of the institution to operate consistently within its risk appetite, identifies any desirable changes to the risk culture and ensures the institution takes steps to address those changes; (c) senior management monitor and manage all material risks consistent with the strategic objectives, risk appetite statement and policies approved by the Board; (d) the operational structure of the institution facilitates effective risk management; (e) policies and processes are developed for risk-taking that are consistent with the RMS and the established risk appetite; (f) sufficient resources are dedicated to risk management; and (g) it recognises uncertainties, limitations and assumptions attached to the measurement of each material risk.

8.35 The word ‘ensure’ as used in the prefatory words of para 13 of CPS 220 are not to be construed as requiring the board to guarantee a particular outcome. In this context, the word ‘ensure’ is defined as follows:46 ‘Ensure’ when used in relation to a responsibility of the board, means to take all reasonable steps and make all reasonable enquiries as are appropriate for a board so that the board can determine, to the best of its knowledge, that the stated matter has been properly addressed.

[page 137] 8.36 From 1 July 2017 the duties imposed on directors of an ADI in connection with risk management will be recast. From that date, para 9 of ‘Prudential Standard CPS 220 — Risk Management’ will provide that: The Board of an APRA-regulated institution is ultimately responsible for the institution’s risk management framework and is responsible for the oversight of its operation by management. In particular, the Board must ensure that:

(a) it sets the risk appetite within which it expects management to operate and approves the institution’s risk appetite statement and risk management strategy (RMS); (b) it forms a view of the risk culture in the institution, and the extent to which that culture supports the ability of the institution to operate consistently within its risk appetite, identify any desirable changes to the risk culture and ensures the institution takes steps to address those changes; (c) senior management of the institution monitor and manage all material risks consistent with the strategic objectives, risk appetite statement and policies approved by the Board; (d) the operational structure of the institution facilitates effective risk management; (e) policies and processes are developed for risk-taking that are consistent with the RMS and the established risk appetite; (f) sufficient resources are dedicated to risk management; and (g) it recognises uncertainties, limitations and assumptions attached to the measurement of each material risk.

Liability and remedies 8.37 If directors breach their obligations under the prudential standard, APRA may issue a direction to remedy that failure47 or the directors may be exposed to ASIC bringing a civil action against them for a breach of their duty of care under s 180(1) of the Corporations Act 2001 (Cth) (Corporations Act) seeking compensation or disqualification orders: see further 3.49.

DUTIES IN RESPECT TO WHISTLEBLOWERS 8.38 In light of the effect misconduct can have on the value of funds managed by an ADI either directly (or indirectly due to the impact on its reputation), ‘whistleblower policies should be a key area of consideration [page 138] for any company’.48 The Banking Act provides its own whistleblower regime for ADIs.49 Needless to say, directors of an ADI need to ensure that the entity maintains compliance policies in respect to a whistleblower regime, including by virtue of its risk management system discussed above.

The whistleblower regime under the Banking Act

8.39 Section 52A of the Banking Act provides as follows: (1) This section applies to a disclosure of information made by a person (the discloser) who is, in relation to a body corporate that is an ADI, an authorised [NOHC — nonoperating holding company] or a subsidiary of an ADI or authorised NOHC, any of the following: (a) an officer of the body corporate; (b) an employee of the body corporate; (c) a person who has a contract for the supply of services or goods to the body corporate; (d) an employee of a person who has a contract for the supply of services or goods to the body corporate. (2) The disclosure of the information by the discloser qualifies for protection under this Division if: (a) the disclosure is made to any of the following: (i) APRA; (ii) an auditor, or a member of an audit team conducting an audit, of the body corporate or a related body corporate; (iii) a director or senior manager of the body corporate or a related body corporate; (iv) a person authorised by the body corporate to receive disclosures of the kind made; and (b) the discloser informs the person to whom the disclosure is made of the discloser’s name before making the disclosure; and (c) both: (i) the information concerns misconduct, or an improper state of affairs or circumstances, in relation to the body corporate; and (ii) the discloser considers that the information may assist a person referred to in paragraph (a) to perform the person’s functions or duties in relation to the body corporate or a related body corporate; and (d) the discloser makes the disclosure in good faith.

[page 139] 8.40 Section 52A(3) defines the term ‘related body corporate’ for the purposes of s 52A.50 The term ‘officer’ used in the section has the same meaning it has in the Corporations Act. Note that the requirement in s 52A(2)(c) is that the information that the discloser reveals must concern ‘misconduct, or an improper state of affairs or circumstances, in relation to the body’. The information that qualifies under this section is much wider in scope than the whistleblower regime in the Corporations Act. That

whistleblower regime is engaged where:51 … the discloser has reasonable grounds to suspect that the information indicates that: (i) the company has, or may have, contravened a provision of the Corporations legislation; or (ii) an officer or employee of the company has, or may have, contravened a provision of the Corporations legislation …

Under the Banking Act, the discloser need only ‘consider’ that the information may assist: APRA, an auditor, or a member of an audit team conducting an audit, of the body corporate or a related body corporate, a director or senior manager of the body corporate or a related body corporate, or a person authorised by the body corporate to receive disclosures of the kind made to perform the person’s functions or duties in relation to the body corporate or a related body corporate.52 However, like the Corporations Act, a disclosure made under s 52A must be made in good faith.53 [page 140] 8.41 No civil or criminal liability If a person makes a disclosure under s 52A, s 52B(1) provides that:54 If a person makes a disclosure that qualifies for protection under this Division: (a) the person is not subject to any civil or criminal liability for making the disclosure; and (b) no contractual or other remedy may be enforced, and no contractual or other right may be exercised, against the person on the basis of the disclosure.

8.42 No victimisation Section 52C(1) makes it an offence to cause detriment to a whistleblower in certain circumstances. Threatening to cause detriment to another person is also an offence if that conduct is motivated by the fact that a person has made or may make a disclosure under the Act.55 These offences carry a maximum penalty of 25 penalty units or imprisonment for six months or both.56

8.43 Compensation Section 52D of the Act provides that a person may recover damages arising from a contravention of the whistleblower regime. 8.44 Confidentiality obligations Section 52E imposes strict confidentiality obligations in respect to disclosures made under the whistleblower regime. Subject to other requirements set out in s 52E, any person who communicates the information initially disclosed by the whistleblower or reveals the whistleblower’s identity (or reveals information that would be likely to lead to the identification of the whistleblower) is liable to a maximum penalty of 25 penalty units.57 The only express exceptions that apply are if the relevant information is communicated to APRA, a [page 141] member of the Australian Federal Police or a person with the consent of the whistleblower.58 8.45 It is arguable that s 52E may prevent a person to whom a whistleblower discloses information from communicating that information or the identity of the whistleblower to a lawyer even though the very circumstances may logically indicate that such a course of action would be extremely prudent, for example, where it would be prudent to obtain legal advice in relation to the matters raised by the whistleblower.59 The High Court in Daniels Corporation International Pty Ltd v Australian Competition and Consumer Commission [2002] HCA 49 noted that legal professional privilege is a rule of substantive law and an important common law immunity.60 Impliedly, it follows that the right to communicate with a lawyer also has those characteristics. The court also noted that ‘statutory provisions are not to be construed as abrogating important common law rights, privileges and immunities in the absence of clear words or a necessary implication to that effect’.61 While the position is not certain, one view is that Parliament, having turned its mind in drafting s 52E(2) to the issue of to whom confidential information could be communicated, left no room for the implication of a right to communicate to a lawyer. An alternative view is that in the context of the whistleblower regime there is a necessary implication that issues relating to

the whistleblower’s disclosure can and should be communicated to a lawyer in order to obtain advice as to the nature of the disclosures (including what steps need to be taken to address the relevant issues). A further view is that the lawyer may be an agent of the life company and therefore there is no disclosure to another person in that context.

CONCLUSION 8.46 This chapter reviewed a number of open-ended conduct obligations that are imposed on ADIs or directors of ADIs. The discussion of these obligations has sought to identify the content of the relevant obligations and highlight issues that attend the interpretation and application of the laws in this context.

1. 2. 3.

4.

5. 6. 7. 8.

9. 10. 11.

See Banking Act s 5 for the definition of ‘banking business’. Note that not only banks provide credit. The duties requirement of credit providers discussed in this section applies to all credit providers. Including as a credit provider (ss 5 and 6 of the Credit Act) and as an entity that provides credit assistance (s 8 of the Credit Act). Note that the responsible lending obligations vary slightly depending on whether the particular licensee is a credit provider or credit assistance provider and whether the licensee is providing or suggesting a loan or is providing or suggesting a consumer lease. Note also that responsible lending obligations are also imposed on providers of margin lending facilities under the Corporations Act 2001 (Cth): see s 985G. Those obligations mirror key responsible lending obligations set out in the Credit Act and National Credit Code. LexisNexis, Australian Consumer Credit Law, online, at [3.040]. For further details, see note 5 above at [3.045]. References to the Credit Act include a reference to the National Credit Code (NCC) which forms Sch 1 to the Credit Act. See further note 5 above at [3.035]. The NCC applies to ‘the provision of credit (and to the credit contract and related matters) if when the credit contract is entered into or (in the case of precontractual obligations) is proposed to be entered into: (a) the debtor is a natural person or a strata corporation; and (b) the credit is provided or intended to be provided wholly or predominantly: (i) for personal, domestic or household purposes; or (ii) to purchase, renovate or improve residential property for investment purposes; or (iii) to refinance credit that has been provided wholly or predominantly to purchase, renovate or improve residential property for investment purposes; and (c) a charge is or may be made for providing the credit; and (d) the credit provider provides the credit in the course of a business of providing credit carried on in this jurisdiction or as part of or incidentally to any other business of the credit provider carried on in this jurisdiction’: see NCC ss 4 and 5. See note 5 above at [3.005]. See Credit Act Pt 3-1 Licensees that provide credit assistance in relation to credit contracts. See Credit Act Pt 3-2 Licensees that are credit providers under credit contracts: general rules.

12. 13.

14. 15.

16.

17.

18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40.

See note 5 above at [3.080]. One penalty unit currently means an amount of $180: s 4AA of the Crimes Act 1914 (Cth). Commencing 1 July 2018, penalty units will be subject to the triennial indexation regime set out in s 4AA(3) of the Crimes Act. Similar obligations apply in relation to suggestions to remain in a particular credit contract: see Credit Act s 115(2). A failure to make reasonable inquiries attracts a civil penalty of up to 2,000 penalty units. One penalty unit currently means an amount of $180: s 4AA of the Crimes Act 1914 (Cth). Commencing 1 July 2018, penalty units will be subject to the triennial indexation regime set out in s 4AA(3) of the Crimes Act. For the purposes of s 118(2)(a), it is presumed that, if the consumer could only comply with the consumer’s financial obligations under the contract by selling the consumer’s principal place of residence, the consumer could only comply with those obligations with substantial hardship, unless the contrary is proved: Credit Act s 118(3). See Credit Act s 128 and definition of penalty unit in s 5. One penalty unit currently means an amount of $180: s 4AA of the Crimes Act 1914 (Cth). Commencing 1 July 2018, penalty units will be subject to the triennial indexation regime set out in s 4AA(3) of the Crimes Act. See generally Credit Act ss 128–131; cf ss 115–118. See note 5 above at [3.080]. ASIC, RG 209.97. Note to ASIC, RG 209.97. ASIC, RG 209.99. ASIC, RG 209.104. ASIC, RG 209.107. See Credit Act s 177. See Credit Act s 178. See Credit Act s 180A. Compare courts’ power in respect to unjust contracts under Contracts Review Act 1980 (NSW): see 13.26 below. See also Credit Act s 131(2)(a). Australian Securities and Investments Commission v The Cash Store Pty Ltd (in liq) [2014] FCA 926 at [23]. Australian Securities and Investments Commission v The Cash Store Pty Ltd (in liq) [2014] FCA 926 at [28]. Australian Securities and Investments Commission v The Cash Store Pty Ltd (in liq) [2014] FCA 926 at [36]. Australian Securities and Investments Commission v The Cash Store Pty Ltd (in liq) [2014] FCA 926 at [42]. Australian Securities and Investments Commission v The Cash Store Pty Ltd (in liq) [2014] FCA 926 at [47]–[48]. Australian Securities and Investments Commission v The Cash Store Pty Ltd (in liq) (No 2) [2015] FCA 93 at [7]. Australian Securities and Investments Commission v The Cash Store Pty Ltd (in liq) (No 2) [2015] FCA 93 at [8]. Australian Securities and Investments Commission v The Cash Store Pty Ltd (in liq) (No 2) [2015] FCA 93 at [9]–[10]. There were appeals to the Full Federal Court and the High Court on other matters: see Wealthsure Pty Ltd v Selig (2014) 221 FCR 1 and Selig v Wealthsure Pty Ltd [2015] HCA 18. Selig v Wealthsure Pty Ltd [2013] FCA 348 at [863]. Selig v Wealthsure Pty Ltd [2013] FCA 348 at [866].

41. 42. 43. 44. 45. 46. 47. 48. 49. 50.

51. 52. 53. 54.

55. 56.

57.

58. 59. 60. 61.

Selig v Wealthsure Pty Ltd [2013] FCA 348 at [867]–[868]. Selig v Wealthsure Pty Ltd [2013] FCA 348 at [874]–[879]. Selig v Wealthsure Pty Ltd [2013] FCA 348 at [881]. APRA may issue a direction if a prudential standard is not complied with: Banking Act s 11CA. APRA, ‘Prudential Standard CPS 220 — Risk Management’, January 2015, CPS 220-1. ‘Prudential Standard GPS 001 — Definitions’, para 4. APRA may issue a direction if a prudential standard is not complied with: Banking Act s 11CA. G Farrant and A Emmerson, ‘Whistleblowing in the Private Sector’ (2013) 17(3) Inhouse Counsel 52. See Banking Act ss 52A–52E; cf the whistleblower regime under the Corporations Act: see 3.43ff. Banking Act s 52A(3) provides as follows: ‘For the purposes of this section, a body corporate is a related body corporate of another body corporate if: (a) in the case of an ADI — the other body corporate is the authorised NOHC of the ADI or a subsidiary of the ADI or authorised NOHC; or (b) in the case of an authorised NOHC of an ADI — the other body corporate is the ADI or a subsidiary of the ADI or authorised NOHC; or (c) in the case of a subsidiary of an ADI or authorised NOHC — the other body corporate is the ADI, the authorised NOHC or another subsidiary of the ADI or authorised NOHC.’ See Corporations Act s 1317AA(1)(d). See Banking Act s 52A(2)(c)(ii). See Banking Act s 52A(2)(d); cf Corporations Act s 1317AA(1)(d). Other protections are set out in Banking Act s 52B(2)–(3). Note that s 52B(4) provides that ‘[i]f an individual makes a disclosure of information that qualifies for protection under this Division, the information is not admissible in evidence against the individual in criminal proceedings or in proceedings for the imposition of a penalty, other than proceedings in respect of the falsity of the information’. Recklessly causing someone to fear a threat is also caught by the prohibition: Banking Act s 52C(2)(b)(ii). The word ‘threats’ is defined in s 52C(3). See Banking Act s 52C(1)–(2). Section 4AA of the Crimes Act 1914 (Cth) currently provides that one penalty unit means an amount of $180. Commencing 1 July 2018, penalty units will be subject to the triennial indexation regime set out in s 4AA(3) of the Crimes Act. Section 4AA of the Crimes Act 1914 (Cth) currently provides that one penalty unit means an amount of $180. Commencing 1 July 2018, penalty units will be subject to the triennial indexation regime set out in s 4AA(3) of the Crimes Act. See Banking Act s 52E(2). No doubt this is why the carve-outs for communicating with APRA and a member of the Australian Federal Police were included in s 52E(2) of the Banking Act. See Daniels Corporation International Pty Ltd v Australian Competition and Consumer Commission [2002] HCA 49 at [11] per Gleeson CJ, Gaudron, Gummow and Hayne JJ. Daniels Corporation International Pty Ltd v Australian Competition and Consumer Commission [2002] HCA 49 at [11] per Gleeson CJ, Gaudron, Gummow and Hayne JJ.

[page 143]

Chapter 9 Duties of Entities that Provide Advice INTRODUCTION 9.1 This chapter will discuss the conduct or open-ended duties that are imposed on entities that provide advice to retail clients. For present purposes, there are two types of guidance that a licensee can provide to a consumer or client. They are the provision of: general advice; and personal advice. Both these kinds of guidance are forms of ‘financial product advice’ for the purposes of the Corporations Act 2001 (Cth) (Corporations Act) and are subject to significant regulation under that Act. They will be the focus of this chapter. 9.2 The chapter will close with a discussion about the fiduciary obligations of advisers at general law.

FINANCIAL PRODUCT ADVICE 9.3 The Australian Financial Services Licence regime under the Corporations Act applies to persons conducting a financial services business.1 A financial service is defined by s 766A as:2 providing financial product advice (s 766B); [page 144] dealing in a financial product or making a market for a financial product (ss 766C–766D); operating a registered scheme (s 766D); providing a custodial or depository service (s 766E); or

otherwise engaging in conduct of a kind prescribed by regulations. For present purposes, it is the first concept which is relevant, providing financial product advice. Both the concept of general advice and personal advice fall within the scope of that term. Section 766B(1) of the Act defines ‘financial product advice’. That section provides as follows: For the purposes of [Chapter 7 of the Act], financial product advice means a recommendation or a statement of opinion, or a report of either of those things, that: (a) is intended to influence a person or persons in making a decision in relation to a particular financial product or class of financial products, or an interest in a particular financial product or class of financial products; or (b) could reasonably be regarded as being intended to have such an influence.

9.4 Whether an opinion or recommendation is intended to influence or could reasonably be regarded as being intended to influence:3 … will be a question of fact, depending on matters such as whether the author of the opinion will benefit from the decision, for example, by receiving a [benefit] for the purchase of a financial product; whether the author is remunerated by the consumer for the opinion or recommendation; whether the author has made representations to the consumer which would make it reasonable for a person in the consumer’s position to rely on the opinion or recommendation or is required by law to act in the consumer’s interest or has undertaken to do so; and whether the author’s reputation is likely to influence the consumer in making the decision.

9.5 The definition contained in s 766B turns on:4 … the question of whether an opinion or recommendation is intended to influence a decision in relation to a particular financial product or class of financial products or an interest in a particular financial product or class of financial products, or could reasonably be regarded as having been intended to have such an influence, which is a question of fact.

[page 145]

Case law 9.6 All of the following have been held to be financial product advice: an internet site which provided information concerning US-listed companies amounted to providing financial product advice and not merely presenting or arranging information as the site generated recommendations as to the acquisition, holding and sale of categories of securities based on criteria nominated by clients:

Australian Securities and Investments Commission v Online Investors Advantage Inc [2005] QSC 324; a party provided financial product advice by recommending variations to existing superannuation arrangements and the establishment of self-managed superannuation funds: Australian Securities and Investments Commission v PFS Business Development Group Pty Ltd [2006] VSC 192; provision of a trading methodology: Australian Securities and Investments Commission v Oxford Investments (Tas) Pty Ltd [2008] FCA 980; provision of information in a manner that indicated that trading using ‘trading indicators’ made available by the platform (such as market trend, strength and volatility information) is likely to be profitable: Australian Securities and Investments Commission v Stone Assets Management Pty Ltd [2012] FCA 630; recommendation to set up self-managed superannuation funds to subsequently undertake trading on foreign exchange contracts: Australian Securities and Investments Commission v Monarch FX Group Pty Ltd [2014] FCA 1387; recommendations concerning superannuation: Australian Securities and Investments Commission v Activesuper Pty Ltd (in liq) [2015] FCA 342; and promotion of the purchase of properties through self-managed superannuation funds: Australian Securities and Investments Commission v Park Trent Properties Group Pty Ltd (No 3) [2015] NSWSC 1527. 9.7 In Australian Securities and Investments Commission v Park Trent Properties Group Pty Ltd (No 3) [2015] NSWSC 1527 at [366] Sackville AJA was of the view that s 766B should be given a broad interpretation: The authorities have accepted that the statutory language should be given a broad interpretation. Specifically, they support the proposition that a person may provide information or present material in a way that

[page 146]

implicitly makes a recommendation or states an opinion in relation to a financial product.

Sackville AJA also reinforced the approach to correctly interpreting the requirements set out in s 766B:5 There are two principal reasons why [the defendant’s] submission must be rejected. First, the question posed by the relevant provisions of the Corporations Act, in particular s 766B(1), is whether the business conducted by Park Trent included making recommendations or stating opinions that were intended to influence decisions in relation to financial products or could reasonably be regarded as so intended. The question is not whether the clients were actually influenced to make particular decisions. Even if there was no evidence that the presentations at Seminars or at run meetings actually influenced clients to set up SMSFs in order to purchase investment properties, the evidence nonetheless establishes that Park Trent’s business throughout the Relevant Period incorporated as an essential component making recommendations or stating opinions in relation to financial products.

Finally, his Honour also emphasised that it is not necessary that a financial product exist at the time that a recommendation or opinion is provided if there is evidence that the recommendation or opinion is intended to encourage the creation of the product:6 Section 766B(1) of the Corporations Act is directed to conduct intended to influence a person to make decisions on the future. As ASIC pointed out, it would make little sense to confine s 766B(1) to a financial product which the relevant person had acquired before receiving a recommendation to acquire the product. This conclusion is reinforced by the definition of “financial product” in s 764A(1), which includes products such as contracts of insurance which could not be in existence at the time recommendations are made to take out insurance coverage. The submission is also contrary to the authorities to which I have referred. Each would have been decided differently if the submission is correct.

Regulatory guidance 9.8 In ‘Regulatory Guide 36 Licensing: Financial product advice and dealing’ (RG 36) ASIC expresses the view that:7 Communications that consist only of factual information (ie objectively ascertainable information whose truth or accuracy cannot be reasonably questioned) will generally not involve the expression of an opinion or

[page 147] a recommendation and will not, therefore, constitute financial product advice. Note: For example, factual information will generally include information about the rights and obligations of persons under relevant legislation (such as the Superannuation Guarantee (Administration) Act 1992).

ASIC goes on to provide a caveat to this statement:8 However, in some circumstances, a communication that consists only of factual information may amount to financial product advice. Where factual information is presented in a manner that may reasonably be regarded as suggesting or implying a recommendation to buy, sell or hold a particular financial product or class of financial products, the communication may constitute financial product advice (eg where the features of two financial products are described in such a manner as to suggest that one compares more favourably than the other).

9.9 In line with the statements of Sackville AJA in Australian Securities and Investments Commission v Park Trent Properties Group Pty Ltd (No 3) [2015] NSWSC 1527, ASIC provides an example of the potential breadth of the definition in s 766B:9 A specific issue that arises is the meaning in s 766B(1) of ‘decision in relation to a particular financial product or class of financial products, or an interest in a particular financial product or class of financial products’. This expression includes any decision to buy, sell or hold a particular financial product or class of financial products. Examples include a decision to: (a) exercise a right or option to acquire or dispose of a financial product; (b) acquire an equitable interest in a financial product; or (c) accept or reject a takeover offer.

Financial products 9.10 It is clear from the foregoing that in order for a recommendation or an opinion to constitute financial product advice, the recommendation or opinion needs to influence a person in making a decision about a particular financial product or a class of financial products. Section 763A provides a general definition of a financial product, with s 764A setting out a list of specific inclusions and s 765A setting out a list of specific exclusions. A product that is specifically excluded by s 765A is a credit facility (see s 765A(1)(h)(i)) although advice relating to credit contracts would be caught by the responsible lending provisions discussed in Chapter 8: see 8.3ff. [page 148]

Who provides financial product advice? 9.11 In RG 36 ASIC notes that:10 The licensing provisions apply to persons who ‘provide’ financial product advice. The person who provides the advice will generally include the author(s) of the advice as well as the

principal for whom they act. It also includes any other person who endorses the advice, or any person who causes or authorises the provision of the advice: see s 52 [of the Corporations Act].

Exemptions 9.12 A number of matters are expressly excluded from the scope of financial product advice. ASIC sets out the circumstances when financial product advice is not being provided:11 You are not providing financial product advice when: (a) you provide an exempt document or statement (s 766B(1A)). The expression ‘exempt document or statement’ is defined in reg 7.1.08; Note 1: We have given relief from the requirement to hold an AFS licence for the issue of certain documents that contain general advice (eg documents prepared for the purposes of the Corporations Act): see ASIC Corporations (Financial Product Advice — Exempt Documents) Instrument 2016/356 and [CO 03/911] Licensing relief for self-dealers who provide general product advice about own securities. Note 2: A recommendation or statement of opinion made by an ‘outside expert’ (defined in s 766B(9)(b)), or a report of such a recommendation or statement of opinion, that is included in an exempt document or statement is financial product advice. Under the law, the advice is provided by the outside expert and not the issuer of the exempt document: see also reg 7.6.01(1)(u). (b) you provide certain kinds of business, structural and risk-related advice in the circumstances set out in reg 7.1.29(3); Note: These services are an ‘exempt service’ within the meaning of reg 7.1.29(1). (c) you are registered as an auditor under Pt 9.2 and perform any of the functions of a cover pool monitor mentioned in s 30(4) of the Banking Act 1959 (reg 7.1.29(3A)); (d) the conduct is the provision of advice about the taxation implications of a financial product in the circumstances set out in reg 7.1.29(4); Note: This is an ‘exempt service’ within the meaning of reg 7.1.29(1).

[page 149] (e) you provide advice about the establishment, operation, structuring or valuation of a superannuation fund (other than advice for inclusion in an exempt document or statement) in the circumstances set out in reg 7.1.29(5); Note 1: This is an ‘exempt service’ within the meaning of reg 7.1.29(1). Note 2: The requirement in reg 7.1.29(5)(c)(ii) (that the advice does not include a recommendation that a person acquire or dispose of a superannuation product) does not apply to a recommendation by a recognised accountant in relation to a self-managed superannuation fund: see reg 7.1.29A. The term ‘recognised accountant’ is defined in reg 7.1.29A(2).

(f) (g) (h)

(i) (j)

(k)

(l)

(m) (n)

(o)

your conduct consists only of passing on, publishing, distributing or otherwise disseminating a document that contains financial product advice in the circumstances described in reg 7.1.31. This may include a publisher or internet portal operator; your conduct occurs in the course of work of a kind ordinarily done by clerks and cashiers (s 766A(3) and RG 36.35); your conduct consists only of advising another person about the manner in which voting rights attaching to securities or interests in managed investment schemes may or should be exercised in the circumstances set out in reg 7.1.30; you provide advice to another person that relates only to the structuring of remuneration packages for that other person’s employees (reg 7.1.32); your conduct consists only of providing a recommendation or statement of opinion in the course of, and as a necessary or incidental part of, the handling or settlement of claims or potential claims for an insurance product (reg 7.1.33(1)); your conduct consists only of providing a recommendation or statement of opinion about the allocation of the funds among the general asset types listed in reg 7.1.33A. This exemption does not apply if the recommendation or statement of opinion relates to specific financial products or specific classes of financial product; you prepare general advice, as a product issuer, about your own product(s), but only where a third party licensee gives the advice to its recipients (reg 7.1.33B). In this situation the licensee will be taken to be the provider of the financial product advice; you provide advice about the existence of a custodial or depository service in the circumstances set out in reg 7.1.33E; you provide general advice intended to influence a decision on school banking and you are employed by a school or provide the service on behalf of a school in the circumstances set out in reg 7.1.33F; you provide general advice that is not about a particular financial product and is not intended to influence a person in making a decision

[page 150] about a particular financial product or an interest in a particular financial product (or could not reasonably be regarded as being intended to have such an influence), and you or your associate does not receive any remuneration, commission or other benefit for the advice (reg 7.1.33G); or (p) you provide general advice, as a product issuer, about your own products in circumstances where you are not licensed to provide financial product advice and, at the time of giving the advice, advise the client that you are not licensed, recommend that the client obtain and read a copy of the Product Disclosure Statement (PDS) or Short-Form PDS for the product before making a decision about the product and notify the client about any cooling-off period (reg 7.1.33H). Note 1: Apart from the circumstances set out in RG 36.34, you will not be providing financial product advice if the communication in question falls within an exemption listed in RG 36.32. Even if you are providing financial product advice, you may not need an AFS licence or authorisation, depending on the circumstances: see Section E, especially

RG 36.60. Note 2: The list of circumstances in RG 36.34 that do not amount to financial product advice under the Corporations Act is not exhaustive. In determining whether or not your conduct constitutes financial product advice you should look at the Corporations Act, relevant regulations and ASIC instruments, as well as other ASIC publications. ASIC instruments and other ASIC publications are available at www.asic.gov.au. Note 3: Certain products are subject to specific disclosure regimes. Superannuation products, simple managed investment schemes and margin lending facilities are subject to a shorter PDS regime. For more information on the shorter PDS regime that applies to these products, see Information Sheet 133 Shorter PDS regime: Superannuation, managed investment schemes and margin lending (INFO 133). A modified disclosure regime also applies to general insurance products: see Pt 7.9 of the Corporations Regulations.

9.13 Note also that s 766B(5) (legal advice), s 766B(6) (advice on costs) and s 766B(7) (certain cost or rate of return information) provide additional exclusions from the definition of financial product advice.

DUTIES CONCERNING THE GIVING OF GENERAL ADVICE 9.14 Section 766B of the Corporations Act distinguishes between general and personal advice. Section 766B(4) provides that general [page 151] advice is financial product advice that is not personal advice. Section 766B(3) provides that personal advice is financial product advice that: … is given or directed to a person (including by electronic means) in circumstances where: (a) the provider of the advice has considered one or more of the person’s objectives, financial situation and needs (otherwise than for the purposes of compliance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 or with regulations, or AML/CTF Rules, under that Act); or (b) a reasonable person might expect the provider to have considered one or more of those matters.

The key distinction then between general advice and personal advice is that personal advice involves the provision of a relevant recommendation or opinion in circumstances where: the provider of the advice has actually considered one or more of the person’s objectives, financial situation and needs; or

a reasonable person might expect the provider to have considered one or more of those matters. Financial product advice will only be ‘general advice’ if both of these tests are answered in the negative.

General advice obligations 9.15 The duties imposed on a party that is licensed to provide general advice are set out in s 949A of the Corporations Act. That section provides as follows: (1) This section applies in relation to the provision of general advice if: (a) the advice is provided: (i) by a financial services licensee (the providing entity); or (ii) by an authorised representative (the providing entity) of a financial services licensee, or of 2 or more financial services licensees; and (b) the advice is provided to a person (the client) as a retail client; and (c) the advice is not provided in circumstances specified in regulations made for the purposes of this paragraph. (2) The providing entity must, in accordance with subsection (3), warn the client that: (a) the advice has been prepared without taking account of the client’s objectives, financial situation or needs; and

[page 152] (b) because of that, the client should, before acting on the advice, consider the appropriateness of the advice, having regard to the client’s objectives, financial situation and needs; and (c) if the advice relates to the acquisition, or possible acquisition, of a particular financial product — the client should: (i) if the product is not a CGS depository interest — obtain a Product Disclosure Statement (see Division 2 of Part 7.9) relating to the product and consider the Statement before making any decision about whether to acquire the product; or (ii) if the product is a CGS depository interest — obtain each information statement (see Division 5C of Part 7.9) for the class of CGS depository interests that includes the product and consider the statement before making any decision about whether to acquire the product.

9.16 ASIC notes in ‘Regulatory Guide 244 Giving information, general advice and scaled advice’ (RG 244) that a licensee does not need to follow

the exact wording in s 949A(2) to give a general advice warning: s 949A(3). You can use your own words. What is required is that clients are warned about the items listed in RG 244.38, and that the warning is given to clients at the same time and by the same means as the advice is provided: s 949A(3). 9.17 A failure to comply with the warning obligation in s 949A(2) is an offence.12 The maximum penalty is 100 penalty units and/or two years imprisonment.13 Under s 949A(5) a licensee must take reasonable steps to ensure that an authorised representative of the licensee complies with s 949A(2). A failure to do so is also an offence which attracts a maximum penalty of 200 penalty units or imprisonment for five years.14 9.18 On balance, the distinction between general advice and purely factual information is in many cases going to be a fine one, especially [page 153] where a provider makes a reference to a financial product during the course of engaging with customers. Accordingly, providers need to ensure they have robust systems in place to comply with the law. An equally fine line will often separate general advice from personal advice. The obligations of providers of personal advice will be covered in the next section.

DUTIES CONCERNING THE GIVING OF PERSONAL ADVICE 9.19 As discussed above, s 766B(3) of the Corporations Act provides that personal advice involves the provision of a relevant recommendation or opinion in circumstances where: the provider of the advice has actually considered one or more of the person’s objectives, financial situation and needs; or a reasonable person might expect the provider to have considered one or more of those matters. 9.20 If a party provides personal advice to retail clients, they must

comply with a range of obligations. As a general matter, a provider must give the client a statement of advice: s 946A. Other key obligations include a duty: to act in the best interests of a client: s 961B; to provide the client with appropriate advice: s 961G; to warn the client if the advice is based on incomplete or inaccurate information: s 961H; and to prioritise the client’s interests where those interests conflict with the provider’s own interests, or those of one of their related parties: s 961J.

Duty to act in the best interests of a client 9.21 Section 961B(1) of the Act provides that a provider of personal advice to a retail client ‘must act in the best interests of the client in relation to the advice’.15 As we saw in relation to other ‘best interests’ duties in earlier chapters,16 a statutory formulation of this type is inclined to import the general law of what constitutes the duty to act in the best interests of another. A duty to act in the best interests of another is not [page 154] a peculiarly fiduciary duty, although it clearly has equitable roots.17 The duty requires one to make a reasonable attempt to pursue the best interests of the principal, but it does not require the best outcome. It is process focused, not outcome focused, and whether the duty has been discharged is to be assessed objectively on an ex ante basis.18 9.22 There is no reason to doubt that a similar set of requirements is imported into s 961B(1). However, s 961B(2) goes further and actually describes a process, which if followed by a provider, will deem the provider as discharging its obligation under s 961B(1). Section 961B(2) provides as follows: The provider satisfies the duty in subsection (1), if the provider proves that the provider has done each of the following: (a) identified the objectives, financial situation and needs of the client that were disclosed to

(b)

(c)

(d) (e)

(f) (g)

the provider by the client through instructions; identified: (i) the subject matter of the advice that has been sought by the client (whether explicitly or implicitly); and (ii) the objectives, financial situation and needs of the client that would reasonably be considered as relevant to advice sought on that subject matter (the client’s relevant circumstances); where it was reasonably apparent that information relating to the client’s relevant circumstances was incomplete or inaccurate, made reasonable inquiries to obtain complete and accurate information; assessed whether the provider has the expertise required to provide the client advice on the subject matter sought and, if not, declined to provide the advice; if, in considering the subject matter of the advice sought, it would be reasonable to consider recommending a financial product: (i) conducted a reasonable investigation into the financial products that might achieve those of the objectives and meet those of the needs of the client that would reasonably be considered as relevant to advice on that subject matter; and (ii) assessed the information gathered in the investigation; based all judgements in advising the client on the client’s relevant circumstances; taken any other step that, at the time the advice is provided, would reasonably be regarded as being in the best interests of the client, given the client’s relevant circumstances.

[page 155] Note: The matters that must be proved under subsection (2) relate to the subject matter of the advice sought by the client and the circumstances of the client relevant to that subject matter (the client’s relevant circumstances). That subject matter and the client’s relevant circumstances may be broad or narrow, and so the subsection anticipates that a client may seek scaled advice and that the inquiries made by the provider will be tailored to the advice sought.

9.23 Section 961B(2) is commonly referred to as a safe harbor provision. A truncated version of the safe harbor concept applies in relation to certain advice provided by agents of authorised deposit-taking institutions19 and where advice relates to general insurance products.20 In should be noted that despite s 961B(2) providing a statutory safe harbour defence, the Act does not prevent a party from providing compliance with the best interests duty set out in s 961B(1) in other ways. For the purposes of s 961B(2)(c), s 961C provides that ‘[s]omething is reasonably apparent if it would be apparent to a person with a reasonable level of expertise in the subject matter of the advice that has been sought by the client, were that person

exercising care and objectively assessing the information given to the provider by the client’. 9.24 For the purposes of s 961B(2)(e)(i), s 961D provides that: (1) A reasonable investigation into the financial products that might achieve those of the objectives and meet those of the needs of the client that would reasonably be considered relevant to advice on the subject matter sought by the client does not require an investigation into every financial product available. (2) However, if the client requests the provider to consider a specified financial product, a reasonable investigation into the financial products that might achieve those of the objectives and meet those of the needs of the client that would reasonably be considered relevant to advice on the subject matter sought by the client includes an investigation into that financial product.

9.25 For the purposes of s 961B(2)(g) (and also s 961B(1)), s 961E provides that ‘[i]t would reasonably be regarded as in the best interests of the client to take a step, if a person with a reasonable level of expertise in the subject matter of the advice that has been sought by the client, exercising care and objectively assessing the client’s relevant circumstances, would regard it as in the best interests of the client, given the client’s relevant circumstances, to take that step’. [page 156]

Duty to provide the client with appropriate advice 9.26 In addition to the best interests duty set out in s 961B, a provider must also satisfy the obligation in s 961G. That section provides that: The provider must only provide the advice to the client if it would be reasonable to conclude that the advice is appropriate to the client, had the provider satisfied the duty under section 961B to act in the best interests of the client.

9.27 The word ‘appropriate’ would have its plain and ordinary meaning of ‘suitable’ or ‘proper’. This provision does not add much in the scheme of things. It is rather circular. The best interests duty as formulated by the statute is in effect one that requires a provider to take reasonable steps in providing advice to a client. It seems unlikely that after taking all reasonable steps, a provider would then not be in a position to conclude that the advice was appropriate. The requirement to provide ‘appropriate’ advice is a requirement that

carries over from the now repealed s 945A(1)(c) of the Corporations Act. That provision cast an obligation on an entity providing advice to a client to ensure that the advice was appropriate to the client: after the adviser determined the relevant personal circumstances of the client (repealed s 945A(1)(a)); and having regard to information obtained from the client in relation to those personal circumstances, the providing entity has given such consideration to, and conducted such investigation of, the subject matter of the advice as reasonable in all of the circumstances (repealed s 945A(1)(b)). The requirement to provide ‘appropriate’ advice was the subject of Edelman J’s decision in Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023. That case involved a business model whereby a financial services firm (Storm Financial Ltd) provided ‘one size fits all’ recommendations to investors, including recommendations about double gearing and investing in growth (that is, higher risk) index funds. The relevant directors were Mr and Mrs Cassimatis. While the business model was not inherently flawed (that is, the advice that was provided may have been suitable for some investors) it would also be provided to persons who were retired, or approaching retirement, and who were especially vulnerable to losses.21 Edeleman J found that the advice provided by Storm Financial was not appropriate for all clients to which it was provided. In particular, the ‘one size fits all’ advice would not have [page 157] been appropriate for ‘persons who were retired or close to retirement’.22 There is no doubt the same decision would have followed if s 961G were applied to the facts rather than the now repealed s 945A(1)(c).

Duty to warn the client if the advice is based on incomplete or inaccurate information 9.28 If it is reasonably apparent that information relating to the

objectives, financial situation and needs of the client on which the advice is based is incomplete or inaccurate, the provider must provide a warning to the client in the form set out in s 961H.

Duty of priority 9.29 Section 961J provides a statutory duty of priority. Such duties were discussed in detail in previous chapters.23 Essentially, such duties are a watered down version of the no conflict duty at general law.24 The terms of the duty are expressed in the following way in s 961J(1): If the provider knows, or reasonably ought to know, that there is a conflict between the interests of the client and the interests of: (a) the provider; or (b) an associate of the provider; or (c) a financial services licensee of whom the provider is a representative; or (d) an associate of a financial services licensee of whom the provider is a representative; or (e) an authorised representative who has authorised the provider, under subsection 916B(3), to provide a specified financial service or financial services on behalf of a financial services licensee; or (f) an associate of an authorised representative who has authorised the provider, under subsection 916B(3), to provide a specified financial service or financial services on behalf of a financial services licensee; the provider must give priority to the client’s interests when giving the advice.

9.30 Section 961J(2)–(3) provides limited carve-outs to this duty or priority. [page 158] 9.31 Unlike under a fiduciary duty to avoid conflicts, the duty of priority: will only apply to conflicts between interests of the parties mentioned in the section. It may not apply to conflicts between interests and duties; will only apply to actual conflicts and not potential conflicts; and does not specify whether the priority to be given is a weak one or a strong one.

Liability and remedies 9.32 A financial services licensee contravenes s 961K if the licensee contravenes s 961B, s 961G, s 961H or s 961J. Section 961K is a civil penalty provision. Section 961K(2) extends liability to the acts of employed representatives and is also a civil penalty provision. Section 961Q is a civil penalty provision relating to failures of authorised representatives to comply with duties under ss 961B, 961G, 961H and 961J. 9.33 Section 961L provides that ‘[a] financial services licensee must take reasonable steps to ensure that representatives of the licensee comply with sections 961B, 961G, 961H and 961J’. A failure to do so results in a breach of the civil penalty provision. Section 961M provides that a civil action is available to recover loss. Section 961N confers powers on the court to make other orders, including an order declaring a contract void or ordering the return of moneys paid.

Case analysis 9.34 ASIC only recently commenced civil penalty proceedings in the Federal Court alleging a breach of the best interests duty under s 961B(1). ASIC’s media release of June 2016 states:25 This is the first civil penalty action ASIC has taken against a licensee alleging breaches of the best interests duty and is seeking declarations of breaches and financial penalties. … ASIC alleges that: NSG [Services Pty Ltd] failed to take reasonable steps to ensure that its advisers complied with the best interests obligation when providing advice to clients; and as a result, on numerous occasions, NSG advisers did not act in the best interests of their clients. In addition, ASIC complains of the following conduct:

[page 159] NSG has not provided appropriate training to its advisers to ensure clients receive advice in their best interests. Instead, ASIC contends that NSG has trained its advisers that it is almost always in a client’s best interest to take out some form of life risk insurance, regardless of a client’s financial situation; NSG’s written policies relating to legal and regulatory compliance and risk management have been inadequate, and in any event, not followed or enforced;

since 1 July 2013, on eight specific occasions, and because of advice provided by NSG advisers, clients were sold insurance and/or advised to rollover superannuation accounts that committed them to costly, unsuitable, and unnecessary financial arrangements; and regular and or substantive performance reviews of advisers have not been conducted, and disciplinary action against advisers who do not act in compliance with their obligations under the Corporations Act has not been taken.

9.35 If these allegations are proven in court, especially if the allegation of the ‘one size fits all’ approach to advice is made out, it would seem that the court would find that a breach of s 961B(1) and potentially other provisions has occurred. 9.36 A case decided under the law before the current law commenced on 1 July 2013 that involved ‘one size fits all’ advice was Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023. That case involved a business model whereby a financial services firm (Storm Financial Ltd) provided ‘one size fits all’ recommendations to investors, including recommendations about double gearing and investing in growth (that is, higher risk) index funds. The relevant directors were Mr and Mrs Cassimatis. While the business model was not inherently flawed (that is, the advice that was provided may have been suitable for some investors), it would also be provided to persons who were retired, or approaching retirement, and who were particularly vulnerable to losses.26 9.37 In the following passage Edelman J outlined why the business model breached s 945A (the relevant obligation prior to the best interests duty commencing on 1 July 2013) of the Corporations Act:27 [page 160] Mr and Mrs Cassimatis should have been reasonably aware that the application of the Storm model would be likely to (and did) cause contraventions of s 945A(1)(b) and s 945A(1)(c). The contraventions of s 945A(1)(b) occurred because Storm did not give such consideration to the subject matter of the advice and did not conduct such investigation of the subject matter of the advice as was reasonable in the circumstances. The contraventions of s 945A(1) (c) occurred because Storm provided financial advice which was not appropriate to the investors having regard to the consideration and investigation of the subject matter of the advice that ought to have been undertaken. Those contraventions were not merely likely to occur. They were contraventions which could have (and did have) devastating consequences for many investors …

Further, Edelman J observed that ‘the contraventions of s 945A(1)(b)

and s 945A(1)(c) were sufficiently serious departures from reasonable standards of performance of advice’.28 9.38 There is no doubt if that case were to be decided under the provisions discussed above, including s 961B(1), the Storm business model would be found to breach the law. 9.39 A further case, decided under the previous regime, which would most likely be found to breach the new laws, is Selig v Wealthsure Pty Ltd [2013] FCA 348.29 9.40 That case concerned financial planning advice provided by the defendants. The plaintiffs, Mr and Mrs Selig, invested in Neovest Ltd (Neovest) on the advice of the second defendant, David Bertram, who was an authorised representative of the first respondent, Wealthsure Pty Ltd (Wealthsure). Wealthsure was the holder of an Australian Financial Services Licence. The scheme proposed in the prospectus issued by Neovest was in effect a Ponzi scheme. Neovest became insolvent and the plaintiffs lost their investment and suffered other loss. 9.41 In that case Lander J was of the view that the defendants were providing a financial service, namely financial product advice. In the event, his Honour held that Mr Bertram and Wealthsure breached their duties to the clients:30 [page 161] They did not recommend an investment that was suitable for the plaintiffs’ needs, objectives and circumstances, and they did not give proper consideration to those needs, objectives and circumstances. Although the product was on Wealthsure’s [Appoved Product List], it had not been carefully researched and approved by a team of research experts. It had only been researched by Mr Norton and Norton Capital, which was not “a team of research experts” and the research was not carried out with reasonable care or, indeed, any care. It had not been researched at all by Wealthsure. The first and second defendants … failed to exercise the care and skill required of an ordinarily competent financial adviser. Wealthsure failed to carry out an appropriate inquiry into the Neovest prospectus and the Neovest offering, and relied upon the inadequate inquiry carried out by Mr Norton and Norton Capital. Mr Bertram failed to carry out any inquiry at all in relation to the financial product. Mr Bertram also gave inappropriate advice to Mr and Mrs Selig. He also gave advice

inconsistent with the instructions given to him by Wealthsure itself …

9.42 These findings provide a compelling case that the decision would have been no different under the laws that commenced on 1 July 2013.

FIDUCIARY DUTIES OF ADVISERS 9.43 Section 960B of the Corporations Act provides that ‘[t]he obligations imposed on a person under this Part are in addition to any other obligations to which the person is subject under this Act or any other law’. This means that it is possible to have parallel duties in statute and potentially the general law imposed on a provider of advice. There have been a number of cases that have imposed a fiduciary duty on advisers. If this were the case, all the attendant duties that were discussed in Chapter 2 as being imposed on a fiduciary would sit alongside the duties set out in the statute. 9.44 In Daly v Sydney Stock Exchange Ltd [1986] HCA 25 at [7]–[8] Brennan J was of the view that: Whenever a stockbroker or other person who holds himself out as having expertise in advising on investments is approached for advice on investments and undertakes to give it, in giving that advice the adviser stands in a fiduciary relationship to the person whom he advises. The adviser cannot assume a position where his self-interest might conflict with the honest and impartial giving of advice: see In re a Solicitor; Ex parte Incorporated Law Society (1894) 1 QB 254, at p 256; Armstrong v Jackson [[1917] 2 KB 822], at pp 824–825.

[page 162] The duty of an investment adviser who is approached by a client for advice and undertakes to give it, and who proposes to offer the client an investment in which the adviser has a financial interest, is a heavy one. His duty is to furnish the client with all the relevant knowledge which the adviser possesses, concealing nothing that might reasonably be regarded as relevant to the making of the investment decision including the identity of the buyer or seller of the investment when that identity is relevant, to give the best advice which the adviser could give if he did not have but a third party did have a financial interest in the investment to be offered, to reveal fully the adviser’s financial interest, and to obtain for the client the best terms which the client would obtain from a third party if the adviser were to exercise due diligence on behalf of his client in such a transaction. Such a duty has been established by authority: see Haywood v Roadknight [1927] Vic Law Rp 74; (1927) VLR 512 and the cases therein referred to at p 521, especially Gibson v Jeyes (1801) 6 Ves Jun 266, at pp 271, 278 [1801] Eng R 379; (31 ER 1044, at pp 1046–1047, 1050) and McPherson v Watt (1877) 3 App Cas 254, at p 266.

9.45 In Wingecarribee Shire Council v Lehman Brothers Australia Ltd (in liq) [2012] FCA 1028 an investment adviser was held to be a fiduciary in relation to its client. In that case, Grange Securities Ltd (which was owned by Lehman Brothers Australia Ltd) sold local councils high-risk products that were completely ill-matched to the conservative risk profiles of those clients. The clients sought products that had a high level of capital security and liquidity. The products sold to them by Grange had a real risk of a total loss of capital and suffered from low liquidity (that is, not being able to be readily sold in a market). 9.46 After examining the nature of the relationship between the parties, Rares J found that Grange assumed the role of a fiduciary:31 Grange acted as a financial adviser to each Council. It portrayed itself to them as having that role. By doing so, Grange voluntarily assumed the well established obligations such a person owes to its clients to the extent that it did not exclude those obligations contractually. That relationship attracted the above fiduciary obligations that, in the absence of contractual or other modifications, for over two centuries have overlaid contractual dealings between fiduciary agents in well recognised categories, such as financial advisers, stockbrokers, real estate agents and, of course, solicitors, and their clients … In Commonwealth Bank of Australia v Smith [1991] FCA 375; (1991) 42 FCR 390 at 391 Davies, Sheppard and Gummow JJ said that where a bank gives a customer advice upon financial affairs, then in addition to any contractual rights the customer may have, the

[page 163] relationship between the parties may be such as to found either, or both, a common law duty of care and a fiduciary duty. They observed that in many cases the bank, as financier, has a manifest interest of its own in the matter. In such cases, the Court must ascertain whether the bank will have assumed fiduciary obligations towards the customer in the context of its own apparent commercial self-interest in the transaction. Their Honours then said at 42 FCR at 391: A bank may be expected to act in its own interests in ensuring the security of its position as lender to its customer, but it may have created in the customer the expectation that nevertheless it will advise in the customer’s interests as to the wisdom of a proposed investment. This may be the case where the customer may fairly take it that to a significant extent his interest is consistent with that of the bank in financing the customer for a prudent business venture. In such a way the bank may become a fiduciary and occupy the position of what Brennan J has called ‘an investment adviser’ (Daly [1986] HCA 25; (1986) 160 CLR 371 at 384–385). (emphasis added)

9.47 In this case, Rares J found that Grange had preyed on its clients:32

The nature and risks of a SCDO [synthetic collateralised debt obligation] are concepts that are beyond the grasp of most people. Indeed, after the benefit of expert reports, concurrent expert evidence and the addresses of counsel, I am not sure that I understand fully how SCDOs work or their risks. Nonetheless, Grange portrayed itself as an expert in these investments. Most certainly, none of the seven Council officers who gave evidence had any expertise in these financial products. And, Grange knew and preyed on that lack of expertise and the trust the Councils placed in its expert advice …

9.48 As a consequence, the court held that as a fiduciary Grange was subject to two duties: the no conflict rule and the no profit rule.33 As a fiduciary, Grange was compelled to disclose the size of its profits, which were substantial,34 and obtain the fully informed consent of its clients in order to make and retain those profits. Rares J held that Grange did not obtain the fully informed consent of the clients and therefore breached its fiduciary duty:35 [page 164] I am of opinion that Grange’s revelation of its being the counterparty in, and on occasion, the possibility that it might earn unspecified fees or profits from, trading with its clients did not amount to a sufficient disclosure from which it can be inferred that any of the Councils gave its fully informed consent to Grange obtaining such a benefit. Once Grange came to occupy a fiduciary position in relation to each Council, it had the onus of proving that it had obtained the Council’s fully informed consent to its obtaining any benefit from, or acting when it had an actual, or potential conflict in, that relationship. A client in the position of the Councils would be likely to approach consideration of Grange’s advice and recommendations much more cautiously, if it realised that Grange stood to gain very large underwriting fees or other profits, sometimes totalling over $1 million, from the sale of each new issue of SCDOs. Of course, this very consideration is irrelevant to the questions of whether Grange breached its fiduciary obligations and, if so, what remedy should be given against it. In [Furs Ltd v Tomkies (1936) 54 CLR 583] at 592–593, Rich, Dixon and Evatt JJ said: If, when it is his duty to safeguard and further the interests of the company, he uses the occasion as a means of profit to himself, he raises an opposition between the duty he has undertaken and his own self interest, beyond which it is neither wise nor practicable for the law to look for a criterion of liability. The consequences of such a conflict are not discoverable. Both justice and policy are against their investigation. With reference to a transaction arising out of another relation of confidence, Lord Eldon said: “The general interests of justice” require “it to be destroyed in every instance; as no Court is equal to the examination and ascertainment of the truth in much the greater number of cases” (Ex parte James [1803] EngR 536; (1803) 8 Ves 337, at p 345; [1803] EngR 536; 32 ER 385, at p 388). His language has been applied to, and illustrated by, the case of a fiduciary agent making undisclosed profits (Panama and South Pacific Telegraph Co v India Rubber Gutta Percha and Telegraph

Works Co (1875) LR 10 Ch 515 at pp 523, 527). (emphasis added)

9.49 Rares J also rejected an argument that disclaimers used in pitch documents and contract notes were effective to negative a fiduciary duty:36 The disclaimers would have operated to protect Grange from liability to a third party if the slides or emails had come to the attention of that party in circumstances where Grange had not provided them in the course of giving financial advice to that party. It would be commercially absurd for a financial adviser to tell its client not to act on its recommendation or advice and to get financial advice from someone else. The disclaimer has to

[page 165] be read, so far as it may have had any contractual or other operation in the relationship between Grange and Swan or Parkes or Wingecarribee, to avoid it making commercial nonsense or working commercial inconvenience: Zhu v Treasurer of the State of New South Wales [2004] HCA 56; (2004) 218 CLR 530 at 558–559 [81]–[82] per Gleeson CJ, Gummow, Kirby, Callinan and Heydon JJ. One thing is certain. Grange did not draw the disclaimers to the attention of any of the Councils. Nor did it tell any of them that it was not acting as the Council’s financial adviser. Importantly, Grange never suggested that it might be in a position of conflict, as the Council’s financial adviser for the transaction it was proposing and that the Council should obtain independent financial advice about what Grange was proposing, so that Grange could be released from any fiduciary obligation it owed.

9.50 A breach of a fiduciary duty entitles a plaintiff to the remedies discussed in 2.25. 9.51 The findings in Wingecarribee Shire Council v Lehman Brothers Australia Ltd (in liq) [2012] FCA 1028 demonstrate the important role that fiduciary principles have in the context of financial advice. Advisers must be mindful of these concepts and ensure care is taken in discharging the duties where they arise.

OTHER DUTIES OF ADVICE PROVIDERS 9.52 In addition to the obligations set out above, providers of advice will be subject to an implied statutory duty of care as well as other duties of care and skill. These duties were considered in Selig v Wealthsure Pty Ltd [2013] FCA 348, a case which will be examined below. 9.53 Section 12ED of the ASIC Act contains an implied warranty in relation to the supply of financial services to consumers. Section 12ED(1) provides as follows:

In every contract for the supply of financial services by a person to a consumer in the course of a business, there is an implied warranty that: (a) the services will be rendered with due care and skill; and (b) any materials supplied in connection with those services will be reasonably fit for the purpose for which they are supplied.

Section 12BC(1) sets out the definition of what constitutes a consumer: For the purposes of this Division, unless the contrary intention appears, a person is taken to have acquired particular financial services as a consumer if, and only if: (a) the price of the services did not exceed the prescribed amount [being $40,000]; or

[page 166] (b) if the price of the services exceeded the prescribed amount — the services were of a kind ordinarily acquired for personal, domestic or household use or consumption; or (c) if the services were acquired for use or consumption in connection with a small business (see subsection (2)) and the price of the services exceeded the prescribed amount — the services were of a kind ordinarily acquired for business use or consumption.

9.54 The duty implied by operation of the ASIC Act was considered in Selig v Wealthsure Pty Ltd [2013] FCA 348.37 The case concerned financial planning advice provided by the defendants. The plaintiffs, Mr and Mrs Selig, invested in Neovest Ltd (Neovest) on the advice of the second defendant, David Bertram, who was an authorised representative of the first respondent, Wealthsure Pty Ltd (Wealthsure). Wealthsure was the holder of an Australian Financial Services Licence. The scheme proposed in the prospectus issued by Neovest was in effect a Ponzi scheme. Neovest became insolvent and the plaintiffs lost their investment and suffered other loss. 9.55 In that case Lander J was of the view that the defendants were providing a financial service as required by s 12ED(1)38 and that the plaintiffs were consumers for the purposes of s 12ED:39 The plaintiffs were consumers because Mr Bertram’s and Wealthsure’s commissions were less than $40,000.

9.56 Lander J then went on to state that:40 In my opinion, the effect of s 12ED(1) was to imply into the contract between Mr and Mrs Selig and Mr Bertram and Wealthsure, a warranty that Mr Bertram and Wealthsure would render their services with due care and skill.

Even without the statutory warranty an implied term of reasonable care will arise by law in a contract for professional services: Astley v Austrust Ltd (1999) 197 CLR 1 … In that decision, the plurality, Gleeson CJ, McHugh, Gummow and Hayne JJ, said at [47]: The implied term of reasonable care in a contract of professional services arises by operation of law. It is one of those terms that the law attaches as an incident of contracts of that class. It is part of the consideration that the promisor pays in return for the express or

[page 167] implied agreement of the [promisee] to pay for the services of the person giving the promise. Unlike the duty of care arising under the law of tort, the [promisee] in contract always gives consideration for the implied term. And it is a term that the parties can, and often do, bargain away or limit as they choose. (Footnotes omitted)

9.57 In the event, Lander J held that:41 In my opinion, Mr Bertram and Wealthsure breached … the implied term. They did not recommend an investment that was suitable for the plaintiffs’ needs, objectives and circumstances, and they did not give proper consideration to those needs, objectives and circumstances. Although the product was on Wealthsure’s [Approved Product List], it had not been carefully researched and approved by a team of research experts. It had only been researched by Mr Norton and Norton Capital, which was not “a team of research experts” and the research was not carried out with reasonable care or, indeed, any care. It had not been researched at all by Wealthsure. The first and second defendants also breached the implied term, because they failed to exercise the care and skill required of an ordinarily competent financial adviser. Wealthsure failed to carry out an appropriate inquiry into the Neovest prospectus and the Neovest offering, and relied upon the inadequate inquiry carried out by Mr Norton and Norton Capital. Mr Bertram failed to carry out any inquiry at all in relation to the financial product. Mr Bertram also gave inappropriate advice to Mr and Mrs Selig. He also gave advice inconsistent with the instructions given to him by Wealthsure itself …

9.58 A breach of the implied duty under s 12ED(1) as well as a duty implied by fact or law sounds in contractual damages.42

CONCLUSION 9.59 This chapter examined a range of duties that govern the conduct of entities providing financial product advice. The discussion in this chapter

demonstrated that the obligations imposed on entities providing general and, in particular, personal advice by both statute and the general law are onerous ones, obligations that entities must take particular care in discharging.

1.

2.

3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13.

14.

15.

16. 17. 18. 19. 20. 21.

Corporations Act s 911A(1) provides that a person carrying on a financial services business in Australia must hold an Australian Financial Services Licence covering the provision of the applicable financial services. Some exceptions apply. See for example s 911A(2) and Corporations Regulation 7.6.01(1). Note that a person will not provide a ‘financial service’ where his or her conduct is done in the course of work of a kind ordinarily done by clerks or cashiers: Corporations Act s 766A(3). This exception applies to purely administrative or mechanical functions which do not involve the exercise of any independent judgment and which are provided in relation to a licensee’s business. LexisNexis, Australian Corporation Law Principles & Practice, online, at [7.1.0075]. See note 3 above at [7.1.0075]. Australian Securities and Investments Commission v Park Trent Properties Group Pty Ltd (No 3) [2015] NSWSC 1527 at [399]. Australian Securities and Investments Commission v Park Trent Properties Group Pty Ltd (No 3) [2015] NSWSC 1527 at [412]. ASIC, RG 36.23. ASIC, RG 36.24. ASIC, RG 36.27. ASIC, RG 36.33. ASIC, RG 36.34. There is a limited defence in Corporations Act s 949A(4). See Corporations Act s 1311(1) and Sch 3. Section 4AA of the Crimes Act 1914 (Cth) currently provides that one penalty unit means an amount of $180. Commencing 1 July 2018, penalty units will be subject to the triennial indexation regime set out in s 4AA(3) of the Crimes Act. See Corporations Act s 1311(1) and Sch 3. Section 4AA of the Crimes Act 1914 (Cth) currently provides that one penalty unit means an amount of $180. Commencing 1 July 2018, penalty units will be subject to the triennial indexation regime set out in s 4AA(3) of the Crimes Act. Section 949B provides that the Corporations Regulations may set out further obligations in relation to disclosure requirements: see for example reg 7.9.07CA. See also definitions in Corporations Act s 961. This provision came into force and effect from 1 July 2013. For further information about compliance in this context see H Ling, ‘Chapter 8: Compliance and Best Practice’ in Australian Master Financial Planning Guide 2016/17, 19th ed, Wolters Kluwer, Sydney, 2016. See for example 4.16 and 5.11. See 2.2ff and 2.13ff. See 2.15–2.17. See Corporations Act s 961B(3). See also s 961F for the definition of ‘basic banking product’. See Corporations Act s 961B(4). Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023 at [32].

22. 23. 24. 25. 26. 27. 28.

29.

30. 31. 32. 33. 34.

35. 36. 37. 38. 39. 40. 41. 42.

Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023 at [620]. See 4.18, 5.12 and 7.10. See for example 7.12. ASIC, ‘ASIC takes first action against licensee for alleged breaches of “best interests duty”’, media release, 8 June 2016 (viewed 17 October 2016). Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023 at [32]. Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023 at [22]–[23]. Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023 at [672]–[673]. At [674] Edelman J also referred with approval to the decision in Australian Securities and Investments Commission v Camelot Derivatives Pty Ltd (in liq) [2012] FCA 414. There were appeals to the Full Federal Court and the High Court on matters that would not disturb this logic: see Wealthsure Pty Ltd v Selig (2014) 221 FCR 1 and Selig v Wealthsure Pty Ltd [2015] HCA 18. Selig v Wealthsure Pty Ltd [2013] FCA 348 at [874]–[879]. Wingecarribee Shire Council v Lehman Brothers Australia Ltd (in liq) [2012] FCA 1028 at [733]. Wingecarribee Shire Council v Lehman Brothers Australia Ltd (in liq) [2012] FCA 1028 at [410]. See Wingecarribee Shire Council v Lehman Brothers Australia Ltd (in liq) [2012] FCA 1028 at [932]. Both of these duties are discussed in Chapter 2. In the 11-month period to 31 May 2006, Grange earned $15.7 million in fees from selling synthetic collateralised debt obligations (SCDOs) and approximately $3.35 million in profits on secondary trading: Wingecarribee Shire Council v Lehman Brothers Australia Ltd (in liq) [2012] FCA 1028 at [305]. Wingecarribee Shire Council v Lehman Brothers Australia Ltd (in liq) [2012] FCA 1028 at [937]; see also at [745]–[746]. Wingecarribee Shire Council v Lehman Brothers Australia Ltd (in liq) [2012] FCA 1028 at [727]. There were appeals to the Full Federal Court and the High Court on other matters: see Wealthsure Pty Ltd v Selig (2014) 221 FCR 1 and Selig v Wealthsure Pty Ltd [2015] HCA 18. Selig v Wealthsure Pty Ltd [2013] FCA 348 at [863]. Selig v Wealthsure Pty Ltd [2013] FCA 348 at [866]. Selig v Wealthsure Pty Ltd [2013] FCA 348 at [867]–[868]. Selig v Wealthsure Pty Ltd [2013] FCA 348 at [874]–[879]. Selig v Wealthsure Pty Ltd [2013] FCA 348 at [881].

[page 169]

Chapter 10 Duties of Australian Financial Services Licensees INTRODUCTION 10.1 In addition to the open-ended conduct-related duties that have been discussed in earlier chapters, any entity which is issued an Australian Financial Services Licence by the Australian Securities and Investments Commission (ASIC) is also, by virtue of that licence, required to comply with a range of other obligations. 10.2 This chapter will review the general duties set out in s 912A(1) of the Corporations Act 2001 (Cth) (Corporations Act). In particular, the focus will be on the duty to ‘do all things necessary to ensure that the financial services covered by the licence are provided efficiently, honestly and fairly’1 and the duty to ‘have in place adequate arrangements for the management of conflicts of interest that may arise wholly, or partially, in relation to activities undertaken by the licensee or a representative of the licensee in the provision of financial services as part of the financial services business of the licensee or the representative’.2 [page 170]

DUTY TO ACT PROVIDED EFFICIENTLY, HONESTLY AND FAIRLY 10.3 Section 912A(1)(a) of the Corporations Act provides that: A financial services licensee must … do all things necessary to ensure that the financial services covered by the licence are provided efficiently, honestly and fairly …

Compendious duty

10.4 The duty has been the subject of a number of decisions. In Story v National Companies and Securities Commission (1988) 13 NSWLR 661 Young J was of the view that the obligation constituted a compendious term. That case involved issues relating to the revocation of a licence for not acting ‘efficiently, honestly and fairly’. His Honour made the following observations in relation to the expression:3 Thus I turn to the phrase “efficiently, honestly and fairly”. In one sense it is impossible to carry out all three tasks concurrently. To illustrate, a police officer may very well be most efficient in control of crime if he just shot every suspected criminal on sight. It would save a lot of time in arresting, preparing for trial, trying and convicting the offender. However, that would hardly be fair. Likewise a judge could get through his list most efficiently by finding for the plaintiff or the defendant as a matter of course, or declining to listen to counsel, but again that would hardly be the most fair way to proceed. Considerations of this nature incline my mind to think that the group of words “efficiently, honestly and fairly” must be read as a compendious indication meaning a person who goes about their duties efficiently having regard to the dictates of honesty and fairness, honestly having regard to the dictates of efficiency and fairness, and fairly having regard to the dictates of efficiency and honesty.

Accordingly, under the Story analysis, one is required to read the three obligations together in a compendious manner. However, his Honour did not think it ultimately mattered if one read the terms conjunctively or disjunctively:4 To take the contrary view, as the defendant Commission did is to read “and” as “or”. That proposition, of course, runs contrary to Blackburn J’s

[page 171] famous dictum that “the proposition that ‘and’ can sometimes mean ‘or’ is true neither in law nor in English usage”: Re Licensing Ordinance (1968) 13 FLR 143 at 147. There are, of course, cases where in a statute one does construe “and” as “or”, but I cannot see how, in the instant case, those exceptions apply as there is no absurdity or unintelligibility in reading “and” as “and”, or giving the word some dispersive effect. However, in the long run it does not seem to me to much matter whether one reads the words cumulatively or disjunctively, because unless a licence holder possesses the three attributes whether as one package or as three separate parcels, the Commission can revoke his licence.

Do all things necessary to ensure 10.5 When evaluating the applicable expression, it is essential to consider the words in conjunction with the other words of the subsection. The licensee must ‘do all things necessary to ensure’ that the financial

services covered by the licence are provided in the required manner. The phrase ‘do all things necessary to ensure’ suggests that a certain outcome (that is, acting efficiently, honestly and fairly) is guaranteed. However, it is clear from the cases discussed below that one starts with an analysis of whether the services are provided ‘efficiently, honestly and fairly’ and then one evaluates whether the licensee took sufficient steps to ensure that the conduct satisfied the requisite test. There is no sense of the courts applying the words of the statute such that they constitute a guarantee. Indeed, the adverbial nature of the expression tends to reinforce the notion that the obligation is one that focuses on process as opposed to outcomes.5

Objective test 10.6 The test of whether a licensee has acted ‘efficiently, honestly and fairly’ is to be viewed objectively.6 As with other conduct obligations discussed in this book, the test is also to be applied ex ante rather than with the benefit of hindsight.

Assess conduct by reference to business as a whole 10.7 The phrase ‘the financial services covered by the licence’ tends to indicate that when assessing conduct under s 912A(1)(a), one needs to assess the conduct against the licensee’s business as a whole. For example, on this view it would not be appropriate to identify individual breaches that were not systematic and ground a breach of the duty on that basis. [page 172] In Australian Securities and Investments Commission v Saxby Bridge Financial Planning Pty Ltd [2003] FCAFC 244 at [123] Jacobson and Bennett JJ expressed the following view in the context of the obligation to act ‘efficiently, honestly and fairly’:7 The [Administrative Appeals Tribunal] considered that a realistic approach had to be taken when examining a financial advisory business involving a large number of employees in three States with proper authority holders conducting business on their own account … The Tribunal went on to say that, in its view, any contraventions of the law had to be considered “in the context of the operation of the business as a whole”.

Morally wrong or unethical conduct 10.8 In R J Elrington Nominees Pty Ltd v Corporate Affairs Commission (SA) (1989) 1 ACSR 93 (Elrington) at 110 Bollen J made the following remarks about the word ‘honestly’ as it appeared in a predecessor provision to s 912A(1)(a): I think that the word “honestly” may comprehend conduct which is not criminal but which is morally wrong in the commercial sense. It comprehends conduct which is not straightforward. Moreover, I think it may comprehend such conduct viewed objectively. The evidence does not prove that Elrington intended to misrepresent or disregard the position to customers or disregard the advice given him by McNamara nor that he intended to profit by failure to make the position clear. But the truth is that he did do those things. It all amounts to a very serious breach of the conditions of the licence and of the statutory obligation to behave “efficiently, honestly and fairly”.

In Re Hres and Australian Securities and Investments Commission [2008] AATA 707 at [240] Senior Member Taylor made the following observations about the decision of Bollen J in Elrington: ASIC pressed for a finding that Mr Hres had not performed his duties honestly. In that regard ASIC relied on a passage in Elrington Nominees Pty Ltd v Corporate Affairs Commission (SA) (1989) 1 ACSR 93 at 110. In that passage Bollen J expressed the view that “honesty” in the present context was not confined to either criminality, intentional misrepresentation or conduct that was motivated by an intention for personal gain. It included any conduct that “was morally wrong in a commercial sense”. The former of these statements is unexceptional. The latter appears to derive from a passage in the judgment of Young J in [Story

[page 173] v National Companies and Securities Commission (1988) 13 NSWLR 661] where (at 13 NSWLR 672) the suggestion was made that the combined use of the words “honestly” and “fairly” gave the flavour of a person who is ethically sound. It was implicit in Young J’s interpretation of s 851 that His Honour regarded the expression “efficiently, honestly and fairly” as something in the nature of a hendiadys. Such an interplay between the different expressions well justifies the view that the expression includes some concern with morality in relation to a person’s dealing in relation to their duties as a securities representative. But I am not satisfied that this idea can be taken to the point of characterising as dishonest conduct that is merely lacking in proper judgment. The appropriateness of such a characterisation presumably depends on precisely what qualification or connotation is intended by the use in Elrington of the words “morally wrong in a commercial sense”. That is a matter that is not necessary to explore in the circumstances of the present case.

Morally wrong business practices

10.9 In Australian Securities and Investments Commission v Camelot Derivatives Pty Ltd (in liq) [2012] FCA 414 the court had to determine whether the practice of churning was a breach of s 912A(1)(a). Foster J explained churning in the following terms:8 ASIC submitted that “churning” refers to trading of a size or frequency with the effect of generating excess commissions or describes circumstances where a broker engages in excessive buying or selling of securities in a customer’s account chiefly to generate commissions that benefit the broker. ASIC referred to a decision of the United States Commodity Futures Trading Commission which considered churning (Johnson v Hurwitz, US CFTC decision, 24 July 2009, Judgment Officer McGuire). In that case, at pp 28–30 of the judgment, it was held that, in order to establish “churning”, it was necessary to demonstrate that: (a) The defendants “controlled” the level and frequency of trading in the client accounts (which involves de facto control over the trading in that account); (b) The defendants chose an overall volume of trading that was excessive in light of the client’s trading objectives; and (c) The defendants acted with either intent to defraud or in reckless disregard of the clients’ interests.

[page 174] That is, churning benefits the firm providing services and not the client. Indeed, the factual findings in this case show that the strategy adopted by Camelot were adverse to the interests of clients:9 … It follows that during the period from March 2008 to October 2010: (1) clients of Camelot had not earned significant returns from options trading; (2) Camelot did not have reasonable grounds for believing that potential clients of Camelot could expect to earn significant returns from options trading; (3) Camelot did not have experience in implementing a successful strategy, methodology, formula or concept to generate significant returns from investments in an options trading market; and (4) Camelot did not have reasonable grounds for believing that Camelot is able to show potential clients how they can achieve significant returns by investing in an options trading market.

Ultimately, Foster J made the following findings:10 In the present case, the substance of ASIC’s contention in respect of its case based upon a contravention of s 912A(1)(a) of the Corporations Act was that Camelot, under the direction of Mr King, induced its clients to trade in options in an endeavour to secure for Camelot excessive brokerage commissions arising from such trades. The essence of ASIC’s case was that the overriding consideration on the part of Camelot and Mr King in procuring Camelot’s clients to trade as they did was the derivation of brokerage commissions by Camelot. In this sense, the commissions actually derived were excessive and could not have been justified had

Camelot and Mr King paid due regard to the clients’ interests. At the very least, this stratagem adopted by Camelot and Mr King was not honest, in a commercial sense, and certainly did not constitute the provision of financial services fairly within the meaning of s [912A(1)(a)] of the Corporations Act. I do not need to decide whether, in order to establish “churning”, ASIC must prove that Camelot and Mr King intended to defraud Camelot’s clients or acted in reckless disregard of their interests.

The case almost suggests a form of best interests duty by another name. Or at the very least, an ‘interests’ duty. That is, the case suggests that in assessing the content of the duty in s 912A(1)(a) one needs to have regard to the risks and possible returns that a client of a financial services firm will or may potentially make from those services. The case certainly stands for the proposition that one needs to evaluate the value or potential value represented by the applicable service. Where s 912A(1)(a) [page 175] draws the line between loss making services and services that provide value (and how much value) is yet to be determined.

One size fits all advice 10.10 The issue of whether the provision of one size fits all or cookie cutter advice was a breach of s 912A(1)(a) was briefly considered in Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023. That case involved a business model whereby a financial services firm (Storm Financial Ltd) provided ‘one size fits all’ recommendations to investors, including recommendations about double gearing and investing in growth (that is, higher risk) index funds. The relevant directors were Mr and Mrs Cassimatis. While the business model was not inherently flawed (that is, the advice that was provided may have been suitable for some investors), it would also be provided to persons who were retired, or approaching retirement, and who were particularly vulnerable to losses.11 10.11 In the following passage Edelman J outlined why the business model breached s 945A of the Corporations Act:12 Mr and Mrs Cassimatis should have been reasonably aware that the application of the Storm model would be likely to (and did) cause contraventions of s 945A(1)(b) and s 945A(1)(c).

The contraventions of s 945A(1)(b) occurred because Storm did not give such consideration to the subject matter of the advice and did not conduct such investigation of the subject matter of the advice as was reasonable in the circumstances. The contraventions of s 945A(1) (c) occurred because Storm provided financial advice which was not appropriate to the investors having regard to the consideration and investigation of the subject matter of the advice that ought to have been undertaken. Those contraventions were not merely likely to occur. They were contraventions which could have (and did have) devastating consequences for many investors in that class and the discovery of those breaches would have threatened the continuation of Storm’s Australian Financial Services Licence (AFSL) licence and Storm’s very existence.

In the circumstances, Edelman J was of the view that Storm Financial’s business model also consisted of a breach of the duty in s 912A(1)(a):13 [F]or completeness, I conclude that the contraventions of s 945A were also contraventions of s 912A(1)(a).

[page 176] Although ASIC has not proved that the services were not provided honestly, the contraventions of s 945A(1)(b) and s 945A(1)(c) were sufficiently serious departures from reasonable standards of performance of advice that they involved a failure to ensure that the financial services covered by the licence were provided efficiently, honestly and fairly.

Failure to have a reasonable basis for advice 10.12 In Re Campbell and Australian Securities and Investments Commission [2001] AATA 205 the Tribunal found that a failure to have a reasonable basis for making a recommendation to a client concerning securities constituted a breach of a duty to act ‘efficiently, honestly and fairly’ (as that term was used in s 829(f) of the Corporations Law). An example of the type of conduct that was involved in that matter is set out below:14 [T]he Tribunal finds that the [investment adviser’s] meeting with [clients] … at which they signed the necessary documents for their investment in Rydal was of approximately 30 minutes’ duration and that at that meeting the [investment adviser]: provided [the clients] with a copy of the Rydal prospectus but did not advise or encourage them to read and thoroughly assess its contents before making a decision on whether or not to invest in that project; did not emphasise to [the clients] the speculative nature of the Rydal project and the risks associated with an investment therein, as disclosed in the Rydal prospectus; did not fully explain to [the clients] the nature of an investment in Rydal, including the duration of the project, their possible loan repayment obligations, and its likely

lack of liquidity; and presented [the clients] with the relevant documentation for signature, including a document entitled “Letter of Instruction” … and failed to ensure that [one of the clients] understood the contents of that document before she signed it. In the Tribunal’s opinion, having regard to the abovementioned findings, the applicant’s performance of his duties in relation to [the clients] fell short of “the reasonable standard of performance by a [representative of a] dealer that the public is entitled to expect” ([Story v National Companies and Securities Commission (1988) 13 NSWLR 661], at 679). Accordingly, the Tribunal finds that, in relation to the applicant’s recommendation to [the clients] in or about June 1998 that they each invest in Rydal, he did not perform “efficiently, honestly and fairly the duties of ... a representative of a dealer”, within the meaning of s 829(f) of the Law, in that he did not perform those duties “efficiently”.

[page 177] What is interesting about this case is that the Tribunal made a finding that the investment adviser did not contravene s 851 of what was then the Corporations Law. That provision required dealers and advisers to have a reasonable basis for recommendations about securities. Accordingly, the conduct surrounding the recommendation (that is, the meeting with the clients) became the pivotal issue in the case put forward by ASIC in relation to the duty to act ‘efficiently, honestly and fairly’.

Failure to act diligently and efficiently 10.13 Re Koala Hydroponics Ltd and Australian Securities and Investments Commission (2002) 40 ACSR 529 was a case decided by the Administrative Appeals Tribunal. The case involved a chairman of a group of companies who failed to satisfy, in a timely manner, a number of steps to convert a prescribed interest scheme to a managed investment scheme after the commencement of the Managed Investments Act 1998 (Cth). As a result of delays, the scheme was operating illegally. ASIC refused to grant the scheme manager, KQPL, a licence to operate as a responsible entity for failing to act efficiently. The court made the following observations:15 As stated above, in the tribunal’s view, none of the evidence suggests any dishonesty by Mr Young. However, there is substantial evidence discussed above to support a finding that he failed to act efficiently in relation to the performance of his duties in transitioning the Koala Scheme. As a result, KQPL failed to comply with the conditions set out in the instrument of relief, and the Koala Scheme operated in contravention of the provisions of the Corporations

Law. Of particular concern is Mr Young’s failure to keep investors properly informed and his lack of appreciation of the relevant regulatory requirements. In the tribunal’s view, Mr Young’s conduct fell short of the reasonable standard that could be expected of a person in his position: he failed to act efficiently. Despite Mr Young’s evidence that the investors have not been misled, the tribunal considers that his failure to inform investors about transition to a managed investment scheme demonstrates a lack of efficiency that could have been potentially detrimental to the interests of investors who may have had inadequate information on which to make decisions about their investments. To this extent, Mr Young could be said not to have acted fairly in relation to their interests. In relation to s 784(2) [of the Corporations Law], the tribunal concludes that ASIC did have a reason to believe that [Koala Hydroponics Ltd] would not perform efficiently, honestly and fairly the duties of a holder of a licence of the

[page 178] kind applied for, and, therefore, acted correctly in refusing the grant of a dealers licence …

The cases outlined in this section highlight the fact that the duty under s 912A(1)(a) of the Corporations Act is more than just a duty to act impartially or follow fair process, but it can actually be deployed to avoid inefficient or unfair outcomes.

MANAGEMENT OF CONFLICTS OF INTEREST 10.14 The duty to manage conflicts of interest under s 912A(1)(aa) of the Corporations Act is worthy of discussion in this chapter as it covers ground that has been the subject of a number of other chapters. However, there are a number of clear differences between the duty under s 912A(1) (aa) and more orthodox conflict principles discussed in earlier chapters. 10.15 Under s 912A(1)(aa) a holder of an Australian Financial Services Licence must: … have in place adequate arrangements for the management of conflicts of interest that may arise wholly, or partially, in relation to activities undertaken by the licensee or a representative of the licensee in the provision of financial services as part of the financial services business of the licensee or the representative.

10.16 In order to engage the duty in s 912A(1)(aa), a number of conditions need to be met. First, the duty under s 912A(1)(aa) to manage conflicts of interest is only engaged where a licensee is providing ‘financial services’ within the meaning of s 766A(1) and ‘financial product advice’

within the meaning of s 766B(1).16 This leads to a narrower application than under general law and cognate legislation. Second, the duty only requires conflicts of interest to be managed; it does not require them to be eliminated. This issue was referred to by Jacobson J in Australian Securities and Investments Commission v Citigroup Global Markets Australia Pty Ltd (No 4) [2007] FCA 963 at [311] in the following terms: Indeed, this is a distinction which is recognised in s 912A(1)(aa) of the Corporations Act. It imposes a duty upon a financial services licensee to have in place adequate arrangements for “the management of conflicts of interest”. The statutory requirement is to be contrasted with the duty in equity of a fiduciary to eliminate or avoid conflicts … Of course, one way of managing conflicts would be to eliminate them but s 912A(1)(aa) does not require a licensee to take that step …

[page 179] However, it is possible that s 912A(1)(aa) was drafted in recognition that there is an inherent tension between the interests of customers and financial services firms. This same tension is reflected in the priority rules discussed in earlier chapters: see for example 4.18. Third, it is likely that s 912A(1)(aa) is engaged only where there is an existing fiduciary duty. This issue was discussed in Australian Securities and Investments Commission v Citigroup Global Markets Australia Pty Ltd (No 4) [2007] FCA 963 at [422]: ASIC did not concede that as a matter of construction the obligation in s 912A(1)(aa) only applies to a licensee who occupies a fiduciary position. However, ASIC did concede that in the present case that is how the conflict is said to arise. That is, the subsection is not engaged unless [the parties] were in a fiduciary relationship.

Chinese walls 10.17 As discussed above, it is possible that s 912A(1)(aa) was drafted in recognition that there is an inherent tension between the interests of customers and financial services firms. One way of managing conflicts of interest is to utilise Chinese walls or information barriers. For example, the Corporations Act recognises the concept of Chinese walls (or information barriers) in a statutory exception to the prohibition against insider trading: see s 1043F.

10.18 Indeed, the efficient and effective functioning of the financial services sector would be put in jeopardy if the Chinese wall exception did not exist in the Corporations Act. In Australian Securities and Investments Commission v Citigroup Global Markets Australia Pty Ltd (No 4) [2007] FCA 963 at [319], Jacobson J made the following observations about the types of arrangements that would ordinarily constitute effective Chinese walls: In [Prince Jefri Bolkiah v KPMG [1999] 2 AC 222], Lord Millett … drew upon the observations in the Law Commission Consultation Paper to illustrate the type of organisational arrangements which would ordinarily be effective … These are: – the physical separation of departments to insulate them from each other; – an educational programme, normally recurring, to emphasise the importance of not improperly or inadvertently divulging confidential information; – strict and carefully defined procedures for dealing with situations where it is thought the wall should be crossed, and the maintaining of proper records where this occurs; – monitoring by compliance officers of the effectiveness of the Chinese wall; – disciplinary sanctions where there has been a breach of the wall.

[page 180] His Honour then proceeded to note that care must be taken in this regard, stating that:17 [W]arnings have been sounded in other authorities about the risk of leakage through Chinese walls. Thus, for example, Bryson J said in D & J Constructions Pty Ltd v Head (1987) 9 NSWLR 118 at 123: … it is not realistic to place reliance on such arrangements in relation to people with opportunities for daily contact over long periods, as wordless communication can take place inadvertently and without explicit expression, by attitudes, facial expression or even by avoiding people one is accustomed to see, even by people who sincerely intend to conform to control. A reminder that Chinese walls may sometimes be porous is to be found in the recent decision of Bergin J in [Asia Pacific Telecommunications Ltd v Optus Networks Pty Ltd [2007] NSWSC 350 at [4]].

After making these remarks, Jacobson J then referred to the evidence of the Chinese walls arrangements that Citigroup had in place to manage information risks in this context:18 [The statement of evidence by Mr Monaci, Head of Capital Markets and Global Banking Compliance at Citigroup] set out in great detail the measures which Citigroup has in place.

These appear to me to comply with the requirements stated by the UK Law Commission and adopted by Lord Millett in [Prince Jefri Bolkiah v KPMG [1999] 2 AC 222]. [These arrangements] … are as follows: – physical separation by departments; – educational programmes; – procedures for dealing with crossing the wall; – monitoring by compliance officers; – disciplinary sanctions. Mr Monaci also referred in other parts of his statement to Citigroup’s policies and procedures for the identification and management of conflicts of interest that arise in its business. He referred to some of the written policies which apply to Citigroup’s Australian operations. … Mr Monaci said … that Citigroup’s written policies are available to all employees and regular training is provided. He said … that the written policies make clear that employees must be alert to the possibility of conflicts and “escalate any issues in relation to actual, apparent or potential conflicts of interest”.

[page 181] Ultimately, after considering all these issues and the evidence of Citigroup’s Chinese wall arrangements, Jacobson J held that the arrangements that Citigroup put in place to manage the misuse of information in this context were effective to satisfy the requirement in s 1043F.19 10.19 However, the Chinese walls concept has not been looked on favourably in other situations involving fiduciaries. In Mallesons Stephen Jaques v KPMG Peat Marwick [1990] 4 WAR 357 at 371–2, Ipp J described the Chinese wall concept used in the context of a law firm partnership in the following terms: The derivation of the nomenclature (“chinese wall”) is obscure. It appears to be an attempt to clad with respectable antiquity and impenetrability something that is relatively novel and potentially parlous.

Ultimately, a holder of an Australian Financial Services Licence will, to the extent s 912A(1)(aa) applies, need to determine whether any conflicts can be managed effectively using Chinese walls or need to be managed in another way (for example, avoided).20

LIABILITY AND REMEDIES

10.20 Depending on the severity of the breach,21 where a licensee contravenes a duty set out in s 912A(1) of the Corporations Act, ASIC may consider varying22 or suspending or cancelling the licence.23 ASIC may also make a banning order against a person under s 920A, for example, where the person themselves breaches s 912A24 or the person is involved in a contravention of s 912A.25 10.21 A person who suffers loss as a result of a breach of a duty in s 912A may seek to recover that loss under s 1324 of the Corporations Act or under an action based on the common law tort of breach of statutory duty26 or the common law tort of negligence.27 [page 182]

CONCLUSION 10.22 The two conduct-related duties that were discussed in this chapter serve to further illuminate the spectrum of obligations that a party operating in financial services needs to comply with in order to maintain its licence to operate. The duty to act ‘efficiently, honestly and fairly’ in particular highlights the significant substantive impact that provision can have on the conduct of participants in the financial service sector. In its own right it sets a standard or norm of conduct that is important in preventing what Edelman J referred to in Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023 at [673] as ‘sufficiently serious departures from reasonable standards of performance’. Just how far a departure needs to be to fall short of the required standard will need to be worked out in all the circumstances of a case.

1.

2.

See Corporations Act s 912A(1)(a). Note that licensees under the National Consumer Credit Protection Act 2009 (Cth) have an obligation under that Act to ‘do all things necessary to ensure that the credit activities authorised by the licence are engaged in efficiently, honestly and fairly’: s 47(1)(a). The issues discussed below will have application to the interpretation of that obligation. See Corporations Act s 912A(1)(aa). The other general duties set out in s 912A(1) that will not be discussed include the duty to: comply with the conditions on the licence; (c) comply with the financial services laws; (ca) take reasonable steps to ensure that its representatives comply

3. 4. 5. 6. 7.

8. 9. 10. 11. 12. 13.

14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24.

with the financial services laws; (d) subject to subsection 912A(4), have available adequate resources (including financial, technological and human resources) to provide the financial services covered by the licence and to carry out supervisory arrangements; (e) maintain the competence to provide those financial services; (f) ensure that its representatives are adequately trained, and are competent, to provide those financial services; (g) if those financial services are provided to persons as retail clients — have a dispute resolution system complying with subsection 912A(2); (h) subject to subsection (5), have adequate risk management systems. Story v National Companies and Securities Commission (1988) 13 NSWLR 661 at 672. Story v National Companies and Securities Commission (1988) 13 NSWLR 661 at 672. Generally, if effective processes are followed, the outcome will be acceptable although not guaranteed. R J Elrington Nominees Pty Ltd v Corporate Affairs Commission (1989) 1 ACSR 93 at 110. See also decisions by the Administrative Appeals Tribunal: Re Foster and Australian Securities and Investments Commission [1999] AATA 928; Re Campbell and Australian Securities and Investments Commission [2001] AATA 205; Re Koala Hydroponics Ltd and Australian Securities and Investments Commission [2002] AATA 41. Australian Securities and Investments Commission v Camelot Derivatives Pty Ltd (in liq) [2012] FCA 414 at [67]. Australian Securities and Investments Commission v Camelot Derivatives Pty Ltd (in liq) [2012] FCA 414 at [29]. Australian Securities and Investments Commission v Camelot Derivatives Pty Ltd (in liq) [2012] FCA 414 at [71]–[72]. Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023 at [32]. Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023 at [22]–[23]. Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023 at [672]–[673]. At [674] Edelman J also referred with approval to the decision in Australian Securities and Investments Commission v Camelot Derivatives Pty Ltd (in liq) [2012] FCA 414. Re Campbell and Australian Securities and Investments Commission [2001] AATA 205 at [101]–[102]. Re Koala Hydroponics Ltd and Australian Securities and Investments Commission (2002) 40 ACSR 529 at [98]–[99]. And providing that no such services are exempt under reg 7.1.29(3) of the Corporations Regulations 2001 (Cth). Australian Securities and Investments Commission v Citigroup Global Markets Australia Pty Ltd (No 4) [2007] FCA 963 at [320]–[321]. Australian Securities and Investments Commission v Citigroup Global Markets Australia Pty Ltd (No 4) [2007] FCA 963 at [449]–[451]. Australian Securities and Investments Commission v Citigroup Global Markets Australia Pty Ltd (No 4) [2007] FCA 963 at [604]. See also ASIC, ‘Regulatory Guide 181 Licensing: Managing conflicts of interest’, 30 August 2004. Noting that licensees have an obligation to report any significant breach of, among other things, s 912A to ASIC: Corporations Act s 912D. See Corporations Act s 914A. See Corporations Act s 915B and s 915C. See for example Corporations Act s 920A(1)(b).

25. 26.

27.

See for example Corporations Act s 920A(1)(g) and (h). See C Sappideen and P Vines, ‘The Tort of Breach of Statutory Duty’ in C Sappideen and P Vines (eds), Fleming’s The Law of Torts, 10th ed, Thomson Reuters/Lawbook Co, Sydney, 2011. See K Barker et al, The Law of Torts in Australia, 5th ed, Oxford University Press, Melbourne, 2012, p 583; Sappideen and Vines, note 26 above, pp 149–50, 215–22.

[page 183]

Part C General Conduct Obligations Imposed on Any Entity that Provides Financial Services

[page 185]

Chapter 11 Obligation of Good Faith INTRODUCTION 11.1 The focus of this chapter is on the extent to which an obligation of good faith arises generally under contract law. One may think that it would go without saying that parties to contracts, including all contracts relating to financial services and products, would be obliged to conduct themselves in good faith; that good faith would be an integral part of each and every contract. However, that is not the position. Writing extra curially, Allsop CJ has observed that ‘[t]he content of good faith as stable and contractually certain, and framed by reference to the bargain as struck, has been decided in a number of cases in Australia, in particular in the New South Wales Court of Appeal’.1 However, although the content of the good faith obligation is stable and contractually certain, Allsop CJ also notes that ‘[w]hat has not been dealt with coherently in Australia is the legal technique for operation of the duty or principle’.2 In other words, different jurisdictions take different approaches as to how the duty of good faith applies under Australian law. 11.2 The aim of this chapter is to explore the content of the duty of good faith and the circumstances when the duty arises.

THE OBLIGATION OF GOOD FAITH 11.3 There are differing schools of thought regarding the duty of good faith. Some have cast the obligation as an implied term. Carter [page 186] argues that a duty to act in good faith is not, or should not be, an implied term but something that is inherent in all contracts. Carter states that:3

Good faith is inherent in all common law contract principles, and any attempt to imply an independent term requiring good faith is unnecessary and a retrograde step.

However, the coherence with which Carter outlines the principles relating to good faith are not yet reflected in the case law, although in an ideal world such coherence would be ideal.

The emergence of good faith 11.4 The New South Wales decision of Renard Constructions (ME) Pty Ltd v Minister for Public Works (1992) 26 NSWLR 234 (Renard Constructions) is considered to have triggered the development of good faith in Australian contract law. In Renard Constructions it was held that the show cause procedure under a building contract was subject to a requirement of reasonableness. Priestley JA stated that:4 The contract can in my opinion only be effective as a workable business document under which the promises of each party to the other may be fulfilled, if the subclause is read in the way I have indicated, that is, as subject to requirements of reasonableness.

Priestley JA also expressed the view that the implication of the reasonableness was potentially not just a term that could be implied ad hoc as a matter of fact in the instant case but a term that may also be capable of being implied by operation of law in all contracts of a similar type, especially noting the standard form of the contract the subject of the case.5 His Honour then explained the relationship between the implication of reasonableness in Renard Constructions and the notion of good faith:6 The kind of reasonableness I have been discussing seems to me to have much in common with the notions of good faith which are regarded in many of the civil law systems of Europe and in all States in the United States as necessarily implied in many kinds of contract. Although this implication has not yet been accepted to the same extent in Australia as part of judgemade Australian contract law, there are many indications

[page 187] that the time may be fast approaching when the idea, long recognised as implicit in many of the orthodox techniques of solving contractual disputes, will gain explicit recognition in the same way as it has in Europe and in the United States.

11.5 Writing extra judicially, Allsop CJ has noted that:7 An examination of the reasons for judgment of Priestley JA in Renard Constructions reveals that he used good faith as a duty and expected standard, not as a stand-alone implied term.

Following Renard Constructions there has been an increasing number of appellate and first instance decisions considering the incorporation of good faith and fair dealing within Australian contract law. Each state appellate court has, however, taken a slightly different stance as to the status and content of the duty, leading to a degree of division and uncertainty. This disunity has been further complicated by the fact that the High Court, despite being given the occasion on at least two occasions to say something of the status of good faith, has declined to do so. Put generally, both New South Wales and South Australia have, for the most part, accepted the existence of a duty of good faith and have held that such a duty may generally be implied into every commercial contract. In contrast, in Victoria, Tasmania, and the Australian Capital Territory the courts have rejected such a submission and have instead held that the ordinary principles for the factual implication of contractual terms must first be satisfied before the requirement of good faith will be imposed. Meanwhile in Western Australia and Queensland the courts have declined to express a concluded opinion on the matter, in light of the absence of High Court authority. The Courts in the Northern Territory have not yet had the occasion to consider the matter. The Full Court of the Federal Court recently discussed good faith in a manner conformable with it being a general implication or feature of Australian contract law attending to the performance of the bargain and dealt with its construction and implied content in the way reflected in Priestley JA’s judgment in Renard and Posner J’s judgment in [Market Street Associates Ltd Partnership v Frey 941 F2d 588 (7th CCA 1991)] [Footnotes omitted].

Implied term v implied duty 11.6 The importance of determining whether good faith is simply a term that is implied in fact or is an implied duty or principle is critical. As Allsop CJ points out:8 The most crucial distinction to be drawn out is between the recognition of good faith as being an independent implied term of the disputed contract, and the recognition of good faith as being an implied duty or

[page 188] principle, in the sense that it becomes part of the “orthodox techniques of solving contractual disputes” and is applicable to the performance and enforcement of all contracts and dealings. Whilst the content and meaning of the phrase “good faith” may be the same in both scenarios (to act honestly and with a fidelity to the bargain; and to act reasonably and fairly in dealings), the implications and connotations are fundamentally different. If good faith is simply a term implied in fact (which can itself be construed and applied, and found a separate head of damages), then the concern of various courts as to whether the principles of [BP Refinery (Westernport) Pty Ltd v Shire of Hastings (1977) 180 CLR 266] have been satisfied, or whether “entire agreement” clauses operate to the exclusion of good faith, can be understood. If however good faith is recognised as an informing but binding principle or duty — a means by which the courts can recognise and give effect to an expected standard of behaviour (linked, but not limited, to honesty) — then there is no debate as to whether or not

the principle is applicable; it is simply a basic assumption of all contractual dealings. It is this latter understanding of good faith that reflects the Scottish and United States’ approaches discussed earlier. However in Australia the majority of case law on good faith appears to have focused on the first understanding. This difficulty was highlighted by Finn J in his decision of [GEC Marconi Systems Pty Ltd v BHP Information Technology Pty Ltd [2003] FCA 50 at [918]–[922]] where he noted that in Australia there was “uncertainty about the very purpose of the duty itself in regulating contractual behaviour” and that, for the most part, Australian legal doctrine on good faith had characterised good faith as an implied term, capable of being excluded by express or by inconsistent provisions, rather than as a legal standard that underpins the bargain. It will be necessary to address this fundamental distinction before any unity in Australian contract law on good faith or fair dealing can be achieved.

11.7 As noted by Allsop CJ, the lack of unity surrounding the concept of good faith was also referred to by Finn J in his Honour’s judgment in GEC Marconi Systems Pty Ltd v BHP Information Technology Pty Ltd [2003] FCA 50. In that case BHP pleaded that GEC Marconi breached an implied term of the contract which required GEC Marconi to act honestly, fairly and reasonably in giving a termination under the contract. BHP argued that the implied term was one of good faith and fair dealing and was said to be implied in fact and at law. Marconi resisted these arguments. Its position was that an entire agreement clause precluded the implication of a good faith term at law and that it was not necessary to imply the term ad hoc. 11.8 It was not necessary for Finn J to make a finding regarding these issues because of other findings his Honour had made in the case. [page 189] However, his Honour went on to set out some powerful statements in relation to the debate about the duty of good faith:9 It has been said that “[i]t is very easy to criticise the use of implied terms to incorporate an obligation of good faith”: Peden, “The Meaning of Contractual Good Faith” (2002) 22 Aust Bar Rev 235 at 245. There is some justice in this. The principles stated in BP Refinery (Westernport) Pty Ltd v Shire of Hastings (1977) 180 CLR 266 at 283 that are to be applied in making an implication ad hoc are not particularly apt to identify what are the standards of conduct that the parties are reasonably entitled to expect of each other in the performance and enforcement of their contract. And if it be the case that terms implied by law had their origins in implications based on the intentions of the parties that thereafter became so much a part of the common understanding as to be imported into transactions of the type to which the particular implication relates … this form of implication likewise provides a not altogether happy vehicle for justifying the modern good faith implication.

Part of our difficulty arises from the fact that, express or implied term apart, we have no other available common law device for imposing obligations on parties that are contractual in character. We do not have the facility, for example, to treat the duty as simply a mandatory rule of contract law as do many European legal systems … This in turn exposes another difficulty. There is not yet agreement in this country as to the province of good faith in contract law. Some, myself included … consider that the duty of good faith and fair dealing should apply to all contracts. Others are prepared for the moment to see it as a legal incident of particular classes of contract … This uncertainty, in my view, reflects an uncertainty about the very purpose of the duty itself in regulating contractual behaviour. It also exposes a difficulty of a distinctly doctrinal character: Is the duty one that can be excluded by agreement? On one view, reflected in civilian legal systems and §1–102(3) of the Uniform Commercial Code, the very rationale of the duty in contract law precludes its exclusion. But as a matter of legal doctrine in this country it must be accepted that, as an implied term, it is capable of being excluded by express or by inconsistent provision — although it is, perhaps, difficult to envisage an express provision authorising dishonesty. We clearly have not reached the point where it can be said: Although … a covenant of good faith is implied in every contract, an action for its breach is really no different from a tort action, because the duty of good faith is imposed by law and is not a contractual term that the parties are free to bargain in or out as they see fit. [Carmichael v Adirondack Bottled Gas Corporation of Vermont 635 A2d 1211 at 1216 (1993)]

[page 190] There are, nonetheless, real questions still to answer in Australian law as to the proper approach to be taken where the issue is, not whether a duty of good faith should be implied, but rather whether it should be excluded in circumstances where it would otherwise be implied but for some alleged inconsistency with, or preclusion by, the terms of the contract … I have mentioned the above because of the way GEC Marconi has framed its defence to BHPIT’s claim. While I refrain from expressing a concluded view on the matter, I consider this to be a case in which cogent grounds exist for making the implication sought [by BHP-IT]. I would simply note that the Sub-Contract was a long term relational one in which cooperation and trust were to be expected because of the back-to-back nature of the ADCNET contracts. And it was one in which BHP-IT was in a position of vulnerability vis à vis GEC Marconi … The final comments I would make are to indicate that (i) I consider the law in this country to be that an “entire agreement” clause does not preclude implications ad hoc … so that I cannot, with respect, agree with the view to the contrary expressed in NT Power Generation Pty Ltd v Power and Water Authority (2001) 184 ALR 481 at [387]; and (ii) I find arresting the suggestion that an entire agreement clause is of itself sufficient to constitute an “express exclusion” of an implied duty of good faith and fair dealing where that implication would otherwise have been made by law.

11.9 The statements by Finn J help focus attention on the challenges that arise in this area of the Australian law. Broadly, in the absence of an express obligation, under Australian law, should it be a relevant issue, it is

necessary to identify whether a party is bound by a term of good faith and whether that obligation is implied in fact10 or otherwise a duty implied at law.

Inconsistency with the contract 11.10 In evaluating whether a duty of good faith is implied, it will always be essential to consider the constraints on good faith set out in [page 191] the contract itself. The decision of the New South Wales Court of Appeal in Vodafone Pacific Ltd v Mobile Innovations Ltd [2004] NSWCA 15 (Mobile Innovations) illustrates this issue. Vodafone and Mobile Innovations had a commercial arrangement whereby Vodafone was periodically required to set the target of new subscribers that Mobile Innovations was to manage on Vodafone’s behalf in subsequent periods. The relevant provision of the contract provided as follows:11 [Clause 18.4] Vodafone will have the sole discretion to determine, from time to time, the target level in respect of the number of connections of New Subscribers. The target level will be determined by Vodafone in conjunction with the determination of the Business Plan referred to in cl 21.

11.11 Vodafone set a target level of zero for some periods resulting in an undesirable commercial outcome for Mobile Innovations. The commercial benefit Mobile Innovations derived from the contract was dependent on higher targets being set. Relevantly, the issue before the Court of Appeal was whether there was a duty of good faith and, if so, whether Vodafone had breached that duty by setting target levels at zero or otherwise not setting higher positive levels. 11.12 Giles JA delivered the decision of the court in Mobile Innovations, with both Sheller and Ipp JJA concurring. Giles JA noted that ‘an obligation of good faith and reasonableness in the performance of a contractual obligation or the exercise of a contractual power may be implied as a matter of law as a legal incident of a commercial contract’.12 His Honour expressed the view that a duty of good faith was not implied in all commercial contracts. However, his Honour was prepared to accept

that a duty of good faith may exist in the contract between Vodafone and Mobile Innovations, but that assumption could be rebutted where there was evidence of a contrary intention of the parties:13 I do not think the law has yet gone so far as to say that commercial contracts are a class of contracts carrying the implied terms as a legal incident, and the width and indeterminancy [sic] of the class of contracts would make it a large step. However, I am content to assume, expressly without deciding, that unless excluded by express provision or because inconsistent with the terms of the contract, Vodafone was under an implied obligation to act in good faith and reasonably in exercising its powers under the ASP Agreement, specifically the power of determining target levels in cl 18.4. Whether the assumption might be justified by

[page 192] commercial contracts already carrying the implied term or now being found to have that status does not matter. I consider that the present case can be decided by addressing whether the implication of the term as a matter of law, as to the power conferred by cl 18.4 of the ASP [Agent Service Provider] Agreement, is precluded by expression of a contrary intent.

11.13 The assumption that Giles JA was willing to make did not withstand close scrutiny of the discretions conferred on Vodafone under the contract:14 The power in cl 18.4 was emphatically described as a sole discretion. Since there was only one Vodafone (whichever of the entities it was), the point of “sole” lay in the exclusion of any constraint upon Vodafone. Its exercise was excluded from the dispute resolution procedure, with the further emphasis that “Vodafone’s decision will be conclusive and binding on the parties” (cl 32.6) and the emphasis again that it could be exercised in any manner Vodafone saw fit (cl 41). These words in the ASP Agreement can not be passed over, and they weigh against the implied obligation of good faith and reasonableness in the exercise of the power.

11.14 Giles JA added that ‘Vodafone was given control over the acquisition activities of Mobile — which, after all, was its agent — and could exercise the control in accordance with its own interests rather than those of Mobile’.15 His Honour then concluded that there was no scope to imply the duty of good faith in this case:16 Without more, in my opinion, the implication of the obligation to act in good faith and reasonably in exercising the power of determining target levels in cl 18.4 was excluded. To this may be added cl 24.1(a), by which “To the full extent permitted by Law and other than as expressly set out in this Agreement the parties exclude all implied terms ... ”.

Accordingly, Mobile Innovation’s argument that the duty was implied was unsuccessful. One aspect of the case that did seem to trouble Giles JA was determining the content of the duty of good faith had his Honour

found that the duty existed. We will examine the content of the duty in the next section.

The content of the good faith duty 11.15 In Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 at [288]–[290] Allsop CJ discussed the content of the duty of good faith that could be extracted from the cases: [page 193] The usual content of the obligation of good faith that can be extracted from cases such as [Renard Constructions (ME) Pty Ltd v Minister for Public Works (1992) 26 NSWLR 234], Hughes Bros Pty Ltd v Trustees of the Roman Catholic Church for the Archdiocese of Sydney (1993) 31 NSWLR 91, Burger King Corporation v Hungry Jack’s Pty Ltd [2001] NSWCA 187; 69 NSWLR 558, Alcatel Australia Ltd v Scarcella [1998] NSWSC 483; 44 NSWLR 349, and [United Group Rail Services Ltd v Rail Corp New South Wales [2009] NSWCA 177; (2009) 74 NSWLR 618] is an obligation to act honestly and with a fidelity to the bargain; an obligation not to act dishonestly and not to act to undermine the bargain entered or the substance of the contractual benefit bargained for; and an obligation to act reasonably and with fair dealing having regard to the interests of the parties (which will, inevitably, at times conflict) and to the provisions, aims and purposes of the contract, objectively ascertained. None of these obligations requires the interests of a contracting party to be subordinated to those of the other. It is good faith or fair dealing between the parties by reference to the bargain and its terms that is called for, be they both commercial parties or business dealing with consumers. As Posner J said in Market Street Associates Limited Partnership v Frey 941 F2d 588 (1991) the contractual notion of good faith varies in what is required for its satisfaction by reference to the nature of the contract. But the notion is rooted in the bargain and requires behaviour to support it, not undermine it, and not to take advantage of oversight, slips and the like in it. To do so is akin to theft, and if permitted by the law led to over-elaborate contracts, and defensive and mistrustful attitudes among contracting parties. At 595 Posner J said: The contractual duty of good faith is thus not some newfangled bit of welfarestate paternalism or (pace Duncan Kennedy, “Form and Substance in Private Law Adjudication”, 89 Harv Law Rev 1685, 1721 (1976)) the sediment of an altruistic strain in contract law, and we are therefore not surprised to find the essentials of the modern doctrine well established in nineteenth century cases. The standard of fair dealing or reasonableness that is to be expected in any given case must recognise the nature of the contract or relationship, the different interests of the parties and the lack of necessity for parties to subordinate their own interests to those of the counterparty. That a normative standard is introduced by good faith is clear. It will, however, not call for the same acts from all contracting parties in all cases. The legal norm should not

be confused with the factual question of its satisfaction. The contractual and factual context (including the nature of the contract or contextual relationship) is vital to understand what, in any case, is required to be done or not done to satisfy the normative standard.

11.16 In Mobile Innovations Giles JA struggled with what the content of the duty would have been if his Honour had found that there was a duty to act in good faith. Giles JA noted that ‘[a]lthough Mobile [page 194] submitted that nil could not be a target level because nil was nothing, and one could not aim at nothing, as a matter of language I consider that a target level can be nil’.17 His Honour could not accept the argument that the duty of good faith required a target to be a positive number (notwithstanding how small):18 Put another way, if consistently with the exercise of good faith and reasonableness it was open to Vodafone to determine a target level of any positive number, the obligation of good faith and reasonableness had very little content. Why did the exercise of good faith and reasonableness require the determination of a target level not of nil, but of one or ten or any such positive number? Why did it not require the determination of some particular (larger) number of New Subscribers sufficient … to prevent Mobile from stagnating?

11.17 Carter also emphasises that the precise content of the duty of good faith will depend on the circumstances (that is, this is yet another open-ended obligation where the content of the obligation needs to be identified on a case-by-case basis having regard to all the circumstances of the case), although he argues that it ‘is well established that good faith requires “honesty”’.19 Honest conduct would have the following characteristics:20 not acting arbitrarily or capriciously; not acting with an intention to cause harm; acting with due respect for the intent of bargain as a matter of substance not form. 11.18 Carter then goes on to observe that:21 Because it is not a fixed concept, good faith may, in particular cases, embrace other things as well. In the context of contract performance and the exercise of discretions and rights, the presence of good faith will be felt in the process of interpretation. Depending on the term in

question, good faith may include: acting for a proper purpose; consistency of conduct; communication of decisions; co-operation with the other party; or consideration of the interests of the other party. [page 195] 11.19 Carter stresses that ‘good faith requires honesty and not reasonableness of failure to engage in unconscionable conduct’.22 Carter sees reasonableness as an element of honesty and not as an additional requirement.23 These statements are logical.

Remedies for breach of the duty of good faith 11.20 A breach of the duty of good faith would constitute a breach of contract. The usual remedies for a breach of contract would be damages. In effect, it would be a substitute for performance of the contract, or in this case, appropriately discharging the duty of good faith. Damages are compensatory in nature. That is, damages are designed to put the plaintiff in the position they would have been in had the contract been performed according to its terms. 11.21 The onus is on the plaintiff to prove the extent of the loss.24 The plaintiff must be able to show that the loss claimed was caused by the defendant’s breach (of the duty of good faith in this context). The question to be answered is whether the defendant’s breach is so connected with the plaintiff’s loss that ‘as a matter of ordinary common sense and experience it should be regarded as the cause of it’.25 The plaintiff must also demonstrate that the claimed loss is not too remote. The remoteness rule is set out in the case of Hadley v Baxendale (1854) 9 Ex 341. The rule comprises two limbs. Under the first limb, the loss claimed must arise ‘according to the usual course of things’.26 Under the second limb, a loss that does not fall within the first limb will need to be claimed by the

plaintiff under the second limb. Losses can be recovered under the second limb where those losses are within the range of losses that ‘may reasonably be supposed to have been in the contemplation of both parties, at the time they made the contract, as the probable result of the breach of it’.27 Under this limb, if a defendant has special knowledge of the losses that the plaintiff may suffer as a result of the defendant’s breach of contract, then the plaintiff may be able to recover all of those damages. 11.22 It would generally seem that common law damages would be an adequate remedy for a breach of a duty of good faith. In some situations, however, a court may also grant equitable remedies for a breach of contract, including specific performance or an injunction. [page 196]

CONCLUSION 11.23 There are unique challenges in implying a duty of good faith into commercial contracts. One first has to navigate a route to the duty, either through ad hoc implication or otherwise implying the duty at law. The four corners of the contract will always cast a shadow over this exercise. If the putative term is inconsistent with any provision of the contract, then that inconsistency will prevent the term being implied. Even where the term is implied, one needs to determine the content of the actual duty. Carter provides some useful commentary in this direction. Yet, as we saw from the discussion concerning Mobile Innovations, defining the content of the duty in practice can be a difficult task. However, at its most basic the key requirements of the duty, honesty and fair dealing, will need to be applied to the contours of each case to determine what conduct was required by the duty. Indeed, seeking to define ex ante the content of the duty in a vacuum would be an intractable task. Everything depends on context. Allsop CJ reminds us that the courts are adept at making these assessments:28 The evaluation of conduct will be made by the judicial technique referred to in [Jenyns v Public Curator (Qld) [1953] HCA 2; (1953) 90 CLR 113]. It does not involve personal intuitive assertion. It is an evaluation which must be reasoned and enunciated by reference to the values and norms recognised by the text, structure and context of the legislation, and by

reference to the legal values of the common law and equity and perceived community values, made against an assessment of all connected circumstances.

1.

2. 3. 4. 5. 6. 7. 8. 9. 10.

11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28.

Allsop CJ, ‘Conscience, Fair-Dealing and Commerce — Parliaments and the Courts’, paper delivered at ‘Finn’s Law: An Australian Justice’, a conference in honour of Professor Paul Finn, Canberra, 25 September 2015 at [66] (viewed 8 October 2016). See note 1 above at [66]. J W Carter, Contract Law in Australia, 6th ed, LexisNexis Butterworths, Sydney, 2012 at [201]. Renard Constructions (ME) Pty Ltd v Minister for Public Works (1992) 26 NSWLR 234 at 258. Renard Constructions (ME) Pty Ltd v Minister for Public Works (1992) 26 NSWLR 234 at 260–1. Renard Constructions (ME) Pty Ltd v Minister for Public Works (1992) 26 NSWLR 234 at 263–4. See note 1 above at [67]. See note 1 above at [68]. GEC Marconi Systems Pty Ltd v BHP Information Technology Pty Ltd [2003] FCA 50 at [918]–[922]. In which case the requirements set out in BP Refinery (Westernport) Pty Ltd v Hastings Shire Council (1977) 180 CLR 266 at 282–3 and adopted on many occasions since including notably by Mason J in Codelfa Construction Pty Ltd v State Rail Authority of New South Wales [1982] HCA 24 at [9], will need to be satisfied. For a term to be implied in fact it must meet the following requirements: ‘(1) it must be reasonable and equitable; (2) it must be necessary to give business efficacy to the contract, so that no term will be implied if the contract is effective without it; (3) it must be so obvious that “it goes without saying”; (4) it must be capable of clear expression; (5) it must not contradict any express term of the contract’: per Mason J at [9]. Note also that terms can be implied by reference to established custom or trade: Con-Stan Industries of Australia Pty Ltd v Norwich Winterthur Insurance (Australia) Ltd (1986) 160 CLR 226. Vodafone Pacific Ltd v Mobile Innovations Ltd [2004] NSWCA 15 at [83]. Vodafone Pacific Ltd v Mobile Innovations Ltd [2004] NSWCA 15 at [189]. Vodafone Pacific Ltd v Mobile Innovations Ltd [2004] NSWCA 15 at [191]. Vodafone Pacific Ltd v Mobile Innovations Ltd [2004] NSWCA 15 at [195]. Vodafone Pacific Ltd v Mobile Innovations Ltd [2004] NSWCA 15 at [196]. Vodafone Pacific Ltd v Mobile Innovations Ltd [2004] NSWCA 15 at [198]. Vodafone Pacific Ltd v Mobile Innovations Ltd [2004] NSWCA 15 at [164]. Vodafone Pacific Ltd v Mobile Innovations Ltd [2004] NSWCA 15 at [128]. See note 3 above at [2-12]. See note 3 above at [2-12]. See note 3 above at [2-12]. See note 3 above at [2-02]. See note 3 above at [2-13]. Luna Park (NSW) Ltd v Tramways Advertising Pty Ltd (1938) 61 CLR 286. March v E & M H Stramare Pty Ltd (1991) 171 CLR 506 at 522. Hadley v Baxendale (1854) 9 Ex 341 at 354. Hadley v Baxendale (1854) 9 Ex 341 at 354. See note 1 above at [92].

[page 197]

Chapter 12 Misleading or Deceptive Conduct INTRODUCTION 12.1 This chapter examines the consumer protection laws that prohibit persons from engaging in misleading or deceptive conduct. These laws are outcome-focused. They impose strict liability where a person engages in certain specified conduct or fails to achieve a certain standard of conduct. It does not matter that the relevant person acted in good faith. State of mind and intention are also not relevant. Further, unlike in the investor protection context, the concept of reasonableness does not generally feature in this category; liability is imposed irrespective of whether the person who prepared the information was acting reasonably or how much effort they expended in preparing or verifying the relevant information.1 However, there is one exception to this. It is necessary to consider whether there is a reasonable basis for opinions or forward-looking statements and, in this sense, strict liability is not imposed.

MISLEADING OR DECEPTIVE CONDUCT 12.2 The following sections of this chapter will examine the statutory provisions that prohibit a person from engaging in misleading or deceptive conduct. The norm of conduct established by these provisions is expressed in relatively succinct terms, but the case law regarding their application is voluminous and highly textured. [page 198]

The statutory provisions 12.3 This section will discuss the law relating to misleading or deceptive conduct. For simplicity, the provisions will be referred to as misleading

conduct provisions.2 These are found in three separate statutes: Provision s 1041H of the Corporations Act 2001 (Cth) (Corporations Act) s 12DA of the Australian Securities and Investments Commission Act 2001 (Cth) (ASIC Act) s 18 of the Australian Consumer Law (ACL)

Regulated conduct A person must not, in this jurisdiction, engage in conduct, in relation to a financial product or a financial service, that is misleading or deceptive or is likely to mislead or deceive.

A person must not, in trade or commerce, engage in conduct in relation to financial services that is misleading or deceptive or is likely to mislead or deceive.

A person must not, in trade or commerce, engage in conduct that is misleading or deceptive or is likely to mislead or deceive.

As shown above, s 1041H only applies to conduct in relation to a ‘financial product’ or a ‘financial service’ as those terms are defined3 in Pt 7 of the Corporations Act.4 Section 12DA applies in respect of ‘financial services’ as defined in the ASIC Act, being a definition that varies in some respect from that contained in Pt 7 of the Corporations Act. The prohibition contained in s 18 of the ACL applies broadly across the economy. The application of these laws is, however, subject to these express limitations: The misleading conduct provisions in s 1041H do not apply to conduct that contravenes s 670A (misleading takeover documents), s 728 (misleading fundraising documents) or in relation to defective Product Disclosure Statements (PDSs) within the meaning of s 1022A.5

[page 199] The misleading conduct provisions in s 12DA of the ASIC Act do not apply to conduct that contravenes s 670A (misleading takeover documents), s 728 (misleading fundraising documents) or in relation to defective PDSs within the meaning of s 1022A.6 The misleading conduct provisions in s 18 of the ACL do not apply to conduct in relation to ‘financial products’ and ‘financial services’ as such conduct will be regulated (if at all) by relevant provisions of the Corporations Act.7 To the extent that they form part of the law of the states or territories, the misleading conduct provisions in s 18 of the ACL do not apply to conduct that contravenes s 670A (misleading takeover documents), s 728 (misleading fundraising documents) or in relation to defective PDSs within the meaning of s 1022A.8 In practice, subject to the exclusions set out above, proceedings relating to misleading conduct are often commenced under more than one of the provisions mentioned above given the overlapping and supplementary nature of the laws.9 The next section will discuss some aspects of the application of these laws that are peculiar to each regime and the section that follows will discuss common elements of the prohibitions.

Peculiar elements regarding the scope of s 1041H — the meaning of ‘in relation to’ 12.4 As discussed above, the conduct prohibited by s 1041H applies in relation to ‘a financial product’ as defined in Pt 7.1 Div 3 and the term ‘a financial service’ as defined in Pt 7.1 Div 4. A key issue in this context is the degree to which the term ‘in relation to’ limits the application of the provision. 12.5 It is clear from the case law that the expression ‘in relation to’ is to be given a wide meaning. In Australian Securities and Investments Commission v Narain [2008] FCAFC 120 at [9] (Narain) Finkelstein J expressed the following views concerning this threshold issue: [T]he words “in relation to” require a relationship or connection between two subject

matters. In the context of Part 7.10 generally, and s 1041H in particular, the expression ought to receive broad construction. One important

[page 200] object of the Part is to ensure that participants in the market for financial products and financial services act with integrity and honesty and that consumers are adequately protected. To further this object I do not think the connection between misleading statements on the one hand and shares in a company on the other must necessarily be immediate or direct. I particularly do not accept as a necessary condition for conduct to be “in relation to a financial product” that the conduct must “on its face” refer to or, as the judge would have it, “deal with” the financial product. With great respect to those who hold the opposite view, that approach gives s 1041H an unnecessarily narrow construction; a construction that will not promote its objects.

12.6 Against this backdrop, the key issue that needed to be decided in Narain was whether misleading statements in a press release constituted conduct that was in relation to a financial product or service. In Narain the managing director of a listed company (CTF) prepared a press release that contained misleading statements about one of its products. The press release claimed that one of CTF’s products had significant medicinal properties which it in fact did not possess. The managing director then authorised its company secretary to send the release to the ASX, that in turn published it on its announcements platform. It was asserted that CTF provided the release to the ASX in purported discharge of its continuous disclosure obligations. The price of CTF’s securities increased from $0.255 to $0.70 (an increase of over 200 per cent) following the publication of the release, before falling again to $0.295 upon the making of a further corrective announcement by CTF. In this connection, Finkelstein J held that:10 [T]he real question that must be answered is this. Is the publication on the ASX of a statement that, as in this case, a reasonable person would expect to have, or would be likely to have, a material effect on the price or value of CTF shares, conduct that “relates to” those shares? I am in no doubt that it does. Indeed, in my view, the statements in the Release “relate to” CTF shares whether one takes a narrow or broad view of those words. There is a sufficient connection between the statements and CTF shares by reason of (1) the content of the statements, concerning, as they do, the business of CTF, and (2) the place of their publication, namely on the exchange where the shares are traded.

This case illustrates the broad scope of the prohibition set out in s 1041H.

Peculiar elements regarding the scope of s 12DA 12.7 For s 12DA to apply, there must be conduct in relation to ‘financial services’ and that conduct must be ‘in trade or commerce’. The definition [page 201] of that term in s 12BAB of the ASIC Act is wider than the corresponding term used in Pt 7.1 of the Corporations Act (which is the definition that controls the scope of the application of s 1041H). Importantly for present purposes, the definition in the ASIC Act extends to credit facilities, which are not included in the definition in Pt 7.1 and could also amount to dealing in one’s own securities.11

The ‘trade and commerce’ limit on the scope of s 12DA, ASIC Act and s 18, ACL 12.8 For the prohibitions contained in s 12DA of the ASIC Act or s 18 of the ACL to apply, the relevant conduct must be in ‘trade or commerce’. The classic statement of the meaning of this term is found in Re Ku-ringgai Co-Operative Building Society (No 12) Ltd [1978] FCA 50 at [44] per Deane J: The terms “trade” and “commerce” are not terms of art. They are expressions of fact and terms of common knowledge. While the particular instances that may fall within them will depend upon the varying phrases of development of trade, commerce and commercial communication, the terms are clearly of the widest import … They are not restricted to dealings or communications which can properly be described as being at arm’s length in the sense that they are within open markets or between strangers or have a dominant objective of profit-making. They are apt to include commercial or business dealings … which are not within the mainstream of ordinary commercial activities [even if those activities are] … not compatible with a dominant objective of profit-making.

The term is concerned with activities that are in trade or commerce and not in respect of trade or commerce.12 The former concept has a restrictive operation.13 The relevant conduct must ‘bear a trading or commercial character’.14 Examples of conduct that is capable of falling within the term ‘trade or commerce’ are as follows: false statements contained in an audit report: King v Yurisich

[2005] FCA 1277; statements made on the radio, the internet and in newspapers: Australian Competition and Consumer Commission v Kaye [2004] FCA 1363; the use of Google Adwords by a corporation: Australian Competition and Consumer Commission v Trading Post Australia Pty Ltd [2011] [page 202] FCA 1086; Australian Competition and Consumer Commission v Google Inc [2012] FCAFC 49; statements made by directors in the notes to a notice of a meeting to consider a proposed acquisition: Orison Pty Ltd v Strategic Minerals Corporation NL [1987] FCA 263; and misleading conduct in the course of ‘without prejudice’ negotiations: Pihiga Pty Ltd v Roche [2011] FCA 240.

Misleading or deceptive conduct — interpretation and application 12.9 The previous sections examined the elements which limit the scope of the respective regimes and which are peculiar to one or more of those regimes. This section will examine how the courts have interpreted the norm of conduct set out in the respective statutory provisions and will also examine the numerous principles and factors that influence how the courts apply the law.

Meaning of ‘deceptive’ conduct 12.10 The word ‘deceptive’ adds nothing to the statutory prohibition. In Parkdale Custom Built Furniture Pty Ltd v Puxu Pty Ltd [1982] HCA 44 at [8], Gibbs CJ noted that: One meaning which the words “mislead” and “deceive” share in common is “to lead into error”. If the word “deceptive” in s 52 stood alone, it would be a question whether it was

used in a bad sense, with a connotation of craft or overreaching, but “misleading” carries no such flavour, and the use of that word appears to render “deceptive” redundant.

Meaning of ‘likely to’ 12.11 The expression ‘likely to’ only means that conduct has potential to have the required effect. The relevant conduct does not in fact have to mislead or deceive.15 In Tillmanns Butcheries Pty Ltd v Australasian Meat Industry Employees’ Union [1979] FCA 85 at [10] Deane J expressed the following view concerning the word ‘likely’: The word “likely” can, in some context, mean “probably” in the sense in which that word is commonly used by lawyers and laymen, that is to say, more likely than not or more than a fifty per cent chance (“an odds-on chance” …). It can also, in an appropriate context, refer to a real or not remote chance or possibility regardless of whether it is less or more than fifty per cent. When used with the latter meaning in a phrase

[page 203] which is descriptive of conduct, the word is equivalent to “prone”, “with a propensity” or “liable”.16

Objective test for assessing misleading or deceptive conduct 12.12 Whether conduct is misleading or deceptive is to be assessed by the court on an objective basis. Further, ‘evidence that members of the public have actually been misled is not conclusive’.17 The key requirement is that the impugned conduct leads, or is likely to lead, a person into error. This concept was recently repeated in Miller & Associates Insurance Broking Pty Ltd v BMW Australia Finance Ltd [2010] HCA 31 where French CJ and Kiefel J (at [15]) noted that for ‘conduct to be misleading or deceptive it … suffices that it leads or is likely to lead into error’.18 Determining this issue involves a question of fact.

Statements that are literally true 12.13 A person can be led into error by a statement even when it is literally true. In National Exchange Pty Ltd (ACN 006 079 974) v

Australian Securities and Investments Commission [2004] FCAFC 90 at [50] Jacobson and Bennett JJ expressed the view that: In our opinion, no such distinction can be drawn. A document which, when read as a whole, is factually true and accurate may still be capable of being misleading if it contains a potentially misleading primary statement which is corrected elsewhere in the document but without the reader’s attention being adequately drawn to the correction.

State of mind 12.14 The intention of the person engaging in conduct is not relevant for the purposes of determining misleading conduct. However, if a person did intend to mislead another, then that would support a finding that the statutory prohibition was breached.19 12.15 The state of mind of a person is also relevant where it is alleged that the person is ‘involved in’ a contravention.

Transitory effect and disclaimers 12.16 Conduct will amount to a breach of the prohibition even if the relevant conduct is transitory or trivial and then subsequently [page 204] corrected at the point of sale or otherwise.20 For example, it will not be enough for terms and conditions of a contract to correct any misleading statements that appear on a corporation’s website or in a banner ad.21 This concept was reaffirmed by the High Court in Australian Competition and Consumer Commission v TPG Internet Pty Ltd [2013] HCA 54 at [50] where the majority (French CJ, Crennan, Bell and Keane JJ) stated: It has long been recognised that a contravention of s 52 of the [Trade Practices Act 1974 (Cth), now s 18 of the ACL] may occur, not only when a contract has been concluded under the influence of a misleading advertisement, but also at the point where members of the target audience have been enticed into “the marketing web” by an erroneous belief engendered by an advertiser, even if the consumer may come to appreciate the true position before a transaction is concluded.

12.17 However, as Miller points out,22 ‘a transitory or ephemeral impression, if misleading, but which is immediately dispelled, may, depending on the circumstances, be of no commercial significance [and] may not be actionable, at least in damages cases’. In these cases a regulator may, however, seek declarations on public policy grounds. For example, in Australian Securities and Investments Commission v Australian Lending Centre Pty Ltd (No 3) [2012] FCA 43, ASIC commenced proceedings under the ASIC Act against the Australian Lending Centre Pty Ltd (ALC) and related parties alleging those entities had engaged in misleading conduct and unconscionable conduct. In that case, with one exception, there was no live dispute or controversy between ALC and persons who had been adversely impacted by the relevant conduct, as those issues had been resolved prior to ASIC commencing its action. Nevertheless, ASIC sought declarations of contraventions of the ASIC Act for public interest reasons. Perram J observed that a regulator has standing to pursue declarations in this context23 and then expressed his view on whether [page 205] such orders should be made in cases of the type before him in the following manner:24 Whether the power should be exercised is a different question. Against the making of these declarations it might be said that … there is presently no dispute between the persons to whom the loans were extended and ALC/SLC [Sydney Lending Centre Pty Ltd]. So viewed, there is no controversy to which the proposed declarations may be seen as being apt to quell. But I do not think that this should be accepted. The declarations will fulfil the purpose of vindicating ASIC’s claim that ALC/SLC’s conduct did involve contraventions of the ASIC Act and this in turn is likely to provide clarity as to how comparable lending practices of the kind under consideration fit within that regulatory framework. I am satisfied in those circumstances that the making of declarations will not be moot and will serve a purpose with real utility.

12.18 The fact that disclaimers and fine print are used will not allow a corporation to escape liability under the law if such disclaimers or fine print (including the use of terms such as ‘conditions apply’ or asterisks) are not sufficiently prominent or clear to negative the misleading conduct.25

Careless conduct 12.19 The prohibition imposes strict liability on a person who engages in misleading conduct. Liability for misleading conduct will not be excused merely because of a failure by a person affected by the conduct — for example, they were careless or could have ascertained that the applicable conduct was misleading by making proper inquiries.26

Class of persons to whom conduct is directed 12.20 Not all misleading statements will be actionable. The quality of conduct must be determined by reference to the class of person towards whom the conduct is directed. This will either be identified persons or the public at large. Where the conduct is directed at the public at large, the effect of the conduct must be evaluated by reference to what its effect would have been on an ordinary or reasonable member of the relevant class.27 However, it should be noted that the range of responses of reasonable members of such a class will vary and the range of these [page 206] responses needs to be taken into account.28 Where the conduct is directed to identified individuals:29 … it is not necessary that he or she be reconstructed into a hypothetical, “ordinary” person. Characterisation may proceed by reference to the circumstances and context of the questioned conduct. The state of knowledge of the person to whom the conduct is directed may be relevant, at least in so far as it relates to the content and circumstances of the conduct.

12.21 In some cases, liability will not arise due to the qualities of the person to whom conduct is directed. Any extreme or fanciful assumptions by persons should be disregarded.30 Miller has noted that where ‘only persons who are extremely stupid or gullible are misled the conduct is unlikely to be regarded as misleading or deceptive’.31

Failure to disclose 12.22 In some cases silence can amount to misleading conduct. In Re

Winterton Constructions Pty Ltd v Hambros Australia Ltd [1992] FCA 582 at [77] Hill J expressed the following views on this topic: [I]t is difficult to see how a mere silence could, of itself, constitute conduct which is misleading or deceptive or likely to mislead or deceive. However, if the circumstances are such that a person is entitled to believe that a relevant matter affecting him or her adversely would, if it existed, be communicated, then the failure to so communicate it may constitute conduct which is misleading or deceptive because the person who ultimately may act to his or her detriment is entitled to infer from the silence that no danger of detriment existed. Thus, where a duty to speak is imposed, silence may constitute misleading and deceptive conduct.

12.23 The courts appear more reluctant to find a person liable in this context where commercial dealings take place at arm’s length. However, this does not mean that a corporation engaged in such discussions has a licence to deceive. In Poseidon Ltd v Adelaide Petroleum NL [1991] FCA 663 at [2] Burchett J expressed the view that: I do not think it has ever been suggested that s 52 [prohibition against misleading conduct] strikes at the traditional secretiveness and obliquity

[page 207] of the bargaining process. Traditional bargaining may be hard, without being in the statutory sense misleading or deceptive. No one expects all the cards to be on the table. But the bargaining process is not therefore to be seen as a licence to deceive.

Ultimately, whether silence can amount to misleading conduct will depend on all the circumstances. In Fraser v NRMA Holdings Ltd (1995) 15 ACSR 590 at 590–1 the Full Court stated that: While s 52 itself does not by its terms impose an independent duty of disclosure which would require a corporation or its directors to give any particular information to members asked to consider a motion in general meeting, where information for that purpose is promulgated, unless the information given constitutes a full and fair disclosure of all facts which are material to enable the members to make a properly informed decision, the combination of what is said and what is left unsaid may, depending on the full circumstances, be likely to mislead or deceive the membership.

Opinions 12.24 Generally, a corporation may not be liable under the misleading conduct provisions if it provides an opinion, even where that opinion turns out to be erroneous. In Australian Securities and Investments Commission v Fortescue Metals Group Ltd [2011] FCAFC 19 at [113], Keane CJ

expanded on this point: A statement which is ordinarily and reasonably understood as a statement of opinion is not apt to mislead if the opinion is genuinely and reasonably held by the maker of the statement. That is because the audience would understand that the statement was made on the basis that it expresses a view on which a different opinion might also be entertained, not a matter of fact about which no doubt can be entertained.32

In Global Sportsman Pty Ltd v Mirror Newspapers Ltd [1984] FCA 180 at [18]–[19] the court (Bowen CJ, Lockhart and Fitzerald JJ) observed that: … the incorrectness of an opinion … does not of itself establish that the opinion was not held by the person who expressed it or that it lacked any, or any adequate, foundation. … An expression of opinion which is identifiable as such conveys no more than that the opinion expressed is held and perhaps that there is basis for the opinion. At least if those conditions are met, an expression of opinion, however erroneous, misrepresents nothing.

[page 208]

Statements about future matters 12.25 There are two principal grounds on which a statement about a future matter may be found to be misleading. First, one ground that plaintiffs have traditionally argued (particularly in contract cases concerning promises to perform) is that a statement about a future matter (for example, a promise to perform) was accompanied by a misleading statement as to an existing state of affairs. In the case of Global Sportsman Pty Ltd v Mirror Newspapers Ltd [1984] FCA 180 at [17]–[18] the court explained the rationale for this principle as follows: Many statements, for example, promises, predictions and opinions, do involve the state of mind of the maker of the statement at the time when the statement is made. Precisely the same principles control the operation of s 52(1) [of the Trade Practices Act 1974 (Cth)] with respect to the making of such statements. A statement which involves the state of mind of the maker ordinarily conveys the meaning (expressly or by implication) that the maker of the statement had a particular state of mind when the statement was made and, commonly at least, that there was a basis for that state of mind. If the meaning contained in or conveyed by the statement is false in that or in any other respect, the making of the statement will have contravened s 52(1) of the Act. The non-fulfillment of a promise when the time for performance arrives does not of itself establish that the promisor did not intend to perform it when it was made or that the promisor’s intention lacked any, or any adequate, foundation.

In James v Australian and New Zealand Banking Group Ltd (1986) 64 ALR 347 at 372 Toohey J explained the principle in the following terms: A statement relating to the future may contain an implied statement as to present or past fact. It may represent impliedly that the promisor has a present intention to make good the promise and it may represent impliedly that he has the means to do so ... [If] the meaning contained in or conveyed by the statement is false in that or in any other respect, there will have been a contravention of section 52 [of the Trade Practices Act 1974 (Cth)].

The second principal way in which a statement about a future matter can be held to be misleading is if a corporation or other person making the statement did not have reasonable grounds for holding the opinion at the time it was made.33 The fact that opinions or forward-looking statements are, in hindsight, flawed or otherwise erroneous, will not, in [page 209] themselves, be enough to establish liability. In Global Sportsman Pty Ltd v Mirror Newspapers Ltd [1984] FCA 180 at [18]–[19] the court stated that: The non-fulfillment of a promise when the time for performance arrives does not of itself establish that the promisor did not intend to perform it when it was made or that the promisor’s intention lacked any, or any adequate, foundation. Similarly, that a prediction proves inaccurate does not of itself establish that the maker of the prediction did not believe that it would eventuate or that the belief lacked any, or any adequate, foundation. Likewise, the incorrectness of an opinion … does not of itself establish that the opinion was not held by the person who expressed it or that it lacked any, or any adequate, foundation.

In Coles Supermarkets Australia Pty Ltd v FKP Ltd [2008] FCA 1915 at [69] Gordon J held that: [A]n express contractual promise or representation will constitute an actionable implied representation under [s 18 of the ACL] only if the party making the promise or representation had no intention or capability of carrying it out at the time it was made (ie the promisor had no reasonable grounds for making the promise).

However, it should be noted that not every contractual promise creates an actionable representation that the person making the promise has the ability to perform it at some point in the future.34

Advertising 12.26 Most, if not all, corporations promote their goods and services to consumers through some form of advertising. The cases concerning

advertising have historically exhibited a wide spectrum of judicial approaches. In Australian Competition and Consumer Commission v Telstra Corp Ltd [2004] FCA 987 at [50], Gyles J expressed the following view: [T]he numerous cases in this field [make] it perfectly apparent that individual judges vary considerably in their assessments of the effect of advertising. Some take a robust view and credit consumers with a fair amount of cynicism about advertisements and a fair amount of ability to make their own judgments. Others are convinced of the power of advertisements and are protective of the consumer. Neither side is right or wrong — it is a matter of opinion.

12.27 Dominant message The scope for judicial divergence, however, appears to have been limited by the High Court in Australian Competition and Consumer Commission v TPG Internet Pty Ltd [2013] HCA 54. That [page 210] case concerned statements made in the course of a multimedia advertising campaign conducted by TPG. The centerpiece of the campaign was the offer of an attractive price for the ADSL2+ service which TPG supplied.35 The aspect of the advertising that was the focus of the proceedings was described by the High Court as follows:36 The advertisements deployed in TPG’s campaign prominently displayed the offer to supply broadband internet ADSL2+ service for $29.99 per month. Much less prominently, the advertisements qualified this offer, stating that it was made on the basis that the ADSL2+ service was available only when bundled with a home telephone service, provided by TPG through landline technology, for an additional $30.00 per month (with a minimum commitment of six months). In addition, TPG required the consumer to pay a setup fee of $129.95 plus a deposit of $20.00 for telephone charges.

12.28 The Australian Competition and Consumer Commission brought proceedings in the Federal Court of Australia against TPG alleging that the advertisements were misleading and deceptive due to the ‘disparity between the prominent headline offering TPG’s ADSL2+ service at an attractive price and the less prominent terms (or fine print) qualifying that offer’.37 In overturning the decision of the Full Federal Court of Australia, the High Court made two key findings in relation to application of the laws prohibiting misleading conduct to advertisements. First, a majority38 of the High Court held that the correct approach to assessing whether advertising is misleading is to determine the ‘dominant

message’ being conveyed by the advertisement. The High Court explained its reasoning as follows:39 It was common ground that when a court is concerned to ascertain the mental impression created by a number of representations conveyed by one communication, it is wrong to attempt to analyse the separate effect of each representation. But in this case, the advertisements were presented to accentuate the attractive aspect of TPG’s invitation relative to the conditions which were less attractive to potential customers. That consumers might absorb only the general thrust or dominant message was

[page 211] not a consequence of selective attention or an unexpected want of sceptical vigilance on their part; rather, it was an unremarkable consequence of TPG’s advertising strategy. In these circumstances, the primary judge was correct to attribute significance to the “dominant message” presented by TPG’s advertisements.

Second, the High Court rejected the notion that the misleading effect of the advertising was neutralised by the Full Federal Court’s attribution to members of the target audience of knowledge that ADSL2+ services may be offered as a bundle. The High Court held that:40 It may be accepted that if the hypothetical reasonable consumer is taken to know that ADSL2+ services may be sold as part of a bundle with telephony services, then, if he or she brings that knowledge to bear in a conscious scrutiny of the terms of TPG’s offer, he or she might be less likely to form the impression that the offer was of an ADSL2+ service available without a requirement to take and pay for an additional service from TPG. But the circumstance that many consumers might know that ADSL2+ services are commonly offered as a “bundle” was not apt to defuse the tendency of the advertisements to mislead, especially where the target audience is left only with the general thrust or dominant message after the evanescence of the advertisement.

It should be noted that the focus of the High Court’s decision seemed to be on the ephemeral or transitory nature of television, cinema and radio advertising.41 The High Court indicated that where these forms of advertising are deployed, they represent ‘an unbidden intrusion on the consciousness of the target audience’ and the audience ‘cannot have been expected to pay close attention to the advertisement’, absorbing only the ‘general thrust’ of it.42 As mentioned above, the focus of the High Court’s decision seemed to be on ephemeral advertising mediums such as television, cinema and radio.43 As Cooley has noted ‘[i]t has long been accepted that consumers are less likely to be misled or deceived by print advertising, including as

accepted by the trial judge in [Australian Competition and Consumer Commission v TPG Internet Pty Ltd]’.44 This would indicate that when a corporation is designing a multimedia advertising campaign, more care needs to be taken in assessing the dominant message conveyed [page 212] using ephemeral mediums (which the audience only views fleetingly) as opposed to static mediums such as pamphlets or brochures (which an audience can view more carefully). In turn, this raises a question as to what category web or digital advertising falls into. Digital ads could fall into both categories. Much will depend on how the ad is deployed. For example, a video ad made available on the web could be viewed multiple times whereas a text, image or interstitial ad in a browser environment may be ephemeral in nature. 12.29 More than one meaning Where the advertisement conveys more than one meaning, there is a need to consider whether each of the meanings that are reasonably conveyed is misleading.45 12.30 Puffery In cases involving advertising, a certain degree of ‘puffing’ or exaggeration is to be expected in commercial dealings.46 In determining whether advertising is misleading, one needs to consider the dominant impression conveyed by the material to the ordinary reasonable person.47 In addition, the advertisement should be considered as a whole and not be minutely examined to ascertain its meaning, as most consumers only consider advertising fleetingly.48 12.31 Use of the word ‘free’ Where a good or service is advertised as being free, but qualifications apply, a corporation will need to clearly spell out such qualifications in order to counteract the attractive force of the use of the word ‘free’.49 Merely highlighting to consumers that conditions apply will not be sufficient to overcome the effect of the word ‘free’.50 In summary, the use of the term ‘free’ will inevitably be a high-risk marketing strategy. 12.32 Comparative advertising In terms of comparative advertising, a more onerous obligation is imposed on advertisers. In Stuart Alexander and Co (Interstate) Pty Ltd v Blenders Pty Ltd [1981] FCA 152 at 163

Lockhart J stated that: When a person produces a television commercial that, not only boosts his own product but, as in this case, compares it critically with the product

[page 213] of another so that the latter is shown up in an unfavourable light by the comparison, in my view he ought to take particular care to ensure that the statements are correct.

A key obligation of advertisers in these cases is to ensure that any comparison is fair. All relevant facts and matters should be included in any comparison to make sure it is fair. In Duracell Australia Pty Ltd v Union Carbide Australia Ltd [1988] FCA 380 at [13] Burchett J commented on the role of unfairness in this way: In the area of comparison advertising, it has repeatedly been said that particular care is required. An unfair comparison may, quite simply, because it is unfair, be misleading. It may mislead a consumer into thinking there is a basis for a choice where, in truth, there is not; or that a choice may be made on grounds which are not truly valid.

Social/digital media cases 12.33 Social media Recently, the Advertising Standards Board (ASB) issued a determination that held the provisions of the Advertiser Code of Ethics (which, among other things, prohibit misleading or deceptive advertising and marketing) apply not only to information that a corporation may post on its website (or Facebook pages) but also to any user-generated information posted on such media.51 This determination puts the onus on corporations which are subject to the Advertiser Code of Ethics (the Ethics Code) to be more vigilant regarding the information that is posted on their social media sites and, where appropriate, delete usergenerated material from those sites. However, the ASB’s determinations are part of a self-regulatory regime, which at most only has contractual force. For guidance as to how the law applies to social and digital media in this context, one needs to consider applicable judicial pronouncements. Australian Competition and Consumer Commission v Allergy Pathway Pty Ltd (No 2) [2011] FCA 74 (Allergy Pathway) considered the liability of Allergy Pathway Pty Ltd for user-generated posts on the Twitter and Facebook pages maintained by that corporation. In that case Finkelstein J

said:52 It has been shown, indeed it was not disputed, that Allergy Pathway knew that persons had published testimonials on its Twitter and Facebook pages and that it took no steps to have them removed. I infer that one reason Allergy Pathway did not remove the testimonials was that it wanted to take the benefit of the praise for its services. Another possible

[page 214] reason is that Allergy Pathway thought the testimonials added legitimacy to its business. While it cannot be said that Allergy Pathway was responsible for the initial publication of the testimonials (the original publisher was the third party who posted the testimonials on Allergy Pathway’s Twitter and Facebook pages) it is appropriate to conclude that Allergy Pathway accepted responsibility for the publications when it knew of the publications and decided not to remove them. Hence it became the publisher of the testimonials. In any event it is clear that it caused them to continue to be published from the time it became aware of their existence, which is enough to put Allergy Pathway in breach of the second limb of its undertaking.

In Google Inc v Australian Competition and Consumer Commission [2013] HCA 1 (Google), the High Court confirmed that, where an online platform provider allows others to create content on those platforms, the platform provider will not be liable for any misleading representation created by other parties unless ‘it would appear to ordinary and reasonable members of the relevant class that the corporation has adopted or endorsed that representation’.53 Thus, it can be seen that the mere provision of a communication medium or platform will not render the platform provider liable, unless one creates misleading content or adopts or endorses misleading content created by others. In Google, French CJ, Crennan and Kiefel JJ expressed the following views in relation to the platform provided by Google Inc:54 [E]ach relevant aspect of a sponsored link is determined by the advertiser. The automated response which the Google search engine makes to a user’s search request by displaying a sponsored link is wholly determined by the keywords and other content of the sponsored link which the advertiser has chosen. Google does not create, in any authorial sense, the sponsored links that it publishes or displays. That the display of sponsored links (together with organic search results) can be described as Google’s response to a user’s request for information does not render Google the maker, author, creator or originator of the information in a sponsored link. The technology which lies behind the display of a sponsored link merely assembles information provided by others for the purpose of displaying advertisements directed to users of the Google search engine in their capacity as consumers of products and services. In this sense, Google is not relevantly different from other intermediaries, such as newspaper publishers (whether in print or online) or broadcasters (whether radio, television or online), who publish, display or broadcast the

[page 215] advertisements of others. The fact that the provision of information via the internet will — because of the nature of the internet — necessarily involve a response to a request made by an internet user does not, without more, disturb the analogy between Google and other intermediaries. To the extent that it displays sponsored links, the Google search engine is only a means of communication between advertisers and consumers.

Accordingly, if a platform provider merely provides digital infrastructure that acts as a conduit for others to communicate with each other, then it is unlikely that the platform provider will be liable for misleading statements contained in user-generated content. However, each case will turn on its facts. If a platform provider also edits or closely monitors posts or otherwise has their attention drawn to a misleading statement (as was the case in Allergy Pathway), then the likelihood of infringement increases significantly. In the circumstances of the Google case, it was not necessary for the High Court to consider the application of s 85(3) of the Trade Practices Act 1974 (Cth). However, the court did observe that section provided a defence: ‘[A]n intermediary publisher who has endorsed or adopted a published representation of an advertiser without appreciating the capacity of that representation to mislead or deceive may have resort to a statutory defence.’55 Finally, it is useful to note that the Australian Competition and Consumer Commission has published guidelines that are broadly consistent with the case law discussed above.56 12.34 Google Adwords In Australian Competition and Consumer Commission v Trading Post Australia Pty Ltd [2011] FCA 1086 it was held that certain advertisements which advertisers paid Google to display as ‘Sponsored Links’ were, among other things, misleading or deceptive. In that case, various advertisers paid Google a fee to display an advertisement in the ‘Sponsored Links’ section of a search engine results page (SERP). The advertisements were displayed in the SERP whenever a user searched for a specific word or phrase which the advertiser had registered with Google and in respect of which it paid a fee (Google Adwords). The order in which the advertisements were displayed reflected the price that an advertiser was willing to pay for the relevant

[page 216] Google Adword. An example of an advertisement that was displayed in the ‘Sponsored Links’ section of the SERP is set out below: Klosters Ford New/Used Fords – Search 90,000 + auto ads online. Great finds daily!

The above text is referred to as a ‘Google Snippet’. Nicholas J was of the view that the URL (while less prominent than the title) was not fine print and would not escape the attention of a user.57 His Honour held that an ordinary and reasonable member toward whom the advertisement was directed would read the above Google Snippet as a whole and would appreciate that by clicking on the link they would be taken to .58 However, his Honour found that, among other things, the Trading Post engaged in misleading or deceptive conduct by publishing the Klosters Ford advertisement. The advertisement was likely to mislead or deceive in that it conveyed a representation that there was an association or affiliation between Klosters Ford and Trading Post when in fact there was none. In particular, his Honour found that the advertisement conveyed a representation by Trading Post that information about Klosters Ford could be found at Trading Post’s website when in fact such information could not be located on that site.59 It is clear from the judgment that whether certain advertisements used in the ‘Sponsored Links’ section (which is now called the ‘Ads’ section) are misleading will depend on the Google Adword the advertiser uses, the text used within the Google Snippet, the representations that the text conveys when read as a whole and any presumed knowledge of the relevant class of person to whom the advertisements are directed. In addition to the Trading Post, a number of other advertisers were also found to have engaged in misleading or deceptive conduct for reasons similar to the ones mentioned above. The decision of Nicholas J in respect of the advertisers was not the subject of any appeal.

Financial services cases 12.35 Provision of financial and investment advice In Wingecarribee

Shire Council v Lehman Brothers Australia Ltd (in liq) [2012] FCA 1028 Rares J held that Grange Securities Ltd (which was ultimately acquired [page 217] by Lehman Brothers Australia Ltd) engaged in misleading conduct in connection with the provision of financial and investment advice to unsophisticated clients, namely local councils. In that case, the local councils had a conservative risk appetite and sought to preserve capital and acquire products which were liquid (or could be readily bought and sold on a market). Rares J found that Grange made a number of representations to the clients, including that: investments known as synthetic collateralised debt obligations (SCDOs) were suitable for the clients in that they were suitable for conservative investment portfolios;60 Grange adopted investment practices that complied with council investment policies;61 the structured products sold by Grange were equivalent to other financial products with similar ratings, including floating rate notes;62 and Grange could provide liquidity for the financial products that it sold to the clients.63 His Honour found that each of these representations were misleading: ‘Investment in SCDOs was not consistent with a conservative investment strategy. That is because, in the sense in which the parties used the concepts of a “conservative” investment or strategy, such investments had to have a high level of security for the protection of the Council’s capital’;64 ‘Grange made the recommendations or investments without any particular consideration of the relevant statutory or policy requirements applicable to the individual Council. Rather … Grange was intent on using its position to produce “sausages” by causing the Councils to invest in whatever SCDO product it wished to sell at the time’;65

the products were not equivalent to similarly rated products;66 and [page 218] ‘Grange did not have the capacity to provide liquidity or secondary market activity if economic conditions or its own thin capitalisation prevented it from doing so’.67 12.36 Credit ratings The issue in ABN AMRO Bank NV v Bathurst Regional Council [2014] FCAFC 65 was whether a credit rating agency, Standard and Poor’s, had engaged in misleading conduct by conferring its highest credit rating of AAA to two issues of structured financial products (that is, constant proportion debt obligations marketed as Rembrandt notes). Standard and Poor’s conduct was found to be unreasonable, unjustified and misleading:68 As the preceding analysis demonstrates, S&P’s rating of the Rembrandt notes was unreasonable, unjustified and misleading (and ABN Amro knew that to be so) for reasons which included: 1. The rating adopted a flawed base case volatility parameter of 15% ...; and 2. The rating adopted overly favourable assumptions including in relation to roll-down benefits and starting spreads ...

Contravention 12.37 Civil liability is imposed on any person as principal who contravenes the following sections: s 1041H of the Corporations Act; s 12DA of the ASIC Act; or s 18 of the ACL. Liability arises under s 1041I of the Corporations Act; s 12GF of the ASIC Act; and ss 236 and 237 of the ACL respectively. Liability is imposed on persons who contravene the law as principals. Ordinarily the corporation will be a principal and, in certain cases, directors and officers will be liable as principals. For instance, in Arktos Pty Ltd v Idyllic Nominees Pty Ltd (2004) ATPR 42005 at 48,795 the Full Court held that: The authorities show that a director of a corporation who acts on its behalf in the course of trade or commerce also acts himself or herself in trade or commerce and, if the corporation is liable [for misleading conduct] … they also attract primary liability under the same statute.69

[page 219] In addition to persons who are principally liable for a contravention, liability under these provisions extends to individuals who are ‘involved in the contravention’. Among other things, a person will be involved in a contravention under the Corporations Act if he or she: (a) has aided, abetted, counselled or procured the contravention; or (b) has induced, whether by threats or promises or otherwise, the contravention; or (c) has been in any way, by act or omission, directly or indirectly, knowingly concerned in, or party to, the contravention; or (d) has conspired with others to effect the contravention.70

However, in such cases it will be necessary to show knowledge or intention on the part of the alleged wrongdoer. Any person who suffers loss as a result of a contravention of the law is able to recover compensation from the wrongdoer under the relevant provisions.71 The plaintiff must show that it suffered loss or damage ‘by conduct’ of the defendant in contravention of the law.72 The term ‘by conduct’ was considered in Wardley Australia Ltd v Western Australia [1992] HCA 55. That case involved the Trade Practices Act 1974 (Cth), but it is equally relevant to interpreting the meaning of cognate provisions found in the ASIC Act, the Corporations Act and now the Competition and Consumer Act 2010 (Cth). The High Court observed that:73 The statutory cause of action arises when the plaintiff suffers loss or damage “by” contravening conduct of another person. “By” is a curious word to use. One might have expected “by means of”, “by reason of”, “in consequence of” or “as a result of”. But the word clearly expresses the notion of causation without defining or elucidating it. In this situation, s 82(1) [of the Trade Practices Act 1974 (Cth)] should be understood as taking up the common law practical or common-sense concept of causation recently discussed by this Court in March v Stramare (E and M H) Pty Ltd ([1991] HCA 12; (1991) 171 CLR 506), except in so far as that concept is modified or supplemented expressly or impliedly by the provisions of the Act. Had Parliament intended to say something else, it would have been natural and easy to have said so.

[page 220] In other words, the conduct complained of must cause the alleged loss or damage. In order for a person to receive damages, however, it would of

course be necessary for that person to prove that they relied on the impugned conduct. In Woodcroft-Brown v Timbercorp Securities Ltd [2013] VSCA 284 the Court of Appeal held that the plaintiffs were not entitled to damages as, relevantly, they could not prove that they had actually relied on the allegedly misleading material contained in a PDS.74 Injunctions and other orders are also available.75 Liability under the relevant provisions may also be modified by the operation of applicable proportionate liability regimes.76 12.38 A breach of the misleading conduct provisions discussed above does not constitute a criminal offence. However, a breach of related information laws may constitute an offence. Those laws prohibit the making of false representations.77

CONCLUSION 12.39 The misleading conduct provisions condition many aspects of the way a corporation, including a financial services organisation, interacts with consumers and other parties. The norm of conduct that they prescribe has a profound impact on the manner in which corporations, directors and other corporate officers carry out corporate functions. This particularly applies when it comes to providing or disclosing information of all forms, including engaging in advertising, communicating with shareholders or making announcements to the market.

1.

2.

3. 4.

If a consumer suffers as a result of ‘another’s misleading or deceptive conduct, they are thought to be entitled to recover regardless of whether the person who supplied the information has exercised all due diligence to avoid the mistake which has in fact occurred’: see R P Austin and I M Ramsay, Ford, Austin and Ramsay’s Principles of Corporations Law, 16th ed, LexisNexis Butterworths, Sydney, 2015 at [22.020]. Noting that the ‘deceptive’ element is redundant as it adds nothing to the scope of the relevant laws: see 12.10. The focus of this section will be on misleading conduct provisions, but it is common for such claims to run together with claims that the relevant conduct amounts to a false representation and is therefore actionable under s 29 of the ACL, s 12DB of the ASIC Act and s 1041E of the Corporations Act. Note also that in some cases making a false representation may amount to an offence. See for example s 151 of the ACL which is cast in the same terms as s 29 of the ACL, but a breach of that provision constitutes an offence. Limited defences may be available in this context: see for example s 207 of the ACL. The ACL is set out in Sch 2 to the Competition and Consumer Act 2010 (Cth). These terms are defined respectively in Pt 7.1 Div 3 and Pt 7.1 Div 4 of the Corporations Act.

5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23.

24. 25. 26. 27.

28. 29. 30. 31.

32. 33.

34. 35.

See s 1041H(3) of the Corporations Act. See s 12DA(1A) of the ASIC Act. See ss 131 and 131A of the Competition and Consumer Act 2010 (Cth). For the relevant definitions of the terms ‘financial product’ and ‘financial services’ see s 5 of the ASIC Act. See s 1041K of the Corporations Act. See for example Australian Securities and Investments Commission v Fortescue Metals Group Ltd [2011] FCAFC 19, which illustrates the interplay between the provisions at [179]–[180]. See Australian Securities and Investments Commission v Narain [2008] FCAFC 120 at [12]. R Baxt, A Black and P Hanrahan, Securities and Financial Services Law, 8th ed, LexisNexis Butterworths, Sydney, 2012 at [8.50]. See Concrete Constructions (NSW) Pty Ltd v Nelson [1990] HCA 17. See Concrete Constructions (NSW) Pty Ltd v Nelson [1990] HCA 17 at [7] per Mason CJ, Deane, Dawson and Gaudron JJ. See Concrete Constructions (NSW) Pty Ltd v Nelson [1990] HCA 17 at [7]. Yorke v Lucas (1985) 158 CLR 661 at 675 per Brennan J. See also Global Sportsman Pty Ltd v Mirror Newspapers Ltd [1984] FCA 180 at [14] per Bowen CJ, Lockhart and Fitzgerald JJ. Parkdale Custom Built Furniture Pty Ltd v Puxu Pty Ltd [1982] HCA 44 at [8] per Gibbs CJ. See also Johnson Tiles Pty Ltd v Esso Australia Pty Ltd [2000] FCA 1572 at [63]. See Campomar Sociedad Limitada v Nike International Ltd [2000] HCA 12. Australian Competition and Consumer Commission v Dell Computers Pty Ltd [2002] FCA 847. Australian Competition and Consumer Commission v TPG Internet Pty Ltd [2011] FCA 1254. See R V Miller, Miller’s Australian Competition and Consumer Law Annotated, 34th ed, Lawbook Co, Sydney, 2012 at [1.S2.18.110]. Australian Securities and Investments Commission v Australian Lending Centre Pty Ltd (No 3) [2012] FCA 43 at [271]. See also Australian Competition and Consumer Commission v Goldy Motors Pty Ltd [2000] FCA 1885 at [30] per Carr J; Australian Competition and Consumer Commission v Kaye [2004] FCA 1363 at [199] per Kenny J. Australian Securities and Investments Commission v Australian Lending Centre Pty Ltd (No 3) [2012] FCA 43 at [272]. See note 22 above at [1.S2.18.180] and [1.S2.18.195]. Henjo Investments Pty Ltd v Collins Marrickville Pty Ltd (No 1) (1988) 39 FCR 546. Campomar Sociedad Limitada v Nike International Ltd [2000] HCA 12; National Exchange Pty Ltd (ACN 006 079 974) v Australian Securities and Investments Commission [2004] FCAFC 90. See note 22 above at [1.S2.18.55] and [1.S2.18.60]. Campbell v Backoffice Investments Pty Ltd [2009] HCA 25 at [26] per French CJ. See Campomar Sociedad Limitada v Nike International Ltd [2000] HCA 12 at [105]. See note 22 above at [1.S2.18.70]; cf the remarks of Franki J that the ‘extraordinarily stupid person’ would not be protected by the forerunner to s 18 of the ACL: Taco Co of Australia Inc v Taco Bell Pty Ltd (1982) 42 ALR 177. See also Woodcroft-Brown v Timbercorp Securities Ltd [2013] VSCA 284 at [215] per Warren CJ, Buchanan JA and Macaulay AJA. See for example s 12BB of the ASIC Act and s 4 of the ACL. In such cases the respondent will generally need to displace an adverse assumption: see s 12BB of the ASIC Act and s 4 of the ACL. See Futuretronics lnternational Pty Ltd v Gadzhis (1990) ATPR 41.049. Australian Competition and Consumer Commission v TPG Internet Pty Ltd [2013] HCA 54

36. 37. 38. 39. 40. 41.

42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54. 55.

56.

57. 58. 59. 60.

at [1] per French CJ, Crennan, Bell and Keane JJ. Australian Competition and Consumer Commission v TPG Internet Pty Ltd [2013] HCA 54 at [2] per French CJ, Crennan, Bell and Keane JJ. Australian Competition and Consumer Commission v TPG Internet Pty Ltd [2013] HCA 54 at [3] per French CJ, Crennan, Bell and Keane JJ. The majority comprised French CJ, Crennan, Bell and Keane JJ with Gageler J dissenting. Australian Competition and Consumer Commission v TPG Internet Pty Ltd [2013] HCA 54 at [52] per French CJ, Crennan, Bell and Keane JJ. Australian Competition and Consumer Commission v TPG Internet Pty Ltd [2013] HCA 54 at [53] per French CJ, Crennan, Bell and Keane JJ. See M Cooley, ‘The High Court has the Last Word on Misleading or Deceptive Claims in TV Advertising Cases: ACCC v TPG Internet Pty Ltd’, Competition & Consumer Law News, LexisNexis Butterworths, Sydney, March 2014, 26 at 27–8. Australian Competition and Consumer Commission v TPG Internet Pty Ltd [2013] HCA 54 at [47] per French CJ, Crennan, Bell and Keane JJ. See note 41 above at 27–8. See note 41 above at 29 citing Australian Competition and Consumer Commission v TPG Internet Pty Ltd [2011] FCA 1254 at [99]. See note 22 above at [1.S2.18.155]. General Newspapers Pty Ltd v Telstra Corp (1993) 45 FCR 164. Australian Competition and Consumer Commission v Harvey Norman Holdings Ltd [2011] FCA 1407. Re Tobacco Institute of Australia Ltd v Australian Federation of Consumer Organisations Inc [1992] FCA 630. See note 22 above at [1.S2.18.250]. Nationwide News Pty Ltd v Australian Competition and Consumer Commission (1996) 71 FCR 215. J Lee, ‘Watchdog Clamps Down on Facebook’, Sydney Morning Herald, 6 August 2012 (viewed 20 October 2016). Australian Competition and Consumer Commission v Allergy Pathway Pty Ltd (No 2) [2011] FCA 74 at [32]–[33]. Google Inc v Australian Competition and Consumer Commission [2013] HCA 1 at [15] per French CJ, Crennan and Kiefel JJ. Google Inc v Australian Competition and Consumer Commission [2013] HCA 1 at [68]–[69] per French CJ, Crennan and Kiefel JJ. Google Inc v Australian Competition and Consumer Commission [2013] HCA 1 at [74]–[75] per French CJ, Crennan and Kiefel JJ. Note that upon the enactment of the Competition and Consumer Act 2010 (Cth), the defence in s 85(3) of the Trade Practices Act 1974 (Cth) was moved to s 209 of the ACL. Australian Competition and Consumer Commission, ‘Social Media’ (viewed 29 October 2016). Australian Competition and Consumer Commission v Trading Post Australia Pty Ltd [2011] FCA 1086 at [125]. Australian Competition and Consumer Commission v Trading Post Australia Pty Ltd [2011] FCA 1086 at [126]. Australian Competition and Consumer Commission v Trading Post Australia Pty Ltd [2011] FCA 1086 at [130], [131], [135] and [136]. Wingecarribee Shire Council v Lehman Brothers Australia Ltd (in liq) [2012] FCA 1028 at [753].

61. 62. 63. 64. 65. 66. 67. 68. 69.

70. 71. 72.

73. 74. 75. 76. 77.

Wingecarribee Shire Council v Lehman Brothers Australia Ltd (in liq) [2012] FCA 1028 at [755]. Wingecarribee Shire Council v Lehman Brothers Australia Ltd (in liq) [2012] FCA 1028 at [796]. Wingecarribee Shire Council v Lehman Brothers Australia Ltd (in liq) [2012] FCA 1028 at [814]. Wingecarribee Shire Council v Lehman Brothers Australia Ltd (in liq) [2012] FCA 1028 at [957]. Wingecarribee Shire Council v Lehman Brothers Australia Ltd (in liq) [2012] FCA 1028 at [962]. Wingecarribee Shire Council v Lehman Brothers Australia Ltd (in liq) [2012] FCA 1028 at [970]–[976]. Wingecarribee Shire Council v Lehman Brothers Australia Ltd (in liq) [2012] FCA 1028 at [979]. ABN AMRO Bank NV v Bathurst Regional Council [2014] FCAFC 65 at [563]. Arktos Pty Ltd v Idyllic Nominees Pty Ltd (2004) ATPR 42-005 at 48,795. See also Houghton v Arms [2006] HCA 59; Australian Securities and Investments Commission v Citrofresh International Ltd [2007] FCA 1873. Note also in this context the effect of s 52 of the Corporations Act which states that ‘a reference to doing an act … includes a reference to causing, permitting or authorising the act or thing to be done’. See s 1041I(1) and s 79 of the Corporations Act. See also ss 75B and 82 of the Competition and Consumer Act 2010 (Cth). See s 1041I of the Corporations Act; s 12GF of the ASIC Act; and ss 236 and 237 of the ACL. Section 1041I of the Corporations Act and s 12GF of the ASIC Act both use the expression ‘by conduct’. Section 236 of the ACL uses the expression ‘because of’ but nothing would seem to turn on the use of the different term. Wardley Australia Ltd v Western Australia [1992] HCA 55 at [11] per Mason CJ, Dawson, Gaudron and McHugh JJ. Woodcroft-Brown v Timbercorp Securities Ltd [2013] VSCA 284 at [85] and [240] per Warren CJ, Buchanan JA and Macaulay AJA. See for example s 1324 of the Corporations Act. See for example Pt 7.10 Div 2A of the Corporations Act. See ss 29 and 151 of the ACL; s 12DB of the ASIC Act; and s 1041E of the Corporations Act.

[page 221]

Chapter 13 Unconscionable Conduct INTRODUCTION 13.1 This chapter reviews the laws relating to unconscionable and unjust conduct and the law’s response to that conduct. The focus of the chapter will be threefold. We will first examine the courts’ equitable jurisdiction to provide relief against transactions which are entered into with persons who are at a special disadvantage. Second, we will review the statutory provisions prohibiting unconscionable conduct and case law interpreting and applying that law. Finally, we will examine the unique New South Wales legislation that prohibits unjust contracts.

UNCONSCIONABLE CONDUCT Equity and unconscionable conduct or dealing First principles 13.2 The equitable principles that allow a plaintiff to set aside a transaction on grounds of unconscionability at equity were examined by the High Court in Commercial Bank of Australia Ltd v Amadio [1983] HCA 14 (Amadio). In Amadio Mason J observed:1 [R]elief on the ground of “unconscionable conduct” is usually taken to refer to the class of case in which a party makes unconscientious use of his superior position or bargaining power to the detriment of a party who suffers from some special disability or is placed in some special situation of disadvantage, eg a catching bargain with an expectant heir or an unfair contract made by taking advantage of a person who is seriously affected by intoxicating drink. Although unconscionable conduct in this narrow sense bears some resemblance to the doctrine of undue influence, there is a difference between the two. In the latter the will of the innocent party is

[page 222]

not independent and voluntary because it is overborne. In the former the will of the innocent party, even if independent and voluntary, is the result of the disadvantageous position in which he is placed and of the other party unconscientiously taking advantage of that position.

13.3 Mason J acknowledged that:2 It goes almost without saying that it is impossible to describe definitively all the situations in which relief will be granted on the ground of unconscionable conduct. As Fullagar J said in Blomley v Ryan [1956] HCA 81; (1956) 99 CLR 362 at p 405: The circumstances adversely affecting a party, which may induce a court of equity either to refuse its aid or to set a transaction aside, are of great variety and can hardly be satisfactorily classified. Among them are poverty or need of any kind, sickness, age, sex, infirmity of body or mind, drunkenness, illiteracy or lack of education, lack of assistance or explanation where assistance or explanation is necessary. The common characteristic seems to be that they have the effect of placing one party at a serious disadvantage vis-a-vis the other.

13.4 Mason J also referred to statements by Kitto J in Blomley v Ryan (1956) 99 CLR 362 at 459 where his Honour observed that:3 [A] well-known head of equity … applies whenever one party to a transaction is at a special disadvantage in dealing with the other party because illness, ignorance, inexperience, impaired faculties, financial need or other circumstances affect his ability to conserve his own interests, and the other party unconscientiously takes advantage of the opportunity thus placed in his hands.

13.5 In Amadio Mr and Mrs Amadio were Italian immigrants in their 70s, with limited English skills, little formal education and, between them, limited business experience. Their son, Vincenzo, asked them to provide a guarantee in relation to his bank accounts by way of a mortgage over their home. Mr and Mrs Amadio were led to believe by Vincenzo that the guarantee would be limited to $50,000 and be for a period of six months. However, no such limitations existed. The bank manager, Mr Virgo, visited Mr and Mrs Amadio prior to the execution of the applicable documents, but save for pointing out that the guarantee was not limited to a six-month duration did not otherwise explain [page 223] the documents to Mr and Mrs Amadio. The trial judge found that Mr and Mrs Amadio ultimately executed the guarantee documents under the belief, induced by Vincenzo, that the guarantee was subject to the limitations mentioned above.

13.6 In relation to Mr Virgo’s role in the transaction, Mason J held that:4 Mr Virgo was aware that the respondents were Italians, that they were of advanced years and that they did not have a good command of English. He knew that Vincenzo had procured their agreement to sign the mortgage guarantee. He had no reason to think that they had received advice and guidance from anyone but their son. In cross-examination he conceded that he believed that Vincenzo had acted in the “role of adviser/explainer” in relation to the transaction and referred to him as acting “in his capacity as dominant member of the family”. Mr Virgo also knew that, in the light of the then financial condition of the company, it was vital to Vincenzo to secure his parents’ signature to the mortgage guarantee so that the company could continue in business. It must have been obvious to Mr Virgo, as to anyone else having knowledge of the facts, that the transaction was improvident from the viewpoint of the respondents. In these circumstances it is inconceivable that the possibility did not occur to Mr Virgo that the respondents’ entry into the transaction was due to their inability to make a judgment as to what was in their best interests, owing to their reliance on their son, whose interests would inevitably incline him to urge them to sign the instrument put forward by the bank.

13.7 In coming to his finding Mason J relied on the fact that Mr Virgo was present at Mr and Mrs Amadio’s home prior to the transaction documents being executed when Mr Amadio stated that the duration of the guarantee was for six months. While Mr Virgo corrected Mr Amadio on that point, Mason J stated that ‘the inquiry by Mr Amadio senior as to the duration of the arrangement should have alerted Mr Virgo to the likelihood that Vincenzo had not adequately or accurately explained the intended transaction to them, let alone the possible or probable consequences which attended it’.5 On the basis of these facts, Mason, Wilson and Deane JJ set aside the mortgage guarantee on the ground of unconscionability. Gibbs CJ set it aside on the basis of misrepresentation (when there was a duty to disclose) and Dawson J dissented. 13.8 In summary, the doctrine of unconscionability at general law is invoked where ‘one party by reason of some condition or circumstance [page 224] is placed at a special disadvantage vis-a-vis another and unfair or unconscientious advantage is then taken of the opportunity thereby created’.6 In actions based on unconscionable conduct a plaintiff must

show: the special disadvantage which the plaintiff was placed at; the defendant knew or ought to have known of the special disadvantage; and how unfair or unconscientious advantage was taken of that special disadvantage by the party in a superior position. 13.9 In this context, as stressed by Mason J, the word ‘special’ in the expression ‘special disadvantage’ is used to ‘emphasize that the disabling condition or circumstance is one which seriously affects the ability of the innocent party to make a judgment as to his own best interests, when the other party knows or ought to know of the existence of that condition or circumstance and of its effect on the innocent party [emphasis added]’.7 Moles and Sangha insightfully observe that:8 In determining as to what amounts to “special disability”, Mason CJ made reference to Blomley v Ryan [(1956) 99 CLR 362] where Fullagar J had listed the factors which might give rise to equitable intervention — including “lack of assistance or explanation where assistance or explanation is necessary”. Many of the other factors mentioned in Blomley might well be subsumed in this — all those who are in firm, illiterate, drunk or sick etc, might be appropriate candidates for assistance or explanation, as indeed were the parents in Amadio.

Defences 13.10 In order to avoid liability for unconscionable conduct one needs to be vigilant for signs of a special disadvantage in a counterparty and ensure appropriate assistance or explanation is given to them directly or through the assistance of advisers. 13.11 It is a defence to a claim alleging that a transaction was induced due to unconscionable conduct if: the defendant can show that the transaction was ‘fair, just and reasonable’.9 As Deane J explained in Amadio: ‘If Mr and Mrs Amadio’s [page 225] potential liability had been limited to a maximum of $50,000, and

if they had been informed as to the true financial position of Amadio Builders, it would be strongly arguable that the guarantee/mortgage could not properly be said either to have resulted from their special disability or to be other than fair, just and reasonable [emphasis added]’; or the weaker party received independent, expert advice.10

Remedies 13.12 The grant of an equitable remedy is, of course, subject to the defendant not being able to successfully plead an equitable defence to the case brought against her, for example, a defence based on laches, acquiescence or release. Equitable remedies may also be limited by the application of equitable maxims (such as ‘he who comes to equity must come with clean hands’). Presuming that is not the case, the equitable remedies that would be available in relation to unconscionable conduct include: rescission of the impugned transaction in whole or in part; declaratory relief; account for profits; specific restitution; and equitable compensation (including the ability to award compound interest in exceptional cases, unlike the common law11). Equitable remedies are granted at the discretion of the court. They are not granted as of right in the same manner as legal remedies (which are available to a successful plaintiff as of right).

The statutory provisions prohibiting unconscionable conduct 13.13 There are a number of statutory provisions that prohibit unconscionable conduct. The Competition and Consumer Act 2010 (Cth) contains provisions that prohibit unconscionable conduct.12 The Australian Securities and Investments Commission Act 2001 (Cth) (ASIC Act) and the Corporations Act 2001 (Cth) (Corporations Act) also contain

cognate provisions.13 Cases decided under one legislative regime are routinely used to interpret and apply the provisions of the cognate legislation. The focus of this section will be on the provisions set out in [page 226] the Corporations Act and the ASIC Act given those provisions apply to financial services.

Prohibition under ASIC Act s 12CA 13.14 The prohibition under s 12CA(1) of the ASIC Act provides as follows: A person must not, in trade or commerce, engage in conduct in relation to financial services if the conduct is unconscionable within the meaning of the unwritten law, from time to time, of the States and Territories.

The provision reflects the common law position discussed at the beginning of this chapter. The advantage of reflecting the prohibition in the statute is that the enforcement options and remedies (as applicable) that are available under the ASIC Act become available to the Australian Securities and Investments Commission (ASIC) or any party that incurs a loss due to the impugned conduct. In addition, a breach or likely breach of s 12CA would constitute a breach of a ‘financial services law’ and would need to be reported to ASIC by a financial services licensee under s 912D if the breach or likely breach was significant.

Prohibition under ASIC Act s 12CB 13.15 The prohibition under s 12CB(1) of the ASIC Act provides as follows: A person must not, in trade or commerce, in connection with: (a) the supply or possible supply of financial services to a person (other than a listed public company); or (b) the acquisition or possible acquisition of financial services from a person (other than a listed public company); engage in conduct that is, in all the circumstances, unconscionable.

For the purposes of determining whether there has been a breach in a given case, ‘the court must not have regard to any circumstances that were not reasonably foreseeable at the time of the alleged contravention’.14 In s 12CB(4) the legislature made its intention clear regarding the ambit of the prohibition: It is the intention of the Parliament that: (a) this section is not limited by the unwritten law of the States and Territories relating to unconscionable conduct; and (b) this section is capable of applying to a system of conduct or pattern of behaviour, whether or not a particular individual is identified as having been disadvantaged by the conduct or behaviour; and

[page 227] (c) in considering whether conduct to which a contract relates is unconscionable, a court’s consideration of the contract may include consideration of: (i) the terms of the contract; and (ii) the manner in which and the extent to which the contract is carried out; and is not limited to consideration of the circumstances relating to formation of the contract.

The prohibition set out in s 12CB was recently considered by the Full Federal Court in Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 and the High Court in the related appeal decision of Paciocco v Australia and New Zealand Banking Group Ltd [2016] HCA 28. Those decisions related to certain fees that were charged to Mr Paciocco’s personal and business accounts with ANZ. Among other things, the allegation by Mr Paciocco (the lead plaintiff in a class action against ANZ) was that these fees were unconscionable under s 12CB(1). 13.16 In the Full Federal Court decision, Allsop CJ noted that the ‘term “unconscionable” is not defined in the ASIC Act or the [Fair Trading Act 1999 (Vic)]. It is to be given its ordinary meaning, being something done not in good conscience and that which is irreconcilable with what is right or reasonable’.15 Allsop CJ cited part of the trial judge’s reasons, which emphasised that the term ‘unconscionability’ used in s 12CB(1) has a wider scope than the term used in the general law and equity:16 In Tonto Home Loans Australia Pty Ltd v Tavares (2011) 15 BPR 29,699 at [291], Allsop P (as he then was) summarised the meaning of statutory unconscionable conduct in the

following terms: Aspects of the content of the word “unconscionable” include the following: the conduct must demonstrate a high level of moral obloquy on the part of the person said to have acted unconscionably:

[page 228] Attorney General (NSW) v World Best Holdings Ltd (2005) 63 NSWLR 557 at 583; the conduct must be irreconcilable with what is right or reasonable: Australian Securities and Investments Commission v National Exchange Pty Ltd [2005] FCAFC 226; 148 FCR 132 at 140; Australian Competition and Consumer Commission v Samton Holdings Pty Ltd [2002] FCA 62; 117 FCR 301 at 316-317; Qantas Airways Ltd v Cameron (1996) 66 FCR 246 at 262; … the concept of unconscionable in this context is wider than the general law and the provisions are intended to build on and not be constrained by cases at general law and equity: National Exchange at 140; the statutory provisions focus on the conduct of the person said to have acted unconscionably: National Exchange at 143. It is neither possible nor desirable to provide a comprehensive definition. The range of conduct is wide and can include bullying and thuggish behaviour, undue pressure and unfair tactics, taking advantage of vulnerability or lack of understanding, trickery or misleading conduct. A finding requires an examination of all the circumstances.

13.17 The two key elements that can be distilled from these statements are that the impugned conduct ‘must demonstrate a high level of moral obloquy on the part of the person said to have acted unconscionably’ and that conduct ‘must be irreconcilable with what is right or reasonable’. As s 12CB requires, these elements must be tested against ‘all the circumstances’ of the case. It is important to note that ‘moral obloquy’ requires something more than unfair or unjust conduct:17 It is important to recognise that Spigelman CJ in [Attorney-General (NSW) v World Best Holdings Ltd [2005] NSWCA 261] was using the phrase in a way to differentiate the moral or normative standard in unconscionability as higher than in unfairness or unjustness. At [121] of World Best, the Chief Justice said: The Ministerial Second Reading speech, quoted above, indicates a similar concern to distinguish what is unconscionable from what is merely unfair or unjust. Even if the concept of unconscionability in s 62B of the Retail Leases Act [1994 (NSW)] is not confined by equitable doctrine, as the decisions under s 51AC of the Trade Practices Act [1974 (Cth)] suggest, restraint in decisionmaking remains appropriate. Unconscionability is a concept which requires a high level of moral obloquy. If it were to be applied as if it were equivalent to what was “fair” or “just”, it could transform commercial relationships in a

manner which the Minister expressly stated was not the intention of the legislation. The principle of “unconscionability” would not be a doctrine of occasional

[page 229] application, when the circumstances are highly unethical, it would be transformed into the first and easiest port of call when any dispute about a retail lease arises.

13.18 Allsop CJ refers, with approval, to the principles that the trial judge set out as governing the interpretation of the statutory norm set out in s 12CB:18 The task of the Court is the evaluation of the facts by reference to a normative standard of conscience. That normative standard is permeated with accepted and acceptable community values. In some contexts, such values are contestable. Here, however, they can be seen to be honesty and fairness in the dealing with consumers. The content of those values is not solely governed by the legislature, but the legislature may illuminate, elaborate and develop those norms and values by the act of legislating, and thus standard setting. The existence of State legislation directed to elements of fairness is a fact to be taken into account. It assists the Court in appreciating some aspects of the publicly recognised content of fairness, without in any way constricting it. Values, norms and community expectations can develop and change over time. Customary morality develops “silently and unconsciously from one age to another”, shaping law and legal values: Cardozo, The Nature of the Judicial Process (Newhaven, Yale University Press, 1921) pp 104–105. These laws of the States and the operative provisions of the [Australian Consumer Law] reinforce the recognised societal values and expectations that consumers will be dealt with honestly, fairly and without deception or unfair pressure. These considerations are central to the evaluation of the facts by reference to the operative norm of required conscionable conduct.

But Allsop CJ was at pains to point out that a values-based approach did not mean that the evaluative exercise became an exercise in opinions:19 [Legal] relations in trade or commerce … should be governed by law, and not some mix of judicial discretion or the subjective views as to who should win based on the formless void of individual moral opinion. Nothing in Subdiv C and ss 12CB and 12CC or the other statutes with which this case is concerned should be seen as requiring this. The notions of conscience, justice and fairness are based on enunciated and organised norms and values, including the organised principles of law and Equity, taken from the legal context of the statutes in question and the words of the statutes themselves. Employing judicial technique involving a close examination of the complete attendant facts and rational justification, the Court must assess and characterise the conduct of an impugned party in

[page 230]

trade or commerce against the standard of business conscience, reflecting the values and norms recognised by Parliament to which I have referred.

13.19 Further guidance as to the matters that the court may have regard to in determining whether conduct breaches s 12CB(1) are contained in s 12CC. In addition, s 12CC(1) and (2) set out a list of matters that the court may have regard to in assessing whether conduct is unconscionable. They do not limit the matters that the court can have regard to in determining whether conduct breaches the prohibition. In relation to the matters set out in s 12CC(1) and (2), Allsop J in Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 at [285] observed that: More specific guidance to the meaning and operation of s 12CB [of the ASIC Act] as a consumer provision is given by the matters set out in s 12CC (whether from 2002 to 2011 inferentially from s 12CC applying to “business transactions” as referred to in the section heading for s 12CC as to which see subss 12CC (6), (7), and where relevant (8) and (9), or since 1 January 2012 as expressly directly explicative of s 12CB) to which a court may have regard for the purposes of considering the question of unconscionable conduct. These matters assist in setting a framework for the values that lie behind the notion of the relevant conscience of the parties in trade or commerce identified in s 12CB. Those values and conceptions can be seen as: fairness and equality: see paras (a), (b), (d)–(k); a lack of understanding or ignorance of a party: para (c); the risk and worth of the bargain: paras (e) and (i); and good faith and fair dealing: para (l).

13.20 In turning to whether the conduct of ANZ breached s 12CB(1), Allsop CJ noted the relevant considerations of the case:20 (1) There was no allegation of dishonesty, oppression or abuse of a commercially powerful position. (2) None of the matters in (1) existed. (3) The relevant contractual provisions were all disclosed to customers (in leaflets, booklets, in letters and telephone communications if fees were incurred). (4) There was no allegation that the applicants (Mr Paciocco and SDG [a company controlled by him]) could not or did not understand the relevant provisions. (5) There was no allegation (and it was not the case) that the applicants were compelled to enter into these arrangements or that any financial or other pressure was placed on them to enter into the contracts.

[page 231] (6) There was no allegation (and it was not the case) that the applicants were compelled to engage in overdrawing. It was wholly a matter of choice for the applicants. (7) Indeed, ANZ provided (with some exceptions …) a facility to “switch off” the ability to

overdraw and thus to avoid the fees. This could lead, of course, to the declining of transactions. (8) Customers who wanted further borrowings from ANZ could apply for such, for which there may be a fee. (9) All relevant contracts were terminable at will.

13.21 Allsop CJ observed that these matters were important as they helped the court consider whether there were factors that militated against finding that ANZ engaged in unconscionable conduct in its dealings with Mr Paciocco. However, his Honour also noted that even if the court were to find that such conduct did not breach s 12CB(1), it was also necessary to examine the relevant considerations to determine whether ANZ had engaged in a ‘system of conduct or pattern of behaviour’ which would make it liable for a breach of s 12CB(1) by dint of s 12CB(4)(b). 13.22 Ultimately, Allsop CJ concluded that the fees that were the subject of the appeal did not amount to unconscionable conduct. In arriving at this conclusion, his Honour pointed out that one must assess unconscionability not just from the perspective of the plaintiff/appellant but also from the perspective of the defendant/respondent.21 Allsop CJ also expressed the view that the court is not a price regulator22 and indicated that arguments based on price alone are more difficult ones to pursue and to succeed in such cases the plaintiff would need ‘to demonstrate that from any reasonable perspective the fees were exorbitant’.23 His Honour expressed his conclusions in this way:24 In the assessment of the conduct of ANZ against the values that I have earlier described, one can say the following: There was no dishonesty; there was no trickery or sharp practice; the fees were fully and not unfairly disclosed; the applicants were not vulnerable, nor were customers generally; the fees could be avoided by the customer; these applicants chose to run their affairs by risking the fees; there was no victimisation, predation or taking advantage of the applicants, or, on the evidence, of

[page 232] anyone; the bargaining power to set the terms was real, but the customer was not forced to deal with the bank or to incur the fees; there was no lack of good faith by ANZ. Though the fees, from one perspective, may be seen to be high in the eye of the consumer, they were openly charged and can be justified, not irrationally, in the manner contained in [one expert’s] reports. It was not demonstrated that customers could not go to financial institutions that did not charge these fees.

13.23 Besanko and Middleton JJ agreed in with Allsop CJ’s decision in separate judgments. Following the Full Federal Court’s decision Mr Paciocco sought leave to appeal to the High Court, which was granted. The High Court rejected the appeal on all grounds (including in relation to s 12CB) by a majority of 4 to 1.25 Keane J’s reasons for rejecting the s 12CB claim (with which French CJ and Kiefel J agreed) are set out below. First, Keane J referred to Allsop CJ’s judgment in the Full Federal Court regarding the rejection of the gravamen of the claim:26 Allsop CJ rejected the “gravamen” of the appellants’ attack on ANZ’s conduct, which depended upon what was said to be the “huge disparity between the level of the fees and the costs [ANZ] sustained by the exception fee events”. His Honour concluded that: In all the circumstances, in particular, the lack of any proven predation on the weak or poor, the lack of real vulnerability requiring protection, the lack of financial or personal compulsion or pressure to enter or maintain accounts, the clarity of disclosure, the lack of secrecy, trickery or dishonesty, and the ability of people to avoid the fees or terminate the accounts, I do not consider the conduct of ANZ to have been unconscionable. To do so would require the court to be a price regulator in banking business in connection with otherwise honestly carried on business in which high fees were extracted from customers.

13.24 Keane J then disposed of the argument put forward by the appellants that s 12CB was designed to address bargaining inequality:27 The appellants submitted that s 12CB of the ASIC Act was introduced to address “the general disparity of bargaining power” between

[page 233] financial services providers and consumers. That submission may be accepted as far as it goes; but it does not go very far. While a disparity in bargaining power may be necessary to attract the operation of the provision, the mere existence of the disparity is not sufficient to do so. The existence of a disparity in bargaining power, which is an all-pervading feature of a capitalist economy, does not establish that the party which enjoys the superior power acts unconscionably by exercising it.

13.25 Finally, Keane J pointed out the error of the appellant’s case in not considering all relevant circumstances, including by not adequately considering ANZ’s legitimate interests:28 The appellants’ argument focused upon s 12CB(2)(a) and (b) of the ASIC Act without regard to the other provisions which may be relevant. The argument that the Full Court should have concluded that the fee was unconscionable on the basis that it was not set at an amount limited to cost recovery only must be rejected because of its erroneously narrow assumption

as to the legitimate interests of ANZ. Further, to focus upon the relative strengths of the bargaining positions of Mr Paciocco and ANZ is to ignore the requirement of s 12CB(1) to consider “all the circumstances”. Section 12CB(1) does not proscribe the existence of a disparity in bargaining power as opposed to the manner of its exercise. And, as has been noted, nothing in the manner of ANZ’s exercise of its superior bargaining strength fell foul of the other provisions of s 12CB(2).

Remedies for breach of ASIC Act s 12CB 13.26 Where a court finds that s 12CA or s 12CB is breached, a range of remedies may be ordered, including: pecuniary orders under s 12GBA; injunctions under s 12GD; compensation for loss under s 12GF; and equitable remedies in the case of breaches of s 12CA.

Prohibition in Corporations Act s 991A 13.27 Section 991A of the Corporations Act provides as follows: A financial services licensee must not, in or in relation to the provision of a financial service, engage in conduct that is, in all the circumstances, unconscionable.

[page 234] This provision is directed only at holders of a Financial Services Licence. In the same manner as s 12CB of the ASIC Act, it requires the conduct to be considered against the backdrop of all the circumstances. The provision would be interpreted in a manner similar to that discussed above in relation to s 12CB of the ASIC Act.

Remedies for breach of Corporations Act s 991A 13.28 Section 991A(2) of the Corporations Act provides that ‘[i]f a person suffers loss or damage because a financial services licensee contravenes subsection (1), the person may recover the amount of the loss or damage by action against the licensee’.29 Injunctions and other orders would also be available under s 1324 and s 1325 of the Corporations Act

respectively.

CONTRACTS REVIEW ACT 1980 (NSW) 13.29 The final statutory regime that we will examine in this chapter is the Contracts Review Act 1980 (NSW) (Contracts Review Act). Section 7 of that Act provides as follows: (1) Where the Court finds a contract or a provision of a contract to have been unjust in the circumstances relating to the contract at the time it was made, the Court may, if it considers it just to do so, and for the purpose of avoiding as far as practicable an unjust consequence or result, do any one or more of the following: (a) it may decide to refuse to enforce any or all of the provisions of the contract, (b) it may make an order declaring the contract void, in whole or in part, (c) it may make an order varying, in whole or in part, any provision of the contract, (d) it may, in relation to a land instrument, make an order for or with respect to requiring the execution of an instrument that: (i) varies, or has the effect of varying, the provisions of the land instrument, or (ii) terminates or otherwise affects, or has the effect of terminating or otherwise affecting, the operation or effect of the land instrument.

13.30 The key phrase in this provision is ‘[w]here the Court finds a contract or a provision of a contract to have been unjust in the [page 235] circumstances relating to the contract at the time it was made [it may make certain orders]’(emphasis added). Section 4 defines ‘unjust’ to include ‘unconscionable, harsh or oppressive’ conduct. Self-evidently, s 7 is a very broad provision. Section 9 provides that: (1) In determining whether a contract or a provision of a contract is unjust in the circumstances relating to the contract at the time it was made, the Court shall have regard to the public interest and to all the circumstances of the case, including such consequences or results as those arising in the event of: (a) compliance with any or all of the provisions of the contract, or (b) non-compliance with, or contravention of, any or all of the provisions of the contract.

Again, as we have seen is the case with s 12CB of the ASIC Act and s 991A of the Corporations Act, the court is directed to examine all the circumstances of the case. This approach was emphasised by Campbell JA

in Kowalczuk v Accom Finance Pty Ltd [2008] NSWCA 343 at [96]–[99] where his Honour made it clear that a conclusion that impugned conduct is ‘unjust’ for the purposes of s 7 of the Contracts Review Act depends on an evaluation of all the circumstances.30 Interestingly, the court is also directed to have regard to the public interest in making its determination. The court is also directed by s 9(2) to have regard to a long list of nonexhaustive matters in considering whether a contract or term is unjust for the purposes of s 7 of the Contracts Review Act. Section 6 of the Act effectively limits the application of the Act to consumer contracts. 13.31 The decision of Fast Fix Loans Pty Ltd v Samardzic [2011] NSWSC 19 illustrates the application of the Contracts Review Act in the context of a lending and guarantee arrangement. Mr and Mrs Samardzic mortgaged their land to secure a loan for their son’s property development company of which he was the sole director and shareholder. Fast Fix Loans Pty Ltd arranged a loan for the son on the basis that Mr and Mrs Samardzic provided their land as security. The arrangement also resulted in Mr and Mrs Samardzic being parties to the loan deed. Mr and Mrs Samardzic were Serbian migrants who had limited education. They had limited capacity to understand the guarantee and loan arrangements they entered into. At the time the contracts were entered into, the son’s property development company was in a precarious position. While Mr and Mrs Samardzic did have the relevant documents explained to them by a Serbian-speaking lawyer, Fast Fix made no inquiries as to their capacity to repay the debts they assumed. [page 236] 13.32 Hoeben J found that:31 Fast Fix were not concerned with the ability of the defendants [ie Mr and Mrs Samardzic] to fulfil their obligations under the deed of loan should [their son] and the company default. All that Fast Fix … were concerned about was whether there was adequate security available in the case of such default. Asset lending in those circumstances raises public interest consideration.

His Honour then went on to quote Campbell JA in Kowalczuk v Accom Finance Pty Ltd [2008] NSWCA 343 at [96]:32 It can be accepted that pure asset lending — described by Basten JA in [Perpetual Trustee Co

Ltd v Khoshaba [2006] NSWCA 41] at [128] as being “to lend money without regard to the ability of the borrower to repay by instalments under the contract, in the knowledge that adequate security is available in the event of default” — is in at least some circumstances unjust within the meaning of the Contracts Review Act, or unconscionable: Elkofairi v Perpetual Trustee Co Ltd [2002] NSWCA 413; (2003) 11 BPR 20,841 at [57]–[59], [79] per Beazley JA (with whom Santow JA and MW Campbell AJA agreed); Khoshaba at [92] per Spigelman CJ (with whom Handley JA agreed on this point), [128] per Basten JA. However whether lending on the basis that the loan can adequately be repaid from the security, is in the circumstances of any particular case unconscionable or unjust, depends on other matters as well. Thus, in Elkofairi the facts that neither the applicant nor her husband had any income, the loan in question was for five years, and the security was over the applicant’s only asset (involving the proposition that the applicant had no other resources from which to service the loan) and that the secured property was the applicant’s home, were all relevant matters in reaching the conclusion that the transaction was both unconscionable and unjust. In Khoshaba, other factors relevant to the conclusion of injustice were that the applicants were a husband and wife, one of whom earned $43,000 pa and the other of whom was a pensioner, the lender had no information at all about the purpose for which the loan was being sought, and the security was over their home.

13.33 In addition to the fact that this case involved asset lending, the other factors that Hoeben J identified as going to injustice included:33 it must have been clear to Fast Fix that the loan was an improvident one from the perspective of Mr and Mrs Samardzic; [page 237] Fast Fix must have been aware of the precarious financial position of the son and his company; and in the circumstances, Fast Fix should have taken steps to understand Mr and Mrs Samardzic’s capacity to repay the loan. It did not take any steps to do so. In addition, Hoeben J took into consideration the pressure the son brought to bear on his parents in this context as part of considering ‘all the circumstances’ of the case.34 For these and other reasons reinforcing the unjustness of the loan,35 Hoeben J concluded that the loan arrangement was unjust under s 7 of the Contracts Review Act and ordered that Mr and Mrs Samardzic be removed as parties from the loan arrangement. Interestingly, given that the Act precludes the court from making orders about ‘land instruments’ (including mortgages), no order could be made in respect of the mortgage over the parent’s property. However, given the

repayment obligations which the mortgage secured were set out in a separate loan arrangement this issue was not fatal to Mr and Mrs Samardzic succeeding in the case. 13.34 Fast Fix subsequently appealed Hoeben J’s decision. Bathurst CJ, Allsop J and Campbell JA heard the appeal in Fast Fix Loans Pty Ltd v Samardzic [2011] NSWCA 260. The court dismissed the appeal. After discussing Hoeben J’s findings in the trial, Allsop J (with whom Bathurst CJ and Campbell JA agreed) observed that:36 There was no error in the primary judge’s approach. It was open to his Honour to consider that the appellant’s failure to make enquiries and the knowledge of the appellant about the transaction, its risks and the position of the parents was such as to enable him to conclude that it was just and appropriate to make orders against the appellant. In the circumstances here, there was ample basis to conclude that the contracts were unjust and that it was just that relief should be granted against the appellant.

Remedies 13.35 The principal relief that a court can order under the Contracts Review Act is set out in s 7 (reproduced above at 13.29). A court may also make a range of ancillary orders by virtue of the operation of s 8 and Sch 1 of the Contracts Review Act, including orders relating to the disposition of property, payment of money, supply or repair of goods and supply of services. [page 238]

CONCLUSION 13.36 The law regarding unconscionability and unjust contracts involves a highly evaluative process. The discussion in this chapter has sought to outline the key laws that are relevant and the principles for interpreting and applying the relevant laws. A critical factor in all of these cases is ensuring all the circumstances of the case are identified and appropriately weighed in arriving at whether conduct is unconscionable or unjust.

1.

Commercial Bank of Australia Ltd v Amadio [1983] HCA 14 at [2] per Mason J.

2.

3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15.

16. 17. 18. 19. 20. 21. 22. 23. 24.

Commercial Bank of Australia Ltd v Amadio [1983] HCA 14 at [4] per Mason J. More recently extreme emotional attachment was held to be a special disadvantage: Louth v Diprose (1992) 175 CLR 621. However, a psychological illness in the form of compulsive gambling will not necessarily be enough to establish a special disadvantage: Kakavas v Crown Melbourne Ltd (2013) 250 CLR 392. Commercial Bank of Australia Ltd v Amadio [1983] HCA 14 at [5] per Mason J. Commercial Bank of Australia Ltd v Amadio [1983] HCA 14 at [19] per Mason J. Commercial Bank of Australia Ltd v Amadio [1983] HCA 14 at [20] per Mason J. Commercial Bank of Australia Ltd v Amadio [1983] HCA 14 at [6] per Mason J. Commercial Bank of Australia Ltd v Amadio [1983] HCA 14 at [6] per Mason J. R N Moles and B Sangha, ‘Recent Developments in Unconscionability’ at (viewed 20 October 2016). Commercial Bank of Australia Ltd v Amadio [1983] HCA 14 at [19] per Gibbs CJ and at [12] and [24] per Deane J. Bester v Perpetual Trustee Co Ltd [1970] 3 NSWR 30. Talacko v Talacko [2009] VSC 579 per Kyrou J. See ss 20 and 21, The Australian Consumer Law, Sch 2, Competition and Consumer Act 2010 (Cth). See ss 12CA and 12CB, ASIC Act; s 991A, Corporations Act. Section 12CA(3)(a), ASIC Act. Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 at [258] per Allsop CJ, citing Australian Competition and Consumer Commission v C G Berbatis Holdings Pty Ltd (2003) 214 CLR 51 at [42]; Australian Securities and Investments Commission v National Exchange Pty Ltd (2005) 148 FCR 132; Australian Competition and Consumer Commission v Lux Distributors Pty Ltd [2013] ATPR 42-447 at [41]; Hurley v McDonald’s Australia Ltd (2000) ATPR 41-741 at [22] and [31] cited with approval in Ange v First East Auction Holdings Pty Ltd (2011) 284 ALR 638 at [96] and [104] and followed in Australian Competition and Consumer Commission v Simply No-Knead Franchising Pty Ltd (2000) 104 FCR 253 at [30]; Australian Competition and Consumer Commission v 4WD Systems Pty Ltd (2003) 200 ALR 491 at [183]–[185]; Australian Competition and Consumer Commission v Allphones Retail Pty Ltd (No 2) (2009) 253 ALR 324 at [113]; and Perdaman Chemicals and Fertilisers Pty Ltd v ICICI Bank Ltd [2013] FCA 175 at [22]. Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 at [258] per Allsop CJ. Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 at [261] per Allsop CJ. Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 at [258] per Allsop CJ. Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 at [306] per Allsop CJ. Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 at [308] per Allsop CJ. Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 at [330]–[332] per Allsop CJ. Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 at [335] per Allsop CJ. Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 at [334] per Allsop CJ. Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 at [336] per Allsop CJ; see also [343]–[347].

25.

26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36.

Paciocco v Australia and New Zealand Banking Group Ltd [2016] HCA 28. French CJ agreed with Keane J’s reasons for rejecting the claims concerning the statutory claims: at [2]; Kiefel agreed with Keane J’s reasons relating to the statutory claims: at [70]; Gageler J rejected the statutory claims in separate reasons: at [190]–[191]; Keane J’s reasons for dismissing the s 12CB claim are set out at [294]; Nettle J dissented. Paciocco v Australia and New Zealand Banking Group Ltd [2016] HCA 28 at [292] per Keane J. Paciocco v Australia and New Zealand Banking Group Ltd [2016] HCA 28 at [293] per Keane J. Paciocco v Australia and New Zealand Banking Group Ltd [2016] HCA 28 at [294] per Keane J. Note that a breach of s 991A will not constitute an offence by virtue of s 1331(1A), Corporations Act. Referred to with approval in Fast Fix Loans Pty Ltd v Samardzic [2011] NSWCA 260 at [43] per Allsop J. Fast Fix Loans Pty Ltd v Samardzic [2011] NSWSC 19 at [79] per Hoeben J. Fast Fix Loans Pty Ltd v Samardzic [2011] NSWSC 19 at [80] per Hoeben J. Fast Fix Loans Pty Ltd v Samardzic [2011] NSWSC 19 at [83]–[89] per Hoeben J. Fast Fix Loans Pty Ltd v Samardzic [2011] NSWSC 19 at [98] per Hoeben J. Fast Fix Loans Pty Ltd v Samardzic [2011] NSWSC 19 at [90]–[99] per Hoeben J. Fast Fix Loans Pty Ltd v Samardzic [2011] NSWCA 260 at [52]–[53] per Allsop J.

[page 239]

Chapter 14 Unfair Contract Terms INTRODUCTION 14.1 In a financial services context, the unfair contracts regime is set out in Pt 2 Div 2 of the Australian Securities and Investments Commission Act 2001 (Cth) (ASIC Act). This regime will be the focus of this chapter. 14.2 As we saw in Chapter 12, the misleading or descriptive conduct prohibition is expressed in few words. It is succinct. On the other hand, the provisions dealing with unfair contract terms do not reflect the same textual economy. The provisions contain far more detail. Further, unlike the misleading conduct prohibition which has been the subject of voluminous cases, the unfair contract provisions have not been the subject of nearly as much judicial scrutiny. Accordingly, in addition to recent High Court and Full Federal Court decisions in this context it is helpful to consider cases that have been before tribunals such as the Victorian Civil and Administrative Tribunal and UK courts to gain insights into how the relatively new unfair contract regimes in the ASIC Act may apply or be interpreted.

UNFAIR CONTRACT TERMS 14.3 The unfair contracts regime in the ASIC Act has applied to consumer contracts since 1 July 2010 and to small business contracts from 12 November 2016.

Unfair contract terms in consumer and small business contracts 14.4 The unfair contract terms provisions govern what can lawfully be contained in standard form contracts organisations enter into with consumers or small business customers. The requirements of the relevant provisions are described below.

14.5 The unfair contract terms provisions which specifically relate to financial products or financial services are set out in ss 12BF to 12BM [page 240] of the ASIC Act.1 For contracts that may fall outside of the scope of the ASIC Act provisions, it is important to note that equivalent provisions governing unfair contract terms are contained in the Australian Consumer Law (ACL), Sch 2 of the Competition and Consumer Act 2010 (Cth) (CCA). The constitutional reach of the law is also extended under state law.2 The laws set out in the ASIC Act and the ACL are expressed in the same or similar terms. As mentioned above, the discussion in the following sections will focus on the laws set out in the ASIC Act.3 14.6 The unfair contract terms under the ASIC Act apply to: consumer contracts entered into, on or after 1 July 2010 and the terms of existing contracts renewed or varied on or after 1 July 2010; and small business contracts entered into, on or after 12 November 2016 and the terms of existing small business contracts renewed or varied on or after 12 November 2016. 14.7 A ‘consumer contract’ is defined in s 12BF(3) of the ASIC Act: A consumer contract is a contract at least one of the parties to which is an individual whose acquisition of what is supplied under the contract is wholly or predominantly an acquisition for personal, domestic or household use or consumption.4

A ‘small business contract’ is defined in s 12BF(4)–(6) as follows: (4) A contract is a small business contract if: (a) at the time the contract is entered into, at least one party to the contract is a business that employs fewer than 20 persons; and (b) either of the following applies: (i) the upfront price payable under the contract does not exceed $300,000; (ii) the contract has a duration of more than 12 months and the upfront price payable under the contract does not exceed $1,000,000.

[page 241]

(5) In counting the persons employed by a business for the purposes of paragraph (4)(a), a casual employee is not to be counted unless he or she is employed by the business on a regular and systematic basis. (6) For the purposes of subsection (4) and despite subsection 12BI(3), in working out the upfront price payable under a contract under which credit is or is to be provided, disregard any interest payable under the contract.

The unfair contract provisions do not apply to: terms that define the main subject matter of the contract;5 terms that set the upfront price payable under a contract6 (being consideration that is provided or is to be provided for the relevant supply, sale or grant and which is disclosed at or before the time the contract is entered into, but does not include any fee that is payable on a contingency basis);7 terms required to be included by a law of the Commonwealth or a State or Territory;8 and a contract that is a constitution of a company, management investment scheme or other kind of body.9 14.8 Under s 12BF(1) a term of a consumer contract or small business contract is void if: (a) the term is unfair; and (b) the contract is a standard form contract; and (c) the contract is: (i) a financial product; or (ii) a contract for the supply, or possible supply, of services that are financial services.

A contract will continue to bind the parties to the extent it is capable of binding the parties with the unfair term.10 Ascertaining whether a consumer contract or small business contract is a standard form contract is a question of fact. However, s 12BK(1) of the Act provides that if a party alleges that a contract is a standard form contract it is presumed to be so unless the other party proves otherwise. In determining whether a contract is a standard form contract a court [page 242] may take into account such matters as it thinks relevant, but it must take

into account the following:11 (a) whether one of the parties has all or most of the bargaining power relating to the transaction; (b) whether the contract was prepared by one party before any discussion relating to the transaction occurred between the parties; (c) whether another party was, in effect, required either to accept or reject the terms of the contract (other than the terms referred to in subsection 12BI(1)) in the form in which they were presented; (d) whether another party was given an effective opportunity to negotiate the terms of the contract that were not the terms referred to in subsection 12BI(1); (e) whether the terms of the contract (other than the terms referred to in party or the particular transaction; (f) any other matter prescribed by the regulations.

Broadly speaking, if a contract is prepared by a supplier and presented to a consumer on a ‘take it or leave it’ basis it will be almost impossible to resist the conclusion that it is a standard form contract.12 On the other hand, where a contract or a term has been the subject of negotiation it will likely be excluded from the ambit of the legislation. In the decision of Director of Consumer Affairs Victoria v Craig Langley Pty Ltd [2008] VCAT 482 at [66], Harbison J held that: [T]erms of a consumer contract which have been the subject of genuine negotiation should not be lightly declared unfair. This legislation is designed to protect consumers from unfair contracts, not to allow a party to a contract who has genuinely reflected on its terms and negotiated them, to be released from a contract term from which he or she later wishes to resile.13

14.9 Section 12BG of the ASIC Act defines the meaning of ‘unfair’. Under that provision a term of a contract is unfair if: (a) it would cause a significant imbalance in the parties’ rights and obligations arising under the contract; and

[page 243] (b) it is not reasonably necessary in order to protect the legitimate interests of the party who would be advantaged by the term; and (c) it would cause detriment (whether financial or otherwise) to a party if it were to be applied or relied on.

Without limiting the scope of s 12BG, a non-exhaustive list of 14 kinds of terms which may be capable of being unfair are set out in s 12BH. The examples are set out below:

Without limiting section 12BG, the following are examples of the kinds of terms of a consumer contract that may be unfair: (a) a term that permits, or has the effect of permitting, one party (but not another party) to avoid or limit performance of the contract; (b) a term that permits, or has the effect of permitting, one party (but not another party) to terminate the contract; (c) a term that penalises, or has the effect of penalising, one party (but not another party) for a breach or termination of the contract; (d) a term that permits, or has the effect of permitting, one party (but not another party) to vary the terms of the contract; (e) a term that permits, or has the effect of permitting, one party (but not another party) to renew or not renew the contract; (f) a term that permits, or has the effect of permitting, one party to vary the upfront price payable under the contract without the right of another party to terminate the contract; (g) a term that permits, or has the effect of permitting, one party unilaterally to vary the characteristics of the goods or services to be supplied, or the interest in land to be sold or granted, under the contract; (h) a term that permits, or has the effect of permitting, one party unilaterally to determine whether the contract has been breached or to interpret its meaning; (i) a term that limits, or has the effect of limiting, one party’s vicarious liability for its agents; (j) a term that permits, or has the effect of permitting, one party to assign the contract to the detriment of another party without that other party’s consent; (k) a term that limits, or has the effect of limiting, one party’s right to sue another party; (l) a term that limits, or has the effect of limiting, the evidence one party can adduce in proceedings relating to the contract; (m) a term that imposes, or has the effect of imposing, the evidential burden on one party in proceedings relating to the contract; (n) a term of a kind, or a term that has an effect of a kind, prescribed by the regulations.

[page 244] Section 12BG(4) provides that for the purposes of s 12BG(1)(b), ‘a term of a consumer contract is presumed not to be reasonably necessary in order to protect the legitimate interests of the party who would be advantaged by the term, unless that party proves otherwise’.

Determining whether a contract term is unfair The Bank Fees case

14.10 Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 heard an appeal from the decision of the trial judge. The appeal to the Full Federal Court involved a challenge by the representative plaintiff in a class action against ANZ. Among other things, Mr Paciocco sought to have the following types of fees charged by ANZ declared unfair terms: late payment fees on consumer credit card accounts; over-limit fees on consumer credit card accounts; and honour, dishonour and non-payment fees charged to consumers and business deposit accounts. 14.11 Although s 12BG of the ASIC Act was also referred to in the proceedings, the challenge was primarily dealt with based on s 32W of the Fair Trading Act 1999 (Vic) (Fair Trading Act). Nothing turned on the issue and no party argued a different result would follow if the challenge focused on s 12BG rather than on cognate provisions of the Fair Trading Act. Section 32Y of the Fair Trading Act provided ‘[a]n unfair term in a consumer contract is void’. The meaning of the term ‘unfair term’ was set out in s 32W as follows: A term in a consumer contract is to be regarded as unfair if, in all the circumstances, it causes a significant imbalance in the parties’ rights and obligations arising under the contract to the detriment of the consumer. [Emphasis added]

In turn, it was necessary to read s 32W together with s 32X, which provided that ‘[w]ithout limiting section 32W, in determining whether a term of a consumer contract is unfair, a court ... may take into account, among other matters … whether the term has the object or effect of’, amongst other things, ‘penalising the consumer but not the supplier for a breach or termination of the contract’. Equivalent provisions are included in the ASIC Act. The Full Federal Court unanimously rejected the argument that the relevant fees were unfair terms. Relevantly, in relation to the claim that the fees were unfair terms, Allsop CJ observed that key findings of [page 245] the trial judge were influential in disposing of the appeal. The relevant

findings were:14 (1) There was no allegation of dishonesty, oppression or abuse of a commercially powerful position. (2) None of the matters in (1) existed. (3) The relevant contractual provisions were all disclosed to customers (in leaflets, booklets, in letters and telephone communications if fees were incurred). (4) There was no allegation that the applicants (Mr Paciocco and SDG [a company controlled by him]) could not or did not understand the relevant provisions. (5) There was no allegation (and it was not the case) that the applicants were compelled to enter into these arrangements or that any financial or other pressure was placed on them to enter into the contracts. (6) There was no allegation (and it was not the case) that the applicants were compelled to engage in overdrawing. It was wholly a matter of choice for the applicants. (7) Indeed, ANZ provided (with some exceptions …) a facility to “switch off” the ability to overdraw and thus to avoid the fees. This could lead, of course, to the declining of transactions. (8) Customers who wanted further borrowings from ANZ could apply for such, for which there may be a fee. (9) All relevant contracts were terminable at will.

When evaluating the circumstances as a whole, Allsop CJ was unable to avoid the seemingly irresistible conclusion that the fees were not unfair terms:15 Considering the terms of s 32W of the [Fair Trading Act], at the time of entry into the arrangements, did the provisions in question cause an imbalance in the parties’ rights and obligations to the detriment of the consumer? It is difficult to see why this would be so by reference to the matters in s 32X or otherwise. The provisions were clearly disclosed. In most instances, the fees could be avoided. No trickery took place. Although set by the bank in contracts of adhesion, the contracts were terminable at the will of the customer; and the fee could be avoided by the conduct of the customer that was not unreasonable — keeping to her or his contractual limits.

[page 246] 14.12 His Honour then concluded that:16 Neither the relevant provisions of the [Fair Trading Act] nor of the National Credit Code exhibit the intention that the Court should assume the role of a price regulator. It is unjustness or unfairness of transactions or terms that is required to be demonstrated. Price may affect such an evaluation but it does not determine it.

Besanko and Middleton JJ agreed with the reasons of Allsop CJ. 14.13 The appellant then sought, and was granted, special leave to

appeal to the High Court. In Paciocco v Australia and New Zealand Banking Group Ltd [2016] HCA 28 the majority of French CJ, Kiefel, Gageler and Keane JJ rejected the appeal with Nettle J dissenting. Keane J (with whom French CJ and Kiefel J agreed) dismissed the argument that the fees were unfair terms for the purposes of the Fair Trading Act and in doing so referred with approval to the two paragraphs from Allsop CJ’s judgment in the Full Federal Court which are set out at 14.11 and 14.12 above.17 It is clear from the High Court and the Full Federal Court judgments that when applying the unfair terms regime, one must have regard to the contract or circumstances as a whole rather than just formulating an argument that contemplates only the interests of the consumer or small business customer. The nine factors listed in 14.11 above were relied on expressly in determining the unfair terms issue, but it was also evident that the courts were very much influenced by ANZ’s legitimate interests in imposing the fees. All parties’ interests need to be considered, for example, ensuring the timely repayment of credit was directly relevant to its operational costs, loss provisioning costs and increases in regulatory capital costs based on worsening risk ratings for customers who failed to pay on time.18

Other cases dealing with unfair terms under cognate legislation 14.14 There are numerous other examples of terms that have been held to be void as unfair terms under cognate provisions. While these cases do not involve financial services or products, they are instructive because the concepts explored in the cases are applicable under the unfair terms regime contained in the ASIC Act because the text of the related [page 247] provisions is broadly similar. Importantly, they help illustrate the manner in which courts or tribunals will look to apply the values inherent in the unfair terms provisions.

14.15 In Jetstar Airways Pty Ltd v Free [2008] VSC 539 the applicant purchased two low-cost fares to Hawaii, United States. The terms and conditions governing the purchase of those tickets were set out on the company’s website. Subsequent to the purchase, the applicant’s sister was unable to travel to Hawaii and the applicant sought to rebook the fare in the name of another individual. Jetstar charged the applicant both a fee to change the name of the person travelling on the fare and the difference between the price of the flight when the rebooking was made and the original price of the fare (which was lower). This resulted in a substantial increase in the cost of the fare. The applicant brought a claim in the Victorian Civil and Administrative Tribunal, which found in her favour. Jetstar appealed to the Supreme Court of Victoria. In the appeal, Cavanough J held that when the applicable contract was viewed as a whole, the clause that permitted the adjusted fee to be charged was not unfair. The original fare was purchased at a lower price than was generally charged for other Jetstar fares. This countervailing benefit meant that there was no significant imbalance between the rights and obligations of the parties. Therefore, the term that allowed for an increased fee on rebooking was not unfair.19 In Director of Consumer Affairs Victoria v AAPT Ltd [2006] VCAT 1493 at [53] Morris J held that an immediate termination clause in a mobile phone contract was unfair: A customer may have breached the agreement in a manner which is inconsequential, yet faces the prospect of having the service terminated. Further, if the customer changes his or her address (which will not necessarily be the address for receipt of billing information) this will also provide a ground to AAPT to terminate the Agreement. Because these provisions are so broadly drawn, and are one-sided in their operation, they are unfair terms within the meaning of the [Fair Trading Act].

His Honour held that a clause permitting AAPT to vary charges from time to time without notice to the consumer was unfair for the following reasons:20 [The] term causes a significant imbalance in the parties’ rights and obligations arising under the contract, to the detriment of the consumer. For example, it would enable AAPT to reduce the number of calls that

[page 248]

a person could make pursuant to a prepaid mobile phone service which the person had entered into in good faith. This term was an unfair term.

In Director of Consumer Affairs Victoria v Trainstation Health Clubs Pty Ltd (Civil Claims) [2008] VCAT 2092 the Victorian Civil and Administrative Tribunal held that a clause permitting a health club to unilaterally change the location of the health club within a 12-kilometre radius of the existing location was unfair in that ‘[i]t is a term which is contrary to the requirements of good faith, in that it is a term to which the consumer’s attention is not specifically drawn, and which may operate in a way in which the consumer may not expect and to his or her disadvantage’.21 In Director of Consumer Affairs Victoria v Backloads.com Pty Ltd (Civil Claims) [2009] VCAT 754 Harbison J held that a term which permitted a removalist firm to ‘assign its rights and the rights of any persons on behalf of whom it is acting, to collect all charges and payments from Clients to the Contractor’ was unfair ‘by creating a significant imbalance in the parties’ rights and obligations arising under the Backloads removalist services contract to the detriment of the consumer’.22 14.16 Many organisations regularly review their standard form contracts to ensure the enforceability of terms, for example, under consumer protection laws, such as the prohibition on engaging in misleading conduct or unconscionable conduct. The requirements under the unfair contract terms regime are yet further reasons for corporations to carefully review their policies, practices and procedures. A failure to ensure provisions in standard form contracts are appropriate could contribute to the terms being rendered void. Where a contract cannot feasibly remain on foot where a term is found to be unfair,23 the legal consequence that flows from a contractual term being void is to restore parties substantially to their pre-contractual positions.24

Determining whether a contract term is transparent 14.17 In determining whether a term of a contract is unfair for the purposes of s 12BG, a court may have regard to any matter which it [page 249]

considers relevant, but it must have regard to the extent to which the impugned term is transparent and the contract as a whole: s 12BG(2). Section 12BG(3) provides that a term is ‘transparent’ if the term is: (a) (b) (c) (d)

expressed in reasonably plain language; and legible; and presented clearly; and readily available to any party affected by the term.

If a customer cannot understand the information conveyed in terms governed by the law, then there is a risk that those terms may be rendered void. 14.18 The transparency requirement was discussed in the Explanatory Memorandum (EM) to the Trade Practices Amendment (Australian Consumer Law) Bill (No 2) 2010 (Cth). The EM stated that the lack of transparency is not likely, of itself, to be determinative of whether a term is unfair because one must always have regard to the substantive nature and effect of the term being conveyed to the consumer.25 Transparency, on its own account, cannot overcome underlying unfairness in a contract term.26 Equally, transparency cannot in the ordinary course, on its own account, give rise to unfairness. However, ‘[a] lack of transparency in the terms of a consumer contract may be a strong indication of the existence of a significant imbalance in the rights and obligations of the parties under the contract’.27 While the law is structured in a different manner in the United Kingdom,28 the approach articulated in the EM on this particular point is broadly consistent with the approach taken to the transparency requirement by United Kingdom courts. For example, in the decision of Office of Fair Trading v Abbey National plc [2008] EWHC 875 (Comm) (UK) (Abbey) Smith J expressed the view that a term of a consumer contract ‘which is not in plain intelligible language is [not] necessarily unfair’ but that ‘[i]ts clarity might be relevant to the assessment of its fairness’.29 It is arguable [page 250] that over time, evidence from behavioural economics experts may be adduced to argue that a particular term did not satisfy the transparency

requirements due to the manner in which it was disclosed and known behavioural biases that people exhibit (for example, the manner in which potentially complex terms are conveyed via a mobile channel with small screen sizes and known issues with System 1 thinking30). 14.19 In Abbey, Smith J was of the view that the determination of ‘whether terms are in plain intelligible language is to be considered from the point of view of the typical consumer or the average consumer’.31 On appeal, the United Kingdom Court of Appeal agreed with his Honour’s decision on this point.32 During the course of his decision Smith J also observed that, for the purposes of United Kingdom law:33 contract terms should be sufficiently clear to enable the typical customer to have a proper understanding of it for sensible and practical purposes; and where contract terms relate to complex subject matter, the drafter of the terms should focus on what it is essential for the customer to know rather than err on the side of caution and attempt overly detailed explanations which could detract from explaining clearly what the customer does need to know.

Another factor that will play a key role in the determination of whether a term is transparent is the extent to which conflicts within consumer documentation give rise to a lack of clarity. In Abbey, where Smith J did make adverse findings against certain banks in terms of whether terms were not in plain intelligible language, it was on the basis of conflicts within the documentation and their resultant lack of clarity to the hypothetical customer.34 14.20 A further factor that needs to be considered in this context is the prominence with which terms that are disadvantageous to a consumer are disclosed. In relation to the plain intelligible language requirement under [page 251] United Kingdom law, Lord Bingham made the following comments in Director General of Fair Trading v First National Bank plc [2002] 1 AC:35 Openness requires that the terms should be expressed fully, clearly and legibly, containing no concealed pitfalls or traps. Appropriate prominence should be given to terms which might operate disadvantageously to the customer.

CONCLUSION

14.21 The unfair contract terms regime was introduced for consumer contracts (2010) and more recently extended to small business contracts (2016). It is clear from the cases that have considered the operation of these laws that one must consider the contract and circumstances as a whole when considering whether a term is unfair. It is not only the interests of the consumer or small business owner that are relevant; the interests of all parties must be considered in evaluating whether a term is unfair. A deep understanding of the facts will be necessary. Adopting and adapting the words of Lord Stowell in The Juliana, a court needs to take ‘a more comprehensive view, and look … to every connected circumstance that ought to influence its determination upon the real justice of the case’.36

1. 2. 3. 4.

5. 6. 7. 8. 9. 10. 11. 12.

13. 14. 15. 16. 17.

The terms ‘financial product’ and ‘financial service’ are defined in s 5 of the ASIC Act. See for example s 28 of the Fair Trading Act 1987 (NSW); s 16 of the Fair Trading Act 1989 (Qld); and s 19 of the Fair Trading Act 2010 (WA). For a detailed analysis of unfair terms regimes, see J Paterson, Unfair Contract Terms in Australia, Thomson Reuters/Lawbook Co, Sydney, 2012. The determination of what is acquired for a personal, domestic or household purpose has a subjective element to it: see R V Miller, Miller’s Australian Competition and Consumer Law Annotated, 34th ed, Lawbook Co, Sydney, 2012 at [1.S2.23.30]. See ASIC Act s 12BI(1)(a). See ASIC Act s 12BI(1)(b). See ASIC Act s 12BI(2) and (3). See ASIC Act s 12BI(1)(c). See ASIC Act s 12BL(1). See ASIC Act s 12BF(2). See ASIC Act s 12BK(2). For an account of the emergence of standard form contracts see H B Sales, ‘Standard Form Contracts’ (1953) 16(3) Modern Law Review 318. For a discussion of the use of standard form contracts in a digital environment, see J M Paterson, ‘Consumer Contracting in the Age of the Digital Natives’ (2011) 27 Journal of Contract Law 152; and D Clapperton and S Corones, ‘Unfair Terms in “Clickwrap” and Other Electronic Contracts’ (2007) 35 Australian Business Law Review 152. Director of Consumer Affairs Victoria v Craig Langley Pty Ltd [2008] VCAT 482 at [66]. Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 at [308] per Allsop CJ. Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 at [358] per Allsop CJ. Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 at [365] per Allsop CJ. Paciocco v Australia and New Zealand Banking Group Ltd [2016] HCA 28 at [301]–[302] per Keane J.

18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28.

29. 30. 31. 32.

33. 34.

35.

36.

See for example Paciocco v Australia and New Zealand Banking Group Ltd [2016] HCA 28 at [59]–[67] per Kiefel J and at [294] per Keane J. Jetstar Airways Pty Ltd v Free [2008] VSC 539 at [129]. Director of Consumer Affairs Victoria v AAPT Ltd [2006] VCAT 1493 at [54]. Director of Consumer Affairs Victoria v Trainstation Health Clubs Pty Ltd (Civil Claims) [2008] VCAT 2092 at [2] per Harbison J. Director of Consumer Affairs Victoria v Trainstation Health Clubs Pty Ltd (Civil Claims) [2008] VCAT 2092 at [4] per Harbison J. ASIC Act s 12BF(2). See J W Carter, E Peden and G J Tolhurst, Contract Law in Australia, 5th ed, LexisNexis Butterworths, Sydney, 2007 at [18-43]–[18-46]. Explanatory Memorandum to the Trade Practices Amendment (Australian Consumer Law) Bill (No 2) 2010 (Cth) at [5.39]. Explanatory Memorandum to the Trade Practices Amendment (Australian Consumer Law) Bill (No 2) 2010 (Cth) [5.39]. Explanatory Memorandum to the Trade Practices Amendment (Australian Consumer Law) Bill (No 2) 2010 (Cth) [5.38]. There are some significant differences under United Kingdom law. For example, a term of consumer contract under the Unfair Terms in Consumer Contracts Regulations 1999 (UK) provides that certain terms of a contract cannot be assessed for unfairness if the term is in plain intelligible language: reg 6(2). Office of Fair Trading v Abbey National plc [2008] EWHC 875 (Comm) (UK) at [84]. See an explanation of the term ‘System 1 thinking’ in 18.4. Office of Fair Trading v Abbey National plc [2008] EWHC 875 (Comm) (UK) at [89]. Abbey National plc v Office of Fair Trading [2009] EWCA Civ 116 at [117]. However, the ultimate conclusions of the Court of Appeal were reversed on appeal to the United Kingdom Supreme Court for different reasons: Office of Fair Trading v Abbey National plc [2009] UKSC 6 at [89]. Office of Fair Trading v Abbey National plc [2008] EWHC 875 (Comm) (UK) at [119]. Office of Fair Trading v Abbey National plc [2008] EWHC 875 (Comm) (UK) at [150]-[153] and [218]-[220]; affirmed by the United Kingdom Court of Appeal in Office of Fair Trading v Abbey National plc [2009] UKSC 6 at [121]. Director General of Fair Trading v First National Bank plc [2002] 1 AC at [17]. It is interesting to note that the requirement referred to by Lord Bingham to disclose disadvantageous terms echoes in a tangential way the requirement in s 37 of the Insurance Contracts Act 1984 (Cth). The duty requires an insurer to explain the effect of a provision that is not usually included (or would be ‘unexpected’ if included) in contracts of insurance that provide similar cover. (1822) 165 ER 1560 at 1567 referred to in Paciocco v Australia and New Zealand Banking Group Ltd [2015] FCAFC 50 at [271] per Allsop CJ.

[page 253]

Chapter 15 Anti-Competitive Conduct INTRODUCTION 15.1 This chapter reviews the provisions set out in Pt IV of the Competition and Consumer Act 2010 (Cth) (CCA) which address anticompetitive conduct. Section 2 of the Act provides that ‘[t]he object of this Act is to enhance the welfare of Australians through the promotion of competition and fair trading and provision for consumer protection’. In Boral Besser Masonry Ltd v Australian Competition and Consumer Commission [2003] HCA 5 at [159] Gaudron, Gummow and Hayne JJ confirmed that: The provisions of Pt IV are to be interpreted in accordance with the subject, scope and purpose of the legislation, in particular the object stated in s 2 of enhancing the welfare of Australians through the promotion of competition.

However, the laws are for the benefit of competition, not competitors.1 As the United States Court of Appeals, Seventh Circuit, observed in Ball Memorial Hospital Inc v Mutual Hospital Insurance Inc 784 F 2d 1325 at 1338 (1986): Competition is a ruthless process. A firm that reduces cost and expands sales injures rivals — sometimes fatally. The firm that slashes costs the most captures the greatest sales and inflicts the greatest injury. The deeper the injury to rivals, the greater the potential benefit. These injuries to rivals are byproducts of vigorous competition, and the antitrust laws are not balms for rivals’ wounds. The antitrust laws are for the benefit of competition, not competitors.

This chapter will review the manner in which certain provisions of Pt IV give effect to the object of the Act set out in s 2. These provisions contain prohibitions against: price-fixing and other cartel conduct; [page 254] price signalling;

anti-competitive contracts, arrangements and understandings; misuse of market power; exclusive dealing; and resale price maintenance. The chapter will not discuss the prohibition against anti-competitive mergers or secondary boycotts or other prohibitions set out in Pt IV.2

ANTI-COMPETITIVE CONDUCT Price fixing and other cartel conduct 15.2 Prohibitions against price fixing and other cartel conduct are contained in Div 1 of Pt IV of the CCA. Price fixing and other cartel conduct is inimical to competition. They represent unfair business practices which are an ‘actual or potential threat to the central nervous system of the economy’.3 Division 1 of Pt IV of the CCA replaced s 45A of the repealed Trade Practices Act 1974 (Cth), but extends the scope of the former section by deeming certain other conduct, such as market-sharing and bidrigging, to be per se contraventions. In addition, unlike the former s 45A of the Trade Practices Act, the new cartel conduct provisions provide for criminal offences as well as civil contraventions. 15.3 Section 44ZZRD defines the term ‘cartel provision’. Under s 44ZZRD(1), a provision of a contract, arrangement or understanding will be a cartel provision if: (a) either of the following conditions is satisfied in relation to the provision: (i) the purpose/effect condition set out in subsection (2); (ii) the purpose condition set out in subsection (3); and

[page 255] (b) the competition condition set out in subsection (4) is satisfied in relation to the provision.

These elements of the provision will be discussed below. 15.4 The main elements of the cartel provisions are straightforward. Under the CCA, a corporation must not make or give effect to a contract,

arrangement or understanding that contains a cartel provision. It is both a civil and criminal offence to do so. A cartel provision is a provision made by parties that are, or would otherwise be, in competition with each other where the provision relates to any of the following:4 price-fixing; or restricting outputs in the production and supply chain; or allocating customers, suppliers or territories; or bid-rigging. The key elements of the prohibition are therefore: making or giving effect to a contract, arrangement or understanding, which contains a cartel provision (that is, relating to price-fixing; the restriction of outputs in the production and supply chain; the allocation of customers, suppliers or territories; or bid-rigging), where the parties to the contract, arrangement or understanding are, or would otherwise be, in competition with each other.

Making or giving effect to a contract, arrangement or understanding 15.5 In order to contravene the price fixing prohibition, a party must make or give effect to a cartel provision and that provision needs to be in a contract, arrangement or understanding. The terms ‘making’ and ‘giving effect to’ as used in the cartel prohibition have their plain and ordinary meaning. The terms ‘a contract’, ‘arrangement’ and ‘understanding’ are not defined in the CCA, nor were they defined in the Trade Practices Act 1974 (Cth). The courts have not determined the meaning of ‘contract’ as that term is used in the CCA, but it would have its usual legal meaning.5 The courts have tended to refer to the terms ‘arrangement’ and ‘understanding’ interchangeably.6 In Trade [page 256] Practices Commission v Nicholas Enterprises Pty Ltd (No 2) (1979) FLR

83 at [12] the court observed that:7 … when each of two or more parties intentionally arouses in the others an expectation that he will act in a certain way, it seems to me that he incurs at least a moral obligation to do so. An arrangement as so defined is therefore something whereby the parties to it accept mutual rights and obligations.

15.6 In considering the meaning of the term ‘arrangement’ under tax legislation in Federal Commissioner of Taxation v Lutovi Investments Pty Ltd [1978] HCA 55 at [17], Gibbs and Mason JJ (with whom Murphy J agreed) stated: [A]n arrangement is something less than a binding contract or agreement, something in the nature of an understanding which may not be enforceable at law … It is, however, necessary that an arrangement should be consensual, and that there should be some adoption of it. But in our view it is not essential that the parties are committed to it or are bound to support it. An arrangement may be informal as well as unenforceable and the parties may be free to withdraw from it or to act inconsistently with it, notwithstanding their adoption of it.

15.7 In deciding the meaning of the word ‘understanding’, the court in Top Performance Motors Pty Ltd v Ira Berk (Qld) Pty Ltd (1975) ATPR 40-004 at 17,116 stated that: An understanding must involve the meeting of two or more minds. Where the minds of the parties are at one that a proposed transaction between them proceeds on the basis of the maintenance of a particular state of affairs or the adoption of a particular course of conduct, it would seem that there would be an understanding …

The law in this context is well summarised in the following passage:8 For the requisite meeting of the minds, there must be communication between the parties with each party having raised an expectation in the mind of the other that he or she was committed to a particular course of action. Although there are conflicting views among decisions, the prevalent view appears to be that it is not necessary that each party assume mutual obligations or commitment to the course of action. It is possible that a person who has been made aware of a course of action but has not committed to it, may be held to be a party to the contract, arrangement or understanding. An expectation or hope of a certain outcome is not sufficient. It is permissible for a court to draw an inference from the conduct of parties that a contract, arrangement or understanding

[page 257] exists between them. Where parties reach only a ‘limited consensus’ as to proposed conduct, where further consideration or agreement is expressly required before the proposal can be implemented, then that will be insufficient to conclude that there is a contract, arrangement or understanding. In other words, where an agreement is of a non-binding character, or is a mere expression of general aims without any party making a binding commitment to act in a certain way, then, without further evidence, it will not be a contract, arrangement or

understanding.

15.8 Provided the preliminary requirements discussed in 15.5–15.7 are satisfied, the court considering the prohibition against cartel conduct then needs to examine whether the purpose/effect condition or the purpose condition are satisfied. These are outlined below.

Purpose/effect condition 15.9 The conditions set out in s 44ZZRD(1)(a) share similar labels but are very different in nature. The purpose/effect condition is defined in s 44ZZRD(2) as follows: The purpose/effect condition is satisfied if the provision has the purpose, or has or is likely to have the effect, of directly or indirectly: (a) fixing, controlling or maintaining; or (b) providing for the fixing, controlling or maintaining of; the price for, or a discount, allowance, rebate or credit in relation to: (c) goods or services supplied, or likely to be supplied, by any or all of the parties to the contract, arrangement or understanding; or (d) goods or services acquired, or likely to be acquired, by any or all of the parties to the contract, arrangement or understanding; or (e) goods or services re-supplied, or likely to be re-supplied, by persons or classes of persons to whom those goods or services were supplied by any or all of the parties to the contract, arrangement or understanding; or (f) goods or services likely to be re-supplied by persons or classes of persons to whom those goods or services are likely to be supplied by any or all of the parties to the contract, arrangement or understanding.

For the purposes of considering whether a provision satisfies the purpose/effect condition, other provisions of the same or any other contract, arrangement or understanding may be considered: s 44ZZRD(8). In order to satisfy the purpose/effect condition, it must be shown that the impugned provision ‘has the purpose, or has or is likely to have the effect, of directly or indirectly’ fixing, controlling or maintaining a price or any discount, allowance, rebate or credit in relation to goods or [page 258] services. Miller observes that the case law in relation to the meaning of

‘effect’ is as follows:9 The effect of a provision in a contract, arrangement or understanding is the likely consequence of that provision — what has happened or is likely to happen, objectively assess and ignoring the subject state of mind of the relevant parties.

In relation to the words ‘likely to have’, s 44ZZRB of the CCA provides that ‘“likely” … includes a possibility that is not remote’. The test was applied in Norcast SárL v Bradken Ltd (No 2) [2013] FCA 235 but the test was criticised and as a result the Competition Policy Review Final Report 2015 (or Harper Report) recommended that ‘likely to be in competition’ be assessed on the balance of probabilities.10 15.10 The word ‘fix’ is not defined. It has its plain and ordinary meaning of making ‘fast, firm or stable’: APCO Service Stations Pty Ltd v Australian Competition and Consumer Commission [2005] FCAFC 161.11 The word ‘control’ also has its plain and ordinary meaning being to ‘exercise restraint or discretion over’ a person or matter. A provision of a contract, arrangement or understanding will have the effect of controlling a price where it constrains a freedom or discretion that would otherwise exist as to the level of a price: Australian Competition and Consumer Commission v Australian Medical Association Western Australia Branch Inc [2003] FCA 686. Lockhart J considering the meaning of the word ‘maintaining’ in Radio 2UE Sydney Pty Ltd v Stereo FM Pty Ltd (1982) 62 FLR 437 at 449: In my view ‘maintain’, where used in s 45A, has a similar connotation to the verb ‘fix’ in that it involves some element of continuity, not merely being momentary or transitory. Generally, to maintain a price assumes that it has been fixed beforehand.

15.11 In order for a provision to ‘provide for’ the fixing, controlling or maintaining of a price, discount, allowance or credit it must ‘arrange for’ or ‘stipulate’ that outcome or end: Apco Service Stations [page 259] Pty Ltd v Australian Competition and Consumer Commission [2005] FCAFC 161. 15.12 It is important to note that if all a provision does is recommend, or provide for recommendations in relation to, a price, then it will not be a

cartel provision: s 44ZZRD(6).

Purpose condition 15.13 The purpose condition is set out in s 44ZZRD(3), which provides as follows: The purpose condition is satisfied if the provision has the purpose of directly or indirectly: (a) preventing, restricting or limiting: (i) the production, or likely production, of goods by any or all of the parties to the contract, arrangement or understanding; or (ii) the capacity, or likely capacity, of any or all of the parties to the contract, arrangement or understanding to supply services; or (iii) the supply, or likely supply, of goods or services to persons or classes of persons by any or all of the parties to the contract, arrangement or understanding; or (b) allocating between any or all of the parties to the contract, arrangement or understanding: (i) the persons or classes of persons who have acquired, or who are likely to acquire, goods or services from any or all of the parties to the contract, arrangement or understanding; or (ii) the persons or classes of persons who have supplied, or who are likely to supply, goods or services to any or all of the parties to the contract, arrangement or understanding; or (iii) the geographical areas in which goods or services are supplied, or likely to be supplied, by any or all of the parties to the contract, arrangement or understanding; or (iv) the geographical areas in which goods or services are acquired, or likely to be acquired, by any or all of the parties to the contract, arrangement or understanding; or (c) ensuring that in the event of a request for bids in relation to the supply or acquisition of goods or services: (i) one or more parties to the contract, arrangement or understanding bid, but one or more other parties do not; or (ii) 2 or more parties to the contract, arrangement or understanding bid, but at least 2 of them do so on the basis that one of those bids is more likely to be successful than the others; or

[page 260] (iii) 2 or more parties to the contract, arrangement or understanding bid, but not all of those parties proceed with their bids until the suspension or finalisation of the request for bids process; or (iv) 2 or more parties to the contract, arrangement or understanding bid and proceed

with their bids, but at least 2 of them proceed with their bids on the basis that one of those bids is more likely to be successful than the others; or (v) 2 or more parties to the contract, arrangement or understanding bid, but a material component of at least one of those bids is worked out in accordance with the contract, arrangement or understanding.

For the purposes of considering whether a provision satisfies the purpose condition, other provisions of the same or any other contract, arrangement or understanding may be considered: s 44ZZRD(9). 15.14 In short, the purpose condition is directed at provisions that have the purpose of: preventing, restricting or limiting production, capacity or supply of goods or services by any of the parties (whether or not production happens or capacity exists); allocating customers or suppliers or geographic areas between any of the parties (whether or not supply occurs); or colluding in relation to bids for the supply or acquisition of goods or services by any of the parties. The terms ‘preventing, restricting or limiting’ used in s 44ZZRD(3)(a) have their plain and ordinary meaning as does the word ‘allocating’ in prefatory words in s 44ZZRD(3)(b). The word ‘bid’ is defined in s 44ZZRB as including ‘(a) a tender and (b) the taking, by a potential bidder or tenderer, of a preliminary step in a bidding or tendering process’. In relation to bid rigging, Miller notes that:12 There is nothing in the language of the provision to suggest that the bid rigging prohibition is somehow restricted to only those bidders or potential bidders who were within the scope of the process: Norcast SarL v Bradken Ltd (No 2) [2013] FCA 235. Nor does the section restrict the operation of s 44ZZRD(3)(c)(i) or (iii) to instances where the request for bids is made after the contract, arrangement or understanding is made or arrived at by the parties: Obeid v Australian Competition and Consumer Commission [2014] FCAFC 155.

[page 261]

By parties which are, or would otherwise be, in competition with each other 15.15 In order for a contract, arrangement or understanding to be a

cartel provision, the parties to the contract, arrangement or understanding:13 must be in competition with each other or likely to be in competition with each other; or would be or would be likely to be in competition with each other but for the applicable contract, arrangement or understanding. This competition or likely competition must relate to the supply, production or acquisition of the goods and services specified in s 44ZRD(4) of the CCA. It would seem that the relevant competition must be within a market in Australia.14 Whether parties are competitors in a market or whether there is a likelihood of parties being competitors are questions of fact to be determined at trial.15 Note also that the term ‘party’ as used in s 44ZZRD has an extended meaning. Section 44ZZRC provides that: For the purposes of this Division, if a body corporate is a party to a contract, arrangement or understanding (otherwise than because of this section), each body corporate related to that body corporate is taken to be a party to that contract, arrangement or understanding.

Exceptions 15.16 There are a range of exceptions to the cartel provisions set out in Subdiv D, Div 1, Pt IV of the CCA. They include exceptions in relation to each of the following: related bodies corporate: where the only parties to the contract, arrangement or understanding are related bodies corporate (s 44ZZRN); production and supply joint ventures (ss 44ZZRO and 44ZZRP);16 collective bargaining: where a collective bargaining notice has been successfully lodged under s 93AB(1A) (s 44ZZRL);17 [page 262] authorisation: contracts that are subject to authorisation (s 44ZZRM);18 collective acquisition/joint advertising: contracts, arrangements or

understandings relating to collectively acquired goods or services or for the joint advertising of such goods or services (s 44ZZRV). Section 51 of the CCA also contains some other general exceptions.

Penalties 15.17 The CCA provides both criminal offence and civil penalty provisions. Corporations that make or give effect to cartel provisions are guilty of criminal offences and are liable to significant penalties under s 44ZZRF(3) (making a contract etc containing a cartel provision) and s 44ZZRG(3) (giving effect to a cartel provision). In the case of s 44ZZRG, the offence applies to contracts, arrangements or understandings whether they occurred before or after the commencement of the section: s 44ZZFG(4). Both of those provisions provide for a fine not exceeding the greater of the following: (a) $10,000,000; (b) if the court can determine the total value of the benefits that: (i) have been obtained by one or more persons; and (ii) are reasonably attributable to the commission of the offence; 3 times that total value; (c) if the court cannot determine the total value of those benefits — 10% of the corporation’s annual turnover during the 12-month period ending at the end of the month in which the corporation committed, or began committing, the offence.

A director or officer of a corporation who is found to be involved in the contravention is also guilty of an offence: s 79. Under s 79 a natural person is liable to a term of imprisonment not exceeding 10 years and/or a fine not exceeding 2,000 penalty units: s 79(1)(e).19 Section 44ZZRJ provides a civil penalty for making a contract or arrangement or arriving at an understanding and such contract, arrangement or understanding contains a cartel provision. Section [page 263] 44ZZRK contains a similar civil penalty provision in relation to giving effect to a contract, arrangement or understanding that contains a cartel provision. The maximum penalty for a corporation is the same as for the

offence provisions discussed immediately above: s 76(1A)(aa). For a person found to be involved in the contravention, there is a maximum pecuniary penalty of $500,000: s 76(1B)(b). A court may also order that a person not be a director or involved in the management of a corporation: s 86E. In addition, injunctions and damages may be awarded under s 80 and s 82 respectively. Other remedial orders are also available under s 87, including orders varying or voiding contracts. 15.18 ACCC v ANZ case There has been much debate over the years as to whether a person acting in the capacity of an agent can simultaneously be acting as a competitor for the purposes of the prohibitions against anticompetitive behaviour. Two recent cases have examined this issue albeit based on different facts: Australian Competition and Consumer Commission v Australia and New Zealand Banking Group Ltd [2015] FCAFC 103 and Australian Competition and Consumer Commission v Flight Centre Ltd (No 2) [2015] FCAFC 104.20 The focus in this section will be on the decision in Australian Competition and Consumer Commission v Australia and New Zealand Banking Group Ltd [2015] FCAFC 103 (ANZ decision). That case is one of the few cases that relate to claims of price fixing in the financial services industry. 15.19 The ANZ decision was an appeal from the primary judge’s decision which found in favour of ANZ.21 The central issue in the ANZ decision was whether ANZ had entered into an agreement for the purpose, effect or likely effect of fixing, controlling or maintaining a discount, allowance, rebate or credit for the purposes of s 45A of the Trade Practices Act 1974 (Cth) (the antecedent to the cartel provisions in the CCA). 15.20 The case involved a lender which sought to limit the amount of the discount or rebate of commission that a mortgage broker could offer to borrowers. The issue was whether the bank and the brokers were competitors in relation to loan arrangement services and whether the [page 264] restriction imposed by the bank on the brokers in respect to the rebating of commissions constituted price fixing. The evidence in the case showed that in 2004 ANZ had engaged in

price fixing by limiting to $600 the refund that Mortgage Refunds Pty Ltd, an intermediary which represented various mortgage brokers, could pay to customers of its broker’s commission. This arrangement allowed ANZ branches to effectively match the size of rebate if it waived its loan approval fee to intending borrowers who otherwise might have used the broker’s services. This arrangement is what is referred to as a dual distribution model (in this case for loans), that is, where a supplier distributes goods or services directly to the market itself as well as through an intermediary. The model is common in travel and financial services markets, including fund management, financial advice, broking and insurance. In the ANZ decision, the ‘Court considered whether the bank and its brokers were competitors in relation to “loan arrangement services” and whether a limitation on rebating commissions, imposed by the bank on brokers, amounted to price fixing. There was no dispute that brokers are not lenders in their own right and therefore do not compete as lenders against ANZ (the principal)’.22 15.21 Allsop CJ, Davies and Wigney JJ held that the primary judge did not err in finding that ANZ did not engage in price fixing because ANZ was not in competition with the mortgage brokers. The court made the following observations relating to what the Australian Competition and Consumer Commission (ACCC) needed to prove in a cartel case in order to succeed:23 Lying at the heart of the issues for consideration and determination in this matter are the twin concepts of market and competition. To make out its case that ANZ contravened s 45 of the Act, the ACCC was required to prove, to put it in simple terms, that the relevant agreement between ANZ and Mortgage Refunds had the purpose or effect of substantially lessening competition. Competition in that context means, by reason of s 45(3) of the Act, competition “in any market” in which either ANZ or Mortgage Refunds supplied or acquired goods or services.

15.22 The critical question in the case was ‘whether ANZ and Mortgage Refunds competed in a market for the supply of “loan arrangement [page 265] services”’.24 The ACCC alleged that both the brokers and ANZ provided

loan arrangement services in competition with each other. A loan arrangement service was said to be the advice and assistance relating to loans provided by the brokers to their customers and the advice and assistance provided by ANZ to customers approaching it directly for a loan. The court felt that while the so-called loan arrangement services provided by a broker may be a discrete service it characterised the argument that ANZ loan officers provided a separate, competing ‘loan arrangement service’ to the one provided by the brokers. The court condemned the argument:25 It is sufficient to observe here that it does, in the circumstances, appear to be somewhat contrived and artificial to characterise the provision of advice and assistance by bank officers in relation to loan products as the provision of services in a market separate and distinct from the market for the supply of the loan products themselves.

The court also referred with approval to a key finding of the primary judge ‘that ANZ’s … provision of advice and assistance to customers, or prospective customers, was conduct that was merely ancillary to, or an adjunct to, the “sale” or distribution of a loan’ before concluding that the activities:26 … did not amount to the supply of a service to customers in a separate and distinct market for the supply of loan arrangement services. Rather, the advice and assistance was provided in the market for loans or loan products.

15.23 Accordingly, the ACCC’s case failed based on the evidence that was before the court. However, after dealing with each of the ACCC’s grounds of appeal, the court did make one final observation in the context of the case:27 It remains to make one final observation. The resolution of this matter turned on the evidence and the unique facts and circumstances, including the particular way the ACCC framed its case in relation to the alleged market and competition. Ultimately, the evidence did not support the existence of the particular market pleaded by the ACCC and failed to establish competition between ANZ and Mortgage Refunds in the

[page 266] particular defined market. It does not necessarily follow that there can never be a case where a manufacturer (or product originator) which has its own distribution division (or separate economic unit) competes with external distribution channels in the market for the supply of the particular product. No such general principle can or should be extracted from the outcome of this matter, including this appeal. Each case needs to be considered on its own facts and circumstances.

Price signalling laws 15.24 Laws prohibiting the anti-competitive disclosure of information commenced operation in June 2012.28 These laws are commonly referred to as price signalling laws although they regulate the disclosure not only of information concerning price, but also information relating to supply intentions and corporate strategy. The policy justification for these laws is that certain disclosures by corporations reduce competition (or have a propensity to do so) and ought to be prohibited because of this anticompetitive effect. Price signalling is often characterised as a manifestation of price fixing. The conduct effectively involves collusion by one party disclosing, directly or indirectly, its pricing intentions with an expectation that the other party will adjust its pricing in response to the disclosure, but there is no firm arrangement or understanding that this result will occur. In this connection the Explanatory Memorandum to the Competition and Consumer Amendment Bill (No 1) 2011 (Cth) stated that: Anti-competitive price signalling and information disclosures to competitors facilitate prices above the competitive level and can lead to inefficient outcomes for the economy and lower wellbeing for consumers (these practices are sometimes referred to as facilitating, coordinated or concerted practices). However they fall short of an explicit cartel arrangement because they do not involve a contract, arrangement or understanding. Anti-competitive price signalling and information disclosures can occur as part of a wider cooperation agreement, or as a stand-alone practice absent of an explicit cartel arrangement.29

[page 267] 15.25 The form that price signaling typically takes is described by Corones in the following manner:30 Price signalling occurs when one competitor (firm A) signals or indicates in advance its intentions as regards a proposed price increase in the expectation that firm A’s competitors will respond prior to the price increase actually taking effect. If the competitors announce that they too will increase their prices in line with firm A, firm A can proceed with the announced price increase without fear of loss of market share. If competitors do not follow the announced price increase, firm A can abandon the announced price increase before it takes effect, and thereby avoid any loss of sales and market share that would have resulted from the increase.

15.26 It should be noted that currently the price signalling laws only

apply to disclosures made concerning the deposit-taking activities of, and the provision of credit by, entities regulated under the Banking Act 1959 (Cth).31 However, the applicable Regulations contain a process for extending the application of the laws to other sectors of the economy or economy-wide for that matter.32 The price signalling laws contain two prohibitions: the private disclosure prohibition and the general prohibition. These are discussed below.

Private disclosure prohibition 15.27 The private disclosure prohibition is set out in s 44ZZW of the CCA. That section provides as follows: A corporation must not make a disclosure of information if: (a) the information relates to a price for, or a discount, allowance, rebate or credit in relation to Division 1A goods or services supplied or likely to be supplied, or acquired or likely to be acquired, by the corporation in a market (whether or not the information also relates to other matters); and (b) the disclosure is a private disclosure to competitors in relation to that market; and (c) the disclosure is not in the ordinary course of business.

15.28 As mentioned above, the only Div 1A goods or services that this law applies to currently are deposits and credit. A disclosure will be made by a corporation if a director, employee or agent of the corporation made [page 268] the disclosure.33 If that disclosure relates to the ‘price for, or a discount, allowance, rebate or credit’ in relation to regulated goods and services and is not in the ordinary course of business, the corporation will be in breach of the prohibition.34 It is submitted that the phrase ‘ordinary course of business’ must refer to what a reasonable person would consider a legitimate practice. The application of the prohibition is also excluded in a number of situations.35 However, notwithstanding these exclusions, the provision still applies to a range of trivial disclosures. For example, the law would prohibit a bank teller from one organisation speaking to a bank teller from another organisation about standard variable rates, even if those rates were

generally available.36

General prohibition 15.29 The general prohibition is set out in s 44ZZX. That provision effectively prohibits a corporation from disclosing pricing, strategy or capacity-related information concerning Div 1A goods or services (currently deposit and lending goods or services) to any person (whether or not competitors) where the purpose of the disclosure is to substantially lessen competition in a market.37 In determining whether a disclosure was made for the purposes of substantially lessening competition in a market, the matters to which a court may have regard include: whether the disclosure was a private disclosure to competitors; the degree of specificity of the information; whether the information relates to past, current or future activities; how readily available the information is to the public; and whether the disclosure is part of a pattern of similar disclosures by the corporation. In certain circumstances the general prohibition will not apply.38 [page 269]

Penalties 15.30 The maximum civil penalties for a breach of the price signalling laws are very high. The maximum civil penalty that can be imposed on a corporation for a breach of the laws is the greater of: $10 million; three times the value of the benefits of the contravention (if ascertainable); and if the value of the benefits that flow from a contravention cannot be ascertained, 10 per cent of annual turnover39 in the 12 months before the contravention.40 15.31 For individuals the maximum civil penalty is a fine of up to

$500,000.41 Individuals may also be disqualified from managing corporations.42 Further, any person involved in a contravention can be subject to penalty.43 In addition, persons who suffer loss as a result of the conduct may be able to obtain an order for compensation or recover damages.44 Criminal penalties do not apply in respect of the price signalling laws.

Anti-competitive contracts, arrangements and understandings 15.32 Section 45 of the CCA prohibits anti-competitive contracts, arrangements and understandings. Section 45(2) provides as follows: A corporation shall not: (a) make a contract or arrangement, or arrive at an understanding, if: (i) the proposed contract, arrangement or understanding contains an exclusionary provision; or (ii) a provision of the proposed contract, arrangement or understanding has the purpose, or would have or be likely to have the effect, of substantially lessening competition; or (b) give effect to a provision of a contract, arrangement or understanding, whether the contract or arrangement was made, or the understanding was arrived at, before or after the commencement of this section, if that provision: (i) is an exclusionary provision; or (ii) has the purpose, or has or is likely to have the effect, of substantially lessening competition.

[page 270] 15.33 The provision prohibits the making or giving effect to the terms of a contract, arrangement and understanding that either: contains an exclusionary provision; or has the purpose, or has or is likely to have the effect of substantially lessening competition.

Contract, arrangement and understanding 15.34 The legal tests for determining what constitutes a contract,

arrangement or understanding were discussed at 15.4–15.7 above.

Exclusionary provisions 15.35 An exclusionary provision is defined in s 4D. It is a critical section in the context of the prohibition. Section 4D provides as follows: (1) A provision of a contract, arrangement or understanding, or of a proposed contract, arrangement or understanding, shall be taken to be an exclusionary provision for the purposes of this Act if: (a) the contract or arrangement was made, or the understanding was arrived at, or the proposed contract or arrangement is to be made, or the proposed understanding is to be arrived at, between persons any 2 or more of whom are competitive with each other; and (b) the provision has the purpose of preventing, restricting or limiting: (i) the supply of goods or services to, or the acquisition of goods or services from, particular persons or classes of persons; or (ii) the supply of goods or services to, or the acquisition of goods or services from, particular persons or classes of persons in particular circumstances or on particular conditions; by all or any of the parties to the contract, arrangement or understanding or of the proposed parties to the proposed contract, arrangement or understanding or, if a party or proposed party is a body corporate, by a body corporate that is related to the body corporate. (2) A person shall be deemed to be competitive with another person for the purposes of subsection (1) if, and only if, the first-mentioned person or a body corporate that is related to that person is, or is likely to be, or, but for the provision of any contract, arrangement or understanding or of any proposed contract, arrangement or understanding, would be, or would be likely to be, in competition with the other person, or with a body corporate that is related to the other person, in relation to the supply or acquisition of all or any of the goods or services to which the relevant provision of the

[page 271] contract, arrangement or understanding or of the proposed contract, arrangement or understanding relates.

15.36 In order to trigger the operation of this provision at least one of the parties must be a corporation for constitutional reasons. If that requirement is satisfied, one must determine whether the parties are competitors. Section 4D(2) deems parties to be competitors if:45 the person or related bodies corporate are or are likely to be competitive with each other, or

the person or related bodies corporate would be or would be likely to be competitive with each other but for the contract, arrangement or understanding, in relation to the supply or acquisition of all or any of the goods or services to which the relevant provision applies.

A corporation will be liable for any conduct that falls within the scope of s 4D irrespective of whether the conduct actually results in harm to competition. The alleged area of competition has to correspond with the scope of the contractual limitation.46 Miller notes that ‘the likelihood of people being competitive with each other is a question of fact. That the term “likely” is to be interpreted in the same manner as in relation to s 45D. It means “a real chance or possibility”’.47 The purpose of preventing, restricting or limiting the supply or acquisition of goods or services referred to in s 4D means the subjective purpose of the parties determined at the time the contract, arrangement or understanding was entered into.48 Miller notes that ‘although subjective, purpose will usually be inferred from the nature of the arrangement, the circumstances in which it was and its likely effect’.49 The purpose need not be common to all parties to the contract, arrangement or understanding.50 It is also essential for the purposes of s 4D(1)(b) to identify persons or a class of persons to whom the arrangement is directed.51 If conduct falls within the scope of s 4D, it amounts to a per se breach. The only defence available is if the conduct arises in a joint venture context.52 [page 272]

Purpose, or has or is likely to have the effect, of substantially lessening competition 15.37 The first step under this test is to determine the ‘purpose’ or ‘effect’ of the impugned provision. The stronger view is that the ‘purpose’ referred to in s 45 is the subjective purpose of the applicable parties.53 The focus on the inquiry must be on a specific provision; the provision must be identified.54 The specific provision:55 … is deemed to have or be likely to have the effect of substantially lessening competition if that provision, together with other provisions of the contract, arrangement or understanding

or the provisions of any other contract, arrangement or understanding to which the alleged offending corporation, or a related corporation, is a party, have the effect or are likely to have the effect of substantially lessening competition.

The test for determining whether conduct will have the effect or likely effect of substantially lessening competition is a relative one:56 It requires making both a qualitative and quantitative judgment about the degree of anticompetitive effect of a particular contract, arrangement or understanding and weighing procompetitive aspects against anticompetitive aspects. In making the judgment, commercial realities and normal commercial practice should be taken into account, as well as the scope and purpose of the particular contract, arrangement or understanding.

Interestingly, a provision of a contract, arrangement or understanding which is intended to provide a new entrant to a market a lead time to establish a reputation and become a competitor may not have the effect of substantially lessening competition.57 Where an established market participant designs a provision which has the purpose of achieving market dominance, this may not necessarily constitute substantially lessening of competition for the purposes of s 45.58 However, it may constitute substantially lessening competition under s 46 as the applicable test had been considered to be narrower under s 45 than it is under s 46.59 [page 273]

Severance 15.38 If the inclusion of a provision in a contract contravenes s 45 (or any other section of the CCA for that matter), it may be severed from the contract.60

Exception 15.39 Section 45 is not breached if the contract, arrangement or understanding is between related bodies corporate.61 There are other exceptions set out in the CCA covering: collective bargaining;62 and conduct which is authorised by the ACCC.63 For an example of how the authorisation process in s 88 has been engaged in the financial services context see the application by the

Commonwealth Bank of Australia, Westpac Banking Corporation, National Australia Bank, and Bendigo and Adelaide Bank. The banks have sought an authorisation in relation to conduct that may otherwise contravene (among other things) s 45. The banks made the application to enable them to ‘engage in collective negotiation and boycott activities with Apple in relation to its e-commerce Apple Pay platform and with other third party wallet providers in Australia’.64 Section 51 of the CCA also contains some other general exceptions.

Penalties 15.40 The pecuniary penalties for contravening s 45 are set out in s 76(1A)(b). There are no criminal penalties for a breach of s 45. The maximum pecuniary penalty that can be imposed on a corporation under the section is: … the greatest of the following: (i) $10,000,000; (ii) if the Court can determine the value of the benefit that the body corporate, and any body corporate related to the body corporate, have obtained directly or indirectly and that is reasonably attributable to the act or omission — 3 times the value of that benefit;

[page 274] (iii) if the Court cannot determine the value of that benefit — 10% of the annual turnover of the body corporate during the period (the turnover period) of 12 months ending at the end of the month in which the act or omission occurred.

The term ‘annual turnover’ is defined in s 76(5). Annual turnover is defined to mean the ‘sum of the values of supplies that the body corporate, and any body corporate related to the body corporate, have made, or are likely to make, during that period’ other than certain excluded revenue items. One type of revenue that is excluded is input taxed supplies. Given that for GST purposes many supplies in financial services (but not all) are input taxed, this needs to be considered when calculating the annual turnover if the party contravening the CCA supplies financial services. Any person who is involved in a contravention of s 45 may also be penalised under s 76(1). The maximum penalty for individuals involved in

a contravention is $500,000: s 76(1B)(b). A court may also order that a person not be a director or involved in the management of a corporation: s 86E. In addition, injunctions and damages may be awarded under s 80 and s 82 respectively. Other remedial orders are also available under s 87, including orders varying or voiding contracts.

Misuse of market power 15.41 The prohibition against the misuse of market power is set out in s 46 of the CCA. In Queensland Wire Industries Pty Ltd v Broken Hill Proprietary Co Ltd [1989] HCA 6 at [24] Mason CJ and Wilson J identified the aim of s 46 in this way: [T]he object of s 46 [of the Trade Practices Act 1974 (Cth)] is to protect the interests of consumers, the operation of the section being predicated on the assumption that competition is a means to that end. Competition by its very nature is deliberate and ruthless. Competitors jockey for sales, the more effective competitors injuring the less effective by taking sales away. Competitors almost always try to “injure” each other in this way. This competition has never been a tort (see Keeble v Hickeringill [1809] EngR 7; (1809) 11 East 574 (103 ER 1127)) and these injuries are the inevitable consequence of the competition s 46 is designed to foster. In fact, the purpose provisions in s 46(1) are cast in such a way as to prohibit conduct designed to threaten that competition — for example, s 46(1)(c) prohibits a firm with a substantial degree of market power from using that power to deter or prevent a rival from competing in a market. The question is simply whether a firm with a substantial degree of market power has used that power for a purpose proscribed in the section, thereby undermining competition, and the addition of a hostile intent inquiry would be superfluous and confusing.

[page 275] Section 46(1) of the CCA provides as follows: A corporation that has a substantial degree of power in a market shall not take advantage of that power in that or any other market for the purpose of: (a) eliminating or substantially damaging a competitor of the corporation or of a body corporate that is related to the corporation in that or any other market; (b) preventing the entry of a person into that or any other market; or (c) deterring or preventing a person from engaging in competitive conduct in that or any other market.

15.42 The key elements of the prohibition set out in s 46(1) are a party having a ‘substantial degree of power’ in a ‘market’ which a corporation

‘takes advantage of’ for one of the proscribed purposes set out in the section. It is not an offence to have a monopoly, market power or a large market share; what matters is whether the elements above are present. The term ‘competitor’ used in the section includes competitors generally, or a particular class or classes of competitors, and a reference to a ‘person’ includes a reference to persons generally or to a particular class or classes of persons: ss 46(1A), 46A.

Substantial degree of power 15.43 The requirement to have a substantial degree of power in a market is a requirement that needs to be assessed in light of all the circumstances:65 The word ‘substantial’ in the context of the misuse of market power prohibition in the [CCA] has been interpreted as meaning a considerable or large degree of market power. It is a word which imports a question of degree and relativity. The required degree of market power is one which attracts the advantages flowing from monopoly or near monopoly. There may be more than one corporation in a market which has market power. It is also possible for a corporation to have substantial market power as a buyer (‘monopsony’ power), not just as a seller. A firm may have substantial market power without being the sole buyer or even a dominant buyer in a market. Financial resources do not equate to market power, but access to capital and other financial resources (for instance, as may exist within a large corporate group) will be relevant to the assessment of market power. A large market share may or may not give a corporation market power or reflect its existence. The real difficulty is not in defining the word ‘substantial’ but in applying the concept of a substantial degree of market power to the circumstances of each case and identifying whether the requisite degree of market power exists.

[page 276] 15.44 Degree of power Section 46(3) directs the court to have regard to the extent to which the conduct of the corporation in the relevant market is constrained by the conduct of competitors, or potential competitors, of the corporation in that market, or by the conduct of persons to whom or from whom the body corporate supplies or acquires goods or services in that market. The law also allows the court to have regard to other factors, including any market power that results from contracts, arrangements or understandings with others: s 46(3A). In Queensland Wire Industries Pty Ltd v Broken Hill Proprietary Co Ltd [1989] HCA 6 at [17] Mason CJ

and Wilson J stated that: Market power can be defined as the ability of a firm to raise prices above the supply cost without rivals taking away customers in due time, supply cost being the minimum cost an efficient firm would incur in producing the product.

A number of cases have examined the factors that are relevant to the assessment of whether a corporation’s conduct is constrained by competitors, customers or suppliers:66 a corporation which sold by wholesale the leading brand of ski boot which 90 per cent of Australian ski retailers found it necessary to stock had a substantial degree of power in a market because a decision by that corporation to deny supplies to a retailer would be likely to substantially damage the retailer’s business: Trade Practices Commission v Pioneer Concrete (Qld) Pty Ltd (1992) ATPR 41-317. See also Mark Lyons Pty Ltd v Bursill Sportsgear Pty Ltd (1987) 75 ALR 581; ATPR 40-809 at 48,799 per Wilcox J; a corporation which had a monopoly on local real estate advertising for 30 years and responded to the entry of a competitor by cutting its advertising rates, did not have a substantial degree of power in the market because it could not determine its advertising rates irrespective of the actions of the competitor: Eastern Express Pty Ltd v General Newspapers Pty Ltd (1992) ATPR 41-167 at 40,302-3 per Lockhart and Gummow JJ; three unrelated corporations which were members of a trade association did not have a substantial degree of market power because each had to have regard to its competitors and customers in setting commission charges and offering services: Dowling v Dalgety Australia Ltd (1992) ATPR 41-165 at 40,275 per Lockhart J; the manufacturer and its exclusive Australian distributor of a computer software game were held not to have a substantial degree of power in the relevant market because, although the game was regarded as being [page 277]

of a better quality in intellectual terms than many of its competing products and had achieved substantial sales, the market was a very competitive one and the manufacturer was constrained by what the opposition were doing: Broderbund Software Inc v Computermate Products (Aust) Pty Ltd (1992) ATPR 41-155 at 40,111-12 per Beaumont J; cutting prices below avoidable cost was a response to a competitive market, not an expression of substantial market power: Boral Besser Masonry Ltd v Australian Competition and Consumer Commission [2003] HCA 5 at [318], [319] per Gleeson CJ and Callinan J. For the purposes of determining power in this context, the power of related bodies corporate is to be aggregated: s 46(2). The market power of unrelated parties must not be aggregated although if the corporation has entered, or proposes to enter, into a contract, arrangement or understanding with an unrelated party, then the court can have regard to the extent to which such contract, arrangement or understanding may influence its market power: s 46(3A).

Market 15.45 For the purposes of s 46(1) the market is a market for goods or services within Australia.67 What constitutes a market is one of the more difficult tests to apply under the CCA. The CCA ‘does not include an exhaustive definition of “market”. Section 4E … relevantly provides that a market in relation to goods and services includes a market for those goods and services and other goods and services that are “substitutable for, or otherwise competitive with” those goods and services’.68 In Australian Competition and Consumer Commission v Australia and New Zealand Banking Group Ltd [2015] FCAFC 103 at [133]–[135] Allsop CJ, Davies and Wigney JJ summarised the approach to defining what constitutes a market in a given case: The word [“market”] is “not susceptible of precise comprehensive definition when used as an abstract noun in an economic context” … It may generally be described as the area of actual or potential close competition or rivalry between firms in respect of particular goods or services and their substitutes … The dimensions of that area of economic activity may be defined by reference to function (that is, wholesale, retail or both), product (that is, the nature and characteristics of the goods or services), and geography (for example, local, state or

national) …

[page 278] The leading authorities emphasise the importance of the substitutability of the relevant products (goods or services) in the market. In simple terms, substitutability means that buyers and sellers can and will substitute one product for the other in response to changes in prices. That does not mean that the products have to be identical. … The existence of price differentials between different products, reflecting differences in quality or other characteristics of the products, does not by itself place the products in different markets. The test of whether or not there are different markets is based on what happens (or would happen) on either the demand or the supply side in response to a change in relative price. [Trade Practices Commission v Australia Meat Holdings Pty Ltd (1988) 83 ALR 299 at 317 per Wilcox J] Whilst relatively easy to describe, at least in a general sense, it is often difficult to identify and define the nature and parameters of a particular market in any given circumstance. Market definition “involves value judgments about which there is some room for legitimate differences of opinion” . … Market identification and definition is not an exact science. It is rooted in the analysis of commerce as an aspect of human behaviour. [Footnotes omitted]

15.46 Their Honours were at pains to stress that a commercial approach was required when defining a market in any given case:69 For present purposes it is important to emphasise that a market is “not a feature of the real world” but rather “an analytical tool devised by economists” … The identification of a market in any given case is therefore generally purposive and directed to the problem or issue at hand. … Market definition is not an exact physical exercise to identify a physical feature of the world; nor is it the enquiry after the nature of some form of essential existence. Rather, it is the recognition and use of an economic tool or instrumental concept related to market power, constraints on power and the competitive process which is best adapted to analyse the asserted anticompetitive conduct. [Australian Competition and Consumer Commission v Liquorland (Australia) Pty Ltd (2006) ATPR 42-123; [2006] FCA 826 at [429]] The process of market identification or definition is therefore to be undertaken with a view to assessing whether the substantive criteria for the particular contravention in issue are satisfied, in the commercial context the subject of analysis. … Whilst a market is an analytical or economic tool designed to analyse the particular asserted anti-competitive conduct, a market definition

[page 279] must nonetheless be based on findings of fact … The premise of that proposition is that it has economic and commercial reality. It must accordingly not be artificial or contrived. Economists frequently construct economic models to analyse complex commercial or economic events or scenarios. But a model is unlikely to be a useful analytical tool if based on unrealistic assumptions that materially depart from the real world facts and circumstances involving commercial behaviour in which the events to be analysed occur. A court should be loathe to accept or act on a market definition which is an artificial construct that does not accurately or realistically describe and reflect the interactions between, and perceptions and actions of, the relevant actors or participants in the alleged market, that is, the commercial community involved. [Footnotes omitted]

Taking advantage of market power 15.47 A corporation will take advantage of market power for the purposes of s 46 if it has acted in a manner that would not be possible if the corporation were subject to competitive pressures in the market.70 A number of factors need to be considered:71 It is not necessary for a corporation to have acted in a way which would be considered to be unfair, predatory or reprehensible. There must be a nexus or causal connection between the corporation’s substantial degree of market power and its conduct, that is, the corporation was able to do what it did because of its market power and the lack of competitive conditions. Thus, not every action taken by a corporation with a substantial degree of market power will constitute taking advantage of its market power. Taking advantage does not necessarily occur when there is any kind of connection at all between market power and a purpose prohibited by section 46 of the CCA. However, it is sufficient that a corporation’s conduct has been ‘materially facilitated’ by the existence of its substantial market power. A court may also have regard to whether the corporation engaged in the conduct in reliance on its substantial degree of market power, or whether it is likely that the corporation would have engaged in the conduct if it did not have a substantial degree of power in the market. The lack of competitive conditions is not to be confused with a lack of competitors. If the corporation with a substantial degree of market power is a monopolist, it may follow that a lack of competitors results in a lack of competitive conditions. Even if there are competitors in the market, the structure and realities of the market may be such that there is no genuine competition between them.

[page 280] A corporation may breach s 46 by refusing to supply72 or by refusing to acquire73 goods or services.

15.48 Proscribed purposes Ultimately, if all of the other conditions are satisfied, the taking advantage of market power has to be for one of the proscribed purposes set out in s 46(1). The relevant purpose is to be ascertained subjectively, ‘in the sense of ascertaining the intent of the corporation in engaging in the relevant conduct’.74 The CCA contains a number of provisions that assist in evaluating whether conduct contravenes s 46(1): s 46(7) provides that a corporation may be found to have taken advantage of a substantial degree of market power for a purpose in s 46(1)(a)–(c) by inference from the conduct of the corporation or of any other person, or from other relevant circumstances; s 84(1) provides that it is sufficient to show that a director, servant or agent of the corporation, being a director, servant or agent by whom the conduct was engaged in within the scope of the person’s actual or apparent authority, had the relevant state of mind or purpose; and s 4F provides that the relevant purpose need only be a substantial purpose. 15.49 Predatory pricing Predatory pricing is a practice that may contravene s 46(1). The term predatory pricing ‘refers to the deliberate lowering of prices to levels which will drive competitors out of the market and enable the predator (the corporation which has a substantial degree of market power), once that has been achieved, to increase prices. The price cut is not intended to be permanent and is adopted for the specific purpose of damaging or eliminating competitors’.75 In addition to also potentially breaching s 46(1), predatory pricing is now also expressly prohibited by s 46(1AA). Section 46(1AA) provides as follows: A corporation that has a substantial share of a market must not supply, or offer to supply, goods or services for a sustained period at a price that is less than the relevant cost to the corporation of supplying such goods or services, for the purpose of: (a) eliminating or substantially damaging a competitor of the corporation or of a body corporate that is related to the corporation in that or any other market; or (b) preventing the entry of a person into that or any other market; or

[page 281]

(c) deterring or preventing a person from engaging in competitive conduct in that or any other market.

The issues that one needs to consider in determining whether the predatory pricing provision has been contravened are discussed below:76 The court may have regard (among other things) to the number and size of the corporation’s competitors in the market when assessing the corporation’s market share. Predatory pricing is often difficult to prove because the outward manifestation of lowering prices is, on its face, procompetitive. In order to establish that price cutting constitutes predatory behaviour and not competitive behaviour, the purpose of the corporation is determinative. The purpose may be established by the admission of the parties or by evidence of the conduct of the corporation in relation to the prices it charges. Whether the inference of purpose may be drawn from evidence as to the nature, extent and effect of pricing will depend on whether it is logical to do so in the circumstances of the case and whether general human experience would be contradicted if the pricing conduct were not accompanied by the relevant purpose. The terms of section 46 … of the CCA do not require that a price must be set below some stipulated level before it can be inferred that it was set for a predatory purpose. Questions as to the appropriate form of remedy may arise where the court makes a finding that conduct constitutes predatory pricing in contravention of section 46 … of the CCA. Upon an interlocutory application alleging predatory pricing, the court will be required to assess the balance of convenience in respect of the grant of an interlocutory injunction. In case law, there have been differing views as to whether it is necessary to show that a corporation that is accused of predatory pricing will be able to recoup the losses that it incurred when engaged in such pricing. However, section 46(1AAA) of the CCA was inserted to make it clear that a corporation may contravene section 46(1) even if it cannot, and might not ever be able to, recoup losses incurred by supplying the goods or services below cost.

Legal rights 15.50 It is not clear whether a corporation can contravene s 46 by exercising its legal rights.77

Exclusive dealing conduct 15.51 It has been noted that exclusive dealing conduct (discussed in the next section) may contravene s 46. For example:78 [A] corporation which threatens to withhold supply to a retailer, or to remove rebates or other benefits to a retailer, unless the retailer agrees not

[page 282] to acquire competitive products from a third party, may be found to have exercised its market

power in breach of section 46 of the (Cth) Competition and Consumer Act 2010 (formerly titled (Cth) Trade Practices Act 1974). However, as with any proceeding under this section, the corporation must be shown to have substantial market power. If a supplier has substantial market power in relation to certain goods or services and also requires a customer to acquire other goods or services exclusively from the supplier, then such conduct may constitute taking advantage of the market power, as well as exclusive dealing conduct.

Exceptions 15.52 Section 46 does not apply to conduct that falls within the scope of s 45 or s 4779 and that conduct is the subject of an authorisation under s 88.

Penalties 15.53 The pecuniary penalties for contravening s 46 are set out in s 76(1A)(b). There are no criminal penalties for a breach of s 46. The maximum pecuniary penalty that can be imposed on a corporation under the section is: … the greatest of the following: (i) $10,000,000; (ii) if the Court can determine the value of the benefit that the body corporate, and any body corporate related to the body corporate, have obtained directly or indirectly and that is reasonably attributable to the act or omission — 3 times the value of that benefit; (iii) if the Court cannot determine the value of that benefit — 10% of the annual turnover of the body corporate during the period (the turnover period) of 12 months ending at the end of the month in which the act or omission occurred.

The term ‘annual turnover’ is defined in s 76(5). Annual turnover is defined to mean the ‘sum of the values of supplies that the body corporate, and any body corporate related to the body corporate, have made, or are likely to make, during that period’ other than certain excluded revenue items. One type of revenue that is excluded is input taxed supplies. Given that for GST purposes many supplies in financial services (but not all) are input taxed, this needs to be considered when calculating the annual turnover if the party contravening the CCA supplies financial services. Any person who is involved in a contravention of s 46 may also be penalised under s 76(1). The maximum penalty for individuals involved in a

[page 283] contravention is $500,000: s 76(1B)(b). A court may also order that a person not be a director or involved in the management of a corporation: s 86E. In addition, injunctions and damages may be awarded under s 80 and s 82 respectively. Other remedial orders are also available under s 87, including orders varying or voiding contracts.

Exclusive dealing conduct 15.54 The prohibition concerning exclusive dealing is one that is directed at vertical conduct, that is, conduct engaged in between a supplier of goods or services on the one hand, and the corporation or person acquiring the goods or services on the other. Section 47(1) of the CCA provides that ‘[s]ubject to this section, a corporation shall not, in trade or commerce, engage in the practice of exclusive dealing’. The essential features of the prohibition in s 47 have been described in the following terms:80 [Section 47] applies to conduct of a corporation in trade or commerce which restricts, limits or otherwise circumscribes dealing in goods and services, or in respect of customers to whom goods and services are resupplied or geographic areas where products are re-supplied. There are specific provisions in respect of exclusive dealing which relate to the granting or renewing of a lease or licence. The exclusive dealing practices, other than those in respect of a lease or licence, are expressed in terms of a prohibition on the supply or acquisition of goods or services on a proscribed condition. The practice of exclusive dealing is also constituted by a refusal to deal for the reason that a supplier or acquirer of goods or services has not agreed to a proscribed condition.

15.55 The following are all forms of exclusive dealing: (1) a supply of goods or services on the condition that the person to whom the goods or services are supplied will not, or will not except to a limited extent, acquire the goods or services directly or indirectly of a competitor of the supplier: s 47(2)(d);81 (2) a refusal to supply goods or services for the reason that the acquirer has not agreed not to acquire goods or services from a competitor: s 47(3)(d);82 (3) a supply on the condition that the person to whom the goods or services are supplied will not, or will not except to a limited extent, re-supply goods or services acquired directly or indirectly from a competitor of the supplier: s 47(2)(e);83

[page 284]

(4) a refusal to supply goods or services for the reason that the acquirer has not agreed not to re-supply goods or services acquired from a competitor of the supplier: s 47(3)(e);84 (5) a supply on the condition that the person to whom the goods or services are supplied will not re-supply the goods or services to any person or will not re-supply them to particular persons or classes of persons, or to persons other than particular persons or classes of persons: s 47(2)(f)(i);85 (6) a refusal to supply goods or services for the reason that the acquirer has not agreed not to re-supply the goods or services to particular persons or classes of persons: s 47(3)(f) (i);86 (7) a supply on the condition that the person to whom the goods or services are supplied will not re-supply the goods or services in particular places or classes of places, or in places other than particular places or classes of places: s 47(2)(f)(ii);87 (8) a refusal to supply goods or services for the reason that the acquirer has not agreed not to re-supply the goods or services in particular places or classes of places: s 47(3)(f)(ii);88 (9) an acquisition of goods or services on the condition that the person from whom the goods are acquired will not supply goods or services to any person or will not, or will not except to a limited extent, supply goods or services to particular persons or classes of persons, or to persons other than particular persons or classes of persons: s 47(4)(c);89 (10) a refusal to acquire for the reason that the supplier has not agreed not to supply goods or services to particular persons or classes of persons: s 47(4)(5)(c);90 (11) an acquisition of goods or services on the condition that the person from whom the goods are acquired will not supply goods or services to any person or will not, except to a limited extent, supply goods or services in particular places or classes of places, or in places other than particular places or classes of places: s 47(d);91 (12) a refusal to acquire for the reason that the supplier has not agreed not to supply goods or services in particular places or classes of places: s 47(5)(d);92

[page 285] (13) a supply on the condition that the person to whom the goods or services are supplied will acquire either directly or indirectly goods or services from another person not being a body corporate related to the supplier: s 47(6); and (14) a refusal to supply for the reason that the acquirer has not agreed to acquire goods or services from another person not being a body corporate related to the supplier: s 47(7).

The terms ‘supply’ and ‘acquire’ used in s 47 are defined in s 4(1) of the CCA. Among other things, s 4C provides that a reference to the supply of goods or services includes a reference to agreeing to supply goods or services. Various subsections of s 47 refer to acquiring goods or services directly or indirectly from a person. The courts have expressed differing views about the meaning of these terms. In Trade Practices Commission v Legion Cabs (Trading) Co-op Society Ltd (1979) 35 FLR 372 at 381 Franki J was of the view that:

[W]hen s 47(4) refers to the acquisition of goods directly from a second person it refers to the acquisition of goods from that person and when it refers to the acquisition of goods indirectly from a person it means an acquisition of goods from an agent of that person.

However, in Australian Competition and Consumer Commission v IMB Group Pty Ltd (in liq) [2002] FCA 402 Drummond J believed the words had a wider meaning:93 There is therefore no reason, in my opinion, to say that the concept of indirect acquisition “from another person” in s 47(6) and (7) refers to acquisition only from an entity which is in a legal relationship of agency with that other person. I think the term “indirectly” has the wide meaning it bears in ordinary speech: “coming or resulting otherwise than directly or immediately, as effects, consequences, etc” … In my opinion, when a question arises whether, in the context of s 47(6) or (7), a person has been offered goods or services by corporation X on condition that the person acquire other goods or services of a particular kind or description “indirectly” from Y, the question for the decision-maker is not whether the legal relationship of agency exists between the entity who delivers the goods or services of that kind or description and Y. Instead, the decision-maker must consider the facts of the case to determine whether the acquisition of those goods or services from the intermediate entity can be said to be an acquisition indirectly from Y within the ordinary meaning of that expression.

Supply or acquisition subject to a condition 15.56 The prohibition in s 47 applies to both ‘downstream conduct, that is a supplier imposing a prohibited condition upon the supply of [page 286] goods or services to an acquirer, and upstream conduct, that is an acquirer imposing a prohibited condition upon the acquisition of goods or services from a supplier’.94 Miller provides an overview of the requirement for a condition under s 47:95 The condition does not need to be legally binding but it must have some attributes of compulsion and futurity. The can be expressed in the form: “If we do this, you will (must) do that”. A condition in the nature of an obligation must be imposed on the person dealing with the corporation. The condition to be complied with by that person must result from something done or to be done by the corporation … The practice of exclusive dealing does not necessarily involve the imposition of any condition. It involves supply on condition. The condition may well have been suggested by the recipient of supply. It may have been imposed by some third party. It may arise, by implication, from all the circumstances in which the goods or services were supplied … The section does not look at the origin of the condition upon which there is a supply of services. The section looks at the supply of services upon that condition.

Section 47(13) provides additional guidance as to what the word ‘condition’ means.

Substantially lessening competition 15.57 With the exception of conduct falling under s 47(6), 47(7), 47(8) (c) and 47(9)(d) (see 15.57 below), the prohibition in s 47 is only contravened if the impugned conduct has the effect of substantially lessening competition: s 47(10). In Stirling Harbour Services Pty Ltd v Bunbury Port Authority [2000] FCA 38 at [114] French J observed that: In my opinion the phrase sets a standard for judicial intervention in respect of the classes of anti competitive conduct to which it applies. It requires, before that intervention can be invoked, that there be a purpose, effect or likely effect of the impugned conduct on competition which is substantial in the sense of meaningful or relevant to the competitive process.

In an earlier case regarding s 47, Smithers J expressed the following view in Dandy Power Equipment Pty Ltd v Mercury Marine Pty Ltd (1982) 64 FLR 238 at 259–60: To my mind one must look at the relevant significant portion of the market, ask oneself how and to what extent there would have been competition therein but for the conduct, assess what is left and determine whether what has been lost in relation to what would have been, is seen to be a substantial lessening of competition. I prefer not to substitute other adverbs for “substantially”. “Substantially” is a word the meaning of which in the

[page 287] circumstances in which it is applied must, to some extent, be of uncertain incidence and a matter of judgment. There is no precise scale by which to measure what is substantial. I think in the context, particularly the penalty and other remedies for contraventions of the Act, and the nature of trade which is the subject of the Act, the word is used in a sense importing a greater rather than a less degree of lessening. … Although the words “substantially lessened in a market” refer generally to a market, it is the degree to which competition has been lessened which is critical, not the proportion of that lessening to the whole of the competition which exists in the total market. Thus a lessening in a significant section of the market, if a substantial lessening of otherwise active competition may, according to circumstances, be a substantial lessening of competition in a market.

Per se breaches 15.58 Conduct falling within the scope of s 47(6), 47(7), 47(8)(c) and

47(9)(d) is not subject to the substantial lessening of competition test. Conduct falling within those subsections constitutes a per se breach of the law, that is, a breach that does not require the ACCC to prove that the conduct would also substantially lessen competition.

Overlap with s 4796 15.59 If conduct falls with the scope of s 45 and s 47, the exclusive dealing provisions take priority and s 45 of the CCA does not apply where the conduct also amounts to a contravention of s 47: s 45(6).

Exceptions 15.60 The prohibition on exclusive dealing does not apply where a body corporate engages in conduct which restricts the dealings of another body corporate if the two bodies corporate are related to each other: s 47(12). In addition, s 47 will not apply to the extent the conduct is authorised under s 88 or is notified under s 93. Note also the general exemptions in s 51 of the CCA.

Penalties 15.61 The pecuniary penalties for contravening s 47 are set out in s 76(1A)(b). There are no criminal penalties for a breach of s 47. The maximum pecuniary penalty that can be imposed on a corporation under the section is: … the greatest of the following: (i) $10,000,000;

[page 288] (ii) if the Court can determine the value of the benefit that the body corporate, and any body corporate related to the body corporate, have obtained directly or indirectly and that is reasonably attributable to the act or omission — 3 times the value of that benefit; (iii) if the Court cannot determine the value of that benefit — 10% of the annual turnover of the body corporate during the period (the turnover period) of 12 months ending at the end of the month in which the act or omission occurred.

The term ‘annual turnover’ is defined in s 76(5). Annual turnover is defined to mean the ‘sum of the values of supplies that the body corporate, and any body corporate related to the body corporate, have made, or are likely to make, during that period’ other than certain excluded revenue items. One type of revenue that is excluded is input taxed supplies. Given that for GST purposes many supplies in financial services (but not all) are input taxed, this needs to be considered when calculating the annual turnover if the party contravening the CCA supplies financial services. Any person who is involved in a contravention of s 47 may also be penalised under s 76(1). The maximum penalty for individuals involved in a contravention is $500,000: s 76(1B)(b). A court may also order that a person not be a director or involved in the management of a corporation: s 86E. In addition, injunctions and damages may be awarded under s 80 and s 82 respectively. Other remedial orders are also available under s 87, including orders varying or voiding contracts.

Resale price maintenance 15.62 Section 48 of the CCA provides that ‘[a] corporation or other person shall not engage in the practice of resale price maintenance’. The conduct that constitutes resale price maintenance is set out in s 96(3). Section 96(3) describes three categories of prohibited conduct in relation to goods. Section 96A has the effect of extending the prohibitions to services. If a corporation is engaged in the conduct it will constitute a per se breach. There is no need to show that the conduct would substantially lessen competition. The provisions do not draw a distinction:97 … in terms of culpability between the various types of conduct. The prohibition on resale price maintenance is expressed to apply to the supplier of goods or services. It applies also in the case of a person acting on behalf of or by arrangement with the supplier. The words ‘on behalf of’ go further than the law of agency and may catch conduct where the person purporting to act on behalf of the supplier had no actual authority

[page 289] to bind the supplier under the general law of agency. A reference to selling goods at a price less than a price specified by the supplier in section 96(3) of the CCA includes references to

advertising goods for sale, displaying goods for sale and offering goods for sale below a price specified by the supplier.

15.63 The six prohibited types of conduct fall within the following categories:98 attempting to induce a person not to sell the supplier’s products or services at less than a price specified by the supplier; making it known to a person that the supplier will not supply her or him unless that person agrees not to sell below the supplier’s specified price; or entering an agreement for the supply of goods or services containing a provision that the purchaser will not sell below the supplier’s specified price.

Specified price 15.64 The concept of specified price is a central element of the prohibition. The concept of a specified price is set out in s 96(3)(f). In effect it provides as follows:99 The practice of resale price maintenance is constituted by the supplier using, in relation to any goods or services supplied or that may be supplied by the supplier or the second person, a statement of a price that is likely to be understood by that person as the price below which the goods are not to be sold or the services are not to be re-supplied.

A specified price is one which can be determined by operation of a mechanism that is known to the parties.100 An objective test is used to determine what is ‘likely to be understood’:101 It is not concerned with the intention of the supplier in making the statement but with the likely effect of the statement on the second person. The text of the statement and all the relevant circumstances surrounding the making of it need to be considered in determining the second person’s understanding of the statement.

Exceptions 15.65 The CCA contains a loss leader defence in relation to conduct that constitutes resale price maintenance under s 96(3)(d): s 98(2). [page 290] A corporation may also theoretically seek an authorisation under s 88 for conduct that constitutes resale price maintenance.

Penalties 15.66 The pecuniary penalties for contravening s 48 are set out in s 76(1A)(b). There are no criminal penalties for a breach of s 48. The maximum pecuniary penalty that can be imposed on a corporation under the section is: … the greatest of the following: (i) $10,000,000; (ii) if the Court can determine the value of the benefit that the body corporate, and any body corporate related to the body corporate, have obtained directly or indirectly and that is reasonably attributable to the act or omission — 3 times the value of that benefit; (iii) if the Court cannot determine the value of that benefit — 10% of the annual turnover of the body corporate during the period (the turnover period) of 12 months ending at the end of the month in which the act or omission occurred.

The term ‘annual turnover’ is defined in s 76(5). Annual turnover is defined to mean the ‘sum of the values of supplies that the body corporate, and any body corporate related to the body corporate, have made, or are likely to make, during that period’ other than certain excluded revenue items. One type of revenue that is excluded is input taxed supplies. Given that for GST purposes many supplies in financial services (but not all) are input taxed, this needs to be considered when calculating the annual turnover if the party contravening the CCA supplies financial services. Any person who is involved in a contravention of s 48 may also be penalised under s 76(1). The maximum penalty for individuals involved in a contravention is $500,000: s 76(1B)(b). A court may also order that a person not be a director or involved in the management of a corporation: s 86E. In addition, injunctions and damages may be awarded under s 80 and s 82 respectively. Other remedial orders are also available under s 87, including orders varying or voiding contracts.

CONCLUSION 15.67 Anti-competitive conduct is a threat to the central nervous system of the economy and the laws have been put in place to protect against this threat and enhance the welfare of Australians. However, while everyone would agree with the object of the prohibitions, determining what

[page 291] constitutes anti-competitive conduct is usually not a straightforward task. The laws that have been the focus of this chapter illustrate the extent to which the laws are evaluative and indeed in some cases overlapping. The issue of whether conduct will constitute a contravention will in many cases depend on an assessment of all the circumstances. And that endeavor needs to be conditioned by ‘economic and commercial reality’ and avoid ‘artificial and contrived’ reasoning.102

1. 2.

3. 4. 5. 6. 7. 8. 9. 10.

11. 12. 13. 14. 15.

16. 17.

Boral Besser Masonry Ltd v Australian Competition and Consumer Commission [2003] HCA 5 at [160] per Gaudron, Gummow and Hayne JJ. Other provisions include: s 45B, covenants affecting competition; s 45C, covenants in relation to prices; s 45D, secondary boycotts for the purpose of causing substantial loss or damage; s 45DA, secondary boycotts for the purpose of causing substantial lessening of competition; s 45DB, boycotts affecting trade or commerce; s 45DC, involvement and liability of employee organisations; s 45DD, situations in which boycotts permitted; s 45E, prohibition of contracts, arrangements or understandings affecting the supply or acquisition of goods or services; s 46A, misuse of market power — corporation with substantial degree of power in transTasman market; s 49, dual listed company arrangements that affect competition; s 50, prohibition of acquisitions that would result in a substantial lessening of competition. United States v Socony-Vacuum Oil Co, Inc, 310 US 150 at 224 (1940). CCA s 44ZZRA. See LexisNexis, Halsbury’s Laws of Australia, online service, at [420-845] and cases cited there. See note 5 above at [420-845] and cases cited there. Note that an appeal of this decision was dismissed: Morphett Arms Hotel Pty Ltd v Trade Practices Commission [1980] FCA 46. See note 5 above at [420-845] and cases cited there. See R V Miller, Miller’s Australian Competition and Consumer Law Annotated 2015, 37th ed, LawBook Co, Sydney, 2015 at [1.44ZZRD.25]. I Harper, P Anderson, S McCluskey and M O’Bryan, The Competition Policy Review Final Report 2015 at 363 (viewed 22 October 2016). See also note 9 above at [1.44ZZRD.50]. See note 9 above at [1.44ZZRD.35]. CCA s 44ZZRD(4). See note 9 above at [1.44ZZRD.45]. See further 15.22 below regarding the discussion about competing in a market in the context of Australian Competition and Consumer Commission v Australia and New Zealand Banking Group Ltd [2015] FCAFC 103. For the definition of ‘joint venture’, see CCA s 4J. For an example of how this exception may apply in a financial service context, see the authorisation application by the Commonwealth Bank of Australia, Westpac Banking

18. 19.

20. 21.

22. 23. 24.

25. 26. 27. 28.

29. 30. 31. 32. 33. 34. 35. 36. 37.

38. 39.

Corporation, National Australia Bank, and Bendigo and Adelaide Bank. The banks made that application to enable them to ‘engage in collective negotiation and boycott activities with Apple in relation to its e-commerce Apple Pay platform and with other third party wallet providers in Australia’: see ACCC media release, ‘ACCC continues its review of banks’ application for authorisation to collectively bargain with Apple’, 19 August 2016 (viewed 22 October 2016). Note that potential liability under civil penalty provisions can also be addressed via standard authorisation processes under CCA Pt VII. Section 4AA of the Crimes Act 1914 (Cth) currently provides that one penalty unit means an amount of $180. Commencing 1 July 2018, penalty units will be subject to the triennial indexation regime set out in s 4AA(3) of the Crimes Act. Note that an appeal from this case has been heard by the High Court but at the date of publication the judgment had not been handed down. Australian Competition and Consumer Commission v Australia and New Zealand Banking Group Ltd [2013] FCA 1206. For a summary of this case, see A Smyth- Kirk and M Corrigan, ‘Court dismisses ACCC’s price fixing case against ANZ’, 5 December 2013 (viewed 22 October 2016). M Corrigan, ‘Flight Centre and ANZ appeals answer price-fixing concerns in dual distribution models’, 6 August 2015 (viewed 22 October 2016). Australian Competition and Consumer Commission v Australia and New Zealand Banking Group Ltd [2015] FCAFC 103 at [129]. Australian Competition and Consumer Commission v Australia and New Zealand Banking Group Ltd [2015] FCAFC 103 at [131]. See also the court’s review of the concept of ‘market’ at [129]–[138]. Australian Competition and Consumer Commission v Australia and New Zealand Banking Group Ltd [2015] FCAFC 103 at [151]. Australian Competition and Consumer Commission v Australia and New Zealand Banking Group Ltd [2015] FCAFC 103 at [149]. Australian Competition and Consumer Commission v Australia and New Zealand Banking Group Ltd [2015] FCAFC 103 at [297]. The Competition Policy Review Report has recommended that ‘the price signalling provisions should be removed and replaced, by extending section 45 governing contracts, arrangements and understandings that affect competition to also cover concerted practices that have the purpose, effect or likely effect of substantially lessening competition’: Competition Policy Review — Final Report, March 2015, at 9 and Recommendation 29 in respect to anticompetitive disclosure of information at 59–60. Explanatory Memorandum to the Competition and Consumer Amendment Bill (No 1) 2011 (Cth) at [1.8]. S G Corones, Competition Law in Australia, Lawbook Co, Sydney, 2010 at [5.50]. See CCA s 44ZZT and reg 48 of the Competition and Consumer Regulations 2010 (Cth). See reg 49 of the Competition and Consumer Regulations 2010 (Cth). See CCA s 84. See also s 44ZZU that deems when a disclosure is made to another entity. See also CCA s 44ZZV(2) that contains certain anti-avoidance provisions. See CCA ss 44ZZY and 44ZZZ. See CCA s 44ZZV(3). See CCA s 84 in respect of the attribution of disclosures made by directors, employees and agents to a corporation and also s 44ZZU that deems when a disclosure is made to another entity. See CCA s 44ZZY. The term ‘annual turnover’ is defined in CCA s 76(5).

40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54.

55. 56. 57. 58. 59.

60. 61. 62. 63. 64. 65. 66. 67. 68. 69. 70.

71. 72. 73. 74. 75. 76. 77.

See CCA s 76(1A). See CCA s 76(1B). See CCA s 86E. See CCA s 76(1)(a). See CCA ss 79B, 82 and 87. See note 9 above at [1.4D.15]. Eastern Express Pty Ltd v General Newspapers Pty Ltd (1991) 30 FCR 385. See note 9 above at [1.4D.20]. See note 9 above at [1.4D.25]. See note 9 above at [1.4D.20]. SX Operations Pty Ltd v Pont Data Australia Pty Ltd (No 1) (1990) 27 FCR 460. News Ltd v South Sydney District Rugby League Football Club Ltd (2003) 215 CLR 563; Rural Press Ltd v Australian Competition and Consumer Commission (2003) 216 CLR 53. See CCA s 76C. See note 5 above at [420-470]. Trade Practices Commission v Parkfield Operations Pty Ltd (1985) ATPR 40-526 at 46,251 per Fox J; Trade Practices Commission v David Jones (Aust) Pty Ltd (1986) ATPR 40-671 at 47,415 per Fisher J. See note 5 above at [420-872] and cases cited there. See note 5 above at [420-872] and cases cited there. See note 5 above at [420-872] and cases cited there. See note 5 above at [420-872] and cases cited there. See ASX Operations Pty Ltd v Pont Data Australia Pty Ltd (No 1) (1990) ATPR 41-069; Seven Network Ltd v News Ltd (2007) ATPR (Digest) 42-274; [2007] FCA 1062; BC200705841 at [2867]–[2885] per Sackville J; and see note 5 above at [420-872] and cases cited there. See CCA s 4L. See CCA s 45(8). The CCA defines what constitutes a related body corporate in s 4A(5). See CCA ss 45(8A) and 93AB. See CCA s 88(1). See ACCC, ‘ACCC continues its review of banks’ application for authorisation to collectively bargain with Apple’, 19 August 2016 (viewed 22 October 2016). See note 5 above at [420-1035] and cases cited there. See note 5 above at [420-1035]. See CCA ss 4E and 46(4)(b). Australian Competition and Consumer Commission v Australia and New Zealand Banking Group Ltd [2015] FCAFC 103 at [132] per Allsop CJ, Davies and Wigney JJ. Australian Competition and Consumer Commission v Australia and New Zealand Banking Group Ltd [2015] FCAFC 103 at [136]–[138] per Allsop CJ, Davies and Wigney JJ. Queensland Wire Industries Pty Ltd v Broken Hill Proprietary Co Ltd (1989) ATPR 40-925 at 50,011 per Mason CJ and Wilson J, at 50,012 per Deane J, at 50,016 per Dawson J, at 50,024 per Toohey J. See Melway Publishing Pty Ltd v Robert Hicks Pty Ltd [2001] HCA 13 at [50]–[53] per Gleeson CJ, Gummow, Hayne and Callinan JJ. See note 5 above at [420-1045] and cases cited there. See note 5 above at [420-1050] and cases cited there. See note 5 above at [420-1055] and cases cited there. See note 5 above at [420-1075] and cases cited there. See note 5 above at [420-1060] and cases cited there. See note 5 above at [420-1060] and cases cited there. See note 5 above at [420-1065] and cases cited there.

78. 79. 80. 81. 82. 83. 84. 85. 86. 87. 88. 89. 90. 91. 92. 93.

See note 5 above at [420-1070] and cases cited there. As well as under CCA ss 45B and 50, which are not discussed in this chapter. See note 5 above at [420-1090] and cases cited there. See also note 5 above at [420-1120]. See also note 5 above at [420-1120]. See also note 5 above at [420-1130]. See also note 5 above at [420-1130]. See also note 5 above at [420-1135]. See also note 5 above at [420-1135]. See also note 5 above at [420-1140]. See also note 5 above at [420-1140]. See also note 5 above at [420-1125]. See also note 5 above at [420-1125]. See also note 5 above at [420-1125]. See also note 5 above at [420-1125]. Australian Competition and Consumer Commission v IMB Group Pty Ltd (in liq) [2002] FCA 402 at [100]. 94. See note 5 above at [420-1095] and cases cited there. 95. See note 9 above at [1.47.30] and cases cited there. 96. See note 5 above at [420-1085] and cases cited there. 97. See note 5 above at [420-1230] and cases cited there. 98. See note 9 above at [1.48.10]. 99. See note 5 above at [420-1255]. 100. Australian Competition and Consumer Commission v High Adventure Pty Ltd [2005] FCA 762. 101. See note 5 above at [420-1255] and the cases cited there. See also [420-1255]. 102. Adopting and adapting statements from Australian Competition and Consumer Commission v Australia and New Zealand Banking Group Ltd [2015] FCAFC 103 at [138] per Allsop CJ, Davies and Wigney JJ.

[page 293]

Part D Obligations Relating to the Use and Protection of Customer Information

[page 295]

Chapter 16 Collection, Use and Disclosure of Personal Information INTRODUCTION 16.1 The collection, use and disclosure of personal information are integral to the operation of financial services. Those activities are an essential part of the provision of services to consumers. Such information is extremely valuable and is an ‘asset class’ of its own. It is widely recognised that ‘privacy is good business’. The collection, use and disclosure of such information are regulated by privacy law, or more correctly, information privacy law (see 16.6 below). This chapter will focus on both the laws that regulate personal information generally and the laws that regulate a specific type of personal information: credit information. 16.2 The first part of this chapter will examine the obligations that are imposed on organisations generally under the Privacy Act 1988 (Cth) (Privacy Act). The primary focus of that part will be on the laws concerning the collection, use and disclosure of personal information. The second part of this chapter will examine how the laws impact entities that are credit providers under the Privacy Act, as the provision of credit is a critical function of financial services organisations. Substantial amendments to the Privacy Act came into force on 12 March 2014. The amendments were described as the most significant changes to the Privacy Act in over 20 years. These amendments: increased disclosure obligations; enhanced information governance obligations; provided consumers with greater scope to ‘opt out’ of direct marketing; provided new rights for individuals to access and correct credit reports;

[page 296] introduced a comprehensive credit reporting regime; provided a higher standard of protection to an individual’s ‘sensitive information’; conferred new powers on the Commonwealth Privacy Commissioner with respect to complaints, investigations and remedies; and introduced new civil penalty orders, including up to $1.1 million in fines for privacy breaches in certain circumstances. Many of the amendments contained in the new legislation were precipitated by a wide-ranging report by the Australian Law Reform Commission (ALRC) entitled ‘For Your Information: Australian Privacy Law and Practice’, containing over 295 recommendations for reform. The following sections examine the rights of consumers under the Act and the obligations that all entities subject to the Act, including financial services organisations, must comply with when managing personal information.

COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION Who does the Privacy Act apply to? 16.3 The Privacy Act applies to a wide range of entities. Broadly speaking, the provisions under the Act which relate to the collection, use and disclosure of personal information apply to ‘organisations’ and ‘agencies’. The term ‘agencies’ refers to public bodies and other governmental entities and is not relevant for the purposes of this chapter. The term ‘organisations’ is defined in s 6C of the Act as meaning individuals, body corporates, partnerships, other unincorporated associations and trusts, but excludes small business operators and other entities. A small business operator is one that has an annual turnover of

$3,000,000 or less and does not otherwise fall into one of six exceptions, for example, where the small business operator deals in personal information for a benefit, provides a health service or is a credit reporting body. Organisations (also known as ‘APP entities’) that collect, use and disclose personal information are subject to the requirements set out in the Australian Privacy Principles (APPs). All financial services organisations will generally be an APP entity for the purposes of the Act. The APPs are the focus of the following section of this chapter. [page 297]

Australian Privacy Principles — APPs 16.4 Section 15 of the Act outlines the general obligations that all organisations which collect and use personal information, must comply with. Section 15 provides that an ‘APP entity must not do an act, or engage in a practice, that breaches an Australian Privacy Principle’. The APPs came into force on 12 March 2014. 16.5 The APPs have been designed and organised in a manner that reflects the personal information management lifecycle. The Explanatory Memorandum to the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (EM) explained this approach to the design of the APPs as follows: The order in which the APPs appear is intended to reflect the cycle that occurs as entities collect, hold, use and disclose personal information. This broadly consists of the following stages: planning in advance how to meet obligations in relation to the handling of personal information; considering whether information may or should be collected; collecting information; providing notification of collection to the individual concerned; using or disclosing the information for the purpose for which it was collected or for an allowable secondary purpose; maintaining the integrity of personal information by securely storing it and ensuring its quality; and when the information is no longer necessary for the functions or activities of the entity, destroying it or ensuring that it is no longer personal information.

To this end, the APPs have been set out in Parts that move through each of the above elements of the information-handling chain.

Consequently, each ‘part’ of this section will discuss the APPs in groupings that reflect the thematic organisation of those privacy principles in the Act. While each APP will not be discussed in its entirety, the key aspects or most important aspects of each APP will be covered. The main parts of this section will reflect the themes mentioned above being: information governance; the collection of personal information; use and disclosure of personal information; quality and security of personal information; and access to and correction of personal information. Prior to discussing the APPs within each of these parts, however, it is first necessary to identify what constitutes ‘personal information’ for the purposes of the Act. [page 298]

What is ‘personal information’? 16.6 The Privacy Act deals specifically with information privacy. Accordingly, the critical starting point for any analysis of an organisation’s obligations under the Privacy Act is to identify the scope of information that is caught by the Act. The key definition is ‘personal information’. That term is defined in s 6 of the Act to mean: … information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not.

16.7 The definition set out above came into force on 12 March 2014 and aligns with international precedent. The former definition required an identity to be apparent, or reasonably ascertainable from the information or an opinion. The new definition omits the requirement that was contained in the former definition for an individual to be identified or identifiable from information or an opinion. The rationale underpinning this change is that with greater potential and/or capacity of organisations to conduct data matching and data linking, the requirement for information to be ‘from the information or opinion’ was potentially

limiting. That is, information or an opinion on its own may not enable one to identify an individual, but it may when linked to other extraneous data sources. This may be a crucial distinction in the digital age. 16.8 The issue of identification through the use of data matching or data linking begs the question: when will a person be reasonably identifiable for the purposes of the definition? For example, if an organisation has no intention of linking data sources (which in themselves do not identify an individual but in combination may), this lack of intention should be considered in determining whether an individual is reasonably identifiable. Other factors would include the technical difficulty associated with such ‘linking’ and any required investment. 16.9 These issues were identified by Microsoft in its submission to the ALRC in relation to Report 108. In respect of the ‘reasonableness’ test, Microsoft said: This test necessitates a consideration of the cost, difficulty, practicality and likelihood of the organisation linking information with other personal information accessible to it, and not merely whether the organisation would be able to link the information after incurring substantial expenditure … In Microsoft’s experience as a large organisation that handles and processes significant volumes of personal information for its

[page 299] business purposes, it is apparent to us that just because an organisation holds, or is capable of accessing, various pieces of information about an individual, it does not follow that it will always combine this information to ascertain the identity of that individual. In many cases it is not practical or useful for this to be done, and so it simply does not occur.

The EM reflects the substance of these statements. It states that: The new definition will refer to an individual who is, ‘reasonably identifiable’. Whether an individual can be identified or is reasonably identifiable depends on context and circumstances. While it may be technically possible for an agency or organisation to identify individuals from information it holds, for example, by linking the information with other information held by it, or another entity, it may be that it is not practically possible. For example, logistics or legislation may prevent such linkage. In these circumstances, individuals are not ‘reasonably identifiable’. Whether an individual is reasonably identifiable from certain information requires a consideration of the cost, difficulty, practicality and likelihood that the information will be linked in such a way as to identify him or her.

16.10 From one perspective, these statements reflect the approach that would have been taken to interpreting the same issue under the former

definition of ‘personal information’. Accordingly, it is not clear that the scope of the amended definition has changed much, if at all. Indeed, these sentiments were acknowledged in the EM, which notes that: The proposed definition does not significantly change the scope of what is considered to be personal information. The application of ‘reasonably identifiable’ ensures the definition continues to be based on factors which are relevant to the context and circumstances in which the information is collected and held.

16.11 The Australian Privacy Principles guidelines issued by the Office of the Australian Information Commissioner (APP guidelines) mirror these concepts. For judicial views on the weight to be given to the APP guidelines see 16.53 and 16.54 below. 16.12 The key issue for organisations under the definition of ‘personal information’ is to assess their information collection and management practices on an ongoing basis to determine whether information they collect is ‘personal information’ for the purposes of the Act. This is a critical, but not necessarily straightforward, task, especially in the information age. For example, information that is on its face clearly not personal information (for example, a cookie ID or a dynamic IP address) could become so once correlated or linked with other snippets of information. For example, the ALRC observed that a mobile telephone number, email address or IP address could be, or could become, ‘personal [page 300] information once that information was linked to a particular individual due to the accretion of information around the number or address’. 16.13 This ‘accretion issue’ is one that is extremely important in the context of the information economy and the increasing use of ‘big data’. Organisations need to ensure that they do not inadvertently breach the Act due to a mistaken belief that individual data sets do not constitute ‘personal information’ when, in aggregate, they actually do have such status. 16.14 Metadata as personal information The recent determination of Telstra Corporation Ltd v Privacy Commissioner [2015] AATA 991 (Telstra decision) illustrates how these issues can manifest themselves in

practice. The definition of ‘personal information’ which applied in the determination was the definition in the Act that was in force prior to the commencement of the recent reforms, namely, ‘personal information’ is: … information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information of opinion.

However, the case is instructive because it does not appear that much would turn on the differences between the former and current definitions; or at least not in the context of the factual matrix of the case. 16.15 In this matter, Mr Grubb, who was at the relevant time a journalist, initially sought access to certain data held by Telstra which Mr Grubb argued was his personal information. While Telstra provided Mr Grubb with much of the information that he requested, Telstra did not provide network data or metadata requested by Mr Grubb. As a result, Mr Grubb made a complaint to the Privacy Commissioner who found that the applicable network or metadata was personal information and, consequently, that Telstra ought to provide it to Mr Grubb under the access provisions of the Act. Telstra appealed to the Administrative Appeals Tribunal (AAT) to have the merits of this determination reviewed with a view to having it set aside. The central focus of the AAT decision was whether metadata comprising Mr Grubb’s Internet Protocol (IP) address information, the Uniform Resource Locator (URL) information of websites Mr Grubb visited and certain cell tower location information was personal information for the purposes of the Act. Mr Grubb wanted access to this data in order to show others what could be revealed about one’s daily activities in the same way the German politician, Malte Spitz, did after suing a German telecommunication company in 2011. [page 301] 16.16 AAT decision In Telstra Corporation Ltd v Privacy Commissioner [2015] AATA 991 Deputy President Forgie was required to determine whether the relevant network data (or metadata) was in fact personal information for the purposes of the Act. Deputy President Forgie held that

the metadata which was the focus of the case was not ‘personal information’. In allowing Telstra’s appeal in this case, the AAT stressed the importance of applicable information being about an individual. The word ‘about’ assumed a crucial role in the outcome of the case. The AAT observed (at [99]) that: There is a connection between an individual and the information that means that it is “about” that individual. Just how strong need that connection be between the two for it to be about an individual? Putting the issue another way, how tenuous can the link be before information or opinion is not about an individual but about something else or, if still about an individual, not about a particular individual but another?

Deputy President Forgie then commented on how this approach affected the characterisation of the mobile network data the subject of the access request under the Act: Had Mr Grubb not made the calls or sent the messages he did on his mobile device, Telstra would not have generated certain mobile network data. It generated that data in order to transmit his calls and his messages. Once his call or message was transmitted from the first cell that received it from his mobile device, the data that was generated was directed to delivering the call or message to its intended recipient. That data is no longer about Mr Grubb or the fact that he made a call or sent a message or about the number or address to which he sent it. It is not about the content of the call or the message. The data is all about the way in which Telstra delivers the call or the message. That is not about Mr Grubb. It could be said that the mobile network data relates to the way in which Telstra delivers the service or product for which Mr Grubb pays. That does not make the data information about Mr Grubb. It is information about the service it provides to Mr Grubb but not about him. [at [112]]

The judge then commented directly on the Internet Protocol (IP) address information that Mr Grubb sought access to: I have considered also the IP address allocated to the mobile device which Mr Grubb used. On the basis of the evidence of Mr Tracey and the Operations Manager, I am satisfied that an IP address is not information about an individual. Certainly, it is allocated to an individual’s mobile device so that a particular communication on the internet can be delivered by the Internet Service Provider to that particular mobile device but, I find, an IP address is not allocated exclusively to a particular mobile device and a particular mobile device is not allocated a single IP address over the course of its working life. It changes and may change frequently in the course of a communication. The connection between the person using a

[page 302] mobile device and an IP address is, therefore, ephemeral. In the context of this case, it is not about the person but about the means by which data is transmitted from a person’s mobile device over the internet and a message sent to, or a connection made, with another person’s

mobile device. [at [113]]

Clearly, as this passage shows, in this case the relevant IP address information was dynamic (or temporary) IP address information and perhaps if it had been static or permanent IP address information the finding on this point may have been different. This point further illustrates just how critical the characterisation test applied in the Telstra decision is to the outcome of access request cases under the Privacy Act. Crucially, the decision emphasises the need for parties to determine whether information is about an individual by considering two key factors: the purpose or reason that the information the subject of the access request was originally created; and how the information is actually used. In applying the characterisation test from the Telstra decision, it will be essential to consider the context and circumstances in which the relevant information is created and used. Other factors that one should have regard to in applying this test will include the cost, difficulty, practicality and likelihood of linking non-personal information in such a way so as to identify a person, which in turn would mean that that information would then fall within the scope of the Act: see 16.6–16.13. No doubt additional factors may be identified as playing a role in this context in future cases. Nevertheless, while there is still scope for uncertainty in this context, the Telstra decision does provide more guidance for parties as to the potential scope and application of the ‘personal information’ definition under the Act and therefore, consequently, the scope of the Act including requirements such as APP 12 (access to personal information). The Telstra decision (and the principles it is based on) is a good example of the tensions that arise when applying the Privacy Act to contemporary technologies. Achieving the correct balance will be difficult for organisations seeking to apply the law. Striking an appropriate balance in this context will be necessary in order to achieve the competing purposes of the Act: that is, to promote the protection of the privacy of individuals and the responsible and transparent handling of personal information by entities on the one hand, while recognising that the protection of the privacy of individuals is balanced with the interests of entities in carrying out their functions or activities on the other.

This is an intriguing area of the law and the boundaries of the definition of ‘personal information’ will no doubt be explored for many years to [page 303] come. As an aside, it is also interesting to consider in this context the alternative approaches that have been adopted in other jurisdictions for addressing issues that overlap with the issues the subject of the Telstra decision: see the discussion concerning the United Kingdom midata initiative at 9.84. The next sections will examine the requirements set out in the APPs.

Information governance 16.17 The objective of APP 1 is to ‘ensure that APP entities manage personal information in an open and transparent way’. A new requirement in APP 1 is the information governance requirement set out in APP 1.2, which provides as follows: An APP entity must take such steps as are reasonable in the circumstances to implement practices, procedures and systems relating to the entity’s functions or activities that: (a) will ensure that the entity complies with the Australian Privacy Principles and a registered APP code (if any) that binds the entity; and (b) will enable the entity to deal with inquiries or complaints from individuals about the entity’s compliance with the Australian Privacy Principles or such a code.

16.18 While this requirement may have been implicit in law as it stood prior to the amendments to the Privacy Act, on 12 March 2014 it became an express requirement. If an entity such as a financial services organisation fails to adopt a comprehensive approach to information governance and fails to design and implement practices, procedures and systems which are reasonable in light of its information collection and use practices, then it could be at risk of breaching this APP. The EM noted that policies and practices under APP 1.2 could include: training staff and communicating to staff information about the agency or organisation’s policies and practices; establishing procedures to receive and respond to complaints and

inquiries; developing information to explain the agency or organisation’s policies and procedures; and establishing procedures to identify and manage privacy risks and compliance issues, including in designing and implementing systems or infrastructure for the collection and handling of personal information by the agency or organisation. [page 304] The APP guidelines state that APP 1.2 is not just a general statement of an entity’s obligation to comply with other APPs, but goes further by imposing: … a distinct and separate obligation upon an APP entity, in addition to being a general statement of its obligation to comply with other APPs. The purpose of APP 1.2 is to require an entity to take proactive steps to establish and maintain internal practices, procedures and systems that ensure compliance with the APPs. The obligation is a constant one. An entity could consider keeping a record of the steps taken to comply with APP 1.2, to demonstrate that personal information is managed in an open and transparent way.

16.19 The next specific information governance step that organisations are required to take is to have a clearly expressed and up-to-date privacy policy: APP 1.3. The requirement to maintain an up-to-date privacy policy (the ‘currency requirement’) is a logical one, but by the same token it may require significant efforts by an organisation to ensure that the policy and corporate practice remain in lockstep. If they do not, then it will give rise to a potential breach of APP 1.3. In addition, the failure to maintain an upto-date policy may be indicative of a breach of the obligation to maintain effective information governance structures under APP 1.2. The publication of an out-of-date policy by a financial services organisation may also amount to a misleading representation which may be actionable, for example, under s 1041H of the Corporations Act 2001 (Cth) or s 12DA of the Australian Securities and Investments Commission Act 2001 (Cth). 16.20 The information that APP 1.4 requires to be set out in a privacy policy includes information concerning the kinds of ‘personal information collected and held; how such information is collected and held; the

purposes for which the entity collects, holds, uses and discloses personal information; access and correction procedures; complainthandling procedures; and information about any cross-border disclosure of personal information that might occur’. 16.21 The requirement to include information concerning potential cross-border disclosures is an interesting one for organisations. Under APP 1.4 an organisation must include the following information in its privacy policy: … (f) whether the entity is likely to disclose personal information to overseas recipients; (g) if the entity is likely to disclose personal information to overseas recipients — the countries in which such recipients are likely to be located if it is practicable to specify those countries in the policy.

[page 305] Presumably, the ‘recipient’ of the relevant information must be a person (body corporate or natural person). If this is the case, it would seem to rule out disclosure to a ‘machine’. That is, it may be the case that an organisation may be able to utilise information technology facilities used in other countries (for example, such as those that support cloud technologies) and not be considered to have ‘disclosed’ any information to the persons (in the sense of making that information ‘known’) that provide such infrastructure to the organisation. Whether a ‘disclosure’ to recipients occurred in these cases would be a matter of fact. If technology infrastructure was provided by an overseas-based entity (say, an operator of a world-class data centre in Singapore) and the data stored on that infrastructure by an Australian entity was only accessible in the ordinary course due to the implementation of logical security protocols, it would seem improbable that one could characterise that situation as a ‘disclosure’ for the purposes of this APP. If encryption was used this would further support an argument that no disclosure has occurred. The APP guidelines expand on this point as follows: [I]n limited circumstances providing personal information to an overseas contractor to perform services on behalf of the APP entity may be a use, rather than a disclosure. This occurs where the entity does not release the subsequent handling of personal information from its effective control. … For example, where an APP entity provides personal information

to a cloud service provider located overseas for the limited purpose of performing the services of storing and ensuring the entity may access the personal information, this may be a ‘use’ by the entity in the following circumstances: a binding contract between the entity and the provider requires the provider only to handle the personal information for these limited purposes the contract requires any subcontractors to agree to the same obligations, and the contract gives the entity effective control of how the personal information is handled by the overseas recipient. Issues to consider include whether the entity retains the right or power to access, change or retrieve the personal information, who else will be able to access the personal information and for what purposes, what type of security measures will be used for the storage and management of the personal information … and whether the personal information can be retrieved or permanently deleted by the entity when no longer required or at the end of the contract.

The final APP we will discuss under the information governance banner is APP 2. APP 2.1 requires an organisation to provide an option for individuals not to identify themselves when dealing with the entity unless APP 2.2 applies. That is, the organisation should provide an option to deal with the entity anonymously or by using a pseudonym. [page 306] APP 2.2 provides that the ‘anonymity’ option need not be provided if the organisation is required or authorised to identify individuals or it is impracticable to provide an ‘anonymity’ option. This will invariably be the case where a consumer is acquiring services from a financial services organisation.

Collection of personal information 16.22 The key disclosures that an organisation must make when it is collecting personal information are set out in APP 3–APP 5. APP 3.2 provides as follows: If an APP entity is an organisation, the entity must not collect personal information (other than sensitive information) unless the information is reasonably necessary for one or more of the entity’s functions or activities.

The APP guidelines express the Privacy Commissioner’s view on what constitutes collection in the following terms: B.27 The concept of ‘collection’ applies broadly, and includes gathering, acquiring or obtaining personal information from any source and by any means, including from:

individuals other entities generally available publications surveillance cameras, where an individual is identifiable or reasonably identifiable information associated with web browsing, such as personal information collected by cookies biometric technology, such as voice or facial recognition. B.28 Collection may also take place when an APP entity generates personal information from other data it holds, such as the generation of an audit log [citations omitted].

16.23 APP 3.2 permits an organisation to collect personal information provided it is ‘reasonably necessary’ for one or more of the organisation’s functions or activities. The concept of what is ‘reasonably necessary’ was discussed in some length in the EM at p 53: A number of the APPs allow for collection, use or disclosure where the entity believes that the collection, use or disclosure is ‘reasonably necessary’ for a particular purpose. It is intended that this be interpreted objectively and in a practical sense. It is not intended to provide a lower level of protection compared with the existing NPPs, where an objective test is implied. In relation to the requirement that an entity must not collect, use or disclose personal information unless it is reasonably necessary for a

[page 307] particular purpose, function or activity, this is intended to reflect the following. The first is that the collection, use or disclosure is reasonably necessary to pursue that particular purpose, function or activity. Whether the collection, use or disclosure is reasonably necessary is to be assessed from the perspective of a reasonable person (not merely from the perspective of the entity proposing to undertake the activity). Where a reasonable person would not regard the purpose, function or activity in question as legitimate for that type of entity, the collection, use or disclosure of personal information will not be ‘reasonably necessary’ even if the entity cannot effectively pursue that function or activity without collecting, using or disclosing the personal information.

16.24 The first two paragraphs of this statement are unobjectionable. It would, however, seem that the objective test is conditioned by the circumstances of the actual entity in question. On that point, it appears that the statement contained in the third paragraph above goes, with respect, well beyond the plain and ordinary meaning of the language set out in APP 3.2. There seems to be no justification for stating in the EM that in applying the hypothetical test one should have regard to whether a purpose or function of an entity is ‘legitimate for that type of entity’. That

is not the test expressed, nor is this consistent with the ordinary meaning of the words, set out in APP 3.2. While the EM is not law, courts may refer to it in interpreting the meaning of a legislative provision. 16.25 APP 3.3 is expressed in straightforward terms. The requirements it imposes in relation to organisations are set out below: An APP entity must not collect sensitive information about an individual unless: (a) the individual consents to the collection of the information and: … (ii) … the information is reasonably necessary for one or more of the [organisation’s] functions or activities; or (b) subclause 3.4 applies in relation to the information.

16.26 APP 3.4 sets out a number of exceptions to the prohibition regarding the collection of sensitive information set out in APP 3.3. These exceptions could be categorised as unusual situations (for example, collection of information under a law/court order, collection for the purposes of providing a health service or for enforcement-related activities). For most entities (except for those in the health services sector) none of the exceptions set out in APP 3.4 will apply in the usual course of business. There is one possible exception to this situation, though, and that relates to the use of biometric information. [page 308] With a rapid increase in security-related incidents, organisations are looking for ways in which to use biometric data to identify individuals for the purposes of internet transactions. The use of biometric data can in certain cases provide a higher degree of security and trust than other types of authentication and authorisation techniques. However, under the Act, biometric information is defined as sensitive information. The EM notes at p 62 that the references to biometric information and biometric templates have been added to the definition section of the amended Act and that: The inclusion of … [the references to biometric information and biometric templates] will implement the Government’s response to ALRC Recommendation 6-4. The Government agreed with the ALRC that biometric information had similar attributes to other sensitive information and it was therefore desirable to provide it with a higher level of protection. Given the broad nature of what can be considered biometric information, the definition makes it clear that the additional protections only extend to that biometric information which

is specifically being collected for the purpose of automated biometric verification or biometric identification.

16.27 If any biometric information is being collected for the purpose of automated biometric versification or biometric identification, then it follows that the more onerous collection obligation in APP 3.2 will apply. Accordingly, organisations that wish to use biometric data to interact with their customers will need to obtain consent from such customers. The expression ‘consent’ is defined in s 6(1) of the Act as ‘express or implied consent’. The EM notes at p 54 that: Consent is a defined concept within the current Privacy Act which will be retained in the amended Act. Consent is defined to mean ‘express consent or implied consent’. Express consent exists where a person makes an informed decision to give their voluntary agreement to collection, use or disclosure taking place. Whether consent can be said to be implied depends entirely on the circumstances. Consent may be implied when, in the circumstances, the individual and the relevant entity have each engaged in conduct that means that it can be inferred the individual has consented, even though the individual may not have specifically stated that he or she gives consent. Consent, in many circumstances, can be withdrawn at any time. In such circumstances, the consent no longer exists, and an entity would no longer be able to rely on consent having been given when dealing with the individual’s personal information. Consistent with the Government’s response to ALRC Recommendation 19-1, the Government encourages the development and publication of appropriate guidance by the OAIC about what is required of agencies

[page 309] and organisations to obtain an individual’s consent for the purposes of the Privacy Act.

16.28 The requirements discussed above are supplemented by the requirements in APP 3.5 to only collect personal information by lawful and fair means and also APP 3.6 which provides that an organisation must only collect information about an individual from the relevant individual, unless it is unreasonable or impracticable to do so. 16.29 APP 4 provides that an organisation which receives unsolicited personal information must make a determination as to whether it would have been permitted under the Act to collect such information if it had in fact solicited such information. If the information could not have been lawfully collected, the organisation must destroy or de-identify such information unless it is not reasonable or lawful to do so in the

circumstances. One such circumstance may be where an organisation ‘has received unsolicited personal information from a law enforcement agency to assist that agency in its investigations’. In that case it would not be reasonable (and potentially unlawful) to dispose of the relevant information until the enforcement agency no longer requires assistance. Another circumstance where this situation may arise is in relation to complaints. For example, an organisation with a large consumer base may receive unsolicited complaint-related information that contains personal information and even sensitive information (including regarding the health of an individual). Whether it would not be reasonable or unlawful to destroy or deidentify the relevant information in such a case would depend on the nature of the material provided and the nature of the complaint. If the information can be destroyed or de-identified, that is the end of the matter. If the information cannot be destroyed or de-identified, then APP 5–APP 13 will continue to apply as if the organisation had collected the information under APP 3. 16.30 The final disclosure required in the collection phase is set out in APP 5. APP 5.1 provides that an organisation must at or before the time it collects personal information (or, if that is not practicable, as soon as practicable thereafter) take such steps (if any) as are reasonable in the circumstances to notify the individual of the matters set out in APP 5.2. The matters requiring notification under APP 5.2 are: (a) the identity and contact details of the APP entity; (b) if: (i) the APP entity collects the personal information from someone other than the individual; or

[page 310] (ii) the individual may not be aware that the APP entity has collected the personal information; the fact that the entity so collects, or has collected, the information and the circumstances of that collection; (c) if the collection of the personal information is required or authorised by or under an Australian law or a court/tribunal order — the fact that the collection is so required or authorised (including the name of the Australian law, or details of the court/tribunal

(d) (e) (f)

(g)

(h)

(i) (j)

order, that requires or authorises the collection); the purposes for which the APP entity collects the personal information; the main consequences (if any) for the individual if all or some of the personal information is not collected by the APP entity; any other APP entity, body or person, or the types of any other APP entities, bodies or persons, to which the APP entity usually discloses personal information of the kind collected by the entity; that the APP privacy policy of the APP entity contains information about how the individual may access the personal information about the individual that is held by the entity and seek the correction of such information; that the APP privacy policy of the APP entity contains information about how the individual may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds the entity, and how the entity will deal with such a complaint; whether the APP entity is likely to disclose the personal information to overseas recipients; if the APP entity is likely to disclose the personal information to overseas recipients — the countries in which such recipients are likely to be located if it is practicable to specify those countries in the notification or to otherwise make the individual aware of them.

16.31 An interesting issue that arises in an internet context is the degree to which organisations need to provide notice of the collection of personal information through technological means. The APP guidelines state that APP 5.2(b) may require notification to be provided: [W]here the individual may not be aware of their personal information being collected, the individual should be made aware of the method of collection, for example, that personal information is collected through use of a hidden radiofrequency identification tag (RFID tags), software (such as cookies), or biometric technology (such as voice or facial recognition).

16.32 Whether any particular so-called tracking technology will require a collection notice to be provided will obviously depend on how the technology is used. Take Apple’s iOS fingerprint scanning technology, [page 311] Touch ID, for example. That technology users a raster scanner which involves a beam scanning horizontally and vertically to capture the ridge lines of a fingerprint. The extract from Apple’s iOS Security white paper states as follows: The fingerprint sensor is active only when the capacitive steel ring that surrounds the Home button detects the touch of a finger, which triggers the advanced imaging array to scan the finger and send the scan to the Secure Enclave. The raster scan is temporarily stored in

encrypted memory within the Secure Enclave while being vectorized for analysis, and then it’s discarded. The analysis utilizes subdermal ridge flow angle mapping, which is a lossy process that discards minutia data that would be required to reconstruct the user’s actual fingerprint. The resulting map of nodes is stored without any identity information in an encrypted format that can only be read by the Secure Enclave, and is never sent to Apple or backed up to iCloud or iTunes. [Emphasis added]

It is this innovative approach to the use of biometric information which means Apple does not in fact collect the applicable biometric information; it remains on the user’s device. This is a powerful example of technology being deployed in such a way to solve an apparent problem that technology creates. 16.33 Turning now to cookies. Depending on how they are implemented cookies can store personal information. Cookies are not software or scripts. Cookies are text files up to 4KB in size that store information related to a specific site that a user has visited while using the World Wide Web. A 4KB file can store up to four pages of text but a cookie generally stores much less information in the form of a name-value pair. Ultimately whether a cookie is used to collect or store personal information depends on how the cookie is designed by a programmer. There are two broad types of cookies: first-party and third-party cookies. Cookies can also be persistent cookies (that is, last beyond a visit to a site and in some cases years) or session cookies (that is, they exist for the duration of the visit but then are discarded). First-party cookies are set by the site domain listed in the browser address bar, that is, the site that a user has intentionally visited. Many first-party cookies are essential in web technology because they provide a virtual memory for the requests and responses between a browser and a web server, either between web pages or separate visits to the site by the same user (or device). For example, an authentication cookie placed on a user’s device by the Twitter server maintains the user’s session, letting the user stay logged in with each request to the site. An example of the contents of such a cookie is set out below: auth_token 5d704a72517368ae9993231f3ff94d17fa76a828 [page 312]

As discussed above, the sole function of this text is to allow the server to remember that the user is logged in. Other examples of information that is frequently stored in a cookie include data input by a user into a page on a site previously visited by a user during the same session (for example, to facilitate web shopping carts), a user’s preferred language, locale and other site configuration preferences. Third-party cookies are generated by other domain sources that have items, such as ads, icons or images (including things known as web bugs, pixel tags or clear gifs) embedded on the page. For example, when I read a page of a well-known news site in the United States, a third party places the following cookie on my computer:

This name-value pair is a unique identifier. If I then go to another popular United Kingdom site, I find that the same third party cookie is associated with, and accessed by, that site. Obviously, the use of cookies in this way, together with other techniques, can be used to track users and their activities across numerous sites. While the use of cookies in this way is generally used for behavioural advertising or interest-based advertising, it has caused privacy concerns in some sectors. Such tracking can ultimately lead to sufficient information being collected to enable one to reasonably identify a user. Organisations that have sites that use cookies should provide sufficient information about the use of cookies on their sites. However, a collection notice under the Privacy Act will only be required where personal information is collected using cookies. This contrasts with the position in the United Kingdom where the Privacy and Electronic Communications Regulations (PECR) have been enacted to govern the use of cookies (or similar technologies) directed to users in the European Union. The PECR came into force on 26 May 2011 and was enacted to implement the Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). Regulation 6 is the main provision: 6. (1) Subject to paragraph (4), a person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of

paragraph (2) are met. (2) The requirements are that the subscriber or user of that terminal equipment:

[page 313] (a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and (b) has given his or her consent. (3) Where an electronic communications network is used by the same person to store or access information in the terminal equipment of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2) are met in respect of the initial use. (3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent. (4) Paragraph (1) shall not apply to the technical storage of, or access to, information: (a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or (b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.

In summary, subject to two exceptions, unlike the Australian position, reg 6 of the PECR prohibits the use of cookies or similar techniques without the consent of the user. The two exceptions are set out in reg 6(4) which provides exceptions in relation to transmission over a network and in connection with cookies or similar techniques which are strictly necessary to provide the services that a user requests. In practice, many sites have adopted the type of device set out below to obtain consent:

[page 314] 16.34 A critical requirement that arises under APP 5.2 relates to disclosures about the purposes for which an organisation actually collects personal information. The requirement under APP 5.2(d) to notify individuals of the purposes of the collection of personal information is important as it determines the scope of an organisation’s rights to use information and the scope of ‘secondary purpose’ rights: see discussion at 16.37ff. The disclosures required under APP 5.2 about the purposes for which information is collected will obviously need to be carefully considered and periodically reviewed by an organisation and reflect any changes in internal practices that occur over time. 16.35 The disclosure required under APP 5.2(e) regarding the main consequences of not providing personal information is an interesting one. The primary consequence in this context will be that it will not be able to provide goods or services to the individual. However, entities such as financial institutions are required by law to collect personal information under anti-money laundering/counter-terrorism financing laws. In such cases the notification obligation does not add terribly much other than perhaps to educate the relevant individual or individuals. If a potential customer refused to provide the required personal information in a financial services context, it would be necessary to decline to provide financial goods or services to that individual. 16.36 APP 5.2(f) is another disclosable matter that could, at least theoretically, make consumers baulk at entering into a contract with an organisation. If, for example, an onshore entity regularly shared information with entities that the consumer objects to, then that would need to be disclosed so that the customer could make an informed choice about the services she is considering obtaining from the applicable organisation. 16.37 The final disclosures that will be discussed are set out in APP 5.2(i) and (j), which together require an organisation to notify individuals of the likely disclosure of personal information to overseas recipients and the countries in which such recipients are located, if practicable to do so. It is difficult to see why such a disclosure (above and beyond what is

contained in the privacy policy) is necessary. The requirement seems to be an outworking of the belief that keeping data onshore is more secure than data offshore. What the legislators and consumers should be more concerned about is the security of information rather than its geographical or physical location. While physical security associated with servers and databases that store personal information is an important pre-condition [page 315] to maintaining the overall security of personal information, an equally important factor is logical security. Once personal information is accessible over a network and that network is connected to other networks (for example, the internet), the key to ensuring that information remains secure is robust logical security. For instance, it would be far preferable to have my personal information located in India in a data centre where both the physical and logical security were extremely good than have that same information stored in Australia in a data centre where the level of physical security was high, but the level of logical security was low. It is not the location of data that provides assurance; it is the overall level of both physical and logical security. Accordingly, the requirements in APP 5.2(i) and (j) may provide some illusory comfort to some individuals, but largely impose a disclosure burden on organisations for no perceivable benefit.

Use and disclosure of personal information 16.38 APP 6.1 implicitly provides that an organisation may use or disclose personal information for the primary purpose for which it was collected. It is critical for an organisation to accurately describe the purposes for which it collects information under APP 5.2(d) as this will not only assist in the determination of whether such collection is reasonably necessary for one or more of the entity’s functions or activities under APP 3.2, but that disclosure under APP 5.2(d) also determines the scope of the primary purpose and secondary purpose concepts contained in APP 6.1.

16.39 Under APP 6.1 an organisation must not use or disclose the information for another purpose (the secondary purpose) unless: (a) the individual has consented to such use or disclosure; or (b) an exception applies. Under APP 6.2 an organisation will be able to use personal information for a secondary purpose if: (a) the individual would reasonably expect the APP entity to use or disclose the information for the secondary purpose and the secondary purpose is: (i) if the information is sensitive information — directly related to the primary purpose; or (ii) if the information is not sensitive information — related to the primary purpose; or (b) the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or (c) a permitted general situation exists in relation to the use or disclosure of the information by the APP entity; or

[page 316] (d) the APP entity is an organisation and a permitted health situation exists in relation to the use or disclosure of the information by the entity; or (e) the APP entity reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

16.40 In relation to the exception in APP 6.2(a), most information collected by financial services organisations will not be sensitive information, although life insurers will need to collect sensitive health information from customers in order to underwrite life insurance policies. Another example will be the collection and use of biometric information used in connection with verification and identification purposes. Where sensitive information is collected, any secondary use of such information will necessarily be limited in practice to purposes that are directly related to the purpose for which such information is collected. Should there be a need for wider use or disclosure of information by an organisation, then the logical approach would be to secure an individual’s consent to a broader set of primary purposes or secondary uses or disclosures. In terms of personal information that is not sensitive, an organisation is able to use personal information for any secondary purpose where such purpose is related to the primary purpose. The meaning of a similar phrase

was considered in Australian Securities and Investments Commission v Narain [2008] FCAFC 120. In that case, Finkelstein J stated (at [9]) that ‘the words “in relation to” require a relationship or connection between two subject matters’. Accordingly, so long as an organisation can identify a relationship or connection between the primary purpose of collection and a secondary purpose, it will be able to use personal information (excluding sensitive information) for that secondary purpose. 16.41 The other exceptions set out in APP 6.2 relate to: requirements required or authorised by or under an Australian law or a court/tribunal order (APP 6.2(b)); five general exemptions for organisations, including for the collection, use or disclosure relating to investigations of unlawful conduct by the organisation, court proceedings or confidential alternative dispute purposes (APP 6.2(c)); use or disclosure that is necessary to provide a health service (APP 6.2(d)); and use or disclosure in connection with law enforcement (APP 6.2(e)). 16.42 APP 6.6 is a deeming provision. It provides that if a body corporate collects personal information from a related body corporate, [page 317] then the primary purpose of the latter body is imputed to the former body corporate in order to determine the primary and secondary purposes for which the former body can use or disclose personal information that it collects from a related body corporate. APP reflects a related broader provision set out in s 13B of the Privacy Act, which provides that the collection from, or disclosure to, a related body corporate is not an interference with privacy. APP 6.7 states that APP 6 does not apply to direct marketing or the use of government identifiers as those matters are dealt with in APP 7 and APP 9 respectively.

Direct marketing 16.43 APP 7.1 provides that personal information must not be used or disclosed for the purposes of direct marketing. The Act does not define the

term ‘direct marketing’. The definition of that term is important as it in turn determines the scope of APP 7 and its relationship to APP 6. If an overly broad interpretation of direct marketing is adopted, it will squarely cut down the scope of APP 6. 16.44 The Code of Practice of the Australian Direct Marketing Association (ADMA) defines the term direct marketing to mean: … the marketing of goods or services or the seeking of donations through means of communication at a distance where: (a) consumers are invited to respond using a means of communication at a distance; and (b) it is intended that the goods or services be supplied under a contract negotiated through a means of communication at a distance.

16.45 The Macquarie Dictionary defines the term direct marketing to mean ‘a marketing technique in which the producer bypasses retailers and sells directly to the customer’. In a review that it conducted in 2005, the Office of the Privacy Commissioner (OPC) defined the term to mean ‘[t]he promotion and sale of goods and services directly to the consumer’. The EM states that ‘[d]irect marketing involves communicating directly with a consumer to promote the sale of goods and services to the consumer’. It then goes on to say that direct marketing communications ‘could be delivered by a range of methods including mail, telephone, email or SMS’. An express or implicit element in all of these definitions is that direct marketing involves direct approaches to an identifiable individual as opposed to mass-marketing (or indirect marketing) to an unknown class or classes of persons. The ADMA definition which includes the ‘at a distance’ element would exclude marketing that was conducted ‘in person’ such as ‘in store’ or over the counter marketing. [page 318] If on the other hand a broader interpretation of the term was adopted, in person marketing that occurs within a store could fall within the definition of ‘direct marketing’. In such cases APP 6 would not apply and organisations would need to ensure that in person marketing conducted ‘in store’ complied with APP 7 by engaging one of the exemptions. This would appear to be too broad an application of the principles in APP 7. When a

person enters a store, in one sense they are initiating contact with an organisation in a commercial environment. Any ‘in store’ marketing could be reasonably expected in the circumstances and this situation falls squarely into the territory covered by APP 6. On the other hand, marketing which occurs at a distance and which potentially intrudes on one’s personal space or time and is not associated with any contact initiated by an individual would seem to be a more appropriate subject for the specific regulation contained in APP 7.1. 16.46 Indeed, the EM suggests that direct marketing for the purposes of the Act is contact initiated by an organisation ‘at a distance’. This implication arises from the statement in the EM that ‘[t]he direct marketing communication could be delivered by a range of methods including mail, telephone, email or SMS’. While the words used leave open the possibility that in person marketing could fall within the definition of direct marketing, it is telling that not one example provided in the EM contemplates a person-to-person interaction ‘in store’ or otherwise face-toface. In summary, it is argued that the most appropriate definition of direct marketing is one that is initiated by a marketer and is conducted ‘at a distance’, for example, email/mail outs and cold calling. 16.47 The general prohibition in APP 7.1 is subject to a number of exceptions. The first two exceptions overlap somewhat. APP 7.2 provides that: [A]n organisation may use or disclose personal information (other than sensitive information) about an individual for the purpose of direct marketing if: (a) the organisation collected the information from the individual; and (b) the individual would reasonably expect the organisation to use or disclose the information for that purpose; and (c) the organisation provides a simple means by which the individual may easily request not to receive direct marketing communications from the organisation; and (d) the individual has not made such a request to the organisation.

16.48 The requirement in APP 7.2(a) is not difficult to apply. It should be clear in most cases from what source personal information is collected [page 319] unless, for example, information from various sources is commingled in

databases. The second requirement, contained in APP 7.2(b), is somewhat less clear in the sense that organisations that have relationships with thousands or millions of customers or otherwise have a large number of individuals who they market to cannot consider whether each customer would reasonably expect the organisation to use or disclose information for a given purpose. Practical necessity means that consideration of this type of matter can generally only be made at a class or universal level. That is, an organisation needs to identify a factor that confirms or denies the existence of the relevant ‘reasonable expectation’. Such factors may include the notifications provided to customers when they first enter into a relationship with an organisation, terms of applicable contracts and what is disclosed in the organisation’s privacy policy. 16.49 Taken together these matters will enable an organisation to determine with some confidence whether an individual customer would reasonably expect to receive direct marketing. The requirement in APP 7.2(c) provides that an organisation must provide a simple means for individuals to opt out of receiving direct marketing. The requirement in APP 7.2(d) relates to the requirement in APP 7.2(b). It is inconceivable that an individual could ever reasonably expect to receive direct marketing if they had notified an organisation that they do not want to receive direct marketing. If the law is read in this way, there are only effectively three core requirements in APP 7.2: direct collection; reasonable expectation; and the provision of an opt-out mechanism. 16.50 APP 7.3 provides another exception to the general prohibition of direct marketing in APP 7.1. APP 7.3 provides that an organisation may use or disclose personal information (other than sensitive information) about an individual for the purpose of direct marketing if: (a) the organisation collected the information from: (i) the individual and the individual would not reasonably expect the organisation to use or disclose the information for that purpose; or (ii) someone other than the individual; and (b) either: (i) the individual has consented to the use or disclosure of the information for that purpose; or (ii) it is impracticable to obtain that consent; and (c) the organisation provides a simple means by which the individual may easily request not to receive direct marketing communications from the organisation; and

[page 320] (d) in each direct marketing communication with the individual: (i) the organisation includes a prominent statement that the individual may make such a request; or (ii) the organisation otherwise draws the individual’s attention to the fact that the individual may make such a request; and (e) the individual has not made such a request to the organisation.

16.51 It is difficult to determine just when APP 7.3(a)(i) could apply. It may be intended to capture the situation where a former customer of an organisation may have opted out of receiving direct marketing a number of years earlier, but now has initiated a new relationship with an organisation. In that situation, there would be reasonable grounds for expecting that the individual may not wish to receive direct marketing. The circumstances in which APP 7.3(a)(ii) will apply are clear; if an organisation does not collect information from an individual, then the more onerous obligations in APP 7.3 must be complied with rather than those set out in APP 7.2. The other main requirements are set out in APP 7.3(b) and APP 7.3(c). 16.52 APP 7.3(b) requires an organisation to obtain consent prior to using or disclosing information for direct marketing unless obtaining consent is impracticable. Taking the concept of consent first, the term ‘consent’ is defined in the Act as meaning ‘express consent or implied consent’. Express consent is a relatively straightforward concept. On the other hand, what can constitute implied consent is more problematic. A similar concept of inferred consent is used in the Spam Act 2003 (Cth) which regulates the sending of commercial electronic messages for the purposes of promoting goods, services or other matters. Clause 2 in Sch 2 of the Spam Act contains the principal definition of ‘consent’ which provides that term includes: … (b) consent that can reasonably be inferred from: (i) the conduct; and (ii) the business and other relationships; of the individual or organisation concerned.

16.53 In Australian Communications and Media Authority v Clarity1

Pty Ltd [2006] FCA 410 the defendant argued that the mere provision of a functional ‘unsubscribe’ facility in a communication sent to an email recipient was sufficient to infer that the recipient consented to receiving unsolicited commercial messages. In support of their argument, the [page 321] respondents relied on the Office of the Privacy Commissioner’s (OPC) Guidelines to the National Privacy Principles (which provided nonenforceable guidance in relation to the principles that commenced in 2001) concerning the consent requirements in NPP 2. In this context, Nicholson J noted (at [75]) as follows: The respondents place reliance on comments at pp 37–8 of the Office of the Federal Privacy Commissioner in ‘Guidelines to the National Privacy Principles’ issued in September 2001. There it was stated that ‘it may be possible to infer consent from the individual’s failure to opt out provided that the option to opt out was clearly and prominently presented and easy to take up’. However, that statement must be read against a further statement where, after listing a number of factors said likely to enhance the possibility of the drawing of an inference of consent, the passage concluded: It is unlikely that consent to receive marketing material on-line could be implied from a failure to object to it. This is because it is usually difficult to conclude that the message has been read and it is generally difficult to take up the option of opting out as it is commonly considered that there are adverse consequences to an individual from opening or replying to email marketing — such as confirming the individual’s address exists. This may also apply where material is distributed using other automated processes. (This would not prevent an organisation from seeking opt in consent on-line if NPP 2.1 allowed it).

16.54 Nicholson J nevertheless went on to state that ‘such publications cannot control the interpretation of an Act of Parliament. The words of the Act must speak for themselves and be interpreted according to the normal rules of statutory construction’: at [76]. The judge also noted that if an inference of consent is to be drawn from the fact that an individual has failed to reply to an unsolicited communication: … the foundations for it must be found in the circumstances. There are powerful features of the evidence which are inconsistent with the drawing of any such inference and militate against it. They are also inconsistent with any inference being drawn from any prior business relationship constituted by the initial sending of an electronic message to a recipient. [at [77]]

16.55 In the context of unsolicited electronic commercial email, Nicholson J held that the mere fact that the respondent sent a message to an electronic address and did not receive a response from the recipient did

not provide ‘a proper foundation for an inference of consent’. His Honour then set out four other reasons for why consent could not be inferred in that case, namely: The entire relationship between the respondent and the email recipients was constituted in the absence of bilateral communication [page 322] in circumstances where the respondent obtained the recipients’ email addresses without their knowledge. The fact that it was entirely possible that an email was not read by a recipient who was therefore unaware of an opt-out mechanism, mitigated against inferring consent, especially in a spam context. The evidence in the case suggested that there was no legitimate attempt to obtain consent from the recipient, that is, the respondent was going to send the email irrespective of whether consent was obtained. The volume of unsolicited emails sent made it improbable that the respondents could have been aware that consent was in place prior to dispatching tens of millions of emails. 16.56 It is important to appreciate that the views Nicholson J expressed in that case were against the backdrop of a professional spam undertaking. However, if: direct marketing was undertaken by a reputable organisation; the communication had a prominent, easy-to-use opt-out mechanism; and the communication included contact details; then it would be arguable that consent could be implied in these circumstances. Certainly, the apprehension of ‘adverse consequences’ referred to by the OPC (see 16.53) could not in any reasonable person’s mind exist in these circumstances. Ultimately, however, such issues cannot be predetermined. Each case will need to be determined on its facts.

16.57 As discussed above, it is not necessary to obtain consent if it is impracticable to do so. But this begs the question: what will be impracticable in this context? The Macquarie Dictionary defines the term ‘impracticable’ to mean relevantly ‘not practicable; that cannot be put into practice with the available means’. The question of what is impracticable is a very important one. The meaning of the word ‘impracticable’ was reviewed in Rohde and Rohde (1984) 10 Fam LR 56 at 64. In that case Gee J concluded the term, as used in s 79A of the Family Law Act 1975 (Cth), meant something different than impossible and said: The word “impracticable” means, gleaning a definition from the Shorter Oxford Dictionary, “not practicable”; “that cannot be carried out or done”; “practically impossible”; “unmanageable”; “intractable”.

[page 323] 16.58 In Cawthorn v Cawthorn [1998] FamCA 37 the court, after referring to the decision in Rohde and Rohde, expressed the view that the term impracticability ‘is capable of a very narrow application or a very broad application depending upon … the intent of Parliament’. The court proceeded to hold that the expression should be interpreted narrowly in that case. In Raffoul v Blood Transfusion Service of the Australian Red Cross Society (1997) 76 IR 383 at 400 the court was of the view that the term ‘impracticable’ as used in the Industrial Relations Act 1988 (Cth): … should be construed in its strict sense. See Liddell v Lembke (t/as Cheryl’s Unisex Salon) (1994) 127 ALR 342, at 367–8 and Fryar v Systems Services Pty Ltd (1995) 130 ALR 168, at 185 and 189 … practicability is not a matter of … convenience, or even … undesirability.

16.59 In interpreting the meaning of ‘impracticable’ for the purposes of the Privacy Act it is useful to note the balancing of interests recognised in s 2A of the Act which provides that the objects of the Privacy Act are relevantly: (a) to promote the protection of the privacy of individuals; and (b) to recognise that the protection of the privacy of individuals is balanced with the interests of entities in carrying out their functions or activities; …

This latter recognition points to a broader rather than a narrower test,

but one that is nevertheless a higher standard than one based on reasonableness. Parliament used the concepts of reasonable steps and reasonable expectations throughout the APPs, but did not use the concept of reasonableness in APP 7.3. Instead the concept of ‘impracticable’ was used. Nevertheless the word ‘impracticable’ as used in APP 7.3 would not seem to suggest an overly narrow interpretation such as actual ‘impossibility’, but something that reflects the definition in the Macquarie Dictionary. That is, the term should be interpreted as meaning that obtaining consent will be impracticable if an organisation cannot, using the means that it has available to it or that an organisation of its type ought to have available to it, obtain express or implied consent. 16.60 In addition to the consent requirement, APP 7.3(c) mandates an organisation to provide a simple means for an individual to opt out of receiving direct marketing communications. Further, APP 7.3(d) requires that an organisation include a prominent statement in each direct marketing communication that the individual can make a request not to receive direct marketing communications or otherwise bring the fact that such a request can be made to the attention of the individual. [page 324] 16.61 APP 7.4 provides that sensitive information may be used for the purpose of direct marketing as long as an organisation has obtained the express or implied consent of the individual before using such information for that purpose. Interestingly, there is no requirement to provide an optout facility in such marketing. However, the outcome will probably be achieved by APP 7.6 which provides that an individual can request an organisation cease direct marketing to the individual or otherwise cease using their personal information for facilitating direct marketing by other organisations and also to reveal the source of the relevant information (which may or may not be the individual themselves). The combined effect of the requirements set out in APP 7 is to require an organisation to implement and maintain comprehensive information management policies in respect of personal information that it collects,

uses or discloses in the course of any direct marketing activities. A failure to do so will not only make it difficult for an organisation to demonstrate that it is complying with its direct marketing obligations under APP 7, but it also puts it at risk of being in breach of its information governance obligations in APP 1. Finally, it should be noted that APP 7 does not apply to the extent that any of the following apply: (a) the Do Not Call Register Act 2006 (Cth); (b) the Spam Act 2003 (Cth); or (c) any other Act of the Commonwealth, or a Norfolk Island enactment, prescribed by the Regulations.

Cross-border disclosure 16.62 APP 8.1 requires that, before an organisation discloses personal information to an overseas recipient (that is, a person other than the organisation or the individual to whom the information relates), the organisation must ‘take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles (other than APP 1) in relation to the information’. 16.63 The first issue in this context is to determine whether a disclosure has been made to an overseas recipient. In light of how technology works, it is arguable that a range of transfers of personal information in electronic form across an open network such as the internet or a closed network (such as dedicated links between servers or databases located in different jurisdictions) may not amount to a disclosure to an overseas person. The EM explicitly recognises one such example: [APP 8] is not intended to apply where personal information is routed through servers that may be outside Australia. However, entities will need

[page 325] to take a risk management approach to ensure that personal information routed overseas is not accessed by third parties. If the information is accessed by third parties, this will be a disclosure subject to APP 8 (among other principles).

The essence of this point made in the EM is if information is securely routed across an open network such as the internet, then such transfers should not amount to a disclosure to an overseas person for the purpose of APP 8. By extension, if routing of information through overseas routers does not constitute a disclosure for the purposes of APPs, then neither should secure storage of data on servers located overseas as long as access is limited to the organisation that stores the information on such servers. No disclosure occurs in either case. Where disclosure does actually occur then the requirements in APP 8.1 or APP 8.2 will need to be satisfied. 16.64 APP 8.1 — Accountability approach In a major departure from the ‘adequacy approach’ set out in the NPPs, the APPs adopt what has been referred to as an ‘accountability approach’. The adequacy approach is reflected in NPP 9(a) which states that if an organisation ‘reasonably believes that [an overseas] recipient of [personal] information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the National Privacy Principles’, then the organisation may transfer the information to that recipient. That is, in order to satisfy NPP 9(a) an organisation was required to hold a certain belief. If that belief was reasonably held, but it transpired that the relevant recipient was not subject to a law, binding scheme or contract substantially similar to the NPPs, it would not amount to a breach of NPP. That position has changed under the APPs where an organisation attempts to rely on APP 8.1. That is because the so-called accountability approach has been incorporated in s 16C of the Act. Section 16C provides that: (1) This section applies if: (a) an APP entity discloses personal information about an individual to an overseas recipient; and (b) Australian Privacy Principle 8.1 applies to the disclosure of the information; and (c) the Australian Privacy Principles do not apply, under this Act, to an act done, or a practice engaged in, by the overseas recipient in relation to the information; and (d) the overseas recipient does an act, or engages in a practice, in relation to the information that would be a breach of the [page 326]

Australian Privacy Principles (other than Australian Privacy Principle 1) if those Australian Privacy Principles so applied to that act or practice. (2) The act done, or the practice engaged in, by the overseas recipient is taken, for the purposes of this Act: (a) to have been done, or engaged in, by the APP entity; and (b) to be a breach of those Australian Privacy Principles by the APP entity.

16.65 Accordingly, if an organisation does not take such steps that are reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs (excluding APP 1) then the organisation will be accountable for any breach by the overseas recipient of the APPs by virtue of s 16C. The most obvious manner in which to satisfy the obligation in APP 8.1 would be to enter into a binding contract with the applicable overseas recipient and, under that agreement, impose obligations on the overseas recipient which reflected the APPs. The performance by the counterparty to the contract should also be monitored and/or audited. The contract ideally would also be enforceable, at the domestic organisation’s election, in either the applicable overseas jurisdiction or Australia. There are, however, a range of exceptions to the requirement set out in APP 8.1. 16.66 APP 8.2 APP 8.1 (and the deeming rule in s 16C of the Privacy Act) will not apply if a subclause in APP 8.2 is engaged. APP 8.2 provides that APP 8.1 does not apply to disclosures of personal information to an overseas recipient if, relevantly: (a) the entity reasonably believes that: (i) the recipient of the information is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy Principles protect the information; and (ii) there are mechanisms that the individual can access to take action to enforce that protection of the law or binding scheme; or (b) both of the following apply: (i) the entity expressly informs the individual that if he or she consents to the disclosure of the information, subclause 8.1 will not apply to the disclosure; (ii) after being so informed, the individual consents to the disclosure; or (c) the disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or

[page 327]

(d) a permitted general situation (other than the situation referred to in item 4 or 5 of the table in subsection 16A(1)) exists in relation to the disclosure of the information by the APP entity; …

16.67 In order to engage subclause APP 8.2(a), an organisation needs to form the required reasonable belief. The EM explains the intent of APP 8.2(a) as follows: The “reasonable belief” test will allow entities to make decisions based on the information available to them and the context of a particular disclosure. The term ‘substantially similar’ will not be defined, and provides flexibility in considering the regulatory elements of the overseas jurisdiction. The term “at least” will be used to ensure that stricter obligations than the APPs will still be compliant. It is not essential that the overseas jurisdiction have an office equivalent to the OAIC [Office of the Australian Information Commissioner] in order to provide accessible enforcement mechanisms. It should be possible for a range of dispute resolution or complaint handling models to satisfy this requirement. Effective enforcement mechanisms may be expressly included in a law or binding scheme or may take effect through the operation of cross-border enforcement arrangements between the OAIC and an appropriate regulatory authority in the foreign jurisdiction.

16.68 An example of a legal framework that would satisfy the requirement in APP 8.2(a) would be the Data Protection Act 1998 (UK) as it has broadly similar requirements to those set out in the APPs and a ‘data subject’ may take action to enforce their rights under that statute. However, it is not clear, for example, that the equivalency test would be satisfied by the privacy laws that exist in India. While s 43A of the Information Technology (Amendment) Act 2008 (India) provides that body corporates implement ‘reasonable security practices’ in relation to ‘sensitive personal information’ and are also subject to certain obligations concerning the collection, disclosure and trans-border transfers of sensitive personal information, there is scope to argue that the regime falls short of being ‘substantially similar’ in substance and also whether foreign individuals can bring an action to enforce rights under these provisions. An organisation would need to obtain specific advice on these points in order to be able to form a reasonable belief for the purposes of APP 8.2(a). 16.69 APP 8.2(b) is another alternative open to organisations in this context. That provision is unlikely to be overused. The many steps involved here — informing the individual of the requirements of APP 8.1, [page 328]

then explaining that those requirements will not apply and then having to ensure that the individual consents — would not seem very appealing for an organisation or an individual. The exceptions set out in APP 8.2(c) (disclosures required or authorised by law) and APP 8.2(d) (certain narrow permitted exceptions) are likely to be rarely used or relied upon by organisations.

Government identifiers 16.70 APP 9 relates to government-related identifiers. governmentrelated identifier is defined in the Act to mean:

A

… an identifier of the individual that has been assigned by: (a) an agency; or (b) a State or Territory authority; or (c) an agent of an agency, or a State or Territory authority, acting in its capacity as agent; or (d) a contracted service provider for a Commonwealth contract, or a State contract, acting in its capacity as contracted service provider for that contract.

16.71 APP 9.1 prohibits an organisation adopting a governmentrelated identifier of an individual as its own unless: required or authorised to do so at law or by order of a court or tribunal; or regulations permit certain adoption, use or disclosure. 16.72 APP 9.2 provides that an organisation must not use or disclose a government-related identifier unless one of six exceptions set out in APP 9.2 applies. Other than where it is reasonably necessary for an organisation to use or disclose a government-related identifier in order for the organisation to actually verify the identity of an individual for the purposes of its activities or functions (APP 9.2(a)), it will be rare for most organisations to be able to rely on one of the exceptions listed in APP 9.2, although a tax file number will be required for application forms relating to many investments and other financial services for tax purposes.

Quality and security of personal information 16.73 Under APP 10 an organisation must take reasonable steps to ensure that the personal information that the entity collects is accurate, upto-date and complete. It must also take reasonable steps to ensure that the

personal information that it uses or discloses is accurate, up-todate, complete and relevant having regard to the purpose of the use or disclosure. [page 329] 16.74 In terms of information security, under APP 11.1 an organisation must take reasonable steps to ensure that it protects personal information from: (a) misuse, interference and loss; and (b) unauthorised access, modification or disclosure. In order to achieve this outcome, it will be necessary for organisations to implement and maintain effective information security controls. The definition of ‘reasonable steps’ in this context and other security related matters is discussed in Chapter 17. 16.75 APP 11.2 requires that an organisation take reasonable steps to ensure that personal information is destroyed or de-identified if an organisation no longer needs it for any purpose for which it may use or disclose that information under the APPs, subject to the information not needing to be retained for legal reasons or because the information forms part of a Commonwealth record. The central test here is whether personal information is no longer needed for any purpose for which it may be used or disclosed under the APPs. This is a very broad test and it would seem to confer a large amount of discretion on organisations as to when information would need to be destroyed or de-identified. The APP guidelines set out the Privacy Commissioner’s’ view regarding the de-identification requirement: B.53 Personal information is de-identified ‘if the information is no longer about an identifiable individual or an individual who is reasonably identifiable’ ([Privacy Act] s 6(1)). De-identified information is not ‘personal information’ (see paragraphs B.85–B.96). B.54 De-identification involves removing or altering information that identifies an individual or is reasonably likely to do so. Generally, deidentification includes two steps: removing personal identifiers, such as an individual’s name, address, date of birth or other identifying information, and removing or altering other information that may allow an individual to be identified, for example, because of a rare characteristic of the individual, or a combination of unique or remarkable characteristics that enable identification. B.55 De-identification may not altogether remove the risk that an individual can be reidentified. There may, for example, be a possibility that another dataset or other information

could be matched with the de-identified information. The risk of re-identification must be actively assessed and managed to mitigate this risk. Relevant factors to consider when determining whether information has been effectively de-identified could include the cost, difficulty, practicality and likelihood of reidentification.

[page 330]

Access to and correction of personal information 16.76 APP 12 provides a framework for individuals to seek access to their personal information. We discussed Ben Grubb and the Telstra Corporation (Telstra Corporation Ltd v Privacy Commissioner [2015] AATA 991) at 16.14–16.16 above. That matter involved an access request under NPP 6 (the predecessor section to APP 12), but the issues that it raises are equally applicable in the context of a request under APP 12.1. 16.77 APP 12.1 outlines the primary access right. APP 12.3 then provides that organisations need not give individuals access to their personal information for a number of reasons, including to the extent that: providing access would have an unreasonable impact on the privacy of other individuals; the request is frivolous or vexatious; the information relates to anticipated legal proceedings between the organisation and the individual; giving the information would reveal the intentions of the entity in relation to negotiations between it and the individual; giving access would prejudice investigations by the organisation into unlawful activity or misconduct of a serious nature or otherwise prejudice law enforcement activities; or granting access would reveal evaluative information generated internally relating to a commercially sensitive decision-making process. 16.78 An entity must respond to a request for access within a reasonable period, and give access to an individual if it is reasonable and practicable to do so. If access is not granted due to the operation of an exemption or it is not otherwise granted in the manner requested by an individual, the

organisation should take reasonable steps to give access in a way that meets the needs of the organisation and the individual. That is, the organisation is required to take reasonable steps to arrive at a compromise in this context. This may even require the use of an intermediary. Any charges levied for access must not be excessive and must not relate to the actual making of the request. If access is refused, an organisation must provide a written notice to the individual setting out two core matters, namely: the reasons for refusal except if it would be unreasonable to do so having regard to the reasons for the refusal; and the means by which an individual can complain about the refusal. [page 331] Interestingly, APP 12.10 provides that if the ground for refusal was because the granting of access would reveal evaluative information generated internally relating to a commercially sensitive decision-making process, then the reasons for refusal may include an explanation for the commercially sensitive decision. It may be difficult to apply APP 12.10 in some cases. For example, in certain situations merely informing an individual that a commercially sensitive matter exists may be enough to convey, taken together with other information that the individual knows, the gist of the commercially sensitive decision. In other cases, it may be possible to provide a sufficiently anodyne statement without risk of disclosing commercially sensitive information.

Midata initiative (UK) 16.79 It is interesting to compare the access regime set out in the Privacy Act with the midata initiative in the United Kingdom. The midata initiative is designed to facilitate competition and foster innovation in digital services. The initiative could be supported by the regulation power set out in s 89 of the Enterprise and Regulatory Reform Act 2013 (UK), although at this stage those powers have not yet been formally exercised.

Under s 89 the United Kingdom Secretary of State may, by regulation, require a regulated person to provide customer data to a customer (at the customer’s request) or to an agent of the customer. The term ‘customer data’ is defined in s 89(3) of the Act to mean information which: (a) is held in electronic form by or on behalf of the regulated person, and (b) relates to transactions between the regulated person and the customer.

Section 89 of the Enterprise and Regulatory Reform Act was introduced notwithstanding the right that individuals have under s 7 of the Data Protection Act 1988 (UK) to access personal data. The term ‘personal data’ under that Act is defined as: “personal data” means data which relate to a living individual who can be identified — (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.

It is perhaps that the regulation making power in the Enterprise and Regulatory Reform Act was enacted in order to overcome some of the debates that may otherwise occur in a Telstra decision scenario: see 16.14–16.16. [page 332] 16.80 Use of APIs in the UK In the financial services context, the midata initiative has resulted in industry collaboration and some data management tools being launched. More recently it has led to the formation of the industry-led Open Banking Working Group (OBWG). In early 2016 the UK Treasury tasked the OBWG to develop a new framework for underpinning an open banking standard to facilitate Treasury’s plans to support the use of open Application Programing Interfaces (APIs) in the banking sector. APIs are simply standards or protocols for one software program or application to request information from other programs or applications. Importantly, requests to APIs can be made across the internet. As one could imagine, this is a non-trivial task when sensitive banking data is involved. Key issues involve determining who should be able to access the information, the level of consumer consent required and,

critically, the nature and extent of security associated with the API framework. The UK Treasury has said that it will consider legislating under its regulatory powers if the relevant framework is not implemented by industry. 16.81 Use of APIs in the EU The European Union’s Payment Services Direction 2 (PSD2) is similar in nature to the midata initiative discussed above being developed by the OBWG (although the midata initiative has been described as broader in scope in terms of data access issues). PSD2 will give certain third party providers called payment initiation service providers (PISPs) and account information service providers (AISPs) greater access to payment accounts held by banks under strict conditions. AISPs are providers that can connect directly to the bank account of a customer and retrieve information from that account. An example of a service that could be provided based on such access would be an investment recommendation service. The service would determine the level of funds that a customer is saving in a given period, and provide advice based on this information. PSD2 provides that PISPs are participants that can initiate payment transactions by accessing a customer’s account information. This would occur without the need of using a wallet such as PayPal. Of course, in a similar manner to the process being developed in the midata context, many issues will need to be worked through to ensure that risks associated with this initiative are managed effectively, including the standards relating to: the security associated with online access to customer accounts; the level of consent required for a party to access information on behalf of a customer; [page 333] who bears liability if an unauthorised transaction occurs in a context where multiple parties may be accessing customer data, especially where a new participant has little or no assets; and the mechanism for complaint handling, especially in a cyber

security context, where multiple parties have had access to a party’s information or data. 16.82 Use of APIs in Australia The financial services technology sector has called for the introduction of APIs in the Australian context but views vary as to whether APIs should be mandated. The Productivity Commission commenced a review in this area in March 2016. Under the terms of reference of its Data Availability and Use public inquiry, the Commission is required to: look at the benefits and costs of making public and private datasets more available; examine options for collection, sharing and release of data; identify ways consumers can use and benefit from access to data, particularly data about themselves; and consider how to preserve individual privacy and control over data use. On 3 November 2016 the Commission released a draft report entitled Data Availability and Use.1 Among other things, the draft report recommended that a new ‘Comprehensive Right’ be introduced. This proposed right of ‘individuals over their data would extend to include the ability to direct that a copy of their data be transferred safely from one data holder to another’.2 It is not clear at this stage how this right would be implemented on an economy-wide basis.3 The Commission is due to hand down its report in March 2017. 16.83 APP 13 provides a comprehensive framework concerning access to data for the purposes of the correction of personal information. An organisation is required to correct information if it is satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading having regard for the purpose for which it is held, or if an individual requests it to do so. In those situations, the organisation is required to take [page 334] reasonable steps to correct the information. APP 13.2 then provides that other organisations have to be notified of such correcting in certain

circumstances. APP 13.3 provides that an organisation must provide written reasons for refusing to correct the information and provide it to the individual. APP 13.4 concerns the steps an organisation may need to take to associate statements with purportedly incorrect information where an individual requests such steps to be taken. APP 13.5 states that an organisation must respond to a request to access information or associate a statement with purportedly incorrect information within a reasonable period after the request is made. No charge can be made for making a request under APP 13, correcting information or requesting that a statement is associated with purportedly incorrect information.

PRIVACY AND CREDIT INFORMATION — THE OBLIGATIONS OF CREDIT PROVIDERS 16.84 Credit information is a form of personal information that is highly valuable to financial services organisations and other entities that provide credit to individuals. Such information allows providers to more effectively manage the risks associated with providing credit to individuals. How effectively an organisation can manage the risk associated with providing credit directly influences the profitability of their businesses. Credit information allows organisations to predict with some certainty credit risk (that is, the risk that an individual will default on their obligations under a credit contract) associated with a particular individual that they may be considering extending credit to. The amended Privacy Act contains new rules about the use of credit information. The focus of this section will be on the new laws as they relate to organisations that are credit providers. 16.85 Credit information about an individual is a category of personal information that is more highly regulated than ‘mere’ personal information under the amended Privacy Act. That position reflects the relative sensitivity that individuals generally have in terms of their credit information. However, the new legislation does strike a balance between the heightened sensitivity of individuals in this context and the value of credit information to organisations that provide credit to individuals. 16.86 The changes to the credit reporting provisions move the Australian regime from a negative credit reporting system to a ‘more

comprehensive’ credit reporting system. Under the negative reporting system the main types of personal information that could be used in the [page 335] system were ‘information about a credit provider having sought a credit report in relation to an applicant for credit, the amount of credit sought in the application, the individual’s current credit providers (if any), and information about any credit defaults (a term that was specifically defined)’. Under the ‘more comprehensive’ approach the following categories of personal information can also be used within the credit reporting system: the date the credit account was opened; the type of credit account opened; the date the credit account was closed; the current limit of each open credit account; and repayment performance history about the individual. 16.87 It is important to note though that in order to reflect the lifecycle of credit information, Pt IIIA (Credit reporting) of the amended Act recognises four categories of credit-related information. The four categories are ‘credit information’, ‘credit reporting information’, ‘credit eligibility information’ and ‘regulated information’. The term ‘credit information’ is used to define the personal information that credit providers collect about individuals and disclose to credit reporting bodies such as Veda and Dun & Bradstreet. Credit reporting information is that information provided by credit reporting bodies to credit providers. It comprises all of the relevant credit information collected by a reporting body concerning an individual together with any credit worthiness (for example, credit scoring or credit assessment information) the body derives from the ‘raw’ credit information it holds. In turn, credit eligibility information comprises the credit reporting information that a credit provider receives from a reporting body plus any information about an individual’s credit worthiness that a credit provider derives from the credit reporting information that it receives.

In some cases, credit providers disclose credit reporting information or credit eligibility information to other parties in the usual course of business. For example, a bank may disclose those types of information to a mortgage insurer. In such cases, this information (while it has not changed form) is referred to as ‘regulated information’ for the purposes of the amended Act due to the fact that it is has been disclosed to a party that is not a credit reporting body or a credit provider (that is, the two primary participants in the credit reporting system). The parties described above and the information types that flow between them are depicted in the diagram below. [page 336]

Source: Explanatory Memorandum to the Privacy Amendment (Enhancing Privacy Protection) Bill 2012 (Cth).

The Act imposes differing obligations on the various parties mentioned above. For the reasons mentioned at 16.84, this section will focus on the obligations of credit providers.

Who is a credit provider? 16.88 The definition of the term ‘credit provider’ under the amended Act is a broad one. The definition is a composite one that is contained in ss 6G–6K. Examples of credit providers are: banks; other organisations where a substantial part of the organisation’s business is the provision of credit; and other organisations which provide credit to their clients in connection with the sale of goods and services where repayment (in full or part) of the amount of the credit is deferred for at least seven days.

16.89 The term ‘credit’ is defined as ‘a contract, arrangement or understanding under which: (a) payment of a debt owed by one person to another person is deferred; or (b) one person incurs a debt to another person and defers the payment of the debt’. The term ‘credit information’ is comprehensively defined to mean: Credit information about an individual is personal information (other than sensitive information) that is: (a) identification information about the individual; or (b) consumer credit liability information about the individual; or (c) repayment history information about the individual; or (d) a statement that an information request has been made in relation to the individual by a credit provider, mortgage insurer or trade insurer; or (e) the type of consumer credit or commercial credit, and the amount of credit, sought in an application: (i) that has been made by the individual to a credit provider; and (ii) in connection with which the provider has made an information request in relation to the individual; or (f) default information about the individual; or

[page 337] (g) (h) (i) (j) (k)

(l)

payment information about the individual; or new arrangement information about the individual; or court proceedings information about the individual; or personal insolvency information about the individual; or publicly available information about the individual: (i) that relates to the individual’s activities in Australia or the external Territories and the individual’s credit worthiness; and (ii) that is not court proceedings information about the individual or information about the individual that is entered or recorded on the National Personal Insolvency Index; or the opinion of a credit provider that the individual has committed, in circumstances specified by the provider, a serious credit infringement in relation to consumer credit provided by the provider to the individual.

Additional obligations 16.90 Generally, Pt IIIA imposes obligations on credit providers that are additional to those set out in the APPs. However, there are exceptions and, where applicable, the provisions of Pt IIIA clarify the relationship between

it and the APPs. For example, s 21Q(3) provides that APP 10 does not apply to ‘credit eligibility information’. The relationship is described in s 21A(2) as follows: If the credit provider is an APP entity, this Division may apply to the provider in relation to information referred to in subsection (1) in addition to, or instead of, the Australian Privacy Principles.

The EM explains the relationship between the APPs and the credit reporting regime in the following terms: For credit providers, the credit reporting rules apply over the top of the APPs in relation to the kinds of personal information regulated in the credit reporting system. In relation to all other kinds of personal information the APPs will apply.

Information governance 16.91 Section 21B imposes certain information governance obligations on credit providers. Credit providers have a broad obligation to ensure that they implement practices, procedures and systems that will ensure compliance with their legal obligations under Pt IIIA, Div 3 (credit providers) and which will enable the credit provider to deal with inquiries or complaints. Section 21B(3) then requires a credit provider to have a clearly expressed and up-to-date policy about its management of credit information and credit eligibility information. Without limiting the requirement set out in [page 338] s 21B(3), s 21B(4) provides a long list of matters that must be addressed in that policy. A credit provider must take reasonable steps to make the policy available free of charge and in such form as appropriate. A note to s 21B(5) states that ‘a credit provider will usually make the policy available on the provider’s website’. Where a credit provider is also bound by the APPs, s 21B(7) provides that APP 1.3 and APP 1.4 (regarding APP policies) do not apply to credit information and credit eligibility information.

Dealing with credit information 16.92 Section 21C provides that in addition to the obligations set out in APP 5, an organisation which is a credit provider must comply with enhanced disclosure obligations. That is, the organisation must disclose: the details of any credit reporting bodies that it may disclose personal information to (for example, Veda or Dun & Bradstreet); in the organisation’s credit reporting policy, information about how an individual may access their credit eligibility information and how they may seek to correct that information; and in the organisation’s credit reporting policy, information on how an individual may make a complaint and how the credit provider will deal with the complaint. 16.93 A key provision in the legislation is s 21D. Interestingly, the prohibition is not an outright ban on use and disclosure of credit information unlike the prohibition on use and disclosure of credit eligibility information which is set out in s 21G. Section 21D merely prohibits a credit provider from disclosing credit information to a credit reporting body. The prohibition does not apply to other uses and disclosures, which would be governed by the less onerous APPs. A breach of this prohibition makes an organisation liable to a maximum fine of 2,000 penalty units. However, there is an exception. If a credit provider is a member of a prescribed external dispute resolution body and knows or believes that an individual is at least 18 years old, then the credit provider can disclose credit information about the individual to a credit reporting body (for example, Veda or Dun & Bradstreet) which has an Australian link, provided that the information meets certain requirements set out in s 21D(3). Importantly, only a credit provider that is a licensee under the National Consumer Credit Protection Act 2009 (Cth) (NCCP Act) can disclose ‘repayment history information’ to a credit reporting body. Where a disclosure is made, a credit provider must make a note of such disclosure: s 21D(6). [page 339]

A breach of the note-taking obligation in s 21D(6) is a civil penalty provision carrying a maximum fine of 500 penalty units. Where a credit provider would normally be subject to the APPs, s 21D(7) provides that APPs 6 and 8 do not apply to the disclosure of credit information by the provider to a credit reporting body. 16.94 Section 21E provides that if a credit provider discloses default information to a credit reporting body and subsequently the relevant amount is paid, then the credit provider must, within a reasonable period, notify the body that the repayment has been made. A failure to do so attracts a civil penalty of 500 penalty units. 16.95 Subject to one exception, s 21F prohibits any credit provider from providing credit information to a credit reporting body in relation to an individual if there is a ban period in place in respect of that individual. A ‘ban period’ relates to a period where a freeze is in place in relation to the use and disclosure of credit reporting information about an individual who has notified a reporting body about possible identify theft. The purpose of s 21F is to ensure that a credit provider that cannot access credit reporting information during a ban period but nevertheless proceeds to provide credit to an individual (or an individual purporting to be that individual) cannot provide any credit information to a reporting body concerning the applicable credit. The purpose of this provision is to prevent possible contamination or further contamination of an individual’s credit information during a period where identity theft may have occurred. A breach of the provision attracts a civil penalty of up to 2,000 penalty units. There is one exception to this prohibition. A credit provider may contribute credit information in respect of an individual to a reporting body during a ban period provided it has taken steps that are reasonable in the circumstances to verify the identity of the individual.

Dealing with credit eligibility information 16.96 Consistent with s 21D in respect of credit information, s 21G sets out a general prohibition on the use and disclosure of credit eligibility information by a credit provider. However, unlike s 21D, s 21G prohibits the use or disclosure outright (that is, to any person). A breach of that provision attracts a civil penalty of up to 2,000 penalty units. However,

there are exceptions to the general rule. These exceptions are set out in s 21G(2) and (3). 16.97 Section 21G(2) provides a range of exceptions for use of credit eligibility information. The exceptions include use of credit eligibility [page 340] information for consumer credit related purposes, certain permitted purposes (including in connection with commercial credit, securitisation and guarantees) and use required or authorised by law. However, in contrast to the position under APP 6 in relation to ‘mere’ personal information, the use of credit eligibility information for secondary purposes is not permitted. Section 21G(3) provides a range of exceptions to the disclosure of credit eligibility information. These exceptions include: certain permitted disclosures (including where an individual has consented to disclosure to another credit provider; disclosures to a principal where the credit provider is an agent in a credit context; disclosures in connection with securitisation; disclosures to guarantors, mortgage insurers, debt collectors; and cases involving potential assignments of debt); disclosures to related bodies corporate that have an Australian link; disclosures to persons who manage credit arrangements for a credit provider; certain disclosures relating to suspected serious credit infringements; disclosures in connection with a dispute resolution scheme; or the disclosure is authorised by law. The disclosures of credit eligibility information made under s 21G cannot include any repayment history information: s 21G(4). A breach of this provision attracts a civil penalty of up to 2,000 penalty units. There are some exceptions to this prohibition. The prohibition does not apply to disclosures of credit eligibility information containing repayment history information: to a credit provider who is licensed under the NCCP Act; to mortgage insurers; to an enforcement body; authorised by law; or made under an external dispute resolution scheme: see combined effect of s 21G(4) and (5). This prohibition reflects the strict restrictions to the collection, use and disclosure of repayment history information under Pt IIIA of the Act.

Credit reporting bodies are only permitted to collect credit information from credit providers where those providers are allowed to disclose such information under s 21D. Section 21D prohibits a credit provider from disclosing repayment history information to a credit reporting body unless the credit provider is a licensee under the NCCP Act. The aggregate effect of these provisions is to ensure that repayment history information only circulates between licensees under the NCCP Act and credit reporting bodies. A reason for the limitation in this context is that it was thought that it struck a better balance in relation to the privacy of the individual in that the use of repayment history by entities other than the ones mentioned above was unnecessary. It was argued by some stakeholders that access to repayment history [page 341] information (especially a good repayment history) may be used by some as a justification to lend to individuals where new credit was clearly beyond their means. The prohibitions mentioned above were designed to offset this concern because licensees that are subject to the NCCP Act are under responsible lending obligations and therefore would not be legally able to misuse repayment history information in the manner described. 16.98 If a credit provider does make a disclosure under s 21G, it must make a note of such disclosure. A failure to do so attracts a civil penalty of up to 500 penalty units. In terms of the relationship between s 21G and the APPs, s 21G(7) provides that the APPs 6, 7 and 8 do not apply to credit providers in relation to credit eligibility information. Further, where any credit eligibility information comprises a government-related identifier, APP 9.2 does not apply to the credit provider in relation to the information. 16.99 Section 21P deals with the obligations of a credit provider that refuses an application for credit from an individual in their own name or jointly. Essentially, the provision requires the credit provider to notify an individual that the application has been refused based wholly or partly on the credit eligibility information and also to notify the individual of the

name and contact details of the credit reporting body that disclosed the credit reporting information that the credit eligibility information was based on.

Integrity of credit eligibility information 16.100 Section 21Q requires a credit provider to take reasonable steps to ensure that the credit eligibility information that it collects is accurate, up-to-date and complete. The provision also requires a credit provider to take reasonable steps to ensure that the credit eligibility information that it uses or discloses is accurate, up-to-date, complete and relevant having regard to the purpose of such use or disclosure. APP 10 does not apply to credit eligibility information in this context.

Use or disclosure of false or misleading information 16.101 Section 21R provides some general offences in relation to credit information and credit eligibility information. If a credit provider discloses credit information to a credit reporting body under s 21D, or it otherwise uses or discloses credit eligibility information under Div 3 (Credit providers) of Pt IIIA and the applicable information is false or misleading in a material particular, the credit provider commits an offence which attracts a maximum penalty of up to 200 penalty units. [page 342] 16.102 Section 21R also contains some civil penalty provisions which mirror the offence provisions, but provide for higher financial penalties. If a credit provider discloses credit information under s 21D, or uses or discloses credit eligibility information, which is false or misleading in a material particular, it will constitute a breach of a civil penalty provision and attract a penalty of up to 2,000 penalty units.

Quality and security of information 16.103 All credit providers must take such steps that are reasonable in

the circumstances to protect credit eligibility information from: misuse, interference and loss; and from unauthorised access, modification or disclosure. The concept of ‘reasonable steps’ in relation to the security of information will be dealt with in Chapter 17. 16.104 Further, a credit provider that has any credit eligibility information that it no longer needs for any purpose must take reasonable steps to destroy the information or ensure that it is de-identified. This latter requirement does not apply unless the information is required to be retained by or under an Australian law or court/tribunal order. While it may not be necessary to retain credit eligibility information by law, it is certainly the case that such information would necessarily need to be retained on a consumer’s file to support credit decisions made in connection with that file (for example, as part of making reasonable enquiries as to a customer’s financial situation under s 117(1)(b) of the NCCP Act). For credit regulated by the NCCP Act, a customer can request a copy of a preliminary assessment conducted by a licensee into (among other things) their financial situation for up to seven years after an initial quote provided by a credit licensee to the customer. Some institutions may think it prudent to retain the credit assessment in case they need to use it to support, if challenged, their preliminary assessments of the relevant customer’s financial situation. More broadly, they may want to retain it for the purposes of defending or asserting a claim in any external dispute resolution body or any other forum. Organisations that deal with credit eligibility information need to pay careful attention to the security and destruction/de-identification obligations under s 21S as a breach of those obligations attracts a civil penalty of up to 1,000 penalty units. 16.105 Section 21S provides that APP 11 does not apply to a credit provider in relation to credit eligibility information. [page 343]

Access to and correction of information

16.106 Subdivision F of Pt IIIA imposes a range of obligations on credit providers in terms of: providing access to individuals (and persons authorised to assist individuals) to any credit eligibility information about that individual; correcting on its own volition any information where the credit provider is satisfied it is inaccurate, out-of-date, incomplete, irrelevant or misleading having regard to the purpose for which the information is held by the provider; correcting information on request from an individual where it subsequently forms the view that the information is inaccurate, outofdate, incomplete, irrelevant or misleading; consulting with other parties in relation to potentially inaccurate, outofdate, incomplete, irrelevant or misleading information; and providing notices of correction. Again, Subdiv F of Pt IIIA provides a number of exemptions to the application of the APPs. No specific civil penalties are set out in this subdivision.

Credit Reporting Code 16.107 The Privacy (Credit Reporting) Code 2014 (CR Code) is a legislative instrument which is a mandatory code that binds both credit providers and credit reporting bodies. A breach of the CR Code constitutes a breach of the Privacy Act. The CR Code supplements the Privacy Act by providing more detailed requirements about: the types of personal information that credit providers can disclose to a credit reporting body, for the purpose of that information being included in an individual’s credit report; what entities can handle that information; and the purposes for which that information may be handled. Section 13(2)(b) of the Act provides that, among other things, an ‘act or practice of an entity is an interference with the privacy of an individual if … the act or practice breaches the registered CR code in relation to personal information about the individual and the code binds the entity’.

For the purposes of the Privacy Act, ‘an act or practice breaches the registered CR code if, and only if, it is contrary to, or inconsistent with, the code’. [page 344]

ENFORCEMENT Civil penalties 16.108 In relation to credit reporting obligations, the relevant offences and civil penalty provisions have been mentioned, where applicable, in the preceding section. However, it is also worth noting that the Federal Court or the Federal Circuit Court may order an entity to compensate a person for loss or damage (including injury to the person’s feelings or humiliation) where a civil penalty order is made or an offence is committed. In addition, there is a civil penalty provision of general application set out in s 13G. Section 13G provides that an organisation will contravene the Act if: (a) the entity does an act, or engages in a practice, that is a serious interference with the privacy of an individual; or (b) the entity repeatedly does an act, or engages in a practice, that is an interference with the privacy of one or more individuals.

16.109 Among other things, if an act or practice of an organisation breaches an APP in relation to personal information about the individual or an act or practice breaches a provision of Pt IIIA in relation to personal information about the individual, then such an act or practice will amount to an interference with the privacy of an individual. Accordingly, if that interference is serious in relation to one individual or is a repeated interference affecting one or more individuals, the organisation could be subject to a civil penalty of up to 2,000 penalty units. An example of a serious breach of privacy in relation to an individual could be a breach that led to the individual being the subject of identity theft as a result of the unlawful disclosure. An example of a repeated breach would be the failure to ensure reasonable steps were taken to secure personal information on multiple occasions or in relation to a large

number of individuals.

Complaints and investigations 16.110 An individual may complain to the Commonwealth Privacy Commissioner (Commissioner) about an act or practice that may be an interference with the privacy of the individual. There are also provisions that permit representative complaints. The Commissioner will investigate an act or practice if the act or practice ‘may be an interference with the privacy of an individual’ and the complaint has been made under s 36. Section 41 provides a long list of circumstances in which the Commissioner may decide not to investigate a matter. In addition, however, the Commissioner must not investigate a matter if a complaint has not first been made to the respondent, unless the Commissioner [page 345] forms the view that it was not appropriate for the complainant to first complain to the respondent. The Commissioner may also, on his or her own initiative, investigate an act or practice that may be an interference with the privacy of an individual or a breach of APP 1 and the Commissioner thinks that it is desirable that the investigation occurs. The Commissioner must make a reasonable attempt to conciliate the complaint in certain circumstances. A range of provisions in the Act deal with the progression of a complaint through the resolution framework set out in the Act, including provisions concerning: the investigation; hearings; power to obtain information and documents; power to examine witnesses; and conduct of compulsory conferences. 16.111 After investigating a complaint, the Commissioner may, among other things: make a determination dismissing the complaint; declare that the respondent engaged in conduct constituting an interference with privacy of an individual; declare that the complaint should be compensated for loss or damage; or declare that a respondent must take specific steps within a specified period to ensure that certain conduct is not repeated or

continued. After investigating a matter on the Commissioner’s own initiative under s 40(2), the Commissioner may also make declarations of a like kind. Interestingly, s 55 provides as follows: If the determination [made by the Commissioner] applies in relation to an organisation or small business operator, the organisation or operator: (a) must not repeat or continue conduct that is covered by a declaration included in the determination under sub-subparagraph 52(1)(b)(i)(B) or paragraph 52(1A)(a) [declarations that the respondent must not repeat or continue conduct]; and (b) must take the steps that are specified in a declaration included in the determination under subparagraph 52(1)(b)(ia) or paragraph 52(1A) (b) within the specified period [declaration that the respondent must take specified steps to ensure that conduct is not repeated or continued]; and (c) must perform the act or course of conduct that is covered by a declaration included in the determination under subparagraph 52(1) (b)(ii) or paragraph 52(1A)(c) [declarations about redressing loss or damage].

16.112 Section 55A(1) provides that a determination may be enforced by the Federal Court or the Federal Circuit Court on application by the complainant or the Commissioner. The court is to deal with the matter by way of a hearing de novo or a full new hearing, although there is provision to receive evidentiary certificates and other information from the Commissioner. A court may make such orders as it thinks fit if it is satisfied [page 346] that a person or entity to which the determination applies has engaged in conduct that constitutes an interference with the privacy of an individual.

Other powers of the Commissioner 16.113 The Commissioner has powers to monitor the security and accuracy of information held by an entity that is information to which Pt IIIA applies. The Commissioner also has powers to examine the records of an entity to ensure that they are not using information to which Pt IIIA applies for unauthorised purposes and are taking reasonable steps to prevent the unlawful disclosure of such information. The Commissioner

has power to do all things necessary or convenient to be done for or in connection with such monitoring. 16.114 The Commissioner also has the power to conduct an assessment of a range of matters relating to the APPs, including: whether personal information held by an organisation is being maintained and handled in accordance with the APPs or a related binding code; and whether information held by an organisation is being maintained and handled in accordance with the provisions of Pt IIIA or a related binding code. The Commissioner may conduct such assessments in such manner as he or she thinks t. 16.115 In addition to these powers, the Commissioner has the power to accept an enforceable undertaking given by an organisation in respect to compliance with the amended Act. If an enforceable undertaking is breached, the Commissioner has the ability to have the order enforced by a court.

CONCLUSION 16.116 The Privacy Act has a significant impact on the manner in which organisations, including financial services organisations, collect and manage personal information. A good understanding of, and compliance with, the laws is essential for these organisations to maintain the trust of the individuals whose personal information they handle. Indeed, it will also be important, more broadly, in terms of the reputation that an organisation has in the broader community. However, complying with the laws will not always be a straightforward task. Novel situations will arise that will pose challenges in terms of the application of the laws. In order to successfully address issues as they arise, organisations subject to the Act will need to design and implement flexible privacy compliance frameworks which contemplate changes in consumer behaviour and other stakeholders’ expectations as they, and business models, evolve.

1.

See Productivity Commission, Data Availability and Use, 3 November 2016

2. 3.

(viewed 3 November 2016). Productivity Commission, Data Availability and Use, 3 November 2016 (viewed 3 November 2016). P Smith, ‘Commission Data Plan Poses Delivery Questions’, Australian Financial Review, 3 November 2016, p 8. See also J Eyers, ‘Commission Cool on Opening Up Bank Data’, Australian Financial Review, 3 November 2016, p 9.

[page 347]

Chapter 17 Cyber Security Obligations INTRODUCTION 17.1 As the term suggests, cyber security (or information security) relates to the steps that, in this case, financial services organisations take in order to protect the security, integrity and availability of information and information systems. This chapter will discuss laws relating to cyber security in that context.1 The European Union has recently passed a Directive which will impose specific cyber security obligations on the entities subject to it.2 However, there are no Australian civil laws of general application that specifically [page 348] govern cyber security.3 There are laws of general application that impose obligations on organisations from a cyber security perspective. Laws that have application in respect of cyber security issues include the Privacy Act 1988 (Cth); laws concerning directors’ duties; contract law; and consumer protection laws. Other laws also play, or potentially play, roles in this context. For example, both the law relating to continuous disclosure4 and copyright5 may apply to circumstances or events that arise in the cyber security environment. This chapter will outline key laws that apply in the cyber security context and identify the potential liability arising in these cases. Prior to discussing the laws mentioned above, it is necessary to outline the context in which these laws will be interpreted and applied. This is necessary because, in many cases, the threat environment in which most organisations operate will have a bearing on legal outcomes. That is, the nature and substance of an organisation’s legal rights and obligations in a cyber security context will frequently be conditioned by the risk or threat

environment within which they are developed, interpreted or otherwise applied. 17.2 The criminal laws that apply to cybercrime will not be discussed in any detail in this chapter. A criminal prosecution will generally involve an organisation making a complaint to police concerning an alleged cyber incident. The police will then investigate that matter if resources permit. If the investigation confirms that a cybercrime may have been committed, the police then may prepare a brief for prosecutors to consider. A trial may or may not follow; much will depend on the strength of the available evidence and also whether or not the alleged perpetrator can actually be identified. Even if this is possible, the perpetrator may not be subject to the laws of Australia. For example, the alleged perpetrator [page 349] may reside in a foreign jurisdiction that has no extradition treaty with Australia. Even where a treaty exists, complex rules regarding dual criminality and other issues usually arise.6 Overall, once a criminal complaint has been made, the organisation is effectively a subordinate actor in the process. Once a complaint is lodged with police, the matter is out of the organisation’s hands. In addition to having an interest in seeing that cybercriminals are brought to justice, the main legal concern7 of organisations and directors will be whether the cyber security incident has implications under civil laws. 17.3 This chapter is divided into sections examining the following topics: the threat environment within which organisations operate; the main legal issues that arise from a cyber security perspective; and the issues relating to the law of evidence.

THE THREAT ENVIRONMENT WITHIN WHICH ORGANISATIONS OPERATE

17.4 There are many threats to cyber security.8 Recent high profile attacks include those against Target Corporation9 and the Ashley Madison website.10 However, cyber attacks against financial services organisations are also a regular occurrence.11 Broadly speaking, the threats arise due [page 350] to vulnerabilities associated with humans12 and/or machines.13 While the category of threats may not have changed much over the last decade or so,14 there are a number of reasons why the level of risk has increased significantly: We are producing much more data than ever before.15 The increased levels of data mean more resources need to be utilised to store and secure it. Put simply, the size of the target (or the attack surface) is constantly increasing. Not only are information systems growing in number and size, they are also being opened up to end users at an increasing rate. This is a result of the ‘mobile’ revolution. As a consequence of the explosion in mobile computing, we are witnessing a shift from more homogenous technology environments within organisations to diverse technology ecosystems, which presents additional cyber security challenges. These developments are being exacerbated by the trend toward allowing users to bring their own device to work and permit those users to interconnect to the corporate environment. In this context, any lack of security at ‘the node’16 or device level (that is, the user and the user’s device) becomes an issue that the organisation needs to very carefully manage. Finally, both the number and sophistication of cyber attacks are increasing.17 It is worth developing this last point further. 17.5 Cyber attacks fall into two categories: commodity attacks and noncommodity (or targeted) cyber attacks.18 The term ‘commodity [page 351]

attacks’ is an expression used to describe the commoditisation of tools used to attack cyber targets. These can be characterised as ‘off-the-shelf’ tools that people with very little technological skill could use to launch a cyber attack. In the main, though, such attacks are easier to defend against, when compared to the steps needed to protect against or prevent targeted attacks carried out by sophisticated parties. Non-commodity or targeted attacks have a very different profile. They involve highly skilled people or teams of people working collaboratively towards a common purpose. These persons can include ‘hacktivists’. A hacktivist is a person who uses computers and computer networks as a means of protest to promote social or political agendas.19 Some hacktivist groups can cause significant disruption to a targeted organisation’s operations. However, by far the greatest security challenge facing an organisation is how to manage risk associated with cyber attacks launched by, or with the support of, organised crime groups or nation states.20 Another issue that organisations need to be mindful of when developing cyber security risk management frameworks is that that they will not always be aware that their cyber security has been breached. In providing testimony to the Energy and Commerce Committee of the United States House of Representatives, Mr Richard Bejtlich (Chief Security Strategist of FireEye Incorporated) stated that:21 The median amount of time from an intruder’s initial compromise, to the time when a victim learns of a breach, is currently 205 days, as reported in our 2015 M-Trends report. This number is better than our 229 day count for 2013, and the 243 day count for 2012. Unfortunately, it means that, for nearly 7 months after gaining initial entry, intruders are free to roam within victim networks. [Footnotes omitted]

Organisations need to contemplate these statistics when developing their response to cyber security threats. Of course, not all cyber security breaches will go undetected for long periods of time. In some cases, the [page 352] perpetrators of such attacks will make the breach known to the public. Take, for example, the attacks that Sony was subjected to in connection with the release of the movie The Interview22 and the attacks targeting the

Ashely Madison website.23 In these cases, an organisation needs to move rapidly to address the actual breach and also the publicity and reputational issues that are associated with the incident. 17.6 This brief discussion only touches on some of the threats to cyber security, but the point is they are highly diverse, real and increasing. It is against this backdrop that we will examine the laws relating to cyber security.

CYBER SECURITY AND THE LAW 17.7 The main legal issues that will be discussed in this context are as follows:24 privacy law; directors’ duties; data breach notification laws; contract law; law of negligence; consumer protection laws; class actions; copyright and cyber security; laws concerning a concept known as active defence; and the ePayments Code. These laws are discussed in turn below.

Privacy law 17.8 The Privacy Act 1988 (Cth) (Privacy Act) imposes key securityrelated obligations on organisations. The relevant provisions of the Act relate to the security of data and the de-identification of data. [page 353]

Security provisions

17.9 The relevant security provisions are Australian Privacy Principles (APP) 11.1 (security of personal information) found in Sch 1 and s 21S(1) (security of credit eligibility information) of the Act. Where an organisation holds personal information, APP 11.1 provides that the organisation must: … take such steps as are reasonable in the circumstances to protect the information: (a) from misuse, interference and loss; and (b) from unauthorised access, modification or disclosure.

Similarly, s 21S(1) provides that if an organisation holds certain creditrelated information, it must: … take such steps as are reasonable in the circumstances to protect the information: (a) from misuse, interference and loss; and (b) from unauthorised access, modification or disclosure.25

The ‘reasonable steps’ test 17.10 What then is required in order to discharge the obligation to take ‘such steps as are reasonable in the circumstances to protect the information’? As I have observed elsewhere,26 the approach taken in relation to assessing what is required under a ‘reasonable steps’ test is to refer to the particular circumstances of the case with the assessment being made by reference to the circumstances as they were at the relevant time a step was taken, rather than with the benefit of hindsight. The Australian Privacy Principles guidelines (APP guidelines) issued by the Office of the Australian Information Commissioner (OAIC) state that: What is reasonable is a question of fact in each individual case. It is an objective test that has regard to how a reasonable person, who is properly informed, would be expected to act in the circumstances. What is reasonable can be influenced by current standards and practices. It is the responsibility of an APP entity to be able to justify that its conduct was reasonable. In a related context, the High Court has observed that whether there are “reasonable grounds” to support a course of action “requires the existence of facts which are sufficient to [persuade] a reasonable person”; it “involves an evaluation of the known facts, circumstances and considerations which may bear

[page 354] rationally upon the issue in question”. As that indicates, there may be a conflicting range of objective circumstances to be considered, and the factors in support of a conclusion should

outweigh those against. [Citations omitted]27

At a minimum, in a cyber security context, the circumstances that should be considered in determining the applicable standard include: the threat environment within which the organisation operates; the scale and complexity of the business and its operations; the organisation’s resources, including the expertise it has available to it; prevailing industry standards; the relevant risks that need to be addressed and the probability that adverse events may occur; the gravity of the harm an individual (that is, a data subject) could suffer if a step was not taken; and the cost associated with addressing those risks. A ‘reasonable steps’ test does not impose strict liability. The focus is on process. If the correct process is in place, it should follow that the correct (or reasonable) step was taken in relation to the secure management of personal information. What is required in order to ensure compliance with privacy law is an effective privacy governance and due diligence regime. At the highest level, this means accountability and ownership of privacy issues must reside in one executive or an appropriately constituted committee of executives. That executive or committee would be responsible for ensuring that the organisation understood all relevant risks associated with the security of personal information, so that appropriate steps could be taken to manage those risks. [page 355] Other functions would include the oversight of the development of an appropriate governance and organisational structure (including human resources) for managing security issues. The responsible executive would also be in charge of ensuring the development and ongoing maintenance of effective policies, procedures, controls and training. It would also need to make sure that compliance and audit processes were put in place and that periodic reviews of privacy issues were conducted.

The review process would assist in identifying any weaknesses in the compliance or control framework so that those issues could be addressed. The process would also enable the organisation to consider the extent to which they require engaging the assistance of external experts to assist in addressing the matters set out above. Assuming all the relevant governance and organisational structures are in place and appropriately qualified persons are employed (or engaged as contractors) to manage operational aspects of security, then effective decisions can be made about the plethora of security issues that need to be managed at an operational level, including whether all the resources, systems, processes and technologies used within the organisation are fit for the purpose, given the risk profile of the organisation. 17.11 In his recent joint report with the Privacy Commissioner of Canada, the Australian Privacy Commissioner found that Avid Life Media (ALM), the parent company of the Ashley Madison dating website which had its cyber security breached, breached APP 1.2 and APP 11.1 (take reasonable steps to implement practices, procedures and systems relating to the entity’s functions or activities) in three key respects, being:28 a.

b.

c.

documented information security policies or practices, as a cornerstone of fostering a privacy and security aware culture including appropriate training, resourcing and management focus; an explicit risk management process — including periodic and proactive assessments of privacy threats, and evaluations of security practices to ensure ALM’s security arrangements were, and remained, fit for purpose; and adequate training to ensure all staff (including senior management) were aware of, and properly carried out, their privacy and security obligations appropriate to their role and the nature of ALM’s business.

[page 356] To address the findings in the joint report, ALM has entered into an Enforceable Undertaking under s 33E of the Privacy Act. Under the enforceable undertaking, ALM is required to do all of the following:29 1. 2.

ALM undertakes to, by 31 December 2016, conduct a comprehensive review of the protections it has in place to protect personal information. ALM undertakes to, by 31 May 2017, augment its information security framework to an appropriate level, and implement that framework.

3. 4.

5.

ALM undertakes to, by 31 May 2017, adequately document the framework referred to in paragraph 2 and its information security processes generally. ALM undertakes to take steps to ensure that staff are aware of and follow security procedures, including developing an appropriate training program and delivering it to all staff and contractors with network access (the Commissioner notes that ALM has reported completion of this recommendation). ALM undertakes to, by 31 July 2017, provide the OAIC with a report from an independent third party documenting the measures it has taken to come into compliance with the above recommendations, or provide a detailed report from a third party certifying compliance with a recognised privacy/security standard satisfactory to the OAIC.

The joint investigation is instructive for two principal reasons. First, it demonstrates the extent to which even relatively substantial organisations that rely heavily on networked information systems do not address what many would consider cyber security fundamentals. Second, it shows that the key to good cyber security is good information governance frameworks. Third, it illustrates the long arm of privacy law. While ALM did not have a physical presence in Australia, because it conducts marketing in Australia, targets its services directly to Australian residents and collects information from people in Australia, it therefore ‘carries on business in Australia’ and has an ‘Australian link’ for the purposes of s 5B(3) of the Privacy Act. 17.12 In summary, what is required in this context is an approach that gives paramountcy to strategic issues and organisational process so that, through an effective governance and due diligence process, an organisation will be well-placed to ensure that tactical and operational steps that are taken every day with respect to the management of personal [page 357] information are ‘reasonable’. In this sense, the approach advocated is a top-down approach. Of course, the nature of the steps that will need to be taken by any given organisation will depend on the factors mentioned in 17.10. If an organisation takes the steps advocated above, then the prospects of a breach of the law occurring will be significantly diminished. It is acknowledged that the approach discussed above would need to be

adjusted to suit the circumstances of the given organisation. Nevertheless, the general approach would hold true regardless of the nature and scale of the organisation.

Consequence of a breach 17.13 If an organisation breaches its obligations under APP 11.1 or s 21S, there could be a number of consequences, including the Privacy Commissioner making an adverse finding against the organisation, the imposition of a maximum fine of 2,000 penalty units for a breach of APP 11.130 or a maximum fine of 1,000 penalty units for a breach of s 21S. See Chapter 9 for more details. In addition, if a breach or an allegation of a breach were to receive media attention, the organisation would also need to manage the associated reputational issues.31

Directors’ duties 17.14 To the extent that an organisation relies in any material way on information systems to support its commercial endeavours, directors have a key role to play in ensuring effective oversight of cyber security-related matters.32 Despite this, it has been reported that the Australian Securities and Investments Commission believes that boards are underprepared for cyber threats.33 This section will explain how this obligation arises [page 358] at law. Among other things, a director must comply with s 180(1) of the Corporations Act 2001 (Cth) (Corporations Act). That section provides as follows: A director or other officer of a corporation must exercise their powers and discharge their duties with the degree of care and diligence that a reasonable person would exercise if they: (a) were a director or officer of a corporation in the corporation’s circumstances; and (b) occupied the office held by, and had the same responsibilities within the corporation as, the director or officer.

17.15 There is much case law regarding the scope of a director’s duty under this provision, but for present purposes it is convenient to refer to

the decision of Australian Securities and Investments Commission v Healey [2011] FCA 717. In that case, Middleton J observed that:34 Directors are required to take reasonable steps to place themselves in a position to guide and monitor the management of the company. A director must become familiar with the fundamentals of the business in which the corporation is engaged; a director is under a continuing obligation to keep informed about the activities of the corporation; directorial management requires a general monitoring of corporate affairs and policies …

17.16 The use of the term ‘fundamentals’ in the passage clearly indicates matters that are ‘essential’ or ‘primary’. In circumstances where data is widely recognised as a very valuable asset of both organisations and customers, and given the fact that most if not all of this data is stored in and processed across networked information systems, it is arguable that cyber security is a ‘fundamental’ of any business in the sense referred to above; fundamental in the sense that cyber security is essential to protect this valuable and highly sensitive data. The next issue of relevance that Middleton J refers to is that ‘a director is under a continuing obligation to keep informed about the activities of the corporation’. Again, this reinforces the view that directors should ensure that they keep informed about cyber security matters, being one ‘fundamental’ of a modern organisation. This obligation could be discharged, for example, by the directors ensuring that the security governance and due diligence processes are implemented, as discussed in 17.10 and 17.11. Further, directors should ensure they receive a periodic report on cyber security matters. Where appropriate, directors should ensure that [page 359] executive management prepare and present briefings on cyber security issues impacting the organisation to the full board and/or the board risk committee on a periodic basis. Such steps would also enable directors to establish that they satisfy the last element mentioned in the passage cited above. That is, that ‘directorial management requires a general monitoring of corporate affairs and policies’. This process would allow the board to challenge and test executives regarding the principal security issues impacting the

organisation.

CONSEQUENCE OF A BREACH 17.17 A breach of s 180(1) is a civil penalty provision for the purposes of the Corporations Act.35 A breach of a civil penalty provision attracts a maximum penalty of $200,000 for individuals.36 It may also lead to compensation orders against a director or officer under s 1317H if a corporation or registered scheme suffers loss as a result of breach of the care and diligence obligation under s 180(1). The Corporations Act also provides that injunctions and other orders (including compensation orders in favour of any person) may be made under s 1324. Disqualification orders could also be imposed under s 206C.

Data breach notification laws The evolution of data breach laws 17.18 A number of foreign jurisdictions have enacted data breach laws. Australian entities that process personal information in connection with such overseas jurisdictions are likely to be subject to those laws. Those laws require an entity that suffers a data breach to notify data subjects whose personal information may have been compromised as a result of that breach.37 Broadly, the key elements of these laws are: there is a breach involving personal information; which needs to be notified to relevant parties according to a specified threshold (for example, serious risk of harm), subject to any exceptions; and the notification needs to occur within a specified timeframe. [page 360] 17.19 The state of California in the United States was the first jurisdiction to introduce laws of this kind.38 The relevant California law

provides as follows: 1798.82. (a) A person or business that conducts business in California, and that owns or licenses computerized data that includes personal information, shall disclose a breach of the security of the system following discovery or notification of the breach in the security of the data to a resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

17.20 Essentially the Californian law requires an owner or licensee of personal information to notify any Californian resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorised person.39 17.21 More limited laws apply in the United Kingdom. Currently, those breach notification laws are limited to ‘service provider’, being a provider of a public electronic communications network or a public electronic communications service.40 However, laws of broader application are currently being negotiated in the European Union. It is intended that these laws will apply across the European Union upon commencement. Under the proposed laws a data controller (a much broader concept than ‘service provider’ mentioned above)41 would need to notify data subjects of a data breach in certain circumstances. The current draft of those laws is set out below:42 The draft Regulation provides that the data subject needs to be informed if the breach is likely to result in: “a high risk for the rights and freedoms

[page 361] of individuals, such as discrimination, identity theft or fraud, financial loss, damage to reputation, unauthorized reversal of pseudonymisation (a procedure where identifying data is replaced with pseudonyms or artificial identifiers in such a way that data can no longer be attributed to a specific data subject), loss of confidentiality of data protected by professional secrecy or any other significant economic or social disadvantage”.

It is contemplated that there will be exceptions to this obligation. It is reported that the proposed exceptions will take the following form where: The data controller has implemented appropriate technological and organisational protection measures and those measures were applied to the data affected by the personal data breach, in particular those that render the data unintelligible to any person who is not authorised to access it, such as encryption.

The data controller has taken subsequent measures which ensure that the high risk for the rights and freedoms of data subjects is no longer likely to materialise. It would involve disproportionate effort, in particular owing to the number of cases involved. In such cases, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner. It would adversely affect a substantial public interest.43

Australian developments 17.22 The introduction of mandatory data breach notification laws was recommended by the Australian Law Reform Commission in its report concerning privacy law.44 There are currently proposals to introduce similar laws in Australia by the end of 2016.45

Other laws requiring notification of data breaches 17.23 Aside from any mandatory data breach notification regime which may be enacted in Australia, there are circumstances where an organisation may currently need to disclose a data breach under Australian law. First, under the continuous disclosure regime set out in Ch 6CA of the Corporations Act, if an entity suffers a cyber event such as Sony [page 362] Corporation did in 201146 and Target Corporation did in 2013,47 then it may have to make a disclosure of that event if information concerning that event is not generally available and a reasonable person would consider it to be price sensitive.48 An obligation to make a disclosure under the continuous disclosure regime may also arise in a merger and acquisition context if hackers gain access to otherwise confidential information relating to a proposed merger or acquisition which would otherwise not need to be disclosed.49 Second, a further obligation to disclose a data breach event may arise under s 912D of the Corporations Act which imposes an obligation on financial services organisations to disclose to the Australian Securities and Investments Commission any significant breaches of certain provisions of the Corporations Act.50 If a financial services licensee was the victim of a

cyber attack and this was significant for the purposes of s 912D of the Corporations Act, the entity would need to disclose that matter to the regulator.51 Finally, an organisation may also be under a contractual obligation to another party to disclose any breaches of cyber security which do, or are likely to affect, the other party. Such provisions are common in many types of contractual arrangements.

Contract law Expressing the obligations 17.24 Contract law plays a significant risk allocation role in the implementation of any organisation’s security strategy or program. However, there are a number of issues that need to be effectively managed in this context. These issues are discussed below. 17.25 First, in negotiations concerning security issues, parties often debate at length the appropriate contractual standard to be adopted in the applicable contract. The options available include the adoption of a ‘reasonable steps’ obligation or a strict or absolute liability obligation. Another frequently adopted option is to impose strict liability on one [page 363] party, but make that obligation subject to specific exceptions (such as a force majeure provision). 17.26 Second, in addition to the contractual standard issue mentioned above, parties to a contract need to determine the content of the obligation. That is, the parties need to specify the steps that the relevant party is required to take in accordance with a reasonable steps standard, strict liability standard or otherwise. Obviously, the nature of the contract and the cyber security risks that relate to the contract will necessarily condition the content of the obligations set out in a contract. However, good starting points for

drafting purposes do exist. Two examples of documents that can be used as a basis for, or a reference for developing, bespoke contractual specifications, are the ISO/IEC 27001 (Information Security Management)52 and the PCI Data Security Standards.53 However, care needs to be taken. In some cases the documents are not an ideal fit for the circumstances of the particular transaction. Care needs to be taken to adapt, tailor or supplement them so that they are appropriate for the relevant transaction. Parties sometimes also find it desirable to have a cyber security obligation certified or audited by a specialist independent expert to provide assurance. 17.27 A further issue that arises in contract settings relates to apportionment legislation. Under that legislation the liability under a contractual provision of one party to another can, in certain circumstances, be reduced (including to zero per cent) if a third party was the actual cause of the loss. This may be the case even if a contract seeks to impose strict liability on a party. This is relevant as in cyber security cases it inevitably follows that the primary harm was caused by an unknown hacker. In such cases, the liability of the actual counterparty can be significantly discounted leaving a party who suffers loss out of pocket. Some apportionment legislation allows parties to contract out of the regime,54 but it is often difficult to persuade a party upon whom obligations are imposed (for example, the party who assumes security-related obligations) to agree to exclude the operation of apportionment legislation by contractual agreement.

Cloud agreements 17.28 The terms ‘cloud’ and ‘cloud technologies’ refer to the computing resources which are provided by a third party and which are available [page 364] over the Internet. Put another way, the terms refer to the practice of using a network of remote computer servers hosted on the Internet to store, manage and process data for an organisation or a consumer, rather than store, manage and process data on a local server or a personal computer.

17.29 Cloud technologies provide a range of benefits in terms of flexibility and efficiency, but organisations need to take care in managing the risks associated with them. Again, the contract between the service provider and the corporate customer will need to address a number of key issues. For example, will data be encrypted and, if so, to what standard? Will the arrangement allow for penetration testing or other third party security testing? What level of reporting will be provided in relation to alerts generated by intrusion detection systems? How will liability be addressed? Industry standards are starting to emerge that will assist in addressing a range of questions that arise in this context.55 17.30 For example, in a second round submission to the Financial Services Inquiry, Microsoft refers to 10 Safe Cloud Principles which it believes ‘will provide a useful contribution towards the creation of a unified, condensed and clarified set of best practices [in relation to the use of] cloud’.56 The 10 Safe Cloud Principles are as follows: 1.

2.

3.

Service provider reputation and competence — FIs [Financial Institutions] must carry out, and CSPs [Cloud Service Providers] must assist in facilitating, a risk assessment and due diligence on the CSP to ensure that the CSP and its Cloud Services meet the legal, regulatory, contractual and business requirements. FIs should have in place a risk management plan that includes measures to address the risks associated with the use of Cloud Services. Review, monitoring and control — Compliance does not end at signature of the contract. CSPs must provide regular reporting and information to demonstrate continued compliance with the legal, regulatory, contractual and business requirements throughout the duration of the contract. FIs and CSPs must meet regularly to review the reports and performance levels. The contract must provide for an effective mechanism for remedial actions arising from any issues that emerge or non-compliance. Audit — CSPs must provide FIs and applicable Financial Regulators with audit rights.

[page 365] 4.

5.

Confidentiality and certified security standards — CSPs must be certified to have and maintain robust security measures and comprehensive security policies that meet or exceed international standards (ISO27001 accreditation should be a minimum). CSPs should use encryption technology that meets or exceeds international standards to protect and secure the FI’s Data at all times. Resilience and business continuity — The Cloud Service must be reliable. CSPs must have an effective business continuity plan with appropriate service availability, recovery and resumption objectives and with regularly tested and updated procedures and systems in place to meet those objectives. The risks of downtime should be minimised through good

planning and a high degree of system resilience. 6. Data location and transparency — CSPs must disclose exactly where Data will be located. FIs should ensure that the government policies, economic and legal conditions of the identified locations are safe and stable. 7. Limits on data use — CSPs should not use FI’s Data for any purpose other than that which is necessary to provide the Cloud Service. The contract should prevent CSPs from using FI Data for any secondary purpose at all times. 8. Data segregation/isolation — FI Customer Data must be segregated from other Data held by the CSPs. CSPs must be able to identify the FI’s Customer Data and at all times be able to distinguish it from other Data held by the CSP. 9. Conditions on subcontracting — CSPs may only use subcontractors if the subcontractors are subject to equivalent controls as the CSP. 10. Conditions on termination — FIs must have appropriate exit provisions in the contract with the CSP. To the extent that the FI requires, on termination, the CSP must work with the FI to return the FI’s Data to the FI and then the CSP must permanently delete the Data from the CSP’s systems. Any Data that does not need to be returned to the FI must be permanently deleted by the CSP.

17.31 While the focus of these principles is on how financial services organisations manage risks associated with cloud services, they can be adopted and adapted for broader use. Considered in conjunction with other matters such as those set out in 17.25–17.27, the 10 Safe Cloud Principles constitute a useful guide to identifying and managing risk associated with cloud services. Other guidelines which organisations may find of assistance when entering into cloud-related contracts include the European Commission’s ‘Cloud Service Level Agreement Standardisation Guidelines’.57 [page 366]

Law of negligence 17.32 The law of negligence provides a remedy to a plaintiff if they can prove that the defendant: owed the plaintiff a duty of care; breached the duty of care; and caused the damage complained of.58 17.33 The law has the potential to provide a remedy for a person who incurs loss as a result of a breach of cyber security in two scenarios. First,

if the person’s property is damaged as a result of a cyber attack (for example, servers rendered useless or data being encrypted in a ransomware attack59) and this gives rise to consequential economic loss. The plaintiff would need to prove each of the three elements described above in order to recover loss. Self-evidently, the perpetrator of the attack would be theoretically liable under the law of negligence, but identifying the person and commencing proceedings against that person will invariably be difficult. Therefore, a party may look to others in order to recover loss under the law of negligence. The types of parties that may be subject to these actions could include operators of data centres in which a plaintiff’s IT assets reside and cyber security firms who provide services to a plaintiff. Obviously, any contract between the parties may alter or modify any liability which may potentially arise in negligence. A second situation where the law of negligence may provide a remedy is where a plaintiff suffers pure economic loss but its IT assets themselves are not subject to, or damaged by, a cyber attack. In contrast to consequential economic loss, pure economic loss refers to financial loss which occurs without the plaintiff’s person or property being damaged.60 In this scenario, it is also likely that the defendant would not have any specific knowledge of the individual claimant (although the class of persons potentially affected by the cyber attack may be ascertainable). The loss would arise in this scenario due to the plaintiff’s information processing capability being adversely affected as a consequence of a cyber attack that damages IT assets which do not belong to the [page 367] plaintiff. For example, an organisation which is part of a supply chain may suffer an IT outage due to the failure of a data centre operator to take reasonable care to protect the IT assets of another organisation which has its IT assets housed in the data centre. That organisation may have an action in negligence directly against the data centre operator under the first scenario described above and other participants in the supply chain may have an action in negligence against the data centre operator for any loss they suffer as they are members of an ascertainable class.61 Liability for

pure economic loss under this second scenario is difficult to prove and has been the subject of many court cases. The courts are very careful to protect against the so-called ripple effect. In Perre v Apand Pty Ltd [1999] HCA 36 at [112] McHugh J described the issue in these terms: The problem of the “ripple effect” means that the courts must be careful in using constructive knowledge to extend the class to whom a duty is owed. It would not be wise, or perhaps even possible, to set out exhaustively when it would be permissible to rely on constructive knowledge. Speaking generally, however, it may be necessary to draw a distinction between using constructive knowledge to identify those within a class who are primarily affected by the defendant’s negligence (the first line victims) and using constructive knowledge to identify those who have suffered economic loss purely as the result of economic loss to the first line victims. That is, as a general rule, no duty will be owed to those who suffer loss as part of a ripple effect. Ordinarily, it will be an artificial exercise to conclude that, before acting or failing to act, the defendant should have contemplated the interests of those persons who suffer loss because of the ripple effect of economic loss on the first line victims. While the defendant might reasonably foresee that the first line victims might have contractual and similar relationships with others, it would usually be stretching the concept of determinacy to hold that the defendant could have realistically calculated its liability to second line victims.

The following paragraphs will explore the principles that apply in cases involving pure economic loss that are incurred in connection with a cyber security event. 17.34 As a general rule, the law of negligence does not provide a remedy for pure economic loss (that is, where loss or damage is not a consequence of damage to the plaintiff’s person or property). The basis of this exclusion was explained in Bryan v Maloney [1995] HCA 17 at [7] where Mason CJ, Deane and Gaudron JJ made the point that the law will generally not impose a duty to take reasonable care to protect [page 368] another person from pure economic loss due to its concern to avoid the imposition of liability ‘in an indeterminate amount for an indeterminate time to an indeterminate class’. In Perre v Apand Pty Ltd [1999] HCA 36 at [94] McHugh J observed that: [T]he most helpful approach to the duty problem is first to ascertain whether the case comes within an established category. If the answer is in the negative, the next question is, was the harm which the plaintiff suffered a reasonably foreseeable result of the defendant’s acts or omissions? A negative answer will result in a finding of no duty. But a positive answer invites

further inquiry and an examination of analogous cases where the courts have held that a duty does or does not exist. The law should be developed incrementally by reference to the reasons why the material facts in analogous cases did or did not found a duty and by reference to the few principles of general application that can be found in the duty cases. [Footnotes omitted]

In Woolcock Street Investments Pty Ltd v CDG Pty Ltd [2004] HCA 16 the High Court amplified the applicable principles and explained that ‘damages for pure economic loss are not recoverable if all that is shown is that the defendant’s negligence was a cause of the loss and the loss was reasonably foreseeable’.62 Something more is required in order to establish a duty of care in pure economic loss cases. In pure economic loss cases, the ‘salient features’ of the case must combine ‘to constitute a sufficiently close relationship to give rise to a duty of care owed to a [plaintiff] … for breach of which it might recover its purely economic loss’.63 The High Court in Woolcock Street Investments Pty Ltd v CDG Pty Ltd [2004] HCA 16 and other cases has indicated which ‘salient features’ will have a significant bearing on whether a duty of care is imposed in pure economic loss cases. The courts have rejected the notion of proximity as a control mechanism and instead examine the salient features of the case to determine whether a duty should be imposed. Among other things, the courts look to see whether the loss was reasonably foreseeable and consider whether the imposition of a duty would result in an indeterminate liability. Other salient features that the court will have regard to include:64 [page 369] knowledge — knowledge that damage to specific physical assets or infrastructure would be ‘inherently likely to produce economic loss’;65 vulnerability — ‘the vulnerability of the plaintiff has emerged as an important requirement in cases where a duty of care to avoid economic loss has been held to have been owed. “Vulnerability”, in this context, is not to be understood as meaning only that the plaintiff was likely to suffer damage if reasonable care was not taken. Rather, “vulnerability” is to be understood as a reference to the plaintiff’s inability to protect itself from the consequences of a defendant’s want of reasonable care, either entirely or at least in a

way which would cast the consequences of loss on the defendant’;66 and assumption of liability and reliance — in some other cases involving pure economic loss ‘reference has been made to notions of assumption of responsibility and known reliance. The negligent misstatement cases like Mutual Life & Citizens’ Assurance Co Ltd v Evatt (1968) 122 CLR 556; (1970) 122 CLR 628 and Shaddock & Associates Pty Ltd v Parramatta City Council (No 1) (1981) 150 CLR 225 can be seen as cases in which a central plank in the plaintiff’s allegation that the defendant owed it a duty of care is the contention that the defendant knew that the plaintiff would rely on the accuracy of the information the defendant provided’.67 As noted in 17.33 above, it is possible to foresee circumstances when a party or parties may be able to make out a duty of care under the law of negligence where a breach of cyber security occurs. For example, an organisation operating a data centre might fail to take reasonable steps to ensure that the cyber security associated with the data centre was adequate. In such a case, the data centre operator could owe a duty of care to an ascertainable class of persons (being the persons who rely on other persons who use the data centre to have information processing capability as part of a supply chain) having to protect against economic loss based on the salient features of knowledge and reliance. Further, a cyber security firm may, on behalf of a company that has data or applications operating in the cloud, conduct penetration testing68 on the networks or computer systems comprising the cloud and negligently cause an outage that affects others parties (for example, other users of [page 370] the applicable cloud infrastructure). In such cases the salient features of knowledge and vulnerability may be made out. Of course, assuming a duty of care could be made out, the content or the standard of the duty would have to be determined on a case-by-case basis. Finally, it must be emphasised that a duty of care may not be imposed

where the party arguing for the imposition of the duty could have protected itself via contractual means. In cases where a party can protect itself, or has the opportunity to protect itself, from the relevant loss through a contract, a duty of care may not arise because vulnerability could have been avoided. The High Court provided one example of this concept in Woolcock Street Investments Pty Ltd v CDG Pty Ltd [2004] HCA 16 at [23] where it observed that: In Esanda Finance Corporation Ltd v Peat Marwick Hungerfords [(1997) 188 CLR 241], the financier could itself have made inquiries about the financial position of the company to which it was to lend money, rather than depend upon the auditor’s certification of the accounts of the company.69

If any party is contemplating an action for negligence to recover pure economic loss, it needs to carefully consider the role or the potential role contract could have played in protecting its interests before commencing an action. This principle may represent a material constraint in many cases, including cases of the type discussed in the first scenario outlined in 17.33 above. However, its application is likely to be much more limited in cyber security cases of the kind described in the second scenario discussed in 17.33.

Consumer protection laws 17.35 The potential role that consumer protection laws can play in relation to cyber security should not be underestimated. Broadly speaking, the operation of the laws cannot be excluded by contract. The key provision that is relevant in this context is s 18 of the Australian Consumer Law (ACL). That section provides as follows: A person must not, in trade or commerce, engage in conduct that is misleading or deceptive or is likely to mislead or deceive.

17.36 The operation of this provision, and related provisions,70 was discussed in Chapter 12. The salient points to recall are that if an [page 371] organisation makes a statement and it is misleading as a matter of fact and a person suffers loss in reliance on that statement, then that party may

recover that loss from the entity that made the applicable statement (and anyone involved in the contravention).71 The provision above is relevant for present purposes due to the fact that during the course of a commercial relationship between parties it is foreseeable that representations will be made from time to time regarding the quality, features or benefits of certain security measures that a party has in place or is able to put in place for the benefit of a counterparty or other parties (for example, a counterparty’s customers). This may occur in a business-to-business context, where for example one party makes statements to the other regarding how secure its information systems are. Such a statement may induce the counterparty to enter an agreement with the maker of the statement. In a business-to-consumer context, an organisation may make statements in its marketing material or even in its privacy policy about the security measures it has in place to protect any personal information it collects. If any of these statements are misleading or false, either the responsible regulator (which will generally be the Australian Competition and Consumer Commission) or an affected consumer may take action under the legislation mentioned above. In addition, a further issue that arises under consumer protection laws relates to warranties. If a financial services organisation provides a warranty in a contract concerning security (or any other thing for that matter) and that warranty is found to be misleading (that is, incorrect as a matter of fact), then that could constitute misleading conduct for the purposes of s 1041H of the Corporations Act or s 12DA of the Australian Securities and Investments Commission Act 2001 (Cth) (ASIC Act).72 17.37 It is also important to note in this context that any liability under the relevant provisions may also be moderated by the operation of applicable proportionate liability regimes.73 The operation of this apportionment regime cannot be excluded by contract.

Class actions 17.38 Class actions have become a feature of cyber security or data breach proceedings in overseas jurisdictions, especially in the

[page 372] United States. This is because the class action is a useful vehicle for aggregating a large number of what can sometimes be low value claims. A feature of cyber or data breaches is that in many cases the loss or injury suffered is non-pecuniary or otherwise not capable of being calculated with a sufficient degree of certainty. To date, there have been no class actions relating to cyber security in Australia. However, the potential for these types of proceedings to be commenced in Australia warrants discussion. Although such a class action is more likely should mandatory data breach notification laws be introduced in Australia,74 it would seem that, in time, this is inevitable whether or not such laws are introduced. 17.39 A class action may be commenced under federal or state court rules75 or be commenced as a representative complaint under s 38 of the Privacy Act. A key requirement will be for a lead plaintiff (and for members of the class) to be able to show some form of loss arising out of the alleged cyber or data breach. It should be noted unless a breach arose out of a failure to comply with the continuous disclosure requirements under the Corporations Act, then the market-based causation principles that I have discussed elsewhere76 (which facilitate class actions) will not be engaged. 17.40 Developments in the United States have operated to inhibit class action for data breaches (at least class action that culminate in a court judgment). In the United States Supreme Court decision in Clapper v Amnesty International USA 133 S Ct 1138 (2013) (Clapper), the court held that respondents did not have standing to commence court proceedings if they could not show actual loss or show that future loss or injury was ‘certainly impending’.77 Since the decision in Clapper,78 commentators have indicated that United States ‘courts have dismissed the vast majority of data breach class actions’.79 [page 373] 17.41 In the recent United Kingdom case of Google Inc v Vidal-Hall

[2015] EWCA Civ 311 (Google) one of the issues was whether plaintiffs can claim for damages under s 13 of the Data Protection Act 1998 (UK) without also having to prove pecuniary loss.80 The United Kingdom Court of Appeal held that claimants could indeed claim for damages for distress without also having to prove that they also suffered pecuniary loss.81

Damages under Privacy Act 17.42 The Australian position would seem to fall on the Google, rather than the Clapper, side of the line. However, this will be dependent on the cause of action brought in the proceedings. After investigating a complaint made under the Privacy Act, the Privacy Commissioner, among other things, may make a determination under s 52(1)(b) that includes: … (ii) a declaration that the respondent must perform any reasonable act or course of conduct to redress any loss or damage suffered by the complainant; (iii) a declaration that the complainant is entitled to a specified amount by way of compensation for any loss or damage suffered by reason of the act or practice the subject of the complaint; …

Section 52(1AB) of the Privacy Act defines damages for the purposes of s 52(1)(b) as follows: (1AB) The loss or damage referred to in paragraph (1)(b) … includes: (a) injury to the feelings of the complainant or individual; and (b) humiliation suffered by the complainant or individual.

It is clear that injury for anxiety or distress (which was the focus of the Google case) may fall into the scope of the definitional section immediately above. In Rummery and Federal Privacy Commissioner [2004] AATA 1221 the Administrative Appeals Tribunal overturned a determination of the Privacy Commissioner and held that: We find that Mr Rummery is entitled to an amount by way of compensation for the loss or damage suffered by him by reason of the breach of his privacy by the respondent. In this case, the damage suffered is the injury to Mr Rummery’s feelings and the humiliation suffered by him.82

[page 374]

The tribunal awarded the applicant $8,000 in damages for the injury to his feelings and the humiliation suffered by him.83 In more recent determinations the Privacy Commissioner has in separate cases awarded $7,50084 and $8,50085 to complainants for injuries to feelings and for humiliation caused by the relevant respondent’s conduct. These amounts are not inconsistent with amounts that have been awarded for breaches of privacy in other jurisdictions. In the Canadian case of Jones v Tsige 2012 ONCA 32 the Court of Appeal for Ontario awarded the plaintiff $10,000 for distress, humiliation or anguish arising out of a tort of invasion of privacy.86 In that case the court observed that: … damages for intrusion upon seclusion in cases where the plaintiff has suffered no pecuniary loss should be modest but sufficient to mark the wrong that has been done.87

17.43 What is unclear is what the Privacy Commissioner, a tribunal or a court would award in damages in the Privacy Act for data breaches. However, even a modest amount of say $500 or $1,000 per claimant would amount to a substantial sum in aggregate if a large number of claimants was involved.

Damages under other laws arising out of a data breach 17.44 As alluded to above, damages for a failure to comply with the continuous disclosure regime would be calculated on a market-based approach. It is unclear whether claims for damages would succeed under contract law for anxiety or distress. The general position is that awards are not made under contract for anxiety or distress unless the contract itself is a contract providing peace of mind or freedom from distress.88 If circumstances permit, an argument that a particular contract concerning, among other things, the security of a service or data provided by an organisation could fall within the scope of this exception. Likewise, this may enable damages for anxiety or stress to be claimed in an action based on misleading conduct under s 1041H of the Corporations Act or [page 375]

s 12DA of the ASIC Act if there was evidence that a representation had been made to provide peace of mind.89 No tort of invasion of privacy currently exists under Australian law,90 however, if it did it is likely that damages in relation to distress or anxiety claims would be dealt with in a similar way to that discussed in 17.42.

Copyright and cyber security 17.45 While it may not be a feature of many texts dealing with cyber law, it is important to understand the obligations that arise under copyright law in this context. The law strictly controls the manner in which copyright material can be dealt with. Unless an activity falls within a specific statutory exception, the relevant activity will breach the Copyright Act 1968 (Cth).91 The Copyright Act contains a number of provisions that govern the manner in which specific cyber security activities can be carried out without contravening the law. Section 47F of the Copyright Act provides as follows: (1) Subject to this Division, the copyright in a literary work that is a computer program is not infringed by the making of a reproduction or adaptation of the work if: (a) the reproduction or adaptation is made by, or on behalf of, the owner or licensee of the copy of the program (the original copy) used for making the reproduction or adaptation; and

[page 376] (b) the reproduction or adaptation is made for the purpose of: (i) testing in good faith the security of the original copy, or of a computer system or network of which the original copy is a part; or (ii) investigating, or correcting, in good faith a security flaw in, or the vulnerability to unauthorised access of, the original copy, or of a computer system or network of which the original copy is a part; and (c) the reproduction or adaptation is made only to the extent reasonably necessary to achieve a purpose referred to in paragraph (b); and (d) the information resulting from the making of the reproduction or adaptation is not readily available to the owner or licensee from another source when the reproduction or adaptation is made. (2) Subsection (1) does not apply to the making of a reproduction or adaptation of a computer program from an infringing copy of the computer program.

Note that the term ‘computer program’ has the meaning provided in

the expanded definition set out in s 47AB as opposed to the narrower definition set out in s 10 of the Act. 17.46 In Software AG (Australia) Pty Ltd v Racing & Wagering Western Australia [2009] FCAFC 36 at [67] the Full Court of the Federal Court observed, after referring to a relevant Explanatory Memorandum, that: … the copying predominantly envisaged by s 47F is that generated by, amongst others, decompilation or disassembly processes undertaken so as to test the security of the original copy or to investigate or correct security flaws in the original copy … In this connection we observe that the problem to which security testing in s 47F is directed is the need, without it constituting infringement, ‘to test [a computer program’s] security to protect [it] against abuse (or “hacking”) and viruses’.

17.47 While this decision is no doubt correct in terms of the circumstances in which it was being considered in the case, it reflects a narrow description of the rights contained in the applicable provision. Section 47F(1)(b)(i) allows reverse engineering of the relevant program92 for the purposes of ‘testing in good faith the security … of a computer system or network of which the original copy is a part’. Section 47F(1)(b)(ii) permits security testing for the purpose of ‘investigating, or correcting, in good faith a security flaw in, or the vulnerability to [page 377] unauthorised access of, the original copy, or of a computer system or network of which the original copy is a part [emphasis added]’.93 Of course, such testing can only be conducted to the extent necessary94 and where the applicable information is not available from another source.95 17.48 The Copyright Act also permits the acts described in 17.47 to be undertaken even if an access control technological protection measure, such as encryption, is applied to the underlying computer program. A technological protection measure is defined in s 10 of the Act to mean: … a device, product, technology or component (including a computer program) that: (a) is used in Australia or a qualifying country: (i) by, with the permission of, or on behalf of, the owner or the exclusive licensee of the copyright in a work or other subject-matter; and

(ii) in connection with the exercise of the copyright; and (b) in the normal course of its operation, controls access to the work or other subject-matter; but does not include such a device, product, technology or component to the extent that it: (c) if the work or other subject-matter is a cinematograph film or computer program (including a computer game) — controls geographic market segmentation by preventing the playback in Australia of a non-infringing copy of the work or other subject-matter acquired outside Australia; or (d) if the work is a computer program that is embodied in a machine or device — restricts the use of goods (other than the work) or services in relation to the machine or device.

Under s 116AN(1) of the Act, an owner or exclusive licensee of a copyright work can bring an action against a person if: (a) the work or other subject-matter is protected by an access control technological protection measure; and (b) the person does an act that results in the circumvention of the access control technological protection measure; and (c) the person knows, or ought reasonably to know, that the act would have that result.

[page 378] The same conduct can amount a criminal offence under s 132APC(1) of the Act. However, ss 116AN(1) and 132APC(1) do not apply in the following circumstances:96 (a) the person circumvents the access control technological protection measure to enable the person to do an act; and (b) the act: (i) relates to a copy of a computer program that is not an infringing copy; and (ii) will not infringe the copyright in the computer program; and (iii) will be done for the sole purpose of testing, investigating or correcting the security of a computer, computer system or computer network; and (iv) will be done with the permission of the owner of the computer, computer system or computer network.

Cyber security personnel need to keep the copyright provisions discussed above in mind when planning and conducting security testing.

Active defence 17.49 Another issue that organisations need to consider when designing and implementing cyber security risk management plans, is the legal issues regarding what is described as active defence.97 This cyber security

philosophy reflects the old adage that in some cases the best form of defence is attack. Active defence can encompass a range of activities, including: honey pots — decoy systems designed to lure intruders to a controlled environment from which to observe their behaviour; disinformation campaigns and data obfuscation — distributing false information in ways in which the perpetrator is likely to obtain it; altering malicious code used in an attack to assist the victim; and offensive cyber hacks into the intruder’s computer to identify stolen digital assets (or otherwise disable the intruder’s computer system).98 17.50 Active defence, especially in relation to any form of counter strikes of the type mentioned in the last bullet point above, can raise a range of legal issues, including: [page 379] trespass at common law for an intentional interference with another party’s chattels, such as a computer system. For example, a claim may be brought by a party who is inadvertently targeted during the deployment of active defence techniques; liability under negligence laws for failing to take reasonable care to avoid causing loss to the party that owns the target systems; and criminal liability, including where an innocent bystander’s systems are compromised while a party is engaged in active defence, but not limited to that situation.99 17.51 Ultimately, the laws that may apply will depend on the laws of the jurisdictions in which the target systems reside and whether action can meaningfully be taken against a party engaging in active defence. Extradition issues may also be relevant in this context.

ePayments Code

17.52 The ePayments Code governs consumer electronic payment transactions. Subscribers to the code are generally banks, credit unions and building societies. It is a voluntary code overseen by the Australian Securities and Investments Commission.100 Among other things, the ePayments Code contains provisions concerning the security of pass codes used to authorised electronic payments. The code contains the following security-related provisions: subscribers to the code are required to provide specific guidelines to customers summarising security guidelines relating to pass codes;101 customers will be liable for transactions if they voluntary disclose pass codes to another person or fail to take reasonable steps to protect the security of devices or pass codes used to access electronic banking;102 a subscriber must provide a warning to a customer that they must not use their date of birth or alphabetical pass code that is a recognisable part of their name;103 [page 380] where a subscriber authorises particular conduct or expressly or implicitly promotes certain conduct (including the use of aggregator services), then the user will not breach pass code security requirements if they engage in that conduct.104 The ePayments Code requires subscribers to include the relevant provisions of the code in their contracts with customers. A breach of the code will therefore have contractual force. In some cases, a breach may also raise potential issues concerning misleading or deceptive conduct. A customer is also able to make a complaint to an external dispute resolution body such as the Financial Ombudsman Service or Credit and Investments Ombudsman if they believe a subscriber has breached a term of the code.

Insurance 17.53 Obviously, in light of the risks that are evident in cyber space,

organisations can take out insurance cover to protect against cyber security events. The demand for such cover is growing.105 Unsurprisingly, the main issues in obtaining cover will be the scope of the cover, the level of the cover and the premium that needs to be paid for the cover.

EVIDENCE 17.54 If an organisation is subject to a cyber attack, it is critical to gather all reliable evidence. Reliable evidence will be necessary irrespective of whether a civil matter or criminal complaint is contemplated. An organisation should develop and maintain an appropriate framework for the management of IT evidence,106 including the use of specialised tools as appropriate.107 17.55 It would be difficult to take civil action against another party (including an employee) in the absence of satisfactory evidence. Another reason for identifying reliable evidence would be to put the organisation in a position to understand whether it had breached any obligations that it may owe to others. Conversely, it may also allow it to identify [page 381] whether an obligation owed to the organisation may have been breached by another party. 17.56 As discussed in the introduction to the chapter, an organisation may have grounds for making a complaint to the police. It is very unlikely that the police will investigate an incident unless the information provided to them or available to them is of sufficient weight to make out a case. This is particularly important in criminal cases as the standard of proof is extremely high (that is, beyond all reasonable doubt). The collection of reliable evidence will also be important if the cyber event originated internally. 17.57 The process of identifying, preserving, analysing and presenting digital evidence in a forensically acceptable manner is a task that often requires expert assistance.108 An organisation should ensure that it understands the issues in this context and is able to respond appropriately

should digital evidence need to be identified and managed for legal purposes.109

CONCLUSION 17.58 Cyber security is a fundamental issue that financial services organisations need to carefully manage. Appropriate steps need to be taken to ensure that organisations comply with the requirements set out [page 382] in the Privacy Act and to ensure that directors can demonstrate that they have complied with their duties. Organisations will often rely on contracts in assisting them to manage the legal, commercial and technical risks associated with cyber security issues. However care needs to be taken to ensure that these contracts are drafted in a manner which suits the applicable purpose. Organisations also need to be mindful of the role that laws prohibiting misleading conduct play to ensure that legal risk is appropriately managed. More novel issues concerning class actions, copyright and active defence need to be addressed where necessary. Finally, organisations need to ensure that they have policies and processes in place to identify and quarantine electronic evidence which can be used to support legal analysis of what may have occurred in a cyber event.

1. 2.

See also N Gifford, Information Security — Managing the Legal Risks, CCH, Sydney, 2009. See the Directive on Security of Network and Information Systems (the NIS Directive), adopted by the European Parliament on 6 July 2016. The Directive entered force in August 2016. Member states have 21 months from August 2016 to pass domestic laws implementing the Directive and a further six months to identify organisations that are to be subject to those laws. See other global developments: see Blake Morgan, ‘Update on the Network and Information Security Directive’, 16 July 2015 (viewed 24 October 2016) (certification required for: 1. boundary firewalls and internet gateways; 2. Secure configuration; 3. Access controls; 4. Malware protection; and 5. Patch management in connection with UK government contracts under the UK Cyber Essentials scheme). A range of

3.

4.

5. 6. 7. 8.

9.

10.

11. 12.

13.

14.

standards are also emerging which reflect best practice. See for example Australian Securities and Investments Commission (ASIC), Cyber Resilience: Health Check, Report No 429, March 2015 (viewed 24 October 2016); Federal Financial Institutions Examination Council (US), ‘Cybersecurity Assessment Tool’, June 2015 (viewed 24 October 2016); National Institute of Standards and Technology, ‘Framework for Improving Critical Infrastructure Cybersecurity’, Version 1.0, 21 February 2014 (viewed 24 October 2016); and Irish Central Bank, ‘Cross Industry Guidance in Respect of Information Technology and Cybersecurity Risks’, 13 September 2016 (viewed 24 October 2016). However, the Australian Prudential Regulation Authority maintains a close dialogue with regulated entities concerning cyber security as well as reviewing standards as part of its supervisory activities. It has also issued guidance: ‘CPG 234 — Management of Security Risk in Information and Information Technology’, May 2013 (viewed 24 October 2016). The Australian Securities and Investments Commission (ASIC) has also issued guidance in this context, Cyber Resilience: Health Check, Report No 429, March 2015 (viewed 24 October 2016). A particularly serious breach of security adversely affecting the data of a large number of customers could require a disclosing entity to disclose that fact to the market if it were pricesensitive information and no exclusion applied: see L Gamertsfelder, Corporate Information and the Law, 2nd ed, LexisNexis Butterworths, Sydney, 2016 at 1.15 for an example of how continuous disclosure laws may impact a disclosing entity in a cyber security context and 5.60ff for more information about continuous disclosure laws generally. For example, s 47F of the Copyright Act 1968 (Cth) permits reproduction of computer programs for security testing purposes. See the Extradition Act 1988 (Cth) for the requirements that must be met before Australia can make or accept an extradition request. Of course, cyber incidents will also have major reputational implications for organisations but those issues are beyond the scope of this chapter. Sophos Ltd, Security Threat Trends 2015 (viewed 24 October 2016). See also note 2 above: ASIC, section B and Appendix 1; Federal Financial Institutions Examination Council (US); National Institute of Standards and Technology. See for example N Bertrand, ‘Here’s What Happened to Your Target Data that Was Hacked’, Business Insider Online, 21 October 2014 (viewed 2 November 2016). See for example M O’Neill and B Anderson, ‘Ashley Madison Hack Proves We’re Dating in the Dark When it Comes to Online Security’, ABC News Online, 27 July 2015 (viewed 24 October 2016). See also L B Baker and J Finkle, ‘Sony PlayStation Suffers Massive Data Breach’, 26 April 2011 (viewed 24 October 2016); and B Krebs, ‘Phishers Spoof Google’, Sydney Morning Herald, 4 January 2013 (viewed 24 October 2016). J Eyers, ‘Banks Brace for More Cyber Attacks’, Australian Financial Review, 6 September 2016 (viewed 24 October 2016). For example, phishing, social engineering attacks on employees or betrayal by employees. See Sophos Ltd, note 8 above at 1; M Papadakis, ‘Betrayal The Biggest Threat to Data Security, says Cyber Sleuth Mcafee’, Australian Financial Review, 27 August 2015 (viewed 24 October 2016). Including the usual suspects, such as exploits at the application level (for example, SQL injection or attacks exploiting Java vulnerabilities) or attacks against machines using IP or SMS spoofing. See for example ‘Part B — Risk Areas’ in L Gamertsfelder, R McMillan, A Handelsmann and

15. 16. 17.

18. 19. 20.

21.

22. 23. 24.

25. 26. 27.

28.

P Hourigan, E-Security, Lawbook Co, Sydney, 2002. See Chapter 1 of this book. With acknowledgment to Emeritus Professor Bill Caelli (a global cyber security expert) who has long emphasised the security vulnerabilities at the ‘node’. See for example Sophos Ltd, note 8 above; see also T Pullar-Strecker, ‘Leaked, Stolen Data Leaps by 40%’, Sydney Morning Herald, 14 December 2012 (viewed 24 October 2016) and L Timson, ‘One Data Breach a Week: Australia’, Sydney Morning Herald, 30 April 2012 (viewed 24 October 2016). See L Timson, ‘Dell Beefs Up Security’, Sydney Morning Herald, 14 December 2012 (viewed 24 October 2016). See Wikipedia, ‘Hactivism’ (viewed 24 October 2016). See for example E Chan, ‘Cyber Gang Busted for Infecting 11m PCs and Stealing $US850m’, Sydney Morning Herald, 12 December 2012 (viewed 24 October 2016). See also Sophos Ltd, ‘Security Threat Report 2013’ (viewed 24 October 2016) at 28–9. R Bejtlich, ‘Statement for the Record: Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the US House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations Understanding the Cyber Threat and Implications for the 21st Century Economy, March 3, 2015’ (viewed 24 October 2016) cited in Adrian McCullagh, ‘Part 1 — Security and Privacy: Know Your Regulator’, ODMOB Law, 30 September 2015. A Altman and A Fitzpatrick, ‘Everything We Know About Sony, The Interview and North Korea’, Time, 17 December 2014 (viewed 24 October 2016). See O’Neill and Anderson, note 10 above. Note that some industries are subject to specific regulations regarding cyber security issues. Relevant entities need to consider these requirements in managing cyber risk and associated issues. For example, a number of standards issued by the Australian Prudential Regulation Authority (APRA) apply to activities in the financial services sector. These standards include Prudential Standard CPS 231 — Outsourcing which is supplemented by the APRA Outsourcing Guide, the APRA Data Risk Guide and the APRA Security Guide. Note where s 21S of the amended Privacy Act applies (that is, in relation to credit eligibility information), it excludes the operation of APP 11.1: s 21S(3). See for example Gamertsfelder, note 4 above at [5.16]. See Office of the Australian Information Commissioner, Australian Privacy Principles Guidelines, revised 31 March 2015 (viewed 24 October 2016) at B.105 citing Jones v Bartlett [2000] HCA 56 at [57]–[58] per Gleeson CJ; Bankstown Foundry Pty Ltd v Braistina [1986] HCA 20 at [12] per Mason, Wilson and Dawson JJ (what is reasonable can be influenced by current standards and practices); George v Rockett (1990) 170 CLR 104 at 112 per Mason CJ, Brennan, Deane, Dawson, Toohey, Gaudron and McHugh JJ (whether there are ‘reasonable grounds’ to support a course of action ‘requires the existence of facts which are sufficient to [persuade] a reasonable person’); and McKinnon v Secretary, Department of Treasury (2006) 228 CLR 423 at 430 per Gleeson CJ and Kirby J (whether there are reasonable grounds to support a cause of action ‘involves an evaluation of the known facts, circumstances and considerations which may bear rationally upon the issue in question’). Office of the Privacy Commissioner of Canada and Office of the Australian Information Commissioner, ‘Joint investigation of Ashley Madison by the Privacy Commissioner of Canada and the Australian Privacy Commissioner and Acting Australian Information Commissioner’, 23 August 2016 (viewed 24 October 2016).

29.

30.

31.

32.

33. 34. 35. 36. 37. 38.

39. 40.

41.

42. 43. 44. 45.

46. 47. 48. 49.

50. 51.

See enforceable undertaking offered by Avid Life Media Inc to the Australian Information Commissioner, which was accepted by the Commissioner on 22 August 2016 (viewed 24 October 2016). See s 13G of the Privacy Act. Section 4AA of the Crimes Act 1914 (Cth) currently provides that one penalty unit means an amount of $180. Commencing 1 July 2018, penalty units will be subject to the triennial indexation regime set out in s 4AA(3) of the Crimes Act. Section 4B(3) allows a court to increase a pecuniary penalty for body corporates by an amount not to exceed five times the amount of the maximum pecuniary penalty that can be imposed on a natural person. For an example of a data breach which had clear adverse reputational implications, see Baker and Finkle, note 10 above. See also the discussion of the incident involving TJX Companies Inc in M Jackson and M Shelly, Electronic Information and the Law, Thomson Reuters, Sydney, 2012 at [6.30]. This notion has been reflected in the media more generally: see for example the discussion of the role of the board of directors in A Palin, ‘Espionage and Sabotage in the Virtual World’, 19 May 2013 (viewed 24 October 2016). J Eyers, ‘ASIC says Boards Underprepared for Cyber Threat’, Sydney Morning Herald, 13 September 2016 (viewed 24 October 2016). Australian Securities and Investments Commission v Healey [2011] FCA 717 at [166]. See Corporations Act s 1317E. However, the contravention would need to be, among other things, serious: Corporations Act s 1317G. See Jackson and Shelly, note 31 above at [6.150]. The state of California in the United States was the first jurisdiction to do so in 2003: see SB 1386, Cal Civ Code 1798.29 and 1798.80ff. Forty-seven states in the United States have now enacted similar laws (viewed 24 October 2016). See Jones Day, ‘California Adds More Teeth to Its Data Breach Notification Law’, October 2014 (viewed 24 October 2016). See regs 1 and 5 of the Privacy and Electronic Communications (EC Directive) Regulations 2003, and reg 5A of the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011. A ‘data controller’ under s 1 of the Data Protection Act 1998 (UK) ‘means … a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed’. Holman Fenwick Willan, ‘Approach Agreed on New Data Protection Regulation, July 2015’ (viewed 24 October 2016). See See note 42 above. See Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, Report 108 (2008) Recommendation 51-1. R Pearce, ‘Government Pushes Ahead with Data Breach Notification Scheme’, Computerworld, 26 August 2016 (viewed 29 September 2016). See Baker and Finkle, See note 10 above. See See note 9 above. See note 4 above at [5.60]ff for a discussion about the continuous disclosure regime. See I R Liew, ‘Cyber Risk Poses Increased Threat in Mergers and Acquisitions’, Australian Financial Review, 31 August 2015 (viewed 24 October 2016). See also note 4 above at [5.60]ff. See Corporations Act s 912D. See also ASIC, ‘Cyber Resilience: Health Check’, Report 429, March 2015

52. 53. 54. 55. 56.

57. 58.

59.

60. 61. 62. 63. 64.

65. 66. 67. 68.

69. 70. 71. 72. 73. 74.

75. 76. 77.

(viewed 24 October 2016) at 13. Wikipedia, ‘ISO/IEC 27001: 2013’ (viewed 24 October 2016). To access the PCI Data Security Standards visit (viewed 24 October 2016). See for example Civil Liability Act 2002 (NSW) s 3A(2). Interview with cyber security expert, Mr David Reeves, 24 May 2015. See Attachment (Safe Cloud Principles for the Financial Services Industry) to Microsoft Pty Ltd, ‘Australian Financial System Inquiry: Response to request for further submissions,’ August 2014, Second Round Submissions (viewed 2 November 2016). European Commission, ‘Cloud Service Level Agreement Standardisation Guidelines’, 24 June 2014 (viewed 24 October 2016). Note that the law of negligence has been codified by statute in most jurisdictions — see for example Civil Liability Act 2002 (NSW) ss 5B–5D and cognate legislation, but the courts continue to be guided by the common law when considering relevant principles arising under these statutes. Ransomware refers to malicious software which is designed to prevent users accessing a computer system (for example, by encrypting the entire hard drive) until a sum of money is paid to the perpetrator. C Sappideen, P Vines, H Grant and P Watson, Torts: Commentary and Materials, 10th ed, Lawbook Co, Sydney, 2009 at [10.05]. See Fortuna Seafoods Pty Ltd v The Ship ‘Eternal Wind’ [2005] QSC 4 for an analogous situation. Woolcock Street Investments Pty Ltd v CDG Pty Ltd [2004] HCA 16 at [21] per Gleeson CJ, Gummow, Hayne and Heydon JJ. Woolcock Street Investments Pty Ltd v CDG Pty Ltd [2004] HCA 16 at [22]. Note that other cases have referred to up to 14 ‘salient features’ one should have regard to in assessing whether a duty of care should be imposed in pure economic loss cases: see for example Caltex Refineries (Qld) Pty Ltd v Stavar [2009] NSWCA 258 at [102]–[105] per Allsop J referred to with approval in Makawe Pty Ltd v Randwick City Council [2009] NSWCA 41 at [17]. Woolcock Street Investments Pty Ltd v CDG Pty Ltd [2004] HCA 16 at [22]. Woolcock Street Investments Pty Ltd v CDG Pty Ltd [2004] HCA 16 at [23]. See also Perre v Apand Pty Ltd [1999] HCA 36. Woolcock Street Investments Pty Ltd v CDG Pty Ltd [2004] HCA 16 at [24]. Penetration testing is specialised security testing which seeks to penetrate or access a network or computer system to validate its security or otherwise identify ways in which the security of the network or system could be enhanced. See also Brookfield Multiplex Ltd v Owners Corporation Strata Plan 61288 [2014] HCA 36. Comparable provisions are contained in Corporations Act s 1041H and ASIC Act s 12DA. See for example Competition and Consumer Act 2010 (Cth) ss 236 and 237. See Accounting Systems 2000 (Developments) Pty Ltd v CCH Australia Ltd [1993] FCA 265. See Competition and Consumer Act 2010 (Cth) s 87CB. See P Gunning and M Saville, ‘Data Breach Class Actions — US Developments and Implications for Australia’, September 2014 (viewed 24 October 2016). For a guide to class action legislation in Australia see M Legg and R McInnes, Annotated Class Actions Legislation, LexisNexis Butterworths, Sydney, 2014. See note 4 above at [5.106]ff. Clapper v Amnesty International USA 133 S Ct 1138 (2013) at 1148. See also ‘Federal Courts

78. 79.

80. 81. 82. 83. 84. 85. 86. 87. 88.

89.

90.

91.

92. 93. 94. 95. 96.

97. 98. 99.

— Clapper v Amnesty International’ (2013) 127 Harvard Law Review 298. Clapper v Amnesty International USA 133 S Ct 1138 (2013). See fn 74 above. Although major cases continue to move through the courts system to varying degrees despite Clapper: see Reuters, ‘Target Agrees to Pay $10 Million To Settle Lawsuit from Data Breach’, 19 March 2015 (viewed 24 October 2016). Google Inc v Vidal-Hall [2015] EWCA Civ 311 at [1]. Google Inc v Vidal-Hall [2015] EWCA Civ 311 at [59]–[105]. Rummery v Federal Privacy Commissioner [2004] AATA 1221 at [35]. Rummery v Federal Privacy Commissioner [2004] AATA 1221 at [56]. ‘D’ and Wentworthville Leagues Club [2011] AICmr 9 (9 December 2011). ‘BO’ and AeroCare Pty Ltd [2014] AICmr 32 (8 April 2014). Jones v Tsige 2012 ONCA 32 at [65]. Jones v Tsige 2012 ONCA 32 at [87]. See Bliss v South East Thames Regional Health Authority [1987] ICR 700 which was approved by the High Court in Baltic Shipping Co v Dillon (The Mikhail Lermontov) (1993) 176 CLR 344. See Steiner v Magic Carpet Tours Pty Ltd (1984) ATPR 45-639; Baxter v British Airways (1988) 82 ALR 298. Note that the United States Federal Trade Commission routinely relies on laws prohibiting unfair and deceptive actions in commerce to uphold the privacy rights of United States consumers: Federal Trade Commission, ‘Enforcing Privacy Promises’ (viewed 24 October 2016). In Lenah Game Meats Pty Ltd v Australian Broadcasting Corporation [2001] HCA 63 the High Court of Australia expressly left open the possibility of recognising a common law right to privacy despite earlier authority to the contrary. Compare Grosse v Purvis [2003] QDC 151; (2003) Aust Torts Reports 81-706, where the elements for the tort were found to be: (1) an intentional act by the defendant; (2) which intrudes upon the privacy of the plaintiff; (3) in a manner which would be considered highly offensive to a reasonable person of ordinary sensibilities; and (4) which causes, among other things, the plaintiff detriment in the form of mental, psychological or emotional harm. It is doubtful that there is any general public interest defence at common law. Mason J indicated moderate support for the concept in Commonwealth v John Fairfax & Sons Ltd [1980] HCA 44 at [50] but Gummow J flatly rejected the notion in Collier Constructions Pty Ltd v Foskett Pty Ltd [1990] FCA 392 at [63] where he stated ‘there is no legislative or other warrant for the introduction of such a concept [that is, the public interest test] into the law of this country … I would hold that in this country there is no such defence known at law’. Including white box reverse engineering where the source code can be viewed. Note that any contractual provision which excludes or limits the rights in s 47F has no effect: Copyright Act s 47H. Copyright Act s 47F(1)(c). Copyright Act s 47F(1)(d). See s 116AN(5) and s 132APC(5) of the Copyright Act respectively. Note that other exceptions apply, including: testing for interoperability (ss 116AN(3) and 132APC(3)); and encryption research (ss 116AN(4) and 132APC(4)). Also known as ‘strike back’ or ‘hack back’. Alston & Bird, ‘Cyber Alert: Legal Issues with Emerging Active Defense Security Technologies’, 11 January 2013 (viewed 2 November 2016). For example under the Criminal Code 1995 (Cth), laws that may apply would include s 474.17 (using a carriage service to menace, harass or cause offences); s 477.3(1) (unauthorised impairment of electronic communications); and s 478.1(1) (unauthorised access to, or modification of, restricted data). These laws came into effect in 2012 in order for Australia to

100.

101. 102. 103. 104. 105. 106. 107. 108.

109.

comply with its obligations as a signatory to the Council of Europe Convention on Cybercrime. Note that 50 countries are signatories to that convention and therefore will have similar laws that may apply in cases where active defence is utilised. For more detail about the ePayments Code, see (viewed 24 October 2016) Clause 8, ePayments Code. Clause 12.2, ePayments Code. Clause 12.5–12.7, ePayments Code. Clause 12.8–12.9, ePayments Code. Y Redrup, ‘AIG, Chubb and Allianz Readying for Flood of Cyber Insurance Requests’, Australian Financial Review, 28 August 2015 (viewed 24 October 2016). See for example Standards Australia, ‘HB 171-2003 Guidelines for the management of IT evidence’, 2003. Such as the specialised IT forensic tools available from NUIX (viewed 24 October 2016). For an overview of the relevant issues see: A Stanfield, Computer Forensics, Electronic Discovery & Electronic Evidence, LexisNexis Butterworths, Sydney, 2009; S Nelson, B Olson and J Simek, The Electronic Evidence and Discovery Handbook, American Bar Association, Chicago, 2006; P Rice, Electronic Evidence: Law and Practice, American Bar Association, Chicago, 2005; R McKemmish, ‘What is Forensic Computing?’, Trends and Issues in Crime and Criminal Justice, Australian Institute of Criminology, No 188, June 1999; and A Gahtan, Electronic Evidence, Carswell, Ontario, 1999. See also cases dealing with electronic evidence generally, including: Australian Securities and Investments Commission v Loiterton [2004] NSWSC 172 (manipulation of dates on digital documents); Hudson Investment Group Ltd v Australian Hardboards Ltd [2005] NSWSC 716 (alteration of dates on documents); Sony Computer Entertainment Aust Pty Ltd v Jakopcevic [2001] FCA 1520 (data recovery); Slick v Westpac Banking Corporation (No 1) [2006] FCA 1711 (data recovery); Ingot Capital Investments Pty Ltd v Macquarie Equity Capital Markets Ltd [2005] NSWSC 1174 (data recovery); Australian Administration Services Pty Ltd v Korchinski [2007] FCA 12 (attempt to overwrite data with large video files); Austress Freyssinet Pty Ltd v Joseph [2006] NSWSC 77 (sensitive data sent to personal email address); and Portal Software v Bodsworth [2005] NSWSC 1179 (identifying attempted use of secure deletion software applications).

[page 383]

Part E Contemporary Developments in Managing Conduct Risk and Remediation

[page 385]

Chapter 18 The Role of Behavioural Insights and Statistics in a Regulatory Context INTRODUCTION 18.1 The aim of this chapter is to highlight the increasing role that behavioural economics or behavioural insights is having in the financial services industry, especially in relation to the supply of services to retail clients. The area draws on a body of work across different fields including finance, economics and psychology.1 Regulators and participants in the industry have been actively seeking to determine the insights that this field of expertise may have in guiding the manner in which firms engage with consumers.2 [page 386] 18.2 This chapter will also outline the role that statistics has played in a recent enforcement case. 18.3 Both behavioural economics and statistics more broadly are fields of expert endeavour. Reliance on them in a regulatory context will from time to time be challenged. Accordingly, it is appropriate to keep in mind the fundamental rules for reliance on expert evidence in a litigious context should that be necessary. The chapter will close with a brief examination of what standards the courts hold experts to when expert testimony is used in proceedings.

BEHAVIOURAL ECONOMICS The approach in the United Kingdom

18.4 In ‘Occasional Paper No 1 — Applying Behavioural Economics at the Financial Conduct Authority’ the Financial Conduct Authority (UK)3 summarised why understanding of behavioural economics is necessary:4 People often make errors when choosing and using financial products, and can suffer considerable losses as a result. Using behavioural economics we can understand how these errors arise, why they persist, and what we can do to ameliorate them. Behavioural economics uses insights from psychology to explain why people behave the way they do. People do not always make choices in a rational and calculated way. In fact, most human decision-making uses thought processes that are intuitive [referred to by experts as System 1 thinking] and automatic rather than deliberative and controlled [referred to as System 2 thinking].5 Academic literature identifies ‘behavioural biases’ — specific ways in which normal human thought systematically departs from being fully rational. Biases can cause people to misjudge important facts or to be

[page 387] inconsistent, for example changing their choices for the worse when essentially the same decision is presented in a different way. In other words, our normal human thought processes can lead us to make choices that are predictably mistaken.

18.5 It was against this backdrop that the Financial Conduct Authority (FCA) considered that market forces would or could not reduce the risk of mistakes occurring. For example, in the United Kingdom many people made sub-optimal decisions regarding the acquisition of payment protection insurance (or PPI):6 Market forces left to themselves will often not work to reduce these mistakes, so regulation may be needed. A good example is payment protection insurance (PPI). Firms were able to earn large profits on PPI products because many buyers fundamentally misunderstood PPI pricing and the limitations in its coverage. High PPI prices allowed sellers to attract more customers by offering mortgages at cheaper rates (which consumers focused on when choosing a provider). As a result, no firm had an incentive to advertise that PPI was a poor product for many people and charge appropriate mortgage and PPI prices. This would have made the firm’s mortgage more expensive and the firm uncompetitive. Intervention was needed to solve this problem.

18.6 According to the FCA, ‘[w]hile it is common sense that people make mistakes, behavioural economics takes us beyond intuition and helps us be precise in detecting, understanding, and remedying problems that arise from consumer mistakes’.7 The FCA identifies five reasons why consumer choice in retail financial products and services is especially prone to error:8

Many products are inherently complex for most people. Financial products are abstract and intangible and often have many features and complex charging structures. This contrasts with many ordinary products where consumers can easily understand what they are getting and the product has a single, simple price. Faced with complexity, consumers can simplify decisions in ways that lead to errors, such as focusing only on headline rates. Many products involve trade-offs between the present and the future. Often people make decisions against their long-term interests because of self-control problems, eg borrowing excessively using payday loans. Decisions may require assessing risk and uncertainty. People are generally bad (even terrible) intuitive statisticians and are prone to making systematic errors in decisions involving uncertainty. So we often misjudge probabilities and make poor insurance or investment decisions. Decisions can be emotional. Stress, anxiety, fear of losses and regret, rather than the costs and benefits of the choices, can drive decisions.

[page 388] Some products permit little learning from past mistakes. Some financial decisions, such as choosing a retirement plan or mortgage, are made infrequently, with little learning from others, and with consequences revealed only after a long delay.

18.7 The FCA then categorises 10 behavioural biases that may impact on rational decision-making by consumers by reference to how these biases affect decisions:9 Ten behavioral biases and effects in retail financial markets

Our preferences are influenced by emotions Rules of thumb can lead and psychological to incorrect beliefs experiences

We use decisionmaking short-cuts when assessing available information

Framing, salience and limited attention e.g. overestimating the value of a packaged bank account because it is presented in a particularly Present bias attractive way Overconfidence e.g. spending on a credit e.g. excessive belief in Mental accounting and card for immediate one’s ability to pick narrow framing

gratification Reference dependence and loss aversion e.g. believing that insurance added on to a base product is cheap because the base price is much higher Regret and other emotions e.g. buying insurance for peace of mind

winning stocks Over-extrapolation e.g. extrapolating from just a few years of investment returns to the future Projection bias e.g. taking out a payday loan without considering payment difficulties that may arise in the future

e.g. investment decisions may be made asset-byasset rather than considering the whole investment portfolio Decision-making rules of thumb e.g. investment may be split equally across all the funds in a pension scheme, rather than making a careful allocation decision Persuasion and social influence e.g. following financial advice because an adviser is likeable

Source: FCA, Occasional Paper 1, p 6.

18.8 In the FCA’s view, it is important to keep these biases in mind when designing and supplying financial products and services:10 [page 389] Firms play a crucial role in shaping consumer choices. Product design, marketing or sales processes can exacerbate the effects of biases and cause problems. Firms can respond to the different biases in specific ways … One important response is that firms will tend to increase non-salient prices and decrease salient prices. For example, if consumers tend to underestimate how much they will spend on their credit card in the future (because of projection bias or overconfidence), firms have an incentive to offer low rates today with higher rates later. Another important response is that firms will tend to obfuscate unattractive product attributes, such as exclusions in insurance contracts.

18.9 The FCA expresses the view that: Consumer biases thus affect competition. They can lead firms to compete in ways that are not in consumer interests, eg by offering products that appeal to the consumer because they play to biases. Biases can also create de facto market power in markets that might appear competitive based on the number of firms alone.11

However, the FCA also stresses that caution needs to be exercised in this direction:12 We must be mindful, however, that sometimes firms might not know that their customers are making mistakes. What looks like deliberate exploitation may actually just be firms responding to observed consumer demand without realising that it is driven by biases. Regardless of what firms know, in badly functioning markets bias exploitation may be the only way for firms to attract and retain consumers and therefore to stay in business.

18.10 But what does the FCA consider is an appropriate response in this area and how does one seek to apply behavioural economics in a meaningful way? The FCA proposes a three-step process for addressing issues posed by behavioural economics. First, it recommends that applicable issues are identified and prioritised:13 Step 1: Identifying and prioritising issues How can we spot potential consumer detriment caused by biases? Biases are rarely directly observable. Based on evidence on the common mistakes people make, we suggest a set of indicators that can help identify where consumer detriment from mistakes may be particularly high. The indicators highlight potentially problematic consumer and firm behaviours and product features. A complementary approach to detecting issues is to identify the true economic function of a product and then evaluate whether consumers actually use the product for this function, or for another reason. How can we prioritise these risks?

[page 390] We will prioritise risks arising from behavioural biases as with other issues. Size of the problem will obviously drive priority. Behavioural problems can cause less sophisticated consumers to pay more than others, effectively cross-subsidising the more sophisticated, so prioritisation also needs to consider these distributional effects.

18.11 This is a logical approach, but barring extreme cases such as payment protection insurance, what benchmark is required to determine whether behaviour is irrational or whether ‘consumer detriment is particularly high’. Perhaps cases that are extreme are easy to spot, such as conduct in relation to payment protection insurance, but in those cases one does not necessarily need to be a behavioural expert to determine that the issue needed to be addressed. 18.12 Second, the FCA advocates understanding root causes of potential problems:14 Step 2: Understanding root causes of problems

Could consumers be choosing reasonably? If consumers are biased, what do they truly want and need? When analysing problems we need to develop possible explanations as to the underlying cause and then build evidence. We must investigate whether consumers are making mistakes, and if so which biases may be the cause. Crucial evidence includes how consumers choose in different settings (eg do consumers choose differently as they gain experience?), their awareness of essential product information and their self-reported needs and objectives. How should we analyse firm-specific issues? For firm-specific issues, behavioural insights can inform what dialogue to have with, and what information to gather from the firm. Qualitative information may be enough, though data on consumer behaviour may be needed. Establishing whether the product feature or practice is common to many firms or market-wide is important. How should we analyse market-wide issues? Diagnosing market-wide issues naturally requires a greater level of evidence. This may include collecting first-hand data using consumer research, laboratory experiments or field experiments (also called randomised controlled trials, or RCTs). Analysis must consider the broad context of the market, including how firms compete, what other market and regulatory failures are present and how consumer biases interact with these factors.

18.13 The FCA then outlines a proposed third step: how to respond or intervene where issues are identified:15 [page 391] Step 3: Designing effective interventions What interventions are available to protect consumers? Behavioural economics offers new perspectives on interventions that the FCA could use, for behavioural and other problems in the market. Ordered from least to most interventionist, there are four ways in which the FCA could solve behavioural problems: 1. 2. 3. 4.

Provide information. Require firms to provide information in a specific way or prohibit specific marketing materials or practices. Change the choice environment. Adjust how choices are presented to consumers. Control product distribution. Require products to be promoted or sold only through particular channels or only to certain types of clients. Control products. Ban specific product features or whole products that appear designed to exploit, or require products to contain specific features.

18.14 The FCA then summarises issues associated with regulatory responses: We could expand our toolkit by using more ‘nudges’ — small prompts that, if designed well, have low costs and can lead to better decisions by biased consumers without restricting choice. Providing information or changing the choice environment can be nudges. As these less interventionist measures do not constrain consumer choice, they are preferable, if they are

effective in preventing mistakes. Understanding how consumers make decisions can also improve the effectiveness of traditional remedies, such as disclosure. Consumer psychology is nuanced, however, and specific interventions can succeed or fail based on small details. Interventions should therefore ideally be tested in practice before implementation, possibly using RCTs. Often consumer biases are just one part of a problem, and a package of market-wide measures will be required. Should we intervene and, if so, how? How can we assess the impact of interventions? Applying behavioural economics also brings additional challenges. We will have to tackle difficult questions like: what is in consumers’ best interests, where should the limits to consumer responsibility lie, and how effective are less interventionist measures, such as nudges, or more interventionist measures, such as product banning? When choosing between different measures, or no intervention at all, we need to assess their costs and benefits, to the extent that this is practically possible. A wide variety of factors should be considered including (i) whether firms can circumvent the measure, (ii) negative and positive impacts on innovation, (iii) transfers between different groups of consumers, eg the more and the less sophisticated, (iv) the impact on

[page 392] consumers’ incentives to learn and (v) whether the problem is one for the regulator or best left to the Government. Traditional impact assessment approaches, for example, for estimating benefits to consumers, may need to be adapted when biases are present.

18.15 The FCA then concludes that the challenges associated with applying behavioural economics are surmountable where that discipline (or learnings from that discipline) are used by the FCA to choose the best form of intervention.16

The approach in Australia 18.16 In Australia, the Australian Securities and Investments Commission (ASIC) has also been active in exploring how behavioural economics may assist in managing risks associated with the design and sale of financial products and services. For example, ASIC commissioned a research into how behavioural biases may influence preferences towards hybrid securities over the less complex financial products of bonds and shares. The results of that pilot study were published in ‘REP 427 Investing in hybrid securities: Explanations based on behavioural economics’. The objective of the pilot study was to:17 … identify the behavioural biases that impact allocation to hybrid securities within an overall

investment portfolio and also assess how the perceived risk of hybrid securities compares with shares and bonds. This can inform conversations with industry, assist in the development of regulatory interventions, and contribute to improvements in ASIC’s programs to advise and educate investors to make more informed decisions (such as via the MoneySmart programs).

18.17 The behavioural biases tested during the course of the study were:18 Availability bias: Estimation of probability of an outcome based on how prevalent that outcome appears in their lives. Representativeness/familiarity bias: Estimation of probability of an outcome based on pre-existing ideas that are statistically invalid. Framing bias: Tendency to respond to the same situations differently based on the context in which a choice is presented. Recency bias: Predisposition to emphasise recent events and observations than those that occurred in the distant past.

[page 393] Overconfidence: Unwarranted belief in one’s cognitive abilities, intuition, and judgement. Illusion of control: Tendency to believe that one can control or [at] least influence outcome of an uncertain event when actually they cannot. Competence bias: Tendency to rely more on personal judgements in predicting outcomes of uncertain events based on perception of competence. Ambiguity aversion: Tendency to accept gambles with known probability of outcomes relative to ambiguous choices where probability of outcomes are unknown. Mental accounting: Tendency to evaluate economic outcomes by grouping assets into a number of non-interchangeable mental accounts.

18.18 The report sets out key results from the trial under the heading of applicable behavioural biases, namely illusion of control, overconfidence, framing bias and ambiguity aversion. The headline results in relation to illusion control are set out below:19 Illusion of control Investors, when subject to illusion of control bias, can feel they can exert control over their environment and influence the outcomes. There was a highly significant relationship between illusion of control bias and allocation to hybrid securities. Other variables remaining constant, allocation to hybrids increased by nearly 14% for participants who demonstrated the illusion of control bias. Figure 1: Allocation differences for illusion of control

Note: ***, **, * indicate significance at 10%, 5% and 1% level. Source: ASIC, REP 427, p 12.

[page 394] 18.19 The authors of the report expressed the view that:20 In our experiments, in choosing between two risky prospects (hybrids and shares), participants showing illusion of control felt they are more in control of investment outcomes of hybrids than shares. This may be due to their viewing the returns from hybrids as relatively stable (linked to bank bill rates) compared to shares.

18.20 The results in relation to the overconfidence bias were as follows:21 Overconfidence Investors, when subject to overconfidence, may have a misguided sense of their own ability to withdraw from an investment early and consequently be protected from risk. Allocation to hybrids showed a positive relationship with overconfidence bias in participants. Although, compared to illusion of control, the statistical significance for these biases were weaker, they were still significant in economic terms. The average allocation to hybrids was higher by more than 10% for participants with overconfidence bias. Figure 2: Allocation differences for overconfidence bias

Note: ***, **, * indicate significance at 10%, 5% and 1% level. Source: ASIC, REP 427, p 13. It is possible that participants demonstrating this bias may feel more overconfident when investing in hybrids than in shares if they consider

[page 395] that sources of risk for the latter are myriad compared to the former. It may also suggest that participants see a narrower range of risk events for hybrids which may elevate their overconfidence; hence it is not possible to determine which causes the other.

18.21 The results in relation to the so-called framing bias were as follows:22 Framing Investors susceptible to framing bias make decisions that are influenced by the formulation of the choice (ie how it is presented). Allocation to hybrids showed a weak positive relationship with framing bias in participants. This may result in them focussing on a few specific aspects of the choice that are more obvious and ignore important latent information. The average allocation to hybrids was higher by more than 10% for participants with framing and overconfidence bias. Figure 3: Allocation differences for framing bias

Note: ***, **, * indicate significance at 10%, 5% and 1% level. Source: ASIC, REP 427, p 14. The framing effect is likely to be more pronounced for hybrids as many of the risks are not immediately apparent, rendering the risk-return trade-off more appealing than shares and bonds.

18.22 Finally, the results of the test in relation to ambiguity aversion were set out:23 Ambiguity aversion Ambiguity aversion bias leads to a preference of known risks over unknown risks.

[page 396] Ambiguity aversion bias had a strong positive relationship with allocation to shares but had a weak negative relationship with allocation to hybrids. Other factors remaining equal, the presence of ambiguity aversion in participants resulted in nearly 11% higher allocation to shares. Whilst shares may be considered as riskier than the other options by the participants, they are arguably less complex than hybrids. It is conceivable that ambiguity averse participants prefer ‘higher yet familiar’ risk of investing in shares to ‘lower but less understood’ risk of investing in hybrids Figure 4: Allocation differences for ambiguity aversion

Source: ASIC, REP 427, p 15.

18.23 But what do the papers and reports issued by the FCA and ASIC mean in practice? We will explore potential issues in the next section.

Potential issues with behavioural economics 18.24 The difficulty with the emergence of behavioural economics as a potential tool to regulate conduct is that it is by no means clear what thresholds have to be satisfied to justify action being taken. For example, the results of the testing the subject of ‘REP 427 Investing in hybrid securities: Explanations based on behavioural economics’ showed that for the participants who the report identified as having framing and overconfidence biases, the average allocation to hybrids was higher by more than 10 per cent. Or, put another way, the participants so affected invested 25.09 units in hybrids as opposed to 22.76 units. Does a difference of this magnitude warrant any form of intervention? If not, what would be the required level? It would seem that levels of divergence beyond what was identified in REP 427 would be required in order for any form of civil or regulatory action to be on a sound footing. 18.25 Another issue relates to the design of any randomised control test or field test. The design of such tests can heavily influence outcomes. [page 397] That is, there may be biases within the actual methodology that drive particular outcomes and undermine the integrity of those tests. The issue

was highlighted recently by the New Scientist magazine:24 Listening to ‘When I’m Sixty-Four’ by The Beatles can make you younger. This miraculous effect, dubbed “chronological rejuvenation”, was revealed in the journal Psychological Science in 2011. It wasn’t a hoax, but you’d be right to be suspicious. The aim was to show how easy it is to generate statistical evidence for pretty much anything, simply by picking and choosing methods and data in ways that researchers do every day. The paper caused a stir among psychologists, and has become the most cited in the journal’s history. The following year, Nobel prizewinning psychologist Daniel Kahneman stoked the fire with an open email to social psychologists warning of a “train wreck” if they didn’t clean up their act. But things only came to a head last year with the publication of a paper in Science. It described a major effort to replicate 100 psychology experiments published in top journals. The success rate was little more than a third. People began to talk of a “crisis” in psychology.

Such issues need to be carefully managed, especially, for example, if the science is to be used to support the exercise of the proposed intervention power discussed in Chapter 20. 18.26 Nevertheless, there is no doubt that an understanding of the benefits that behavioural economics offers is something that recommends itself to the finance industry and it is a discipline that should be embraced with an appreciation of both its strengths and limitations.

USE OF STATISTICS IN A REGULATORY CONTEXT 18.27 As we saw above from the results set out in ‘REP 427 Investing in hybrid securities: Explanations based on behavioural economics’, behavioural economics relies heavily on empirical data. In turn, the discipline relies heavily on statistics. Statistics more broadly can also play a useful role in a regulatory context.25 [page 398] 18.28 The use of statistics featured in recent proceedings brought by ASIC against a credit provider. Among other things, the responsible lending obligations (discussed in Chapter 8) were the subject of the decision in Australian Securities and Investments Commission v The Cash Store Pty Ltd [2014] FCA 926. In that case, the proceedings were undefended by a small amount lender.

18.29 In the penalty hearing in this case, Australian Securities and Investments Commission v The Cash Store Pty Ltd (in liq) (No 2) [2015] FCA 93, the court took into consideration the statistical likelihood of the identified breaches being more widespread and therefore indicating that a higher penalty ought to be imposed. The number of actual contracts that the court reviewed in the case was 281, straddling two periods being periods relating to contracts entered into by the defendant and consumers between 1 July 2010 and 6 March 2012 and contracts entered into between 7 March 2012 and 24 September 2012.26 The period was broken into two periods:27 … because on or around 6 March 2012, [the defendant] changed some of its policies and practices in response to a non-binding suggestion from ASIC and made some attempt at corrective action. However … even after the introduction of revised policies and procedures there was continued systemic failure by [the defendant] to comply with its obligations under Part 3 of the Credit Act.

18.30 In admitting the statistical evidence, Davies J made the following observations about the contracts that the defendant, TCS, entered into with consumers:28 ASIC … has submitted that the Court, in setting the penalties, should take into account the statistical likelihood that similar contraventions on the same scale would be found in respect of those other contracts. ASIC led evidence from Professor Ian Gordon of the Statistical Consulting Centre at the University of Melbourne about the statistical likelihood of similar contraventions in respect of those other contracts. In summary, according to Professor Gordon it can be said with 95% confidence that, based on the findings of the Court in relation to the 281 sample contracts: (a) in the first period (288,799 contracts in total entered into): – TCS failed to make reasonable inquiries about a customer’s requirements and objectives in respect of between 229,921 to 271,118 contracts;

[page 399] –

TCS failed to make reasonable inquiries about a customer’s financial situation in respect of between 271,737 to 288,720 contracts; – TCS failed to verify a customer’s financial situation in respect of between 204,622 to 254,063 contracts; – TCS failed to make a preliminary assessment in respect of between 279, 546 to 288,799 contracts; – TCS failed to provide the TCS credit guide to the customer in respect of between 63,725 to 71,203 contracts … (b) in the second period (36,958 contracts in total entered into):

TCS failed to make reasonable inquiries about a customer’s requirements and objectives in respect of between 22,300 to 29,273 contracts; – TCS failed to make reasonable inquiries about a customer’s financial situation in respect of between 29,414 to 34,559 contracts; – TCS failed to verify a customer’s financial situation in respect of between 4,780 to 10,993 contracts; – TCS failed to make a preliminary assessment in respect of between 33,217 to 36,543 contracts; – TCS failed to provide the TCS credit guide to the customer in respect of between 8,692 to 15,843 contracts … I consider that it is appropriate in setting the penalty to take into account the analysis conducted by Professor Gordon and the statistical likelihood of similar contraventions in respect of all contracts entered into over the period. … –

18.31 The use of statistics and expert evidence in this case resulted in nearly $19 million of penalties being imposed. However, given the penalty hearing was uncontested, the evidence of the expert was not tested although the court was satisfied that it ought to be admitted. The next section will summarise the rules for admitting expert evidence.

EXPERT EVIDENCE 18.32 Cross on Evidence29 confirms that: A witness may not give an opinion on matters calling for the special skill or knowledge of an expert unless the witness is an expert in such matters, and the witness may not give an opinion on other matters if the facts upon which it is based can be stated without reference to it in a manner equally conducive to the ascertainment of the truth, or if it would not assist the court in coming to a conclusion.

[page 400] 18.33 The role of experts is to provide a court with information which is outside the realm of common knowledge. As the court observed in R v Turner [1975] QB 834 at 841: An expert’s opinion is admissible to furnish the court with scientific information which is likely to be outside the experience and knowledge of a judge or jury. If on the proven facts a judge or jury can form their own conclusions without help, then the opinion of an expert is unnecessary … the fact that an expert witness has impressive scientific qualifications does not by that fact alone make his opinions on matters of human nature and behaviour within the limits of normality any more helpful than that of the jurors themselves.

18.34 Both behavioural economics and statistics are able to cover issues

that are beyond the realm of common knowledge.

Common law test for admitting expert evidence 18.35 Cross on Evidence sets out seven conditions for the admissibility of expert evidence at common law:30 (a) there must be a field of specialised knowledge; (b) there must be an identified aspect of that field in which the witness demonstrates that by reason of specified training, study or experience, the witness has become an expert; (c) the opinion proffered must be wholly or substantially based on the witness’s expert knowledge; (d) the expert must identify the assumptions of primary fact on which the opinion is offered; (e) the opinion is not admissible unless evidence has been or will be admitted which is capable of supporting findings of primary fact which are ‘sufficiently like’ those factual assumptions to render the opinion of the expert of value; (f) the facts on which the opinion is based must form a proper foundation for it; and (g) the opinion of an expert requires demonstration or examination of the scientific or other intellectual basis of the conclusions reached. Accordingly, the witness’s evidence must explain how the field of specialised knowledge applies to the facts assumed or observed so as to produce the opinion offered by the expert.

Statutory test 18.36 Under the Uniform Evidence Acts, the test is set out in s 79 as follows: [page 401] If a person has specialised knowledge based on the person’s training, study or experience, the opinion rule does not apply to evidence of an opinion of that person that is wholly or substantially based on that knowledge.

18.37 Section 79 reflects conditions (a), (b) and (c) of the common law. However, it does not impose, as a formal condition of admissibility, the requirements set out in (d) to (g) above. In Makita v Sprowles (2001) 52 NSWLR 705 at [85] Heydon J observed that if these issues were not addressed this could cause issues in terms of the admissibility of an expert’s evidence: If all these matters are not made explicit, it is not possible to be sure whether the opinion is based wholly on or substantially on the expert’s specialised knowledge. If the court cannot be

sure of that, the evidence is strictly speaking not admissible, and, so far as it is admissible, of diminished weight.

18.38 However, a court may refuse to admit or limit the use of expert evidence under s 135 or s 136 of the Uniform Evidence Acts. Section 135 of the Act provides as follows: The court may refuse to admit evidence if its probative value is substantially outweighed by the danger that the evidence might: (a) be unfairly prejudicial to a party; or (b) be misleading or confusing; or (c) cause or result in undue waste of time.

Section 136 of the Act states that: The court may limit the use to be made of evidence if there is a danger that a particular use of the evidence might: (a) be unfairly prejudicial to a party; or (b) be misleading or confusing.

Where a party intends to rely on expert evidence concerning behavioural economics or statistics it needs to be prepared and relied on in a manner that does not raise the potential for either of these sections to be engaged. 18.39 It should be highlighted that the Uniform Evidence Act jurisdictions have abolished two rules that impact on expert evidence: the ultimate issue rule and the common knowledge rule. 18.40 The ultimate issue rule prohibited an expert from expressing an opinion about an ultimate fact in issue. This was considered the function of the court. In Uniform Evidence Act jurisdictions there is now no such prohibition, although courts will approach such testimony [page 402] with caution.31 This aspect needs to be kept in mind when dealing with evidence such as behavioural issues and statistics as it is relatively easy for conclusions based on those disciplines to be misconstrued as ultimate facts. 18.41 In summary, in cases where behavioural economics or statistics are the subject of expert evidence in a financial services context, it would be advisable for the expert to address not only the issues mentioned in the

Uniform Evidence Acts but also the issues identified under the common law test.32

Case law 18.42 Where a party may ultimately need to rely on behavioural insights or statistical evidence in a legal or regulatory context (including behavioural insights from randomised control trials or field trials),33 that party should give consideration to how the courts have historically approached admitting similar types of evidence. 18.43 While the approach taken in a penalty hearing in Australian Securities and Investments Commission v The Cash Store Pty Ltd (in liq) (No 2) [2015] FCA 93 provides some comfort in this context, the fact that it was an undefended action means that the expert statistical evidence was not challenged or tested by another party (that is, to determine if it complied with the rules concerning expert evidence).34 Despite that, however, it is entirely possible that more traditional statistical evidence would be admitted if it was prepared in accordance with the principles regarding expert evidence discussed above. 18.44 Further, cases involving market surveys35 provide some useful guidance as to the prospects of expert evidence being admitted and the [page 403] terms on which it may be admitted. In Arnotts Biscuits Ltd v Trade Practices Commission [1990] FCA 473 at [175] the court expressed the view that: [I]n a civil case in which a market survey may cast light on relevant issues, it is desirable in principle to admit into evidence a report of a professionally conducted survey, upon proof that it has been satisfactorily conducted using relevant and unambiguous questions; and without requiring evidence from each of the participants.

18.45 Parties seeking to have expert evidence admitted in this context should also give consideration to the orders made in Greynell Investments Pty Ltd v Hunter Douglas Ltd (1979) 4 TPR 173. In that case, orders were made which would enable the respondent to lead market survey evidence it proposed to conduct. The orders enabling the evidence to be admitted

outlined some key requirements. The evidence could be admitted provided that:36 The respondent established that the survey was designed and conducted in accordance with accepted principles of survey research producing a result which was trustworthy, including (without limiting the generality of the foregoing): – That the proper universe was examined; – That a representative sample was drawn from that universe; – That the persons conducting the survey were recognised experts; – That the data gathered was accurately recorded; and – That the questionnaire, sample design and interviewing were in accordance with generally accepted standards of objective procedure and statistics in the field of such surveys; A complete record of: – The methods by which the universe and sample were selected, and of the techniques employed for selecting and instructing the interviewers, and the experience of those interviewers; – Any data underlying the survey, methods of interpretation and conclusions reached; – The responses to the survey; – Any tests applied and the results of any tests applied to determine the extent to which the survey or results of the survey could be trusted; – The nature of and results of any order applied in connection with the survey;

[page 404] –

The method employed in assigning the answers to open-ended questions to categories; Was supplied to the applicant in reasonable time in advance of the hearing; Such persons as were involved in the conduct of the survey were, if required by the applicant, called by the respondent as witnesses in the proceedings.

18.46 In Interlego AG v Croner Trading Pty Ltd [1991] FCA 254 at [112] the court expressed the following view about the approach to the preparation of survey evidence: Certainly I think it wise that surveys should be conducted on notice to the opposing side, that attempts be made to conduct surveys jointly and that the Court, in appropriate cases, exercise some supervision in relation to the formulation of the questions and the manner in which the survey is to be administered.

That decision reveals a desire of the court to play a role in the design and supervision of expert reports in cases where surveys are used. There are parallels here with behavioural economics. A court may take an active interest in the design of surveys or reports based on behavioural economics

given its relative novelty in a legal context and the potential impact such evidence may have in informing legal relations in financial services and other areas of economic endeavor.

CONCLUSION 18.47 This chapter provided a review of recent developments in the use of behavioural economics and statistics in a regulatory context. Both disciplines have much to contribute to financial services provided that when they are deployed, the respective strengths and limitations of the disciplines are appreciated. In that way, these disciplines can continue to be useful servants and not assume the role of master.

1.

2.

3.

4.

5.

See for example R H Thaler and C R Sunstein, Nudge: Improving Decisions about Health, Wealth and Happiness, Penguin Books, New York, 2009; C R Sunstein, Why Nudge? The Politics of Libertarian Paternalism, Yale University Press, New Haven, CT, 2012; G Gigerenzer and D Goldstein, ‘Reasoning the Fast and Frugal Way: Models of Bounded Rationality’ (1996) 103(4) Psychological Review 650; D Kahneman Daniel, Attention and Effort, Prentice-Hall, Englewood Cliffs, NJ, 1973; S Vasilisa, S Palminteri and M Pessiglione, ‘Learning to Minimise Efforts Versus Maximising Rewards: Computational Principles and Neural Correlates’ (2014) 34(47) Journal of Neuroscience 15621. See for example Financial Conduct Authority, ‘Occasional Paper No 1 – Applying behavioural economics at the Financial Conduct Authority’, April 2013 (viewed 24 October 2016). The Australian Securities and Investments Commission (ASIC) has also been active in this area. See ASIC, ‘REP 427 Investing in hybrid securities: Explanations based on behavioural economics’, March 2015 (viewed 24 October 2016) and ASIC, ‘REP 428 Improving communication with directors of firms in liquidation’, March 2015 (viewed 24 October 2016). The FCA is the equivalent of the Australian Securities and Investments Commission in the UK. Other papers that the FCA has issued in this context include: ‘Occasional Paper No 2 — Encouraging consumers to claim redress: evidence from a field trial’, April 2013; ‘Occasional Paper No 3 — How does selling insurance as an add-on affect consumer decisions? A practical application of behavioural experiments in financial regulation’, March 2014; ‘Occasional Paper No 7 — Stimulating interest: Reminding savers to act when rates decrease’, January 2015; ‘Occasional Paper No 9 — Two plus two makes five? Survey evidence that investors overvalue structured deposits’, March 2015; ‘Occasional Paper No 10 — Message received? The impact of annual summaries, text alerts and mobile apps on consumer banking behaviour’, March 2015. Financial Conduct Authority, ‘Occasional Paper No 1 — Applying behavioural economics at the Financial Conduct Authority’, April 2013 (viewed 24 October 2016), p 4. For more detail about System 1 and System 2 thinking, see Thaler and Sunstein, note 1 above, Chapter 1 (Biases and Blunders).

6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16.

17. 18. 19. 20. 21. 22. 23. 24. 25.

26. 27. 28. 29. 30. 31. 32.

33. 34. 35.

See note 4 above, p 4. See note 4 above, p 4. See note 4 above, p 5. See note 4 above, p 6. See note 4 above, p 6. See note 4 above, p 7. See note 4 above, p 7. See note 4 above, p 8. See note 4 above, p 8. See note 4 above, pp 8–9. Note that the types of intervention listed here map to the spectrum of paternalism identified in Sunstein, note 1 above, pp 139–40. Financial Conduct Authority, ‘Occasional Paper No 1 — Applying behavioural economics at the Financial Conduct Authority’, April 2013 (viewed 24 October 2016), pp 9–10. ASIC, ‘REP 427 Investing in hybrid securities: Explanations based on behavioural economics’, March 2015 (viewed 24 October 2016), p 4. See note 17 above, pp 9–10. See note 17 above, p 12. See note 17 above, p 13. See note 17 above, p 13. See note 17 above, p 14. See note 17 above, pp 14–15. S van Gilder Cooke, ‘Why so much science research is flawed — and what to do about it’, New Scientist, 13 April 2016 (viewed 24 October 2016). The key issues that need to be determined in applying statistics include determining: a null hypothesis/alternative hypothesis; a randomised sample; a sample size; a critical value (that is, to reject the null hypothesis); and a confidence level/confidence interval. Care must be taken to avoid selection bias and other skews with data: K Fung, Number Sense: How to Use Big Data to Your Advantage, McGraw Hill Education, New York, 2013. Australian Securities and Investments Commission v The Cash Store Pty Ltd (in liq) (No 2) [2015] FCA 93 at [7]. Australian Securities and Investments Commission v The Cash Store Pty Ltd (in liq) (No 2) [2015] FCA 93 at [8]. Australian Securities and Investments Commission v The Cash Store Pty Ltd (in liq) (No 2) [2015] FCA 93 at [9]–[10]. LexisNexis, Cross on Evidence, online, at [29005]. See note 29 above at [29045]. R v GK (2001) 125 A Crim R 315 at [40]. Other requirements that are relevant in this context include: Uniform Civil Procedure Rules 2005 (NSW) (UCPR) (including Expert Witness Code of Conduct, UCPR, Sch 7); Pt 23 of the Federal Court Rules 2011 (Cth); Practice Note 5, Equity Division of the Supreme Court of New South Wales; the ‘10 commandments’ set out in the National Justice Cia Naviera SA v Prudential Assurance Co Ltd (‘Ikarian Reefer’) [1993] 2 Lloyd’s Rep 68. For example, of the type described in ‘REP 427 Investing in hybrid securities: Explanations based on behavioural economics’, see note 17 above. See 18.35–18.41 above. The issues that arise where parties in proceedings seek to lead evidence based on market surveys would be similar to those that arise where parties seek to lead evidence, including surveys or research, based on behavioural science. In that sense, experience in relation to the former is instructive where parties seek to rely on evidence based on the latter.

36.

The orders are set out in R V Miller, Miller’s Australian Competition and Consumer Law Annotated, Law Book Co, Sydney, 2015 at [1.86.90].

[page 405]

Chapter 19 ASIC Guidance Relating to Remediation Programs INTRODUCTION 19.1 Review and remediation programs play an essential role in addressing the potentially adverse outcomes that arise when a breach of governance or conduct obligations occurs. 19.2 This chapter outlines a key regulatory development relating to review and remediation activities. In September 2016 the Australian Securities and Investments Commission (ASIC) issued ‘Regulatory Guide 256 Client review and remediation conducted by advice licensees’ (RG 256). RG 256 provides ASIC’s guidance on review and remediation conducted by Australian financial services licensees who provide personal advice1 to retail clients (defined in RG 256 as ‘advice licensees’2). The guide applies to client review and remediation programs initiated on or after 15 September 2016.3 19.3 RG 256 states that the purpose of review and remediation programs is to address ‘systemic issues where these issues are a result of the decisions, omissions or behaviour of the licensee (or its representatives) in relation to the provision of personal advice to clients’.4 However, RG 256 notes that parties other than advice licensees may wish to refer to the principles set out in the guide when conducting review and remediation activities.5 [page 406]

REQUIREMENTS OF RG 256 19.4 RG 256 sets out a range of requirements that licensees ought to

consider when initiating, designing or implementing review and remediation programs. This section will highlight those requirements that are novel in this domain, but will not traverse all issues that are addressed by the guide. 19.5 RG 256 is intended to apply to all advice licensees and to all personal advice provided in respect to Tier 1 and Tier 2 products. RG 256 provides that:6 Our guidance is intended to apply to all advice licensees described in RG 256.3, regardless of the licensee’s size or the size of the review and remediation. The principles in this guide can be scaled up or down, depending on the size of the review and remediation, and may be adapted to suit advice licensees of different sizes and with different internal structures.

19.6 RG 256.9 provides that: All review and remediation generally follows the same steps — that is: (a) determining who are the potentially affected clients; (b) designing and implementing the process; (c) communicating with clients; and (d) providing for external review if the client is not satisfied with the operation of the review and remediation or the result.

19.7 RG 256 recognises that its requirements will need to be adapted to the circumstances in which a review and remediation program is implemented.7

Initiation of review and remediation program 19.8 RG 256.18 provides that ‘[r]egardless of the approach adopted, advice licensees should initiate the process of review and remediation as soon as they become aware of a systemic issue, rather than wait for a client to make a complaint or a claim against them’. RG 256.19 states that the ‘aim of review and remediation is generally to place affected clients in the position they would have been in if the misconduct or other compliance failure had not occurred’. That may necessitate compensation or taking other steps.8 [page 407]

Systemic issues 19.9 As discussed above, RG 256 states that a review and remediation program ought to be established whenever a systemic issue is identified. RG 256.21 defines the term ‘systemic issue’ as follows: In this guide, we define a ‘systemic issue’ as an issue causing actual or potential loss or detriment to a number of clients as a result of misconduct or other compliance failure by an advice licensee or its current or former representatives. The impact may be a monetary loss or non-monetary detriment.

19.10 The Macquarie Dictionary defines ‘systemic’ to mean: ‘1. of or relating to a system. 2. affecting an organisation, network, economy, etc, as a whole, rather than just individual members or units.’ 19.11 However, RG 256 indicates potentially a much lower threshold for satisfying that term. RG 256.23 provides: A systemic issue, however identified, could include, for example: (a) misconduct or other compliance failure by one adviser that may affect several clients; (b) misconduct or other compliance failure by several advisers in relation to the process of giving advice (eg disclosure or record keeping); (c) a problem with several advisers in how they give advice about a particular class of products; or (d) an advice licensee not having sufficient processes in place to identify and address misconduct or other compliance failure in an efficient and timely way.

19.12 The situation described in item (a) above does not sit well with the plain and ordinary meaning of the word ‘systemic’. On the other hand, one could conceive of circumstances where the scenarios described in items (b) to (d) could be characterised as systemic, particularly where the potential breach occurs over many months or years. The systemic issues contemplated by the guide are those where ‘clients may have suffered loss or detriment as a result of the decisions, omissions or behaviour of an advice licensee, or an individual adviser or advisers (as representatives of the licensee), in relation to the provision of personal advice to clients’.9 [page 408] 19.13 According to the Regulatory Guide, in responding to systemic

issues and designing review and remediation programs, licensees ought not solely respond to complaints made by clients.10

Factors to consider when initiating, designing and implementing review and remediation programs 19.14 RG 256 states that:11 You should consider a range of factors when deciding whether to initiate the process of review and remediation, including the nature of the misconduct or other compliance failure, who to engage with as part of the process, and how such a process will interact with other AFS licensee obligations. Review and remediation is more likely to be appropriate where a systemic issue has occurred that may have caused loss or detriment to the affected clients …

Operating efficiently, honestly and fairly 19.15 RG 256 states that a feature of the obligation to provide all financial service covered by a licence ‘honestly, efficiently and fairly’ is that licensees will need to take remedial action in certain circumstances. ‘This includes remediating clients who have suffered loss or detriment as a result of misconduct or other compliance failure by you or your current or former representatives.’12 Such remedial action ought not be unduly delayed.13

Adequate resources 19.16 RG 256.60 notes that (other than entities regulated by the Australian Prudential Regulation Authority) licensees are required to maintain adequate resources under s 912A(1)(d) of the Corporations Act 2001 (Cth). RG 256.60 indicates that ASIC may consider a licensee to be in breach of that requirement if a licensee does not have adequate resources to conduct a review and remediation process.14 RG 256.108–RG 256.112 set out more detailed requirements regarding the nature of resources that a licensee may consider deploying as part of a review and remediation program. [page 409]

Determining scope of review 19.17 RG 256 outlines the first step a licensee will take to determine the scope of any program:15 Generally, the first steps you will take to determine the potentially affected clients are to identify: (a) the nature of the misconduct or other compliance failure that may have caused loss or detriment; and (b) which advisers may have engaged in that misconduct or compliance failure.

19.18 The next step is to link these advisers with potentially affected clients.16 However, the guide acknowledges that ‘[t]here is no one-sizefits-all approach in determining the group of clients affected, and you may need to adopt more than one approach’.17 RG 256.77 lists a range of factors that a licensee ought to have regard to in conducting these steps. 19.19 Licensees should consider whether to review advice that was provided to both current and past clients,18 as well as considering whether to potentially include clients who may have had advice reviewed under a previous program (especially where there are indications that assessments may change in a client’s favour under a fresh review).19 19.20 RG 256 acknowledges that the advice to clients who decline an invitation to participate in a program does not need to be reviewed. If a client cannot be contacted after reasonable attempts are made to do so, then those clients can also be excluded from the program.20

The length of a review period for a program 19.21 The length of a review period will need to be assessed having regard to the ‘period of time the relevant misconduct or other compliance failure may have occurred and the length of time that clients have potentially been affected’.21 ASIC’s view is that it will generally not expect review periods to extend back past seven years from the date the licensee ‘became aware of the misconduct or other compliance failure’.22 [page 410]

Testing the scope 19.22 RG 256 recommends that:23 When assessing the scope of the review and remediation, you should be satisfied to a reasonable level of certainty that the scope you have chosen properly captures all potentially affected clients. One way this could be achieved is by documenting and applying an appropriate methodology to test by sampling that the affected clients have been properly captured.

Revising the scope 19.23 RG 256 recommends that a licensee consider revising the scope of the program as it proceeds and should information come to light that warrants such consideration.24

Inviting clients to participate 19.24 RG 256 states that licensees ought to review and remediate clients whose advice is determined to be in scope for the purposes of the review program. In other cases, the guide recommends considering inviting other clients to participate in the program, especially where there is a reasonable level of uncertainty as to what clients should be in scope.25

Design and implementation of the program 19.25 RG 256.98 sets out the factors that licensees should consider when designing a program: The processes that each advice licensee establishes for review and remediation will be different. However, each licensee should consider similar factors when developing these processes, including: (a) the resources required; (b) who will review the advice; (c) how to review the advice; (d) what governance arrangements are appropriate; (e) how to keep records; and (f) whether to report publicly on the review and remediation exercise.

[page 411]

19.26 Logically, RG 256 recommends that a licensee ‘should consider engaging with your EDR [external dispute resolution] scheme when designing a review and remediation process to determine whether certain processes should be put in place to better facilitate clients making a complaint to the EDR scheme about the review and remediation’.26 It would be advisable for a licensee to also engage with ASIC ‘about the review and remediation during the design phase and throughout the review and remediation’.27 During such a consultation process ASIC may provide feedback on the appropriateness of the structure of the review and remediation processes in light of its guidance.28

Review of advice 19.27 When establishing a program:29 Clear principles and guidance should be established for reviewing advice to ensure that advice is reviewed consistently and fairly. However, the process should still be flexible enough to make changes where lessons are learned throughout the process. Consistency across advice reviewers and throughout the review and remediation process is essential. Each piece of advice should be reviewed in a consistent and fair manner.

19.28 Reviews should be conducted in a timely manner,30 although some clients may need to be prioritised over others, particularly where a licensee is aware they are suffering hardship or other special circumstances apply.31 19.29 Persons who perform reviews of advice should meet appropriate training and competency requirements.32 Once advice has been reviewed, licensees should consider whether a peer review is necessary.33

Compensation 19.30 In determining compensation, the general rule would be to ‘place the client in the position they would have been in if the misconduct or [page 412] other compliance failure had not occurred’.34 Licensees should consider calculating compensation in line with the principles of the applicable EDR

scheme.35 RG 256.130 states that: Compensation includes the payment of actual investment returns or interest that would have been earned by the client if the misconduct or other compliance failure had not occurred. However, if it is not possible or reasonably practicable to find out the actual investment returns or interest that the client would have received, you should use a fair and reasonable rate to calculate the foregone returns or interest.

19.31 RG 256 sets out a range of factors that a licensee ought to consider in calculating compensation.36

Communicating with clients 19.32 In relation to communication with clients, RG 256 provides as follows:37 It is important that you proactively contact clients who have potentially been affected by the misconduct or other compliance failure. You should consider the appropriate way to do this, taking into account the nature of your client base, the methods of communication available to your clients, and any preferences previously expressed by your clients.

19.33 Communication should be made in a timely manner38 and: In many cases, advice licensees communicate with clients at the following stages of review and remediation: (a) at the beginning, to inform the client that they are included in the scope of the review and remediation; and (b) after the client’s advice has been reviewed, to inform the client of the final decision and how the client will be remediated, if applicable.39

19.34 Unsurprisingly, given ASIC’s thought leadership in relation to the use of behavioural economics in a financial services context, RG 256.173 states that licensees should have regard to behavioural economics when designing client communications: Evidence from behavioural sciences shows that effective, timely and targeted communication is key to ensuring that clients understand

[page 413] review and remediation and how it affects them. Small details in how communication is framed can affect whether and how a consumer understands and responds to information.40

19.35 In communicating with clients, licensees should also outline a client’s EDR rights post any internal review of advice under the program (including whether a licensee will waive jurisdictional limits)41 and

consider whether any offers to pay for independent advice in relation to the review is warranted.42

Governance 19.36 A review program should have appropriate governance arrangements in place,43 including engagement of external experts if necessary.44 Where an independent expert is engaged, RG 256 recommends that they should be genuinely independent. RG 256.157 sets out factors that a licensee should have regard to in evaluating whether an expert is able to ‘exercise objective and impartial judgement’.

Record keeping 19.37 RG 256 recommends that adequate records be kept in connection with a review and remediation program.45 Records may include, but are not limited to, records of: (a) the steps taken to develop the review and remediation (including, for example, how the scope and design were determined and the decisions made as part of these processes); (b) client communication (including in writing, by telephone and in person); (c) internal communications and communication with other external parties in reviewing the advice; (d) the governance arrangements; (e) the assessment of the advice; (f) peer review outcomes; (g) recommendations made by advice reviewers and the reasons for those recommendations;

[page 414] (h) decisions made and the reasons for those decisions, particularly where the decision is different to an advice reviewer’s recommendation; (i) how the type of remediation is determined; (j) the interest rate used to calculate foregone returns or interest where it is not possible or reasonably practicable to determine the actual investment returns or interest that a client would have received, and your reasons for using this rate; and (k) the timeframes in reviewing the advice.

Public reporting

19.38 RG 256 suggests that licensees consider whether it may be in the public interest to report publicly on a review and remediation program.46 ASIC will itself consider whether it would be appropriate for it to report publicly on a licensee’s program whether or not the licensee reports publicly.47

CONCLUSION 19.39 The guidance that ASIC has provided in RG 256 is a comprehensive framework. It identifies a wide range of relevant factors that advice licensees should consider when they are initiating, designing and implementing review and remediation programs. All of these factors will not be relevant in all circumstances, but they serve as a very useful guide in determining what may be appropriate in any given context.

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25.

As per the meaning of that term in s 766B(3) of the Corporations Act 2001 (Cth). See RG 256.3. See RG 256.12. RG 256.4. RG 256.7, RG 256.8 and RG 256.10. RG 256.5–RG 256.6. RG 256.11. RG 256.20. RG 256.24. Nine examples of the types of systemic issues that may fall within this category are set out in RG 256.25. RG 256.26. RG 256.30–RG 256.31. RG 256.58. RG 256.59. RG 256.61. RG 256.75. RG 256.76. RG 256.76. RG 256.78. RG 256.79. RG 256.82. RG 256.84. RG 256.85. Note however RG 256.86. RG 256.87. Records should be kept as the methodology executed to determine in scope clients: RG 256.88. See RG 256.93–RG 256.97. See also continuous improvement recommendations set out in RG 256.103–RG 256.104. RG 256.89–RG 256.90. But ASIC does not consider that opt in is a default that should apply

26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. 45. 46. 47.

more broadly than in this context: RG 256.91–RG 256.92. RG 256.101. RG 256.102. RG 256.107. RG 256.113–RG 256.114. Further guidance about the review process is set out in RG 256.115–RG 256.119. RG 256.121. RG 256.125. RG 256.137. RG 256.138–RG 256.144. RG 256.128. But note possible exceptions to this general principle — see Example 7 in RG 256.128. RG 256.129. RG 256.131–RG 256.136. RG 256.169. RG 256.170. RG 256.171. See also RG 256.172. See RG 256.174–RG 256.192 for further factors to consider concerning communications. RG 256.194. ASIC notes that a licensee would need to speak to its professional indemnity insurer in contemplating such an approach. RG 256.193–RG 256.200. RG 256.145– RG 256.151. RG 256.152–RG 256.155. See RG 256.160–RG 256.163. RG 256.164–RG 256.165. RG 256.166–RG 256.167.

[page 415]

Chapter 20 Recommendations of Financial System Inquiry INTRODUCTION 20.1 The Financial System Inquiry (Inquiry) was established in 2013 to achieve the following objectives:1 The Inquiry is charged with examining how the financial system could be positioned to best meet Australia’s evolving needs and support Australia’s economic growth. Recommendations will be made that foster an efficient, competitive and flexible financial system, consistent with financial stability, prudence, public confidence and capacity to meet the needs of users.

The Financial System Inquiry Final Report (Final Report)2 was released on 7 December 2014. The Final Report put forward numerous recommendations designed to achieve the objectives set out above. Chapter 4 (Customer outcomes) of the Final Report contained various consumerfocused recommendations. This chapter will review conduct-related recommendations made in Chapter 4 of the Final Report. The applicable conduct-related recommendations were: the introduction of a targeted and principles-based product design and distribution obligation; and the introduction of a product intervention power. These proposals will be discussed below. [page 416]

PROPOSED TARGETED AND PRINCIPLES-BASED PRODUCT DESIGN AND DISTRIBUTION OBLIGATION

20.2 Recommendation 21 of the Final Report provided as follows:3 Introduce a targeted and principles-based product design and distribution obligation.

20.3 The objectives that the recommendation sought to achieve were as follows:4 Reduce the number of consumers buying products that do not match their needs, and reduce consequent significant consumer detriment. Promote fair treatment of consumers by firms that design and distribute financial products. Promote efficiency and limit or avoid the future need for more prescriptive regulation. Build confidence and trust in the financial system.

While it is not explicit in these objectives, it is clear from the commentary in the report that what the Inquiry was seeking to address was the situation where consumers do not understand the risk/return trade-off involved in a product.5 This is an explicit objective of recommendation 22: see 20.17ff below.

Content of the proposed obligation 20.4 The Final Report suggested that the ‘[g]overnment should amend the law to introduce a principles-based product design and distribution obligation’.6 The Inquiry was of the view that:7 The obligation would require product issuers and distributors to consider a range of factors when designing products and distribution strategies. In addition to commercial considerations, issuers and distributors should consider the type of consumer whose financial needs would be addressed by buying the product and the channel best suited to distributing the product. Industry should supplement this principles-based obligation with appropriate standards for different product classes.

The ‘range of factors’ that the above paragraph refers to are those set out in a subsequent passage of the Final Report. The Final Report recommends that the obligation should cover obligations during three distinct phases: product design, product distribution and after sales. [page 417] 20.5 The recommendation uses the term ‘targeted’. The report seems to suggest that this means that the proposal would ‘promote the targeting of products to those customers who would benefit from them’.8 Yet, in other

parts of the report, it talks about a ‘targeted design and distribution obligation’,9 which suggests an obligation with a narrow ambit.

Product design 20.6 The Inquiry was of the view that the product design obligation would address the following matters:10 During product design, product issuers should identify target and non-target markets, taking into account the product’s intended risk/return profile and other characteristics. Where the nature of the product warrants it, issuers should stress-test the product to assess how consumers may be affected in different circumstances. They should also consumer-test products to make key features clear and easy to understand.

Clearly the recommended design obligation would relate to new products or products that have been varied in some material manner. The identification of target and non-target markets taking into account the product’s intended risk/return profile would be the first step based on the recommendation. What the ‘other characteristics’ are the report refers to is unclear. Presumably they are other characteristics that the issue would independently determine as relevant in relation to a given product design. The key aspect of this recommendation is what follows this first step. Under the recommendation, an issuer would be required to assess in relation to a given product whether there is a need for stress testing to assess how consumers may be affected in different circumstances. There is no guidance as to what stress testing requires, although it ought to be scalable11 to respond to different products and circumstances. The next obligation that issuers would need to comply with would be the recommended obligation in respect to the product distribution process.

Product distribution process 20.7 The Final Report conceived of this obligation in the following terms:12 During the product distribution process, issuers should agree with distributors on how a product should be distributed to consumers. Where

[page 418]

applicable, distributors should have controls in place to act in accordance with the issuer’s expectations for distribution to target markets.

Presumably the agreement referred to should reflect the outcome of the design testing mentioned above. That is, having completed the design of a new or varied product, an issuer would then seek to have the outcomes of the design process (for example, identified target markets, stress testing and consumer testing) reflected in the distribution agreement. Presumably, the agreement would also require the distributor to have controls in place so that they can manage distribution in a manner that accords with the issuer’s requirements. However, the recommendation is not clear on this point. It could be contemplating that these issues are addressed directly in legislation which would seem to invite a level of complexity into the process. The final stage of the process would focus on the after sales process relating to a product.

After sales of a product 20.8 The Final Report expressed the recommendation in relation to after sales obligations in this way:13 After the sale of a product, the issuer and distributor should periodically review whether the product still meets the needs of the target market and whether its risk profile is consistent with its distribution. The results of this review should inform future product design and distribution processes. This kind of review would not be required for closed products.14

20.9 The proposed process does not define what would constitute a period review. Presumably, again, the Inquiry had in mind a scalable approach meaning that the period between reviews would be determined by the nature of the product, its risk profile, the target market, the distribution process and any other relevant factor.

Scalability 20.10 The Final Report provides some comfort to those who may think that the requirements may be implemented in a one-size-fits-all approach which does not take account of commercial reality. The report states:15 These requirements would be scalable, depending on the nature of the product. Compliance with this obligation should be straightforward for simple products that are likely to be suitable for most consumers. For

[page 419] example, simple, low-risk products such as basic banking products would not require extensive consideration and may be treated as a class, with a standard approach to their design and distribution.

Penalty 20.11 The Final Report recommends that a serious breach of the proposed regime ‘should be subject to a significant penalty’. Whether this is an appropriate approach would seem to turn on how readily the proposed law could be interpreted and applied by all stakeholders. Every circumstance will be different so mandating outcomes under the proposed regime would be futile. The obligation would self-evidently have to be expressed in the form of a process. However, if this were to take a form similar to the due diligence process for, say, takeovers then the resulting effect could be stifling for innovation and poor for the economy and customers.

Exceptions 20.12 The report also notes that ‘[c]ircumstances beyond those reasonably foreseeable at the time would not be expected to be taken into consideration by issuers and distributors’.16 20.13 The Final Report also stated that the proposed obligation would not need to apply to credit products:17 This obligation would not apply to credit products regulated under the National Consumer Credit Protection Act 2009, because the responsible lending obligation currently requires assessment of suitability on an individual basis.

This does beg the question as to whether other regimes such as the margin lending regime, which is subject to point of sale (un)suitability rules,18 would not be subject to the proposed obligation. If this is the case, there would be a need for the proposed regime to carve out both credit products subject to the National Consumer Credit Protection Act 2009 (Cth) and margin lending products subject to the Corporations Act 2001 (Cth). This outcome could potentially create fragmentation within a control framework of an organisation. Risk is best managed in a consistent

manner.

Product markets and behavioural biases 20.14 The Final Report states that ‘[i]mplementing this recommendation would require adequate regulator capabilities to review financial firms’ [page 420] internal controls and to understand the relevant product markets and consumer behavioural biases’.19 20.15 The Final Report emphasises the need to ensure consumer behavioural biases are understood by regulators. That implies that the proposed obligation will need to contemplate behavioural biases as a matter of law or at least as a matter with regulatory implications. Issues concerning behavioural economics and behavioural biases were discussed in Chapter 18. If they were to be the basis on which legal rights and obligations were impacted, the bases on which such actions were taken should clearly be articulated by those taking such actions. 20.16 Government response to the proposed product design and distribution obligation The government response to this recommendation was as follows:20 The Government agrees to create a targeted and principles-based financial product design and distribution obligation. Implementation of this recommendation will be subject to detailed consultation with stakeholders to ensure that the scope of the obligation enhances consumer protection without placing an undue burden on industry.

PROPOSED PRODUCT INTERVENTION POWER 20.17 Recommendation 22 of the Final Report provides as follows:21 Introduce a proactive product intervention power that would enhance the regulatory toolkit available where there is risk of significant consumer detriment.

20.18 The recommendation sought to address these objectives:22 Reduce significant detriment arising from consumers buying financial products they do not understand.

Limit or avoid the future need for more prescriptive regulation. Build consumer confidence and trust in the financial system and, in turn, improve efficiency through increased consumer engagement and participation.

[page 421]

Content of the proposed power 20.19 The Final Report recommends that the government should ‘amend the law to provide ASIC with a product intervention power’. The Final Report states that:23 ASIC should be equipped to take a more proactive approach to reducing the risk of significant detriment to consumers with a new power to allow for more timely and targeted intervention. This power should be used as a last resort or pre-emptive measure where there is risk of significant detriment to a class of consumers. This power would enable intervention without a demonstrated or suspected breach of the law. Given the potential significant commercial impact of this power, the regulator should be held to a high level of accountability for its use.

20.20 Despite saying that the proposed power would be a power of last resort, the Final Report then goes on to state that the proposed power would: … allow the regulator to intervene to require or impose: Amendments to marketing and disclosure materials. Warnings to consumers, and labelling or terminology changes. Distribution restrictions. Product banning.

The first bullet point above addresses issues in respect of which ASIC routinely intervenes on behalf of customers based, among other things, on concerns about potentially misleading statements in marketing and the provision of financial services in an honest, efficient and fair manner.24 In that context, the exercise of the proposed power would shade in to more routine matters as ASIC should actively monitor and intervene in such matters where it feels it is justified to do so in pursuit of the objects of the legislation that it enforces. Accordingly, any new legislation that seeks to implement the recommendation should carefully frame the grounds on which the power could be used so that it is truly used in exceptional cases. The guidance provided in the Final Report does not provide much assistance in this direction. It states that the power is to be used pre-

emptively where there is ‘a risk of significant detriment to a class of consumers’ but an exercise of the power would not need to be conditioned on any actual or suspected breach of the law. If the [page 422] power was not so conditioned, then the range of grounds on which it could be based would be extensive.

Engagement and consultation 20.21 The report indicates that ‘ASIC would be expected to engage with potentially affected firms and to consult with Council of Financial Regulators colleagues before any use of the power, including consulting with APRA [Australian Prudential Regulation Authority] where prudentially regulated firms may be affected’.25

Duration 20.22 The Final Report recommended that the proposed power ‘be limited to temporary intervention for 12 months. The temporary intervention could be extended by Government if more time was needed either by industry to change its relevant practices or for Government to implement permanent reform’.26

Pricing 20.23 The Final Report confirmed that the proposed power ought not be used to regulate price.27 However, price is a function of other attributes and factors so if they are addressable by the power then price can indirectly be influenced.

Behavioural biases 20.24 The Final Report also mentions the potential impact of behavioural biases in support of the proposed power.28 It is not clear,

however, how the Inquiry contemplated behavioural biases being used to support the exercise of the power in this context.

Review 20.25 Perhaps anticipating the issues that may arise if the proposed power were to be implemented, the Final Report noted that the ‘power would be subject to a judicial review mechanism’.29 [page 423] 20.26 The report also recommended that ‘[g]iven the significance of this new kind of power, Government should review its use after five years’.30 20.27 Government response to the proposed product intervention power The government’s response to this recommendation was as follows:31 The Government agrees to provide ASIC with a financial product intervention power to enable it to modify, or if necessary, ban harmful financial products where there is a risk of significant consumer detriment. Implementation of this recommendation will be subject to detailed consultation with stakeholders to ensure that the power strikes the right balance — providing ASIC with a tool to enable it to take action in exceptional instances, but without stifling industry innovation.

CONCLUSION 20.28 The conduct-related recommendations discussed above are based on laudable objectives. Whether they achieve those objectives will depend on whether or not they are ultimately implemented and, if so, what form they take.

1. 2. 3. 4. 5.

Financial System Inquiry, ‘The inquiry’s terms of reference’ (viewed 25 October 2016). Financial System Inquiry, Financial System Inquiry Final Report (Final Report), November 2014 (viewed 25 October 2016). Final Report, p 198. Final Report, p 199. Final Report, p 202.

6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24.

25. 26. 27. 28. 29. 30. 31.

Final Report, p 198. Final Report, p 198. Final Report, p 201. Final Report, p 204. Final Report, p 198. Final Report, p 199. Final Report, p 198. Final Report, p 198. The Final Report defined ‘closed products’ as ‘[those products] not accepting new customers or funds, of which legacy products are a subset’: Final Report, p 198, note 3. Final Report, p 199. Final Report, p 205. Final Report, p 198, note 2. See Pt 7.8, Div 4A of the Corporations Act 2001 (Cth). Final Report, p 205. Australian Government, ‘Improving Australia’s financial system: Government response to the Financial System Inquiry’, 2015, p 19 (viewed 25 October 2016) Final Report, p 206. Final Report, p 207. Final Report, p 206. Based on, for example, s 12DA of the Australian Securities and Investments Commission Act 2001 (Cth) (misleading or deceptive conduct) and s 912A(1)(a) of the Corporations Act 2001 (Cth). Final Report, p 211. Final Report, p 206. Final Report, p 206. Final Report, p 209. Final Report, p 206. Final Report, p 212. See note 20 above, p 19.

Bibliography ACCC, ‘ACCC Continues its Review of Banks’ Application for Authorisation to Collectively Bargain with Apple’, media release, 19 August 2016 ACCC, ‘Social Media’ ACMA, ‘Regulatory Guide — No 4 Remedial Directions’, August 2011

L Aitken, ‘Unforgiven: Some Thoughts on Farah Constructions Pty Ltd v Say-Dee Pty Ltd’ (2007) 29 Australian Bar Review 195 Allsop CJ, ‘Conscience, Fair-dealing and Commerce — Parliaments and the Courts’, paper delivered at ‘Finn’s Law: An Australian Justice’, a conference in honour of Professor Paul Finn, 25 September 2015

ALRC, For Your Information: Australian Privacy Law and Practice, Report 108, 2008 ALRC, Review of Australian Privacy Law (DP 72), Microsoft Asia Pacific Submission PR 463, 12 December 2007 Alston & Bird, ‘Cyber Alert — Legal Issues with Emerging Active Defense Security Technologies’, 11 January 2013 A Altman and A Fitzpatrick, ‘Everything We Know About Sony, the Interview and North Korea’, Time, 17 December 2014

APRA, ‘CPG 234 — Management of Security Risk in Information and Information Technology’, May 2013 APRA, ‘Prudential Practice Guide LPG 260 — Conflicts of Interest under Section 48’, March 2007 APRA, ‘Prudential Standard SPS 220 — Risk Management’, January 2015 APRA, ‘Prudential Standard APS 001 — Definitions’, January 2015

ASIC, ‘ASIC Takes First Action Against Licensee for Alleged Breaches of “Best Interests Duty”’, 8 June 2016 ASIC, Cyber Resilience: Health Check, Report No 429, March 2015

ASIC, Enforceable Undertakings Register ASIC, ‘REP 427 Investing in Hybrid Securities: Explanations Based on Behavioural Economics’, March 2015 ASIC, ‘REP 428 Improving Communication with Directors of Firms in Liquidation’, March 2015 ASIC, ‘RG 175 Licensing: Financial Product Advice and Dealing’, June 2016 ASIC, ‘RG 175 Licensing: Financial Product Advisers — Conduct and Disclosure’, October 2013 ASIC, ‘RG 181 Licensing: Managing Conflicts of Interest’, August 2004

ASIC, ‘RG 209 Credit Licensing: Responsible Lending Conduct’, November 2014 ASIC, ‘RG 213 Facilitating Debt Raising’, May 2012 ASIC, ‘RG 244 Giving Information, General Advice and Scaled Advice’, December 2012 ASIC, ‘RG 256 Client Review and Remediation Conducted by Advice Licensees’, September 2016 R Austin, ‘APRA-regulated Entities: Giving Priority to Policyholders and Beneficiaries’, Supreme Court of New South Wales Annual Corporate Law Conference, Sydney, 8 September 2015 R Austin, ‘The Concept and Role of Fairness in Superannuation Law’, paper delivered to the Law Council of Australia Conference, Sydney, 25 February 2016 R P Austin and I M Ramsay, Ford’s Principles of Corporations Law, 13th ed, LexisNexis Butterworths, Sydney, 2007 R P Austin and I M Ramsay, Ford’s Principles of Corporations Law, 15th ed, LexisNexis Butterworths, Sydney, 2013 R P Austin and I M Ramsay, Ford’s Principles of Corporations Law, 16th ed, LexisNexis Butterworths, Sydney, 2015

Australian Corporation Law — Principles and Practice, LexisNexis online looseleaf Australian Direct Marketing Association, Direct Marketing Code of Practice, 2006 Australian Government, ‘Australian Financial System Inquiry: Response to Request for Further Submission,’ August 2015 Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, Report 108 (2008) L B Baker and J Finkle, ‘Sony PlayStation Suffers Massive Data Breach’, 26 April 2011 K Barker et al, The Law of Torts in Australia, 5th ed, Oxford University Press, Melbourne, 2012 R Baxt, Duties and Responsibilities of Directors and Officers, 19th ed, LexisNexis Butterworths, Sydney, 2009 R Baxt, A Black and P Hanrahan, Securities and Financial Services Law, 7th ed, LexisNexis Butterworths, Sydney, 2008 R Baxt, A Black and P Hanrahan, Securities and Financial Services Law, 8th ed, LexisNexis Butterworths, Sydney, 2012 R Bejtlich, ‘Statement for the Record: Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the US House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations Understanding the Cyber Threat and Implications for the 21st Century Economy, March 3, 2015’

N Bertrand, ‘Here’s What Happened to Your Target Data that Was Hacked’, Business Insider Online, 21 October 2014

Blake Morgan, ‘Update on the Network and Information Security Directive’, 16 July 2015 J Bliech, ‘Cloud Agreement Can Bring Blue Skies’, Sydney Morning Herald, 11 December 2012 S Blount, Electronic Contracts: Principles from the Common Law, LexisNexis Butterworths, Sydney, 2009 R Bowley, ‘The Progressive Evolution of Australian Insurers’ Duty of

Utmost Good Faith to Third Party Claimants’ (2016) 27 Insurance Law Journal 194 S R Brown and P R Grogan, Company Directors: A Concise Treatise on the Duties, Powers, Rights and Liabilities of Company Directors in Australia, 3rd ed, Law Book Company, Sydney, 1974 A Bruce, Consumer Protection Law in Australia, LexisNexis Butterworths, Sydney, 2011 L M Butler, ‘The Priority of the Trust in the Age of Superannuation’, PhD thesis, Faculty of Law, University of Tasmania, Hobart, Tasmania, 2003 J W Carter, E Peden and G J Tolhurst, Contract Law in Australia, 5th ed, LexisNexis Butterworths, Sydney, 2007 J W Carter, Contract Law in Australia, 6th ed, LexisNexis Butterworths, Sydney, 2012 E Chan, ‘Cyber Gang Busted for Infecting 11m PCs and Stealing $US850m’, Sydney Morning Herald, 12 December 2012

D Clapperton and S Corones, ‘Unfair Terms in “Clickwrap” and Other Electronic Contracts’ (2007) 35 Australian Business Law Review 152 E E Clark, G Cho, A Hoyle and P Hynes, Cyber Law in Australia, Kluwer International, The Hague, Netherlands, 2010 A Clarke, ‘Part 1: Upstairs — A Superannuation Member’s Insurance Interest and the Trustee’s Duties’, paper presented at Law Council Superannuation Conference — The Calm before the Storm, Melbourne, 26 February 2016 B Clarke, B Sweeney and M Bender, Marketing and the Law, 4th ed, LexisNexis Butterworths, Sydney, 2010 ‘Companies and Information — The Leaky Corporation’, The Economist, 24 February 2011 M Conaglen, Fiduciary Loyalty: Protecting the Due Performance of NonFiduciary Duties, Hart Publishing, Oxford, 2010 M Conaglen, ‘Interaction Between Statutory and General Law Duties Concerning Company Director Conflicts’ (2013) 31(7) Company and Securities Law Journal 403

M Cooley, ‘The High Court has the Last Word on Misleading or Deceptive Claims in TV Advertising Cases: ACCC v TPG Internet Pty Ltd’, Competition & Consumer Law News, LexisNexis, Sydney, March 2014 S G Corones, Competition Law in Australia, Lawbook Co, Sydney, 2010 M Corrigan, ‘Flight Centre and ANZ Appeals Answer Price-fixing Concerns in Dual Distribution Models’, 6 August 2015

A Crockett, T Harris, F S Mishkin and E N White, Conflicts of Interest in the Financial Services Industry: What Should We Do About Them?, Geneva Reports on the World Economy 5, International Center for Monetary and Banking Studies, Geneva, 2003 S Cumming and M Crompton, Independent Review of ACC’s Privacy and Security of Information, Accident Compensation Corporation (New Zealand) and Office of the Privacy Commissioner of New Zealand, 22 August 2012 T Damian and J W Carter (eds), Before You Tie the Knot: Commercial Issues in Joint Venture Law, Ross Parsons Centre of Commercial, Corporate and Taxation Law Monograph Series, Herbert Smith Freehills, Sydney, 2015 Jones Day, ‘California Adds More Teeth to Its Data Breach Notification Law’, October 2014 Department for Business, Innovation & Skills (UK), ‘Personal Data; Review of the Midata Voluntary Program’, July 2014 M S Donald, ‘“Best” Interests’ (2008) 2 Journal of Equity 1 C Doyle and M Bagaric, Privacy Law in Australia, Federation Press, Sydney, 2005 K Edghill, ‘ACCC Must Wake Up to Big Data’, Australian Financial Review, 24 August 2015 European Commission, ‘Cloud Service Level Agreement Standardisation Guidelines’, 24 June 2014 J Eyers, ‘ASIC says Boards Underprepared for Cyber Threat’, Sydney Morning Herald, 13 September 2016 J Eyers, ‘Banks Brace for More Cyber Attacks’, Australian Financial

Review, 6 September 2016 J Eyers, ‘Commission Cool on Opening Up Bank Data’, Australian Financial Review, 3 November 2016, p 9 G Farrant and A Emmerson, ‘Whistleblowing in the Private Sector’ (2013) 17(3) Inhouse Counsel 52 J Farrar, Corporate Governance: Theories, Principles and Practice, Oxford University Press, Melbourne, 2008 Federal Financial Institutions Examination Council (US), ‘Cybersecurity Assessment Tool’, June 2015 Federal Trade Commission, ‘Enforcing Privacy Promises’ A Ferguson, ‘Shadow Selfie Super Funds Face Spotlight’, Sydney Morning Herald, Business Day, 1 October 2016 Financial Conduct Authority, ‘Occasional Paper No 1 — Applying Behavioural Economics at the Financial Conduct Authority’, April 2013 ; ‘Occasional Paper No 2 — Encouraging Consumers to Claim Redress: Evidence from a Field Trial’, April 2013; ‘Occasional Paper No 3 — How Does Selling Insurance as an Add-on Affect Consumer Decisions? A Practical Application of Behavioural Experiments in Financial Regulation’, March 2014; ‘Occasional Paper No 7 — Stimulating Interest: Reminding Savers to Act When Rates Decrease’, January 2015; ‘Occasional Paper No 9 — Two Plus Two Makes Five? Survey Evidence that Investors Overvalue Structured Deposits’, March 2015; ‘Occasional Paper No 10 — Message Received? The Impact of Annual Summaries, Text Alerts and Mobile Apps on Consumer Banking Behaviour’, March 2015. Financial System Inquiry, Financial System Inquiry Final Report, November 2014 Financial System Inquiry, ‘The Inquiry’s Terms of Reference’

B Fitzgerald, A Fitzgerald, E Clark, G Middleton and Y F Lim, Internet and E-commerce Law, Business and Policy, Lawbook Co, Sydney, 2011 A Fitzgerald, B Fitzgerald, P Cook and C Cifuentes (eds), Going Digital 2000: Legal Issues for E-commerce, Software, and the Internet, Prospect Media, St Leonards, 2000

B Fitzgerald and L Gamertsfelder, ‘A Conceptual Framework for Protecting the Value of Informational Products Through Unjust Enrichment Law’ (1997) 16 Australian Bar Review 257 H A J Ford and W A Lee, Principles of the Law of Trusts, Law Book Co, Sydney, 1983 R P Austin and I M Ramsay, Ford, Austin & Ramsay’s Principles of Corporations Law, LexisNexis online looseleaf K Fung, Number Sense: How to Use Big Data to Your Advantage, McGraw Hill Education, New York, 2013 J Furlan, ‘Chairperson’s Report’, Superannuation Complaints Tribunal, Quarterly Bulletin, Issue 78, 1 October–31 December 2014 J Furlan, ‘The Super Death Trap’, The Australian Journal of Financial Planning, February 2009 A Gahtan, Electronic Evidence, Carswell, Ontario, 1999 L Gamertsfelder, Corporate Information and the Law, 2nd ed, LexisNexis Butterworths, Sydney, 2016 L Gamertsfelder, ‘Why the Decision in Hamersley Iron may not be Good Law’ (2000) 74 Australian Law Journal 621 L Gamertsfelder, R McMillan, A Handelsman and P Hourigan, E-Security, Lawbook Co, Sydney, 2002 M Gething, ‘Insider Trading Enforcement: Where are We Now and Where do We Go From Here?’ (1998) 16 Company and Securities Law Journal 607 N Gifford, Information Security — Managing the Legal Risks, CCH, Sydney, 2009 G Gigerenzer and D Goldstein, ‘Reasoning the Fast and Frugal Way: Models of Bounded Rationality’ (1996) 103(4) Psychological Review 650 M Girgis, ‘What Are a Trustee’s Legal Obligations on Climate Change?’, Investment Magazine, I June 2015 P Gunning and M Savilee, ‘Data Breach Class Actions — US Developments and Implications for Australia’, September 2014

Halsbury’s Laws of Australia, LexisNexis online looseleaf

P Hanrahan, Funds Management in Australia: Officers’ Duties and Liabilities, LexisNexis Butterworths, Sydney, 2007 I Harper, P Anderson, S McCluskey and M O’Bryan, The Competition Policy Review Final Report 2015

A P Herbert, Uncommon Law, 3rd ed, Methuen & Co, London, 1937 J D Heydon, ‘The Duty to Act in Good Faith in the Best Interests of the Company, in Light of Bell Group’, paper delivered at ‘Directors’ Duties: New Perspectives’, Supreme Court of New South Wales Annual Corporate Law Conference’, Sydney, 27 August 2013 J D Heydon and M J Leeming, Jacobs’ Law of Trusts in Australia, 7th ed, LexisNexis Butterworths, Sydney, 2006 J D Heydon, M J Leeming and P G Turner, Meagher, Gummow & Lehane’s Equity: Doctrines and Remedies, 5th ed, LexisNexis Butterworths, Sydney, 2015 HG.org, ‘Bad Faith Insurance Law’ C Hollander and S Salzedo, Conflicts of Interest, Sweet & Maxwell, London, 2011 Holman Fenwick Willan, ‘Approach Agreed on New Data Protection Regulation, July 2015’ J Hutchinson, ‘Small Business Suffer from Theft of Data’, Australian Financial Review, 11 December 2012, p 23 N Hutley and S Hartford-Davis, ‘Memorandum of Opinion — Climate Change and Directors’ Duties’, The Centre for Policy Development and the Future Business Council, 7 October 2016 at [3.5], available at

Irish Central Bank, ‘Cross Industry Guidance in Respect of Information Technology and Cybersecurity Risks’, 13 September 2016

M Jackson and M Shelly, Electronic Information and the Law, Thomson Reuters, Sydney, 2012 C James and M Vrisakis, ‘Defining an Undefined Class of Beneficiary Under the Life Insurance Act’ (2016) 28 Insurance Law Journal 23

J S James, Stroud’s Judicial Dictionary, Sweet & Maxwell, London, 1986 Jones Day, ‘California Adds More Teeth to Its Data Breach Notification Law’, October 2014 D Kahneman, Attention and Effort, Prentice-Hall, Englewood Cliffs, NJ, 1973 M Kirby, ‘Insurance Contract Law Reform — 30 Years On’ (2014) 26 Insurance Law Journal 1 M Kirby, ‘Judicial Recusal: Differentiating Judicial Impartiality and Judicial Independence’ (2015) 4 British Journal of American Legal Studies 1 B Krebs, ‘Phishers Spoof Google’, Sydney Morning Herald, 4 January 2013

R T Langford, Directors’ Duties: Principles and Application, Federation Press, Sydney, 2014 J Lee, ‘Watchdog Clamps Down on Facebook’, Sydney Morning Herald, 6 August 2012 M Legg and R McInnes, Annotated Class Actions Legislation, LexisNexis Butterworths, Sydney, 2014 P Leonard, ‘Customer Data Analytics: Privacy Settings for “Big Data” Business’ (2014) 4(1) International Data Privacy Law 53 LexisNexis, Austin & Black’s Annotations to the Corporations Act, online LexisNexis, Australian Consumer Credit Law, online LexisNexis, Australian Corporation Law Principles & Practice, online LexisNexis, Cross on Evidence, online R Liew, ‘Cyber Risk Poses Increased Threat in Mergers and Acquisitions’, Australian Financial Review, 31 August 2015 H Ling, ‘Chapter 8: Compliance and Best Practice’ in Australian Master Financial Planning Guide 2016/17, 19th ed, Wolters Kluwer, Sydney, 2016 C Lockhart, The Law of Misleading and Deceptive Conduct, 2nd ed, LexisNexis Butterworths, Sydney, 2011 A McAfee and E Brynjolfsson, ‘Big Data: The Management Revolution’, Harvard Business Review, October 2012

A McCullagh, ‘Part 1 — Security and Privacy: Know Your Regulator’ (2015) 3(1) ODMOB Law R McKemmish, ‘What is Forensic Computing?’, Trends and Issues in Crime and Criminal Justice, Australian Institute of Criminology, No 188, June 1999 McKinsey Global Institute and McKinsey’s Business Technology Office, ‘Big Data: The next Frontier for Innovation, Competition, and Productivity’, June 2011 J Maher, ‘Big Data May Make Insurance Cheaper’, Australian Financial Review, 14 November 2016 V Mayer-Shonberger and K Cukier, Big Data, First Mariner Books, New York, 2014 R V Miller, Miller’s Australian Competition and Consumer Law Annotated, 34th ed, Lawbook Co, Sydney, 2012 R V Miller, Miller’s Australian Competition and Consumer Law Annotated, 37th ed, Lawbook Co, Sydney, 2015 R N Moles and B Sangha, ‘Recent Developments in Unconscionability’

National Institute of Standards and Technology, ‘Framework for Improving Critical Infrastructure Cybersecurity’, Version 1, 21 February 2014 F Nelson, ‘NRF: Lawyers Belong on the Front Lines in Hacking Scandals’, Lawyers Weekly, 31 August 2015 S Nelson, B Olson and J Simek, The Electronic Evidence and Discovery Handbook, American Bar Association, Chicago, 2006 P Nygh, Autonomy in International Contracts, Clarendon Press, Oxford, 1999 Office of the Australian Information Commissioner, Australian Privacy Principles Guidelines, revised 31 March 2015 Office of the Privacy Commissioner, Getting in on the Act: The Review of the Private Sector Provisions of the Privacy Act 1988, 2005 Office of the Privacy Commissioner of Canada and Office of the Australian Information Commissioner, ‘Joint investigation of Ashley Madison by the Privacy Commissioner of Canada and the Australian

Privacy Commissioner and Acting Australian Information Commissioner’, 23 August 2016 M O’Neill and B Anderson, ‘Ashley Madison Hack Proves We’re Dating in the Dark When it Comes to Online Security’, ABC News Online, 27 July 2015 A Palin, ‘Espionage and Sabotage in the Virtual World’, 19 May 2013

M Papadakis, ‘Betrayal The Biggest Threat to Data Security, says Cyber Sleuth Mcafee’, Australian Financial Review, 27 August 2015

P Parkinson (ed), The Principles of Equity, Lawbook Co, Sydney, 1996 J M Paterson, ‘Consumer Contracting in the Age of the Digital Natives’ (2011) 27 Journal of Contract Law 152 J Paterson, Unfair Contract Terms in Australia, Thomson Reuters, Sydney, 2012 D C Pearce and R S Geddes, Statutory Interpretation in Australia, 6th ed, LexisNexis Butterworths, Sydney, 2006 D C Pearce and R S Geddes, Statutory Interpretation in Australia, 8th ed, LexisNexis Butterworths, Sydney, 2014 R Pearce, ‘Government Pushes Ahead with Data Breach Notification Scheme’, Computerworld, 26 August 2016

Privacy, Confidentiality and Data Security, LexisNexis online looseleaf Productivity Commission, Data Availability and Use, 3 November 2016

T Pullar-Strecker, ‘Leaked, Stolen Data Leaps by 40%’, Sydney Morning Herald, 14 December 2012 P Radan and C Stewart, Principles of Australian Equity and Trusts, LexisNexis Butterworths, Sydney, 2009 P Redmond, ‘The Reform of Directors’ Duties’ (1991) 15 University of New South Wales Law Journal 86 Y Redrup, ‘AIG, Chubb and Allianz Readying for Flood of Cyber Insurance Requests’, Australian Financial Review, 28 August 2015

Reuters, ‘Target to Pay $10 Million to Settle Lawsuit from Massive Data Breach’, 19 March 2015 P Rice, Electronic Evidence: Law and Practice, American Bar Association, Chicago, 2005 H B Sales, ‘Standard Form Contracts’ (1953) 16(3) Modern Law Review 318 C Sappideen and P Vines (eds), Fleming’s The Law of Torts, 10th ed, Thomson Reuters/Lawbook Co, Sydney, 2011 C Sappideen, P Vines, H Grant and P Watson, Torts: Commentary and Materials, 10th ed, Lawbook Co, Sydney, 2009 Shelde Pty Ltd, ‘The Changing Role of Information Security in the Large Enterprise’, unpublished report, Sydney, 2013 P Smith, ‘Litigation, PR Disasters and Higher Insurance Costs Expected from New Data Breach Laws’, Australian Financial Review, 9 August 2015 P Smith, ‘Productivity Commission’s Gallant Data Sharing Plan Poses Key Delivery Questions’, Australian Financial Review, 2 November 2016

A Smyth-Kirk and M Corrigan, ‘Court Dismisses ACCC’s Price Fixing Case Against ANZ’, 5 December 2013 Sophos Ltd, ‘Security Threat Report 2013’ Sophos Ltd, ‘Security Threat Trends 2015’ J J Spigelman, ‘Principle of Legality and the Clear Statement Principle’ (2005) 79 Australian Law Journal 769 Standards Australia, ‘HB 171-2003 Guidelines for the Management of IT Evidence’, 2003 A Stanfield, Computer Forensics, Electronic Discovery & Electronic Evidence, LexisNexis Butterworths, Sydney, 2009 M Stone, ‘The Superannuation Trustee: Are Fiduciary Obligations and Standards Appropriate?’ (2006–2007) 1 Journal of Equity 167 J Stuckey-Clarke, ‘Breach of Confidence’ and ‘Declarations’ in P Parkinson (ed), The Principles of Equity, Lawbook Co, Sydney, 1996 R Sullivan, W Martindale, E Feller and A Bordon, ‘Fiduciary Duty in the 21st Century’

C R Sunstein, Why Nudge? The Politics of Libertarian Paternalism, Yale University Press, New Haven, CT, 2012 P Svensson, ‘HP Says Fraud Prompted $5 billion Overpayment’, Sydney Morning Herald, 21 November 2012 D Swan, ‘Telcos Hit out at “Disturbing” Metadata Decision’, The Australian, 5 May 2015 B Sweeney, M Bender and N Courmadias, Marketing and the Law, 5th ed, LexisNexis Butterworths, Sydney, 2015 R H Thaler and C R Sunstein, Nudge: Improving Decisions about Health, Wealth and Happiness, Penguin Books, New York, 2009 L Thevenoz and R Bashir (eds), Conflicts of Interests: Corporate Governance and Financial Markets, Kluwer Law International, Netherlands, 2007 Professor G W Thomas, ‘The Duty of Trustees to Act in the “Best Interests” of their Beneficiaries’ (2008) 2 Journal of Equity 177 L Timson, ‘Dell Beefs Up Security’, Sydney Morning Herald, 14 December 2012 L Timson, ‘One Data Breach a Week: Australia’, Sydney Morning Herald, 30 April 2012 S van Gilder Cooke, ‘Why So Much Science Research is Flawed — And What to do About It’, New Scientist, 13 April 2016

S Vasilisa, S Palminteri and M Pessiglione, ‘Learning to Minimise Efforts Versus Maximising Rewards: Computational Principles and Neural Correlates’ (2014) 34(47) Journal of Neuroscience 15621 M Vrisakis, ‘Fund Governance: The Best Interests of Beneficiaries Viewed as a Whole’, Australian Superannuation Law Bulletin, December 2008– January 2009 S Wendel, Designing for Behavior Change: Applying Psychology and Behavioral Economics, O’Reilly, Sebastopol, 2014 L Whitcombe, ‘Banks Launch “Midata” Current Account Comparision Tool’, Moneywise, 29 March 2015 P C Wickens, The Law of Life Insurance in Australia, Thomson Reuters, looseleaf

Wikipedia, ‘Hactivism’ Wikipedia, ‘ISO/IEC 27001’,

G Wilkins, ‘NAB to Customers: You’re the Voice On Security’, Sydney Morning Herald, 21 November 2012

C D Wood and A Bartlett, ‘Fiduciary Duties’, unpublished paper

World Economic Forum, ‘Personal Data: The Emergence of a New Asset Class’, January 2011 N Young, ‘Has Directors’ Liability Gone Too Far or Not Far Enough? A Review of the Standard of Conduct Required of Directors Under Sections 180–184 of the Corporations Act’ (2008) 26(4) Company and Securities Law Journal 216

Index References are to paragraph numbers

A Acquisition of goods or services see Exclusive dealing Advertiser Code of Ethics …. 12.33 Advertising misleading or deceptive conduct …. 12.26 comparative adverting …. 12.32 dominant message …. 12.27, 12.28 ‘free’, use of term …. 12.31 internet sites …. 12.34 more than one meaning …. 12.29 puffery …. 12.30 social media …. 12.33 Agents price fixing …. 15.18, 15.23 ACCC v ANZ …. 15.18, 15.19–15.23 parties as competitors …. 15.20, 15.21, 15.22 Anti-competitive conduct benefit to competition …. 15.1 cartel conduct see Cartel conduct contracts, arrangements or understandings …. 15.32, 15.33, 15.59 corporation requirement …. 15.36 determining …. 15.34 exceptions …. 15.39 exclusionary provisions …. 15.35, 15.36 parties as competitors …. 15.36

penalties for breach …. 15.40 preventing, restricting or limiting …. 15.36 severance of provision …. 15.38 substantially lessening competition …. 15.37 exclusive dealing …. 15.51, 15.54 acquire, definition …. 15.55 condition on supply or acquisition …. 15.56 downstream conduct …. 15.56 exceptions …. 15.60 features of prohibition …. 15.54 forms …. 15.55 overlap of provisions …. 15.59 penalties for breach …. 15.61 per se breaches …. 15.58 substantially lessening competition …. 15.57, 15.58 supply, definition …. 15.55 upstream conduct …. 15.56 misuse of market power …. 15.41, 15.42 degree of power …. 15.43, 15.44 exceptions …. 15.52 exclusive dealing …. 15.51 exercise of legal rights …. 15.50 key elements …. 15.42 market, definition …. 15.45, 15.46 penalties …. 15.53 predatory pricing …. 15.49 substantial degree of power …. 15.42, 15.43, 15.44 taking advantage of market power …. 15.47–15.49 object of Act …. 15.1 overview …. 15.1, 15.67 price fixing see Cartel conduct price signalling …. 15.24

application of provisions …. 15.26 form …. 15.25 general prohibition …. 15.29 penalties for breach …. 15.30, 15.31 price fixing, and …. 15.24 private disclosure prohibition …. 15.27, 15.28 resale price maintenance …. 15.62 exceptions …. 15.65 penalties for breach …. 15.66 prohibited types of conduct …. 15.63 specified price …. 15.64 Australian Law Reform Commission personal information …. 16.2 data breach notification laws …. 17.22 identity of individual …. 16.9 Australian Prudential Regulation Authority life insurance entities …. 7.15 duty of priority …. 7.15, 7.16 risk management …. 7.23–7.27 risk management …. 7.23, 8.33 content of duty …. 7.24–7.26, 8.34–8.36 ‘ensure’, meaning …. 7.25, 8.35 proposed changes …. 7.26, 8.36 remedies for breach …. 7.27, 8.37 Australian Securities and Investments Commission behavioural economics pilot study …. 18.16, 18.23, 18.27, 19.34 ambiguity aversion …. 18.17, 18.22 behavioural biases …. 18.17–18.22, 18.24 framing bias …. 18.17, 18.21 illusion of control …. 18.17, 18.18, 18.19 objective of study …. 18.16 overconfidence …. 18.17, 18.20

financial product advice …. 9.8 exemptions …. 9.12 general advice warning …. 9.16 providers of advice …. 9.11 scope of definition …. 9.9 insurance contracts …. 7.8 settlement of claims …. 7.9 misleading or deceptive conduct …. 12.17 product intervention power proposal …. 20.1, 20.17 behavioural biases …. 20.24 content of power …. 20.19, 20.20 duration …. 20.22 engagement and consultation …. 20.21 government response …. 20.27 objectives …. 20.18 pricing …. 20.23 review mechanism …. 20.25, 20.26 responsible lending …. 8.16 substantial hardship …. 8.16 review and remediation programs see Review and remediation programs Authorised deposit-taking institutions implied warranties …. 8.2, 8.27 remedies for breach …. 8.32 Selig v Wealthsure …. 8.28–8.31 overview …. 8.1, 8.46 prudential standards …. 8.2 risk management …. 8.33–8.37 responsible lending …. 8.2, 8.3 ASIC guidance …. 8.16 case law …. 8.19–8.26 credit licences …. 8.3

disclosure obligations …. 8.4 final assessments …. 8.6, 8.12–8.14 preliminary assessments …. 8.6, 8.7–8.11, 8.21–8.26 remedies …. 8.17, 8.18 substantial hardship …. 8.15, 8.16 unsuitability of contracts …. 8.5–8.16 risk management …. 8.33 content of duty …. 8.34–8.36 ‘ensure’, meaning …. 8.35 proposed changes …. 8.36 remedies for breach …. 8.37 whistleblowers …. 8.2, 8.38, 8.39 communications to lawyer …. 8.45 compensation …. 8.43 confidentiality …. 8.44, 8.45 effect on liability …. 8.41 qualifying disclosures …. 8.39, 8.40 victimisation …. 8.42

B Banker and customer fiduciary relationship …. 2.3 Banks see Authorised deposit-taking institutions; Financial services Behavioural economics see also Statistics ASIC pilot study …. 18.16, 18.23, 18.27, 19.34 ambiguity aversion …. 18.17, 18.22 behavioural biases …. 18.17–18.22, 18.24 framing bias …. 18.17, 18.21 illusion of control …. 18.17, 18.18, 18.19 objective of study …. 18.16 overconfidence …. 18.17, 18.20 expert evidence …. 18.34, 18.41, 18.42

Financial Conduct Authority (UK) paper …. 18.4, 18.15, 18.23 appropriate responses …. 18.10–18.13 behavioural biases …. 18.7, 18.8, 18.9 designing effective interventions …. 18.13 identifying issues …. 18.10 market forces …. 18.5 prioritising risks …. 18.10 reasons for consumer error …. 18.6 regulatory issues …. 18.14 understanding root causes …. 18.12 Financial System Inquiry …. 20.15, 20.24 overview …. 18.1, 18.23, 18.26, 18.47 potential issues …. 18.24, 18.26 design of tests …. 18.25 Best interests duty ex ante test …. 2.17, 4.17, 9.21 fiduciaries …. 1.1, 1.6, 2.13, 3.31 ‘best’, meaning …. 2.15 directors …. 2.18, 2.19 ex ante test …. 2.17, 4.17 objective test …. 2.16, 2.18, 2.19 trustees …. 2.14, 2.15, 2.17 financial product advice …. 1.1, 9.21, 9.25 case analysis …. 9.34–9.42 general law …. 9.21 ‘one size fits all’ approach …. 9.35–9.39 process for discharge …. 9.22 reasonable investigations …. 9.24 safe harbour provision …. 9.23 Selig v Wealthsure …. 9.39–9.42 overview …. 1.1, 9.21 responsible entities …. 1.1, 4.11

content of duty …. 4.14, 4.15, 4.16 elements of duty …. 4.11 financial interests …. 4.12 objective test …. 4.17 priority rule …. 4.18, 4.19 trustees’ duties …. 2.14, 5.11 ‘best’, meaning …. 2.15 ex ante test …. 2.17, 4.17 self-managed superannuation funds …. 1.1, 6.12, 6.13 Bid rigging …. 15.14 Business judgment rule business judgment, definition …. 3.24, 3.25 directors’ duties …. 3.24, 3.29 belief as to best interests …. 3.29 definition …. 3.24, 3.25 elements of defence …. 3.24 good faith …. 3.26 informing oneself …. 3.28 material personal interest …. 3.27 oversight duties …. 3.25 responsible entities …. 4.23

C Care and diligence directors’ duty …. 3.6, 3.10, 3.11 balancing risks …. 3.18 business judgment rule …. 3.24–3.29 business judgments …. 3.23 content of duty …. 3.12, 3.16 continuing obligation …. 17.16 contraventions of law …. 3.17, 3.19, 3.20 determining breach …. 3.13, 3.14

foreseeable risk of harm …. 3.15, 3.18, 3.20, 3.21 information security …. 17.14–17.17 interests of the company …. 3.17, 3.18, 3.21 non-delegable duties …. 3.42 non-executive directors …. 3.9, 3.16 objective standard …. 3.16, 3.22 penalties for breach …. 3.49, 17.17 registrable superannuation entities …. 5.19 reliance on others …. 3.41 reputation of company …. 3.21 scope of duty …. 3.6, 17.15, 17.16 standard of care …. 3.7–3.9, 3.14, 3.16, 3.22 statutory duty …. 3.5, 3.11–3.22, 3.24–3.29 officers’ duties …. 3.11–3.22 business judgments …. 3.24–3.29 content of duty …. 3.12 objective standard …. 3.22 responsible entities …. 4.7 objective perspective …. 4.8 restraint and conservatism …. 4.9 special skills …. 4.10 Care and skill fiduciaries …. 2.20 directors …. 2.21 Care, skill and diligence registrable superannuation entities …. 5.7 directors’ duties …. 5.19 objective assessment …. 5.8 restraint and conservatism …. 5.9 special skills …. 5.10 self-managed superannuation funds …. 6.7–6.11 Cartel conduct

agents …. 15.18, 15.23 ACCC v ANZ …. 15.18, 15.19–15.23 parties as competitors …. 15.20, 15.21, 15.22 cartel provisions …. 15.4 definition …. 15.3 elements …. 15.4 purpose condition …. 15.8, 15.13, 15.14 purpose/effect condition …. 15.8, 15.9–15.12 contracts, arrangements or understandings …. 15.3, 15.4 ‘arrangement’, meaning …. 15.5, 15.6 ‘contract’, meaning …. 15.5 exceptions …. 15.16 making or giving effect …. 15.5 parties as competitors …. 15.15, 15.20, 15.21, 15.22 ‘understanding’, meaning …. 15.5, 15.7 deemed conduct …. 15.2 exceptions …. 15.16 overview …. 15.1, 15.2 penalties for breach …. 15.17 purpose condition …. 15.8, 15.13 bid rigging …. 15.14 ‘preventing, restricting or limiting’ …. 15.14 requirements for satisfying …. 15.13 purpose/effect condition …. 15.8, 15.9 ‘control’, meaning …. 15.10 definition …. 15.9 ‘fix’, meaning …. 15.10 price recommendations …. 15.12 ‘provide for’ …. 15.11 requirements for satisfying …. 15.9 Chinese walls …. 10.17–10.19 Class actions

cyber security breach …. 17.38, 17.39 damages …. 17.42, 17.43, 17.44 failure to comply with continuous disclosure …. 17.38, 17.44 United Kingdom …. 17.41 United States …. 17.38, 17.40 Climate change directors’ responsibility to consider risks …. 3.18, 4.17 fiduciary duties …. 2.17 trustees’ responsibility to consider risks …. 5.11 Cloud agreements …. 17.28–17.31 Conduct obligations see also Anti-competitive conduct; Misleading or deceptive conduct; Unconscionable conduct banks see Authorised deposit-taking institutions breach of obligations see Review and remediation programs content of obligations …. 1.1, 1.2, 1.4 determining …. 1.2 contracts see Unfair contract terms; Unjust contracts customer information see Credit information; Personal information directors see Directors’ duties emerging developments …. 1.2, 1.9 fiduciaries see Fiduciaries; Fiduciary duties financial services see Financial services information security see Cyber security insurers see Insurance entities interpretation and application …. 1.3 personal views …. 1.4, 1.5 officers see Officers’ duties open-ended nature …. 1.1, 1.2 overlap of obligations …. 1.1 overview …. 1.1, 1.10 responsible entities see Responsible entities risk management see Risk management

structure of book …. 1.6–1.9 superannuation trustees see Registrable superannuation entities; Selfmanaged superannuation funds Confidential information see Whistleblower disclosures Conflict of interests fiduciary duties …. 2.6, 2.8, 2.9, 4.18 directors …. 2.9, 3.33, 3.35 life insurance entities …. 7.10 real possibility of conflict …. 2.8 financial product advice …. 9.29–9.31 life insurance entities …. 7.10, 7.16 management of conflicts …. 10.2, 10.14, 10.15 Chinese walls …. 10.17–10.19 fiduciaries, and …. 10.16, 10.19 scope of duty …. 10.16 registrable superannuation entities …. 5.12 actual conflicts …. 5.12 ascertaining interests …. 5.14 priority to beneficiaries …. 5.12–5.14 situations of conflict …. 5.13 Consumer contracts see Unfair contract terms Consumer credit see Responsible lending Consumer protection laws see Misleading or deceptive conduct cyber security, and …. 17.35, 17.36 proportionate liability …. 17.37 warranties …. 17.36 Contracts anti-competitive conduct …. 15.32, 15.33, 15.34, 15.59 corporation requirement …. 15.36 exceptions …. 15.39 exclusionary provisions …. 15.35, 15.36

parties as competitors …. 15.36 pecuniary penalties …. 15.40 preventing, restricting or limiting …. 15.36 severance of provision …. 15.38 substantially lessening competition …. 15.37 cartel provisions see Cartel conduct cyber security, and …. 17.24, 17.34 apportionment legislation …. 17.27 appropriate standard …. 17.25 cloud agreements …. 17.28–17.31 content of obligation …. 17.26 duty of good faith …. 11.1, 11.2, 11.23 content of duty …. 11.14, 11.15–11.19, 11.23 emergence of duty …. 11.4, 11.5 honesty …. 11.17, 11.19 implied term, as …. 11.3, 11.5, 11.6–11.9 implied term or duty …. 11.6–11.9 inconsistency with contract …. 11.10–11.14 reasonableness, and …. 11.4, 11.12, 11.15 remedies for breach …. 11.20–11.22 Vodafone case …. 11.10–11.14 fiduciary relationship …. 2.4 precluding relationship …. 2.5 insurance contracts …. 7.3 utmost good faith …. 7.3–7.9, 7.10 remedies for breach …. 11.20, 11.21 equitable remedies …. 11.22 remoteness of damage …. 11.21 standard form contracts see Unfair contract terms unjust contracts see Unjust contracts Copyright cyber security, and …. 17.45

computer program, definition …. 17.45 non-infringing activities …. 17.45–17.48 reverse engineering …. 17.47 technological protection measures …. 17.48 Corporate trustees see Registrable superannuation entities; Self-managed superannuation funds Credit contracts see Responsible lending Credit information categories of information …. 16.86, 16.87 credit, definition …. 16.89 credit eligibility information …. 16.87, 16.90, 16.96 destruction of information …. 16.104 exceptions to disclosure …. 16.97, 16.98 false or misleading information …. 16.101, 16.102 integrity of information …. 16.100 refusal of credit applications …. 16.99 security of information …. 16.103, 16.104, 16.105 credit providers …. 16.2, 16.88, 16.89 access to information …. 16.106 additional obligations …. 16.90 definition …. 16.88 destruction of information …. 16.104 disclosure obligations …. 16.92–16.95, 16.96–16.99 false or misleading information …. 16.101, 16.102 information governance …. 16.91 integrity of information …. 16.100 security of information …. 16.103–16.105 Credit Reporting Code …. 16.107 credit reporting information …. 16.87 credit reporting system …. 16.86, 16.90 definition …. 16.87, 16.89 disclosure obligations …. 16.92, 16.93

ban periods …. 16.95 credit eligibility information …. 16.96–16.99 default information …. 16.94 false or misleading information …. 16.101 penalties for breach …. 16.102 overview …. 16.84 penalties for breach …. 16.102, 16.108 Privacy Act …. 16.84, 16.85 categories of information …. 16.87 credit providers …. 16.88–16.106 Credit Reporting Code …. 16.107 penalties for breach …. 16.102, 16.108 regulated information …. 16.87 security of information …. 16.103, 16.105, 17.8, 17.9 consequences of breach …. 17.13 de-identification …. 16.104 example of breach …. 17.11 Privacy Commissioner report …. 17.11 reasonable steps test …. 16.103, 17.10–17.12 Criminal laws cyber security …. 17.2 Criminal offences misleading or deceptive conduct …. 12.38 Customer information see Credit information; Personal information Cyber security active defence …. 17.49–17.51 class actions …. 17.38 commencement …. 17.39 damages …. 17.42, 17.43, 17.44 failure to comply with continuous disclosure …. 17.38, 17.44 United Kingdom …. 17.41 United States …. 17.38, 17.40

cloud computing …. 17.28, 17.31 benefits …. 17.29 safe cloud principles …. 17.30 consumer protection laws …. 17.35 misleading or deceptive conduct …. 17.35, 17.36 proportionate liability …. 17.37 warranties …. 17.36 contracts, and …. 17.24, 17.34 apportionment legislation …. 17.27 appropriate standard …. 17.25 cloud agreements …. 17.28–17.31 content of obligation …. 17.26 copyright, and …. 17.45 computer program, definition …. 17.45 non-infringing activities …. 17.45–17.48 reverse engineering …. 17.47 technological protection measures …. 17.48 criminal laws …. 17.2 data breach notification laws …. 17.18, 17.23 Australian developments …. 17.22, 17.38 Californian law …. 17.19, 17.20 continuous disclosure regime …. 17.23 financial services licensees …. 17.23 key elements …. 17.18 United Kingdom …. 17.21 directors’ duties …. 17.14 consequences of breach …. 17.17 continuing obligation …. 17.16 scope of duty …. 17.15, 17.16 ePayments Code …. 17.52 evidence …. 17.54–17.57 insurance cover …. 17.53

negligence …. 17.32 consequential economic loss …. 17.33 pure economic loss …. 17.33, 17.34 remedies for loss …. 17.33, 17.34 overview …. 17.1, 17.3, 17.58 Privacy Act …. 16.74, 16.103, 16.105, 17.1, 17.8, 17.9 class actions …. 17.42, 17.43 consequences of breach …. 17.13 damages …. 17.42, 17.43 de-identification …. 16.75, 16.104 example of breach …. 17.11 Privacy Commissioner report …. 17.11 reasonable steps test …. 16.74, 16.103, 17.10–17.12 relevant laws …. 17.1, 17.7 criminal laws …. 17.2 risk management …. 17.5 active defence …. 17.49–17.51 threat environment …. 17.1, 17.4, 17.6 categories of attacks …. 17.5 commodity attacks …. 17.5 targeted attacks …. 17.5

D Defences business judgment rule …. 3.24, 3.29 belief as to best interests …. 3.29 business judgment, definition …. 3.24, 3.25 elements of defence …. 3.24 good faith …. 3.26 informing oneself …. 3.28 material personal interest …. 3.27 oversight duties …. 3.25

informed consent …. 2.10, 3.35 ratification …. 3.48 registrable superannuation entities …. 5.22 self-managed superannuation funds …. 6.18 unconscionable conduct …. 13.10, 13.11 Definitions acquire …. 15.55 annual turnover …. 15.40, 15.53, 15.61, 15.66 bid …. 15.14 business judgment …. 3.24, 3.25 cartel provision …. 15.3 computer program …. 17.45 consent …. 16.27, 16.52 consumer contract …. 14.7 credit …. 16.89 credit information …. 16.87, 16.89 credit provider …. 16.88 customer data …. 16.79 direct marketing …. 16.43–16.46 exempt document or statement …. 9.12 financial product …. 9.10 financial product advice …. 9.3, 9.4, 9.5, 9.7, 9.9, 9.13 financial service …. 9.3 impracticability …. 16.57, 16.59 in trade or commerce …. 12.7 market …. 15.45 officer …. 4.22, 8.40 organisation …. 16.3 personal data …. 16.79 personal information …. 16.6–16.10, 16.12, 16.14, 16.16 purpose/effect condition …. 15.9 related body corporate …. 8.40

small business contract …. 14.7 supply …. 15.55 systemic …. 19.10 systemic issue …. 19.9 technological protection measure …. 17.48 unfair …. 14.9 unfair term …. 14.11 unjust …. 13.30 Direct marketing see Personal information Directors cartel conduct …. 15.17 fiduciary relationship …. 2.3 Directors’ duties authorised deposit-taking institutions …. 8.33 risk management …. 8.33–8.37 best interests duty …. 1.1, 2.18, 2.19 subjective approach …. 2.18 breach of duty …. 3.38 penalties for breach …. 3.49–3.55 ratification …. 3.48 relief from liability …. 3.56 responsible lending …. 8.18 business judgment rule …. 3.24, 3.29 belief as to best interests …. 3.29 business judgment, definition …. 3.24, 3.25 elements of defence …. 3.24 good faith …. 3.26 informing oneself …. 3.28 material personal interest …. 3.27 oversight duties …. 3.25 care and diligence …. 3.6, 3.10, 3.11 balancing risks …. 3.18

business judgment rule …. 3.24–3.29 business judgments …. 3.23 content of duty …. 3.12, 3.16 continuing obligation …. 17.16 contraventions of law …. 3.17, 3.19, 3.20 determining breach …. 3.13, 3.14 foreseeable risk of harm …. 3.15, 3.18, 3.20, 3.21 information security …. 17.14–17.17 interests of the company …. 3.17, 3.18, 3.21 non-delegable duties …. 3.42 non-executive directors …. 3.9, 3.16 objective standard …. 3.16, 3.22 penalties for breach …. 3.49, 17.17 registrable superannuation entities …. 5.19 reliance on others …. 3.41 reputation of company …. 3.21 scope of duty …. 3.6, 17.15, 17.16 standard of care …. 3.7–3.9, 3.14, 3.16, 3.22 statutory duty …. 3.5, 3.11–3.22, 3.24–3.29 care and skill …. 2.21 creditors …. 3.4, 3.31 fiduciaries, as …. 2.1, 3.1, 3.3 best interests duty …. 2.18, 2.19 care and skill …. 2.21 good faith …. 3.35, 3.36, 3.37, 3.38 fiduciary duties …. 2.1, 3.1 conflict rule …. 2.9, 3.33, 3.35 good faith …. 3.30 best interests of company …. 3.31 business judgment rule …. 3.26 improper use of information …. 3.35, 3.36, 3.37, 3.38 penalties for breach …. 3.50, 3.51

proper purpose …. 3.32 subjective or objective standard …. 3.31, 4.6, 5.6, 6.6 improper use of information …. 3.35, 4.21 penalties for breach …. 3.54, 3.55 scope of provisions …. 3.35–3.39 improper use of position …. 3.33, 3.34 objective standard …. 3.34 penalties for breach …. 3.52, 3.53 information security …. 17.14–17.17 insurance entities …. 7.23 risk management …. 7.23–7.27 life insurance entities …. 7.17 avoidance through disclosure …. 7.19 duty of care …. 7.18 interests of policy owners …. 7.20 risk management …. 7.23–7.27 non-delegable duties …. 3.42 overview …. 3.1, 3.5, 3.57 policy reasons …. 3.2 registrable superannuation entities …. 5.18 conflicting obligations …. 5.20 degree of care and diligence …. 5.19 whistleblower policies …. 5.26 reliance on others …. 3.40, 3.41 self-managed superannuation funds …. 6.14, 6.15 shareholders …. 3.4, 3.31 statutory duties …. 3.1, 3.5 business judgment rule …. 3.24–3.29 care and diligence …. 3.11–3.22, 3.24–3.29, 3.41, 3.42, 3.49 good faith …. 3.30–3.32, 3.50, 3.51 improper use of information …. 3.35–3.39, 3.54, 3.55

improper use of position …. 3.33, 3.34, 3.52, 3.53 non-delegable duties …. 3.42 penalties for breach …. 3.49–3.55 reliance on others …. 3.40, 3.41 relief from liability …. 3.56 trustees’ duties, distinction …. 2.19, 3.3, 4.9, 5.9, 6.10 whistleblower policies …. 3.43

E Environmental issues see Climate change ePayments Code …. 17.52 Equity breach of contract …. 11.22 fiduciaries see Fiduciaries unconscionable dealing see Unconscionable conduct European Union access to personal data …. 16.81 cyber security …. 17.1 data breach notification laws …. 17.21 Evidence cyber security breach …. 17.54–17.57 expert evidence …. 18.3, 18.32 admission of evidence …. 18.35–18.41, 18.42–18.46 case law …. 18.42–18.46 behavioural economics …. 18.34, 18.41, 18.42 market surveys …. 18.44–18.46 role of experts …. 18.33 statistical evidence …. 18.34, 18.41, 18.42, 18.43 ultimate issue rule …. 18.39, 18.40 statistical evidence …. 18.28, 18.31, 18.34, 18.41, 18.42 penalties for non-compliance …. 8.24, 8.25, 8.26, 18.29–18.31, 18.43

Exclusive dealing acquire, definition …. 15.55 condition on supply or acquisition …. 15.56 downstream conduct …. 15.56 exceptions …. 15.60 features of prohibition …. 15.54 forms …. 15.55 overlap of provisions …. 15.59 overview …. 15.51, 15.54 penalties for breach …. 15.61 per se breaches …. 15.58 substantially lessening competition …. 15.57, 15.58 supply, definition …. 15.55 upstream conduct …. 15.56 Expert evidence admission of evidence …. 18.35 case law …. 18.42–18.46 limitation of use …. 18.38 market surveys …. 18.44–18.46 refusal to admit …. 18.38 statutory test …. 18.36–18.41 ultimate issue rule …. 18.39, 18.40 behavioural economics …. 18.34, 18.41, 18.42 overview …. 18.3, 18.32 role of experts …. 18.33 statistical evidence …. 18.34, 18.41, 18.42, 18.43

F Fiduciaries best interests duty …. 1.1, 1.6, 2.13, 3.31 ‘best’, meaning …. 2.15 directors …. 2.18, 2.19

ex ante test …. 2.17, 4.17 objective test …. 2.16, 2.18, 2.19 trustees …. 2.14, 2.15, 2.17 care and skill …. 2.20, 2.21 directors …. 2.1, 3.1, 3.3 best interests duty …. 2.18, 2.19 care and skill …. 2.21 improper use of information …. 3.35, 3.36, 3.37, 3.38 financial services licensees …. 10.16, 10.19 good faith …. 2.22, 3.35, 3.36, 3.37, 3.38 non-fiduciary duties …. 2.11, 2.12, 2.26 best interests duty …. 2.13–2.19 care and skill …. 2.20, 2.21 good faith …. 2.22 proper purpose …. 2.23 overview …. 1.6, 2.1, 4.1 remedies for breach …. 2.7, 2.24, 2.25, 3.38, 6.19 Fiduciary duties conflict rule …. 2.6, 2.8, 2.9, 4.18 directors …. 2.9, 3.33, 3.35 life insurance entities …. 7.10 real possibility of conflict …. 2.8 content of duty …. 2.6, 2.9 defences …. 2.10 informed consent …. 2.10, 3.35 directors …. 2.1, 2.9, 3.1 improper use of information …. 3.35 improper use of position …. 3.33 financial advisers …. 9.2, 9.43, 9.48, 9.51 disclaimers …. 9.49 remedies for breach …. 9.50 no profit rule …. 2.6, 2.9

overview …. 1.6, 2.1, 2.26 proscriptive nature …. 2.6, 2.7 remedies for breach …. 2.7, 2.24, 2.25, 6.19, 9.50 scope of duties …. 2.9 sources of duties …. 2.2 Fiduciary relationship banker and customer …. 2.3 contractual terms …. 2.4, 2.5 features of relationships …. 2.2 financial advisers …. 2.3, 9.44–9.47 overview …. 2.2 recognised relationships …. 2.3 stockbrokers …. 2.3, 9.44 Financial advisers basis for advice …. 10.12 fiduciary duties …. 9.2, 9.43, 9.48, 9.51 disclaimers …. 9.49 remedies for breach …. 9.50 fiduciary relationship …. 2.3, 9.44–9.47 implied warranties …. 8.28, 9.53 remedies for breach …. 8.32, 9.58 Selig v Wealthsure …. 8.28–8.31, 9.54–9.58 overview …. 9.43, 9.52, 9.59 Financial product advice see also Review and remediation programs ASIC guidance …. 9.8 exemptions …. 9.12 general advice warning …. 9.16 providers of advice …. 9.11 scope of definition …. 9.9 best interests duty …. 1.1, 9.21, 9.25 case analysis …. 9.34–9.42 general law …. 9.21

‘one size fits all’ approach …. 9.35–9.39 process for discharge …. 9.22 reasonable investigations …. 9.24 safe harbour provision …. 9.23 Selig v Wealthsure …. 9.39–9.42 case examples …. 9.6 courts’ approach …. 9.7 definition …. 9.3, 9.4, 9.5, 9.7, 9.9, 9.13 encouraging creation of product …. 9.7 examples …. 9.6, 9.9 exemptions …. 9.12, 9.13 factual information …. 9.8, 9.18 financial product, definition …. 9.10 general advice …. 9.1, 9.3, 9.14, 9.18 duties …. 9.15–9.17 exemptions …. 9.12 penalties for breach …. 9.17 personal advice, distinction …. 9.14 warnings to clients …. 9.15, 9.16, 9.17 intention to influence …. 9.4 interpretation …. 9.7 misleading or deceptive conduct …. 12.35 overview …. 9.1, 9.10, 9.43, 9.59 personal advice …. 9.1, 9.3, 9.14, 9.19 appropriate advice …. 9.26, 9.27 best interests duty …. 1.1, 9.21–9.25, 9.34–9.42 case analysis …. 9.34–9.42 conflict of interests …. 9.29–9.31 duties …. 9.20–9.42 general advice, distinction …. 9.14 ‘one size fits all’ advice …. 9.35–9.39, 10.10, 10.11 penalties for breach …. 9.32, 9.33

priority of interests …. 9.29–9.31 warnings to clients …. 9.28 providers of advice …. 9.11 types of advice …. 9.6 Financial products see also Financial System Inquiry definition …. 9.10 misleading or deceptive conduct …. 12.3, 12.4 ‘in relation to’, meaning …. 12.5, 12.6 investment advice …. 12.35 unfair contract terms …. 14.5 Financial services see also Behavioural economics customer information see Credit information; Personal information definition …. 9.3 good faith see Good faith implied warranties …. 8.2, 8.27, 9.53 remedies for breach …. 8.32, 9.58 Selig v Wealthsure …. 8.28–8.31, , 9.54–9.58 misleading or deceptive conduct …. 12.3, 12.4, 12.39 credit ratings …. 12.36 ‘in relation to’, meaning …. 12.5, 12.6 ‘in trade or commerce’, definition …. 12.7 ‘trade or commerce’, meaning …. 12.8 overview …. 1.7 price fixing …. 15.18 ACCC v ANZ …. 15.18, 15.19–15.23 unconscionable conduct …. 13.13 bargaining inequality …. 13.24, 13.25 court’s considerations …. 13.19, 13.20, 13.21 key elements …. 13.17 normative standard …. 13.18 Paciocco v ANZ …. 13.15–13.25 prohibitions …. 13.14, 13.15

remedies for breach …. 13.26, 13.27 unconscionable, meaning …. 13.16 unfair contract terms …. 14.5 Financial services cases …. 12.35, 12.36 Financial services licences financial services, definition …. 9.3 overview …. 9.3 Financial services licensees see also Review and remediation programs consequences of breach …. 10.20 data breach notification …. 17.23 efficiency, honesty and fairness …. 10.2, 10.3, 10.9, 10.13, 19.15 all things necessary …. 10.5 basis for advice …. 10.12 business as a whole …. 10.7 churning practices …. 10.9 compendious duty, as …. 10.4 ‘honestly’, meaning …. 10.8 morally wrong business practices …. 10.9 morally wrong conduct …. 10.8 objective test …. 10.6 ‘one size fits all’ advice …. 10.10, 10.11 unethical conduct …. 10.8 management of conflicts …. 10.2, 10.14, 10.15 Chinese walls …. 10.17–10.19 fiduciaries, and …. 10.16, 10.19 scope of duty …. 10.16 overview …. 10.1, 10.2, 10.20 remedies …. 10.21 Financial System Inquiry final report …. 20.1 objectives …. 20.1 product design and distribution obligation …. 20.1, 20.2

after sales obligations …. 20.8, 20.9 behavioural biases …. 20.15 content of obligation …. 20.4, 20.5 credit products …. 20.13 during product design …. 20.6 during product distribution process …. 20.7 exceptions …. 20.12, 20.13 government response …. 20.16 objectives …. 20.3 penalty for breach …. 20.11 product markets …. 20.14 scalability …. 20.10 product intervention power …. 20.1, 20.17 behavioural biases …. 20.24 content of power …. 20.19, 20.20 duration …. 20.22 engagement and consultation …. 20.21 government response …. 20.27 objectives …. 20.18 pricing …. 20.23 review mechanism …. 20.25, 20.26 recommendations …. 20.1, 20.28 product design and distribution obligation …. 20.2–20.16 product intervention power …. 20.17–20.27

G Good faith contracts …. 11.1, 11.2, 11.23 content of duty …. 11.14, 11.15–11.19, 11.23 emergence of duty …. 11.4, 11.5 honesty …. 11.17, 11.19 implied term, as …. 11.3, 11.5, 11.6–11.9

implied term or duty …. 11.6–11.9 inconsistency with duty …. 11.10–11.14 reasonableness, and …. 11.4, 11.12, 11.15 remedies for breach …. 11.20–11.22 Vodafone case …. 11.10–11.14 directors’ duties …. 3.30 best interests of company …. 3.31 business judgment rule …. 3.26 improper use of information …. 3.35, 3.36, 3.37, 3.38 penalties for breach …. 3.50, 3.51 proper purpose …. 3.32 subjective or objective standard …. 3.31, 4.6, 5.6, 6.6 fiduciaries …. 2.22, 3.35, 3.36, 3.37, 3.38 insurance entities …. 7.1, 7.3, 7.10 content of duty …. 7.5 honesty …. 7.5 intervention by ASIC …. 7.8, 7.9 liability …. 7.6 policy wording …. 7.5 reciprocity …. 7.3, 7.5 remedies …. 7.7, 7.8 statutory duty …. 7.4 officers’ duties …. 3.30–3.32

H Honesty good faith, and …. 7.5, 11.17, 11.19 insurance entities …. 7.5 registrable superannuation entities …. 5.4–5.6 responsible entities …. 4.4–4.6 self-managed superannuation funds …. 6.3–6.6 Hybrid securities

behavioural economics pilot study …. 18.16, 18.23, 18.27 ambiguity aversion …. 18.17, 18.22 behavioural biases …. 18.17–18.22, 18.24 framing bias …. 18.17, 18.21 illusion of control …. 18.17, 18.18, 18.19 objective of study …. 18.16 overconfidence …. 18.17, 18.20

I Improper use of information directors’ duties …. 3.35, 4.21 penalties for breach …. 3.54, 3.55 scope of provisions …. 3.35–3.39 responsible entities …. 4.21 Improper use of position directors’ duties …. 3.33, 3.34 objective standard …. 3.34 penalties for breach …. 3.52, 3.53 India personal information …. 16.68 Information security see Cyber security Informed consent …. 2.10, 3.35, 4.19 Insurance entities see also Life insurance entities nature of contracts …. 7.3 overview …. 7.1, 7.36 risk management …. 7.2, 7.23 content of duty …. 7.24–7.26 ‘ensure’, meaning …. 7.25 proposed changes …. 7.26 remedies for breach …. 7.27 utmost good faith …. 7.1, 7.3, 7.10 content of duty …. 7.5

honesty …. 7.5 intervention by ASIC …. 7.8, 7.9 liability …. 7.6 policy wording …. 7.5 reciprocity …. 7.3, 7.5 remedies …. 7.7, 7.8 statutory duty …. 7.4 whistleblowers …. 7.2, 7.28 Internet see also Social media cloud computing …. 17.28, 17.31 benefits …. 17.29 safe cloud principles …. 17.30 personal information …. 16.31 cookies …. 16.33 cross-border disclosures …. 16.63 tracking technology …. 16.32 United Kingdom …. 16.33 misleading or deceptive conduct …. 12.34 Interpretation financial product advice …. 9.7 unconscionable conduct …. 1.3, 1.4 value-based laws …. 1.3–1.5

L Legal professional privilege …. 5.33, 7.35, 8.45 Lending conduct see Responsible lending Life insurance entities collection of information …. 16.40 directors’ duty …. 7.17 avoidance through disclosure …. 7.19 duty of care …. 7.18 interests of policy owners …. 7.20

risk management …. 7.23–7.27 duty of priority …. 7.1, 7.10, 7.17 APRA guidance …. 7.15, 7.16 class of complainants …. 7.11 directors’ duty …. 7.17–7.20 ‘give priority’, meaning …. 7.12 interests of policy owners …. 7.13, 7.14, 7.15 overview …. 7.36 risk management …. 7.23 content of duty …. 7.24–7.26 ‘ensure’, meaning …. 7.25 proposed changes …. 7.26 remedies for breach …. 7.27 whistleblower regime …. 7.28, 7.29 communications to lawyer …. 7.35 compensation …. 7.33 confidentiality …. 7.34, 7.35 effect on liability …. 7.31 qualifying disclosures …. 7.29, 7.30 victimisation …. 7.32

M Managed investment schemes responsible entities …. 4.1, 4.22, 4.31 best interests duty …. 1.1, 4.11–4.19 breach of duties …. 4.26–4.30 care and diligence …. 4.7–4.10 compliance with requirements …. 4.3 equality and fairness to members …. 4.20, 5.16 honest conduct …. 4.4–4.6 improper use of information …. 4.21 officers’ duties …. 4.2, 4.3, 4.22, 4.23, 4.26

priority rule …. 4.18, 4.19 relief from liability …. 4.30 remedies …. 4.28, 4.29 reporting of breaches …. 4.24, 4.25 statutory provisions …. 4.2, 4.3 Misleading or deceptive conduct advertising …. 12.26 comparative advertising …. 12.32 dominant message …. 12.27, 12.28 ‘free’, use of term …. 12.31 internet sites …. 12.34 more than one meaning …. 12.29 puffery …. 12.30 social media …. 12.33 careless conduct …. 12.19 class of persons …. 12.20 extreme assumptions …. 12.21 identified individuals …. 12.20 contracts correcting …. 12.16 contravention …. 12.37 criminal offence, as …. 12.38 cyber security, and …. 17.35, 17.36 ‘deceptive’, meaning …. 12.10 disclaimers …. 12.18 financial products …. 12.3, 12.4 ‘in relation to’, meaning …. 12.5, 12.6 investment advice …. 12.35 financial services …. 12.3, 12.4, 12.39 credit ratings …. 12.36 ‘in relation to’, meaning …. 12.5, 12.6 ‘in trade or commerce’, definition …. 12.7 ‘trade or commerce’, meaning …. 12.8

future matters …. 12.1, 12.25 intention to mislead …. 12.14 internet sites …. 12.34 sponsored links …. 12.34 liability for contravention …. 12.37 ‘likely to’, meaning …. 12.11 literally true statements …. 12.13 objective test …. 12.12 opinions …. 12.1, 12.24, 12.25 overview …. 12.1, 12.9, 12.39, 14.2 remedies …. 12.37 silence, as …. 12.22, 12.23 commercial dealings …. 12.23 social media …. 12.33 platform providers …. 12.33 user-generated information …. 12.33 state of mind …. 12.14, 12.15 statutory provisions …. 12.2, 12.3, 14.2 express limitations …. 12.3 scope of provisions …. 12.4–12.8 ‘trade or commerce’ …. 12.8 examples of conduct …. 12.8 meaning …. 12.8 transitory effect …. 12.16, 12.17 public interest action …. 12.17 Misuse of market power exceptions …. 15.52 exclusive dealing …. 15.51 exercise of legal rights …. 15.50 key elements …. 15.42 market, definition …. 15.45 commercial approach …. 15.46

overview …. 15.41, 15.42 penalties …. 15.53 predatory pricing …. 15.49 substantial degree of power …. 15.42, 15.43 constraint of conduct …. 15.44 degree of power …. 15.43, 15.44 related bodies corporate …. 15.44 ‘substantial’, meaning …. 15.43 taking advantage of market power …. 15.47 predatory pricing …. 15.49 proscribed purposes …. 15.48

N Negligence cyber security breach …. 17.33 remedies for loss …. 17.33, 17.34 overview …. 17.32 pure economic loss …. 17.33, 17.34 courts’ approach …. 17.34 salient features …. 17.34

O Officers’ duties care and diligence …. 3.11–3.22 business judgments …. 3.24–3.29 content of duty …. 3.12 objective standard …. 3.22 good faith …. 3.30–3.32 improper use of information …. 3.35–3.39, 4.21 improper use of position …. 3.33, 3.34 officer, definition …. 4.22 overview …. 3.1

policy reasons …. 3.2 responsible entities …. 4.2, 4.22, 4.31 breach of duties …. 4.26–4.30 business judgment rule …. 4.23 compliance with requirements …. 4.3 shareholders …. 3.4, 3.31 whistleblower policies …. 3.43

P Personal information access to information …. 16.76 application program interfaces …. 16.80, 16.81, 16.82 charges …. 16.78 European Union …. 16.81 Productivity Commission review …. 16.82 reasons for refusal …. 16.77, 16.78 responses to requests …. 16.78 United Kingdom …. 16.79, 16.80 accretion issue …. 16.13 collection of information …. 16.1, 16.2, 16.22 biometric data …. 16.26, 16.27, 16.32 collection, meaning …. 16.22 consent, definition …. 16.27 consent requirement …. 16.25, 16.27, 16.33 disclosable matters …. 16.34–16.37 internet, and …. 16.31–16.33 lawful and fair means …. 16.28 notification requirements …. 16.30, 16.31, 16.37, 16.48 offshore recipients …. 16.37 purposes of collection …. 16.34, 16.38–16.42 ‘reasonably necessary’, meaning …. 16.23, 16.24 related body corporates …. 16.42

review of practices …. 16.12 sensitive information …. 16.25, 16.26, 16.40 technological means …. 16.31–16.33 United Kingdom …. 16.33 unsolicited information …. 16.29 complaints and investigations …. 16.110 determinations by Commissioner …. 16.111, 16.112 correction of information …. 16.83 credit information see Credit information cross-border disclosures …. 16.21, 16.37, 16.62, 16.63, 16.69 accountability approach …. 16.64, 16.65 electronic transmissions …. 16.63 India …. 16.68 reasonable belief …. 16.66, 16.67, 16.68 United Kingdom …. 16.68 data breach notification laws …. 17.18 Australian developments …. 17.22 Californian law …. 17.19, 17.20 key elements …. 17.18 United Kingdom …. 17.21 definition …. 16.6–16.10, 16.12, 16.14, 16.16 de-identification …. 16.75 direct marketing …. 16.43, 16.46, 16.61 consent requirement …. 16.52, 16.53–16.59 definition …. 16.43–16.46 exceptions to prohibition …. 16.47–16.53 impracticability of consent …. 16.57–16.59 inference of consent …. 16.52, 16.53–16.56 opt-out mechanism …. 16.49, 16.60, 16.61 reasonable expectation …. 16.48, 16.49 sensitive information …. 16.61 government identifiers …. 16.70–16.72

identity of individual …. 16.6 anonymity option …. 16.22 characterisation test …. 16.16 data matching or linking …. 16.7, 16.8, 16.9 reasonably identifiable …. 16.8, 16.9, 16.10 information governance …. 16.17, 16.18 anonymity option …. 16.22 cross-border disclosures …. 16.21 policies and practices …. 16.18 privacy policies …. 16.19–16.21 metadata …. 16.14 IP address information …. 16.16 Telstra case …. 16.14–16.16 overview …. 1.2, 1.8, 16.1, 16.116 penalties for breach …. 16.109 Privacy Act …. 16.2, 16.5, 16.6, 16.116 amendments …. 16.2, 16.7 APP entities …. 16.3 application of Act …. 16.3 credit providers …. 16.2 objects of Act …. 16.59 privacy policies …. 16.19 cross-border disclosures …. 16.21 information requirements …. 16.20, 16.21 Privacy Principles …. 16.4 access to information …. 16.76–16.78 collection of information …. 16.22–16.37 correction of information …. 16.83 design approach …. 16.5 information governance …. 16.17–16.21, 16.22 penalties for breach …. 16.109 quality of information …. 16.73

security of information …. 16.74, 16.75, 17.8–17.13 use and disclosure …. 16.22, 16.23, 16.38–16.72 Privacy Principles guidelines …. 16.11 consent requirements …. 16.53 quality of information …. 16.73 regulation …. 16.1 review of practices …. 16.12 security of information …. 16.74, 17.8, 17.9 consequences of breach …. 17.13 de-identification …. 16.75 example of breach …. 17.11 Privacy Commissioner report …. 17.11 reasonable steps test …. 16.74, 17.10–17.12 use and disclosure …. 16.1, 16.2, 16.22, 16.23, 16.38 cross-border disclosures …. 16.21, 16.62–16.69 direct marketing …. 16.43–16.61 exemptions …. 16.41 government identifiers …. 16.70–16.72 purposes of collection …. 16.34, 16.38–16.42 related body corporates …. 16.42 secondary purposes …. 16.34, 16.38–16.40 Predatory pricing …. 15.49 Price fixing see also Cartel conduct price signalling, and …. 15.24 Price signalling application of provisions …. 15.26 form …. 15.25 general prohibition …. 15.29 overview …. 15.24 penalties for breach …. 15.30, 15.31 price fixing, and …. 15.24 private disclosure prohibition …. 15.27, 15.28

ordinary course of business …. 15.28 Privacy Act amendments …. 16.2, 16.7 APP entities …. 16.3 application of Act …. 16.3 credit information …. 16.84, 16.85 categories of information …. 16.87 credit providers …. 16.88–16.106 penalties for breach …. 16.102, 16.108 security of information …. 16.103–16.105, 17.8–17.13 Credit Reporting Code …. 16.107 cross-border disclosures …. 16.64 objects of Act …. 16.59 overview …. 16.2, 16.6, 16.116 personal information, definition …. 16.6–16.10, 16.12, 16.14, 16.16 Privacy Principles …. 16.4 access to information …. 16.76–16.78 collection of information …. 16.22–16.37 correction of information …. 16.83 credit reporting system, and …. 16.90 design approach …. 16.5 information governance …. 16.17–16.21, 16.22 penalties for breach …. 16.109 quality of information …. 16.73 security of information …. 16.74, 16.75, 16.103–16.105, 17.8–17.13 use and disclosure …. 16.22, 16.23, 16.38–16.72 Privacy Principles guidelines …. 16.11 consent requirements …. 16.53 security of information …. 16.74, 16.103, 16.105, 17.1, 17.8, 17.9 class actions …. 17.42, 17.43 consequences of breach …. 17.13

damages for breach …. 17.42, 17.43 de-identification …. 16.75, 16.104 example of breach …. 17.11 Privacy Commissioner report …. 17.11 reasonable steps test …. 16.74, 16.103, 17.10–17.12 Privacy Commissioner complaints …. 16.110, 16.111 determinations …. 16.111 enforcement …. 16.112 investigations …. 16.110, 16.111 security of information …. 17.11 other powers …. 16.113–16.115 Productivity Commission data availability and use …. 16.82

R Registrable superannuation entities best interests duty …. 1.1, 5.11 ‘best interests’, meaning …. 5.11 care, skill and diligence …. 5.7 directors’ duties …. 5.19 objective assessment …. 5.8 restraint and conservatism …. 5.9 special skills …. 5.10 conflict of interests …. 5.12 actual conflicts …. 5.12 ascertaining interests …. 5.14 priority to beneficiaries …. 5.12–5.14 situations of conflict …. 5.13 content of duties …. 5.2 defences …. 5.22 directors’ duties …. 5.18

conflicting obligations …. 5.20 degree of care and diligence …. 5.19 whistleblower policies …. 5.26 fairness between beneficiaries …. 5.15 ‘fairly’, meaning …. 5.16 impartiality …. 5.16 objective approach …. 5.17 origins of duty …. 5.15 governing rules …. 5.3, 5.8 honesty …. 5.4 ‘act honestly’, meaning …. 5.5 objective or subjective standard …. 5.5, 5.6 imposition of duties …. 5.3, 5.18 overview …. 5.1, 5.34 remedies for breach …. 5.21, 5.23 risk management …. 5.24 breach of obligations …. 5.25 statutory provisions …. 5.1, 5.2 whistleblower regime …. 5.26, 5.27 communication to lawyer …. 5.33 compensation …. 5.31 confidentiality …. 5.32, 5.33 effect on liability …. 5.29 qualifying disclosures …. 5.27, 5.28 victimisation …. 5.30 Remedies anti-competitive conduct …. 15.40 cartel conduct …. 15.17 exclusive dealing …. 15.61 misuse of market power …. 15.53 price signalling …. 15.31 resale price maintenance …. 15.66

breach of contract …. 11.20, 11.21 equitable remedies …. 11.22 remoteness of damage …. 11.21 directors’ breach …. 3.49 care and diligence …. 3.49 good faith …. 3.50, 3.51 improper use of information …. 3.54, 3.55 improper use of position …. 3.52, 3.53 ratification …. 3.48 relief from liability …. 3.56 responsible lending …. 8.18 fiduciary breach …. 2.7, 2.24, 2.25, 3.38, 6.19, 9.50 financial services licensees …. 10.21 insurance entities …. 7.7, 7.8 risk management …. 7.27 misleading or deceptive conduct …. 12.37 negligence …. 17.33 cyber security breach …. 17.33, 17.34 pure economic loss …. 17.33, 17.34 registrable superannuation entities …. 5.21, 5.23 responsible entities …. 4.28, 4.29 relief from liability …. 4.30 responsible lending …. 8.17 breach of directors’ duty …. 8.18 risk management …. 7.27, 8.37 self-managed superannuation funds …. 6.17, 6.19 unconscionable conduct …. 13.12 statutory prohibitions …. 13.26, 13.27 unjust contracts …. 13.35 Resale price maintenance exceptions …. 15.65 overview …. 15.62

penalties for breach …. 15.66 prohibited types of conduct …. 15.63 specified price …. 15.64 Responsible entities best interests duty …. 1.1, 4.11 content of duty …. 4.14, 4.15, 4.16 elements of duty …. 4.11 financial interests …. 4.12 objective test …. 4.17 priority rule …. 4.18, 4.19 breach of duties …. 4.25, 4.26, 4.27 relief from liability …. 4.30 remedies …. 4.28, 4.29 care and diligence …. 4.7 objective perspective …. 4.8 restraint and conservatism …. 4.9 special skills …. 4.10 equality and fairness to members …. 4.20, 5.16 general law duties …. 4.1 honest conduct …. 4.4 ‘act honestly’, meaning …. 4.5 objective or subjective standard …. 4.5, 4.6 improper use of information …. 4.21 officers’ duties …. 4.2, 4.22, 4.31 breach of duties …. 4.26–4.30 business judgment rule …. 4.23 compliance with requirements …. 4.3 overview …. 4.1, 4.22, 4.31 priority rule …. 4.18 informed consent, and …. 4.19 scope of provision …. 4.18 reporting of breaches …. 4.24, 4.25

statutory provisions …. 4.2 compliance with requirements …. 4.3 Responsible lending credit licences …. 8.3 disclosure obligations …. 8.3, 8.4 final assessments …. 8.6, 8.12, 8.13 non-compliance …. 8.14 overview …. 8.2, 8.3 penalties for non-compliance …. 8.7, 8.14, 8.24, 8.26 statistical evidence …. 8.24, 8.25, 8.26, 18.29–18.31, 18.43 preliminary assessments …. 8.7, 8.9, 8.10 inquiries and verification …. 8.8, 8.21–8.23 ‘it is likely’, meaning …. 8.20 key issues …. 8.11 penalties for non-compliance …. 8.7, 8.24, 8.25, 8.26 remedies …. 8.17 breach of directors’ duty …. 8.18 substantial hardship …. 8.15 ASIC guidance …. 8.16 considerations …. 8.15, 8.16 unsuitability of contracts …. 8.3, 8.5 case law …. 8.19–8.26 final assessments …. 8.6, 8.12–8.14 preliminary assessments …. 8.6, 8.7–8.11, 8.21–8.26 regimes under the Act …. 8.6 substantial hardship …. 8.15, 8.16 Review and remediation programs adequacy of resources …. 19.16 application of guide …. 19.2, 19.5 client communications …. 19.32–19.35 behavioural economics …. 19.34 client participation …. 19.24

compensation …. 19.30, 19.31 designing programs …. 19.25 external dispute resolution …. 19.26 governance …. 19.36 honesty, efficiency and fairness …. 19.15 initiation …. 19.8, 19.14 length of review period …. 19.21 overview …. 19.1, 19.2, 19.39 public reporting …. 19.38 purpose …. 19.3 record keeping …. 19.37 requirements …. 19.4, 19.5 adaptation of requirements …. 19.7 steps …. 19.6 review of advice …. 19.27–19.29 scope of review …. 19.17–19.20 revising the scope …. 19.23 testing the scope …. 19.22 systemic issues …. 19.9, 19.13 definition …. 19.9 systemic, definition …. 19.10 threshold for determining …. 19.11, 19.12 Risk management see also Behavioural economics authorised deposit-taking institutions …. 8.33 content of duty …. 8.34–8.36 ‘ensure’, meaning …. 8.35 proposed changes …. 8.36 remedies for breach …. 8.37 cyber security …. 17.5 active defence …. 17.49–17.51 insurance entities …. 7.2, 7.23 content of duty …. 7.24–7.26

‘ensure’, meaning …. 7.25 proposed changes …. 7.26 remedies for breach …. 7.27 registrable superannuation entities …. 5.24 breach of obligations …. 5.25 remedies for breach …. 7.27, 8.37

S Self-managed superannuation funds best interests duty …. 6.12, 6.13 ‘best interests’, meaning …. 6.13 care, skill and diligence …. 6.7–6.11 caution …. 6.10 content of duty …. 6.8 objective assessment …. 6.9 special skills …. 6.11 contravention of duties …. 6.17 defences …. 6.18 fiduciary breach …. 6.19 remedies …. 6.17, 6.19 directors’ duties …. 6.14, 6.15 governing rules …. 6.9 honesty in all matters …. 6.3 ‘honestly’, meaning …. 6.4, 6.5 objective or subjective standard …. 6.5, 6.6 overview …. 6.1, 6.20 regulation …. 6.16 trustees’ duties …. 6.1, 6.2 best interests duty …. 1.1, 6.12, 6.13 contravention …. 6.17–6.19 care, skill and diligence …. 6.7–6.11 honesty in all matters …. 6.3–6.6

Small business contracts see Unfair contract terms Social media misleading or deceptive conduct …. 12.33 platform providers …. 12.33 user-generated information …. 12.33 Standard form contracts see Unfair contract terms Statistics expert evidence …. 18.34, 18.41, 18.42, 18.43 overview …. 18.2, 18.27, 18.47 responsible lending …. 18.28, 18.31 penalties for non-compliance …. 8.24, 8.25, 8.26, 18.29–18.31, 18.43 Statutory interpretation see Interpretation Stockbrokers fiduciary duties …. 2.1, 9.44 fiduciary relationship …. 2.3, 9.44 Superannuation fund trustees see Registrable superannuation entities; Selfmanaged superannuation funds Supply of goods or services see Exclusive dealing; Resale price maintenance

T Trustees’ duties best interests duty …. 2.14, 5.11 ‘best’, meaning …. 2.15 ex ante test …. 2.17, 4.17 self-managed superannuation funds …. 1.1, 6.12, 6.13 care and skill …. 2.20 directors’ duties, distinction …. 2.19, 3.3, 4.9, 5.9, 6.10 fiduciary duties …. 2.1 fiduciary relationship …. 2.3 best interests duty …. 2.14, 2.15, 2.17

care and skill …. 2.20 managed investment schemes see Responsible entities registrable superannuation entities see Registrable superannuation entities self-managed superannuation funds see Self-managed superannuation funds

U Unconscionable conduct bargaining inequality …. 13.24, 13.25 court’s considerations …. 13.19, 13.20, 13.21 equity …. 13.1, 13.2, 13.8, 13.14 Amadio …. 13.2–13.7 circumstances affecting party …. 13.3, 13.5 defences …. 13.10, 13.11 remedies …. 13.12 special disadvantage …. 13.4, 13.8, 13.9 summary of principles …. 13.8 interpretation …. 1.3, 1.4 key elements …. 13.17 normative standard …. 13.18 overview …. 1.3, 13.1, 13.36 remedies …. 13.12, 13.26, 13.27 statutory provisions …. 13.13 intention of Parliament …. 13.15 Paciocco v ANZ …. 13.15–13.25 prohibitions …. 13.14, 13.15 remedies for breach …. 13.26, 13.27 unconscionable, meaning …. 13.16 undue influence, distinction …. 13.2 Undue influence unconscionable conduct, distinction …. 13.2

Unfair contract terms application of provisions …. 14.3, 14.6 consumer contract, definition …. 14.7 determining unfair terms …. 14.10, 14.17 circumstances as a whole …. 14.13, 14.15, 14.17 Paciocco v ANZ …. 14.10–14.13 transparency of terms …. 14.17–14.20 examples of unfair terms …. 14.9, 14.14 case examples …. 14.14, 14.15 cognate legislation …. 14.14, 14.15 excluded terms …. 14.7 overview …. 14.2, 14.4, 14.21 small business contract, definition …. 14.7 standard form contracts …. 14.8, 14.16 ascertaining …. 14.8 statutory provisions …. 14.1, 14.3, 14.5 transparency of terms …. 14.17, 14.18 conflicts with documentation …. 14.19 disclosure of disadvantageous terms …. 14.20 United Kingdom …. 14.18–14.20 unfair, definition …. 14.9 unfair term, definition …. 14.11 void terms …. 14.8, 14.16 United Kingdom behavioural economics paper …. 18.4, 18.15, 18.23 appropriate responses …. 18.10–18.13 behavioural biases …. 18.7, 18.8, 18.9 designing effective interventions …. 18.13 identifying issues …. 18.10 market forces …. 18.5 prioritising risks …. 18.10 reasons for consumer error …. 18.6

regulatory issues …. 18.14 understanding root causes …. 18.12 data breaches …. 17.21 class actions …. 17.41 notification laws …. 17.21 personal information …. 16.33 access to information …. 16.79, 16.80 application program interfaces …. 16.80 cookies …. 16.33 cross-border disclosures …. 16.68 data breach notification laws …. 17.21 unfair contract terms …. 14.18–14.20 United States data breaches …. 17.19 class actions …. 17.38, 17.40 notification laws …. 17.19, 17.20 Unjust contracts case example …. 13.31–13.33 court’s considerations …. 13.30 overview …. 13.1, 13.29, 13.36 remedies …. 13.35 scope of provision …. 13.30 unjust, definition …. 13.30 Utmost good faith see Good faith

W Whistleblower disclosures authorised deposit-taking institutions …. 8.2, 8.38, 8.39 communications to lawyer …. 8.45 compensation …. 8.43 confidentiality …. 8.44, 8.45 effect on liability …. 8.41

qualifying disclosures …. 8.39, 8.40 victimisation …. 8.42 confidentiality …. 3.46 effect on liability …. 3.45 example …. 3.47 identity of whistleblower …. 3.46 insurance entities …. 7.2, 7.28 life insurance entities …. 7.28, 7.29 communications to lawyer …. 7.35 compensation …. 7.33 confidentiality …. 7.34, 7.35 effect on liability …. 7.31 qualifying disclosures …. 7.29, 7.30 victimisation …. 7.32 overview …. 3.4, 3.44, 3.47 qualifying disclosures …. 3.44 effect on liability …. 3.45 registrable superannuation entities …. 5.26, 5.27 communications to lawyer …. 5.33 compensation …. 5.31 confidentiality …. 5.32, 5.33 effect on liability …. 5.29 qualifying disclosures …. 5.27, 5.28 victimisation …. 5.30

Related LexisNexis Titles Austin & Ramsay, Company Directors: Principles of Law and Corporate Governance, 2nd edition, 2017 Baxt, Black & Hanrahan, Securities and Financial Services Law, 9th edition, 2017 Gamertsfelder, Corporate Information and the Law, 2nd edition, 2016