No CrossRef data available.
We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.
We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.
Published online by Cambridge University Press: 01 January 2025
Australian corporate law allows for significant civil penalties to be imposed by a court on negligent corporate officers, including directors. For more than a decade, Australian Securities and Investments Commission used civil prosecutions for negligence exclusively in situations where an officer is alleged to have exposed their corporation to foreseeable risk of harm that would flow from a contravention by the corporation of a regulatory or disclosure obligation. This enforcement strategy—known as ‘stepping-stones’—has been strongly criticised, including by Rares J in his 2020 dissenting opinion in the Cassimatis appeal. This article explains how stepping-stones works as an enforcement strategy in the context of corporate compliance failures, explores the various criticisms of it, and argues for reform. It proposes a legislative alternative that rebalances individual officer liability, to reflect contemporary governance practices and encourage better management and oversight of non-financial risk in corporations.
The authors acknowledge the assistance of Miriam Kleiner, Special Counsel, and Trishala Shah, Solicitor, at King & Wood Mallesons in the research for this article.
1. For example, in 2016 Langford described the issue as ‘contentious’: Rosemary Teele Langford, ‘Corporate Culpability, Stepping Stones and Mariner: Contention Surrounding Directors’ Duties Where the Company Breaches the Law’ (2016) 34(1) Company and Securities Law Journal 75. See also Tim Bednall and Pamela Hanrahan, ‘Officers’ Liability for Mandatory Corporate Disclosure: Two Paths, Two Destinations?’ (2013) 31(8) Company and Securities Law Journal 474; Justice Ashley Black, ‘Directors’ Statutory and General Law Accessory Liability for Corporate Wrongdoing’ (2013) 31(8) Company and Securities Law Journal 511; Maeve McGregor, ‘Stepping-Stone Liability and the Directors’ Statutory Duty of Care and Diligence’ (2018) 36(3) Company and Securities Law Journal 245; Chief Justice TF Bathurst and Naomi A Wootton, ‘Directors’ and Officers’ Duties in the Age of Regulation’ in Pamela Hanrahan and Justice Ashley Black (eds), Contemporary Issues in Corporate and Competition Law: Essays in Honour of Professor Robert Baxt AO (LexisNexis Butterworths, 2019) 3; Claudia Carr and Robert Cunningham, ‘A Step Too Far? The “Stepping Stone” Approach and s 180(1) of the Corporations Act 2001 (Cth)’ (2019) 34(1) Australian Journal of Corporate Law 58; Rosemary Teele Langford, ‘Cassimatis v Australian Securities and Investments Commission [2020] FCAFC 52: “Dystopian Accessorial Liability” or the End of “Stepping-Stones” as We Know It?’ (2020) 37(5) Company and Securities Law Journal 362.
2. Cf Corporations Act 2001 (Cth) ss 344 and 601FD (‘Corporations Act’).
3. That is, bringing civil penalty proceedings against individual officers for breach of their statutory duty of care where it is alleged that their negligence caused or contributed to their corporation contravening the law. The stepping-stones strategy is described in Part 2 below; see generally Abe Herzberg and Helen Anderson, ‘Stepping Stones: From Corporate Fault to Directors’ Personal Civil Liability’ (2012) 40(2) Federal Law Review 181.
4. (2020) 275 FCR 533 (‘Cassimatis Appeal’). Appeal from Australian Securities and Investments Commission v Cassimatis [No 8] (2016) 336 ALR 209 (‘Cassimatis [No 8]’).
5. Defined in Corporations Act (n 2) s 9. See Australian Securities and Investments Commission v King (2020) 376 ALR 1 (‘King’).
6. Corporations Act (n 2) s 1317E(3).
7. Corporations Act (n 2) ss 1317G(3), 1317GAB and 206C.
8. ‘[Section] 181(1) does not require any proof of actual loss to the company’: Cassimatis [No 8] (n 4) 301 [481] (Edelman J).
9. This is suggested by ASIC’s stated priority of ‘[h]igh deterrence enforcement’, but not stated explicitly: Australian Securities and Investments Commission, ASIC Corporate Plan 2020–24 (Report, August 2020) 26.
10. For a detailed discussion of stepping-stones in disclosure cases, see Bednall and Hanrahan (n 1).
11. See generally, Pamela Hanrahan, ‘Companies, Corporate Officers and Public Interests: Are We at a Legal Tipping Point?’ (2019) 36(8) Companies and Securities Law Journal 665.
12. John C Coffee Jr, ‘“No Soul to Damn, No Body to Kick”: An Unscandalized Inquiry into the Problem of Corporate Punishment’ (1981) 79(3) Michigan Law Review 386.
13. Including under Corporations Act s 79 and its statutory analogues, discussed below.
14. Cassimatis Appeal (n 4) 597 [286].
15. All reported cases from 1 July 2010 to 30 June 2020 in which ASIC sought a declaration under s 1317E of the Corporations Act that an officer had contravened s 180(1) arose out of either a compliance or disclosure failure by a corporation. They involved James Hardie Industries Ltd (disclosure); Fortescue Metals Group Ltd (disclosure); Centro Properties Ltd (disclosure); AWB Ltd (compliance with UN program guidelines); Idylic Solutions Pty Ltd (compliance with financial product laws); Storm Financial Ltd (compliance with financial advice laws); Sino Australia Oil and Gas Ltd (disclosure); Mariner Corporation Ltd (compliance with takeover laws); Padbury Mining Ltd (disclosure); Ostrava Equities Pty Ltd (compliance with financial services laws); Avestra Asset Management Ltd (compliance with financial product laws); Whitebox Trading Pty Ltd (compliance with market conduct laws); and Vocation Ltd (disclosure). (Citations on file with authors.) The exception is Australian Securities and Investments Commission v Mitchell [No 2] (2020) 382 ALR 425 (‘ASIC v Mitchell’).
16. (2005) 223 CLR 422, 462 [128] (‘Vairy’).
17. (1980) 146 CLR 40 (‘Shirt’).
18. Ibid 47–8.
19. For a useful discussion of the Shirt calculus and its difficulties as a forensic tool, see Justice Margaret McMurdo, ‘Developments in the Law of Negligence: Have Plaintiffs Lost their Shirt?’ (Speech, Australian Lawyers Alliance Queensland State Conference, 13 February 2015).
20. See, eg, James Frost and James Eyers, ‘Let’s Get Real on Directors’ Duties: Westpac Chairman’, Australian Financial Review (online, 5 June 2020) <https://www.afr.com/companies/financial-services/westpac-s-john-mcfarlane-let-s-get-real-on-director-duties-20200604-p54zg3>.
21. The BEAR was introduced by the Treasury Laws Amendment (Banking Executive Accountability and Related Measures) Act 2018 (Cth) and commenced on 1 July 2018. It is now contained in Banking Act 1959 (Cth) pt IIAA. The proposal to extend the BEAR, known as the Financial Accountability Regime (‘FAR’), is contained in Treasury (Cth), Implementing Royal Commission Recommendations 3.9, 4.12, 6.6, 6.7 and 6.8: Financial Accountability Regime (Proposal Paper, 22 January 2020) (‘Financial Accountability Regime Proposal Paper’). The proposal went well beyond the relevant recommendations of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Final Report, February 2019) (‘BFRC Final Report’).
22. For a discussion of the use of s 180 by regulators, see Jasper Hedges et al, ‘The Policy and Practice of Enforcement of Directors’ Duties by Statutory Agencies in Australia: An Empirical Analysis’ (2017) 40(3) Melbourne University Law Review 905.
23. The alternate view is that current developments continue the trend that began after the global stock market crash of 1987 and that is evident in the case law and the steady ratcheting-up of expectations of individual accountability in corporate governance codes, beginning with the ‘Code of Best Practice’ in Report of the Committee on the Financial Aspects of Corporate Governance (1992) (‘The Cadbury Code’) and its local progeny. In 1992, Rogers CJ said, ‘[o]ne of the most striking features of the law concerning directors duties is the insistence that directors accept more and more responsibility for the oversight of a company’s affairs at the same time as the affairs of the company become more and more complex and diverse’: AWA Ltd v Daniels (1992) 7 ACSR 759, 865 (‘AWA’). In 1997, Professor Baxt argued that the views expressed by Rogers CJ in AWA could be traced back to comments of Sir Douglas Menzies in 1961—that is, pre-dating even the uniform companies legislation in Australia: Robert Baxt, ‘The Duty of Care of Directors: Does It Depend on the Swing of the Pendulum?’ in Ian M Ramsay (ed) Corporate Governance and the Duties of Directors (Centre for Corporate Law and Securities Regulation, University of Melbourne, 1997) 92, 93.
24. One of the most visible responses after the GFC was the so-called ‘Yates Memorandum’ issued by the United States Department of Justice in September 2015: Sally Quillian Yates, Individual Accountability for Corporate Wrongdoing (United States Department of Justice Memorandum, 9 September 2015). The memorandum concluded that one of the most effective ways to combat corporate criminal misconduct was to hold individuals accountable and required that corporations looking to negotiate the settlement of criminal proceedings hand over information about all potentially implicated individuals. The stance adopted by the Department was relaxed somewhat by the Trump Administration. Revised in 2018, it now provides in part that ‘[b]ecause a corporation can act only through individuals, imposition of individual criminal liability may provide the strongest deterrent against future corporate wrongdoing. Provable individual criminal culpability should be pursued, particularly if it relates to high-level corporate officers, even in the face of an offer of a corporate guilty plea or some other disposition of the charges against the corporation, including a deferred prosecution or non-prosecution agreement, or a civil resolution’: United States Department of Justice, Justice Manual (online at 3 March 2021) [9-28.210].
25. BFRC Final Report (n 21) and Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Interim Report, September 2018).
26. Sean Hughes, ASIC, ‘ASIC’s Approach to Enforcement after the Royal Commission’ (Speech, 36th Annual Conference of the Banking and Financial Services Law Association, 30 August 2019) (emphasis in original).
27. Australian Law Reform Commission, Corporate Criminal Responsibility (Discussion Paper No 87, November 2019) 5 (‘ALRC Discussion Paper 87’).
28. Ibid 10.
29. Australian Law Reform Commission, Corporate Criminal Responsibility: Individual Liability for Corporate Misconduct (Update, March 2020) (‘ALRC Update’) 2; Australian Law Reform Commission, Corporate Criminal Responsibility (Final Report No 136, April 2020) ch 9 (‘ALRC Report 136’).
30. See above (n 21).
31. The proposed accountability obligations require affected individuals to ‘(1) act with honesty and integrity, and with due skill, care and diligence; (2) deal with APRA in an open, constructive and cooperative way (noting that this will not displace legal professional privilege); (3) deal with ASIC in an open, constructive and cooperative way (noting that this will not displace legal professional privilege); (4) take reasonable steps in conducting those responsibilities to prevent matters from arising that would adversely affect the prudential standing or prudential reputation of the entity; and (5) take reasonable steps in conducting their responsibilities as an accountable person to ensure that the entity complies with its licensing obligations’: Financial Accountability Regime Proposal Paper (n 21) 6.
32. Recommendations 3.9, 4.12, 6.6, 6.7 and 6.8 of the BFRC Final Report go to individual accountability.
33. Josh Frydenberg, ‘Update on the Implementation of the Banking, Superannuation and Financial Services Royal Commission’ (Media Release, 8 May 2020). Neither of the authors supports this proposed extension of the civil penalty regime.
34. Baxt (n 23).
35. Significantly, in April 2020, the ALRC recommended against making any further adjustment to individual liability settings; its Recommendation 18 was that Government ‘should undertake a wide-ranging review of the effectiveness of individual accountability mechanisms for corporate misconduct within five years of the entry into force of the proposed Financial Accountability Regime or equivalent’: ALRC Report 136 (n 29) 442.
36. Westminster ministerial responsibility is explained in Senate Legal and Constitutional References Committee, Parliament of Australia, Administration and Operation of the Migration Act 1958 (Report, March 2006) 8–9 [1.13]–[1.16].
37. For example, the unlawful conduct examined by the BFRC resulted in board and C-Suite changes at several prominent Australian financial institutions. Later, allegations of significant breaches of anti-money laundering laws by Westpac Banking Corporation led to the resignation of its chief executive and early departure of its chair: see, eg, James Frost and James Eyers, ‘Westpac CEO, Chairman to Step Down’, Australian Financial Review (online, 26 November 2019) <https://www.afr.com/companies/financial-services/scandal-claims-westpac-ceo-chairman-20191126-p53e2k>. In September 2020, senior executives of Rio Tinto Ltd were removed following destruction of important indigenous heritage sites at Juukan Gorge in Western Australia: see, eg, Peter Ker, ‘Rio Tinto Boss JS Jacques Steps Down’, Australian Financial Review (online, 11 September 2020) <https://www.afr.com/companies/mining/rio-tinto-boss-js-jacques-step-down-20200911-p55ulf>.
38. See Jean J du Plessis and Jim A Mathiopoulos, ‘Defences and Relief from Liability for Company Directors: Widening Protection to Stimulate Innovation’ (2016) 31(3) Australian Journal of Corporate Law 287.
39. The definition expressly excludes from sub-para (b)(iii) ‘advice given by the person in the proper performance of functions attaching to the person’s professional capacity or their business relationship with the directors or the corporation’.
40. King (n 5) 9–17 [24]–[59] (Kiefel CJ, Gageler and Keane JJ), 42 [185] (Nettle and Gordon JJ). See also Tim Bednall and Victoria Ngomba, ‘The High Court and the C-Suite: Implications of Shafron for Company Executives below Board Level’ (2013) 31(1) Company and Securities Law Journal 6.
41. King (n 5) 14 [47] (Kiefel CJ, Gageler and Keane JJ), 19 [73], 42 [186] (Nettle and Gordon JJ).
42. ALRC Update (n 29) 2 [4] (citations omitted).
43. This is permitted in AGLC4 see example to Rule 1.4.2. See above (n 21).
44. See generally ALRC Discussion Paper 87 (n 27) 5–6; Cassimatis Appeal (n 4) 581–2 [223] (Rares J); Bednall and Hanrahan (n 1).
45. This is generally referred to as ‘[c]oncurrent liability—where both the individual and the body corporate may be separately liable as principals in respect of the same offence or contravention (a form of direct liability)’: ALRC Discussion Paper 87 (n 27) 151 [7.23].
46. This is described by the ALRC as ‘[m]anagerial liability—where the individual is deemed to be liable as a principal for an offence or contravention because of that individual’s role and status in the management of the body corporate (a form of deemed liability): ibid.
47. The ALRC describes accessorial liability as arising ‘where the individual is liable as an accessory to an offence or contravention for which the body corporate is principally liable (a form of indirect liability)’: ibid.
48. Where the corporation commits an offence, s 11.2 of the Criminal Code (Cth) applies. For a discussion of accessorial liability for corporate officers, see Black (n 1).
49. (1985) 158 CLR 661 (‘Yorke’).
50. This requirement is preserved for civil penalty liability arising out of involvement in a contravention of a civil penalty provision by Corporations Act s 1317QB(2).
51. Bednall and Hanrahan (n 1); Black (n 1). See also Gore v Australian Securities and Investments Commission (2017) 249 FCR 167.
52. His Honour commented that ‘the contraventions of s 1041 H are alleged against FMG as a stepping stone toward the conclusion that FMG contravened s 674(2). The contravention of ss 1041 H and 674(2) are, in turn, used as stepping-stones toward the conclusion that [chief executive officer] Forrest contravened s 180 of the [Corporations Act]’: (2011) 190 FCR 364 370 [10] (‘Fortescue Metals’).
53. On appeal, the market announcements were found not to have been misleading or deceptive: Forrest v Australian Securities and Investments Commission; Fortescue Metals Group Ltd v Australian Securities and Investments Commission (2012) 247 CLR 486.
54. Herzberg and Anderson (n 3) 182 (citations omitted).
55. For example, in Cassimatis Appeal (n 4) 546 [28] Greenwood J says ‘it is commonly said that the statutory formulation of the degree of care and diligence required of directors by s 180(1) reflects the degree of care and diligence now required by both the body of law we call equity and the common law’. The judgments of Thawley and Greenwood JJ in the Cassimatis Appeal have been characterised as confirming that stepping-stones ‘is a straightforward application of s 180 (or another duty) to the facts of each particular case’: see Langford, ‘“Dystopian Accessorial Liability” or the End of “Stepping-Stones” as We Know It?’ (n 1).
56. Cassimatis Appeal (n 4) 555 [79].
57. Australian Securities and Investments Commission v Maxwell (2006) 59 ACSR 373, 399 [104], 402 [110] (Brereton J) (‘Maxwell’); Australian Securities and Investments Commission v Warrenmang Ltd (2007) 63 ACSR 623, 628 [22] (Gordon J); Australian Securities and Investments Commission v Citrofresh International Ltd [No 2] (2010) 77 ACSR 69, 79 [50] (Goldberg J); Australian Securities and Investments Commission v Mariner Corporation Ltd (2015) 241 FCR 502, 582 [444] (Beach J) (‘Mariner’); Cassimatis [No 8] (n 4) 313 [539] (Edelman J); Cassimatis Appeal (n 4) 641 [460] (Thawley J).
58. Corporations Act (n 2) s 180(1).
59. Cassimatis [No 8] (n 4) 218 [4]–[5], 370 [834] (Edelman J); Australian Securities and Investments Commission v Drake [No 2] (2016) 340 ALR 75, 137–8 [318] (Edelman J) (‘Drake’). If the situation involves an allegation that the corporation committed an offence, it is not necessary for ASIC to prove the elements of the offence to the criminal standard: Cassimatis [No 8] (n 4) 319 [567] (Edelman J).
60. This is permitted in AGLC4 see example to Rule 1.4.2. See above (n 57); Mariner (n 57) 582–3 [444]–[447] (Beach J).
61. Mariner (n 57) 582 [441] (Beach J).
62. Vairy (n 16) 462 [128] (Hayne J).
63. Cassimatis [No 8] (n 4) 302 [483] (Edelman J). For example, a corporation that contravenes the law may be exposed to adverse consequences including enforcement proceedings or administrative action by a licensing authority or regulator. It might be sued by customers or others harmed by the contravening conduct, or damage its market standing—including in product, capital and employment markets—if it is viewed by relevant stakeholders as a poor corporate citizen with flow-on consequences for its financial success. The Basel Committee on Banking Supervision (‘BCBS’) defines compliance risk as ‘the risk of legal or regulatory sanctions, material financial loss, or loss to reputation a bank may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organisation standards, and codes of conduct applicable to its banking activities’: BCBS, ‘Compliance and the Compliance Function in Banks’ (High Level Paper, 29 April 2005), referred to in John Laker, Jillian Broadbent and Graeme Samuel, Australian Prudential Regulation Authority, Prudential Inquiry into the Commonwealth Bank of Australia (Final Report, 30 April 2018) 7.
64. Shirt (n 17) 48 (Mason J), quoted in Drake (n 59) 155–6 [395] (Edelman J). In dissent in the Cassimatis Appeal, Rares J parts company with the majority on the question of whether there was a foreseeable risk that Storm would face serious regulatory action over a failure to comply with Corporations Act s 945A in relation to some of its clients: see Cassimatis Appeal (n 4) [278].
65. Shirt (n 17) 47–8 (Mason J), quoted in Drake (n 59) 155–6 [395] (Edelman J).
66. Drake (n 59) 156 [397] (Edelman J).
67. Ibid 156 [398]. In Graham Barclay Oysters Pty Ltd v Ryan (2002) 211 CLR 540, 612 [192] (‘Graham Barclay Oysters’), Gummow and Hayne JJ quote the observation of Isaacs ACJ in 1924 that ‘[n]o conclusion of negligence can be arrived at until, first, the mind conceives affirmatively what should have been done’: Metropolitan Gas Co v Melbourne Corporation (1924) 35 CLR 186, 194.
68. Tame v New South Wales (2002) 211 CLR 317, 353 [99] (McHugh J).
69. Shirt (n 17) 47–8 (Mason J).
70. Corporations Act (n 2) s 180(2).
71. Ibid.
72. See Fortescue Metals (n 52) 427 [197]–[198] (Keane CJ, Emmett J agreeing at 431 [216], Finkelstein J agreeing at 431 [218]); Australian Securities and Investments Commission v Vocation Ltd (in liq) (2019) 371 ALR 155, 332 [739] (Nicholas J) (‘Vocation’).
73. (2009) 236 FLR 1, 151 [7278] (Austin J) (‘Rich’).
74. Pamela Hanrahan and Rachel Yates, ‘Directors’ Duties of Oversight: Insights for Australia from Recent Developments in Delaware’s Caremark Jurisprudence’ (2018) 33(2) Australian Journal of Corporate Law 185, 212.
75. See generally Pamela Hanrahan, ‘On Compliance’ in Pamela Hanrahan and Ashley Black (eds), Contemporary Issues in Corporate and Competition Law: Essays in Honour of Professor Robert Baxt AO (LexisNexis Butterworths, 2019) 182.
76. Corporations Act (n 2) s 674(2)(c)(ii).
77. Australian Securities and Investments Commission v Big Star Energy Ltd [No 3] (2020) 148 ACSR 344, 432–3 [529]–[532] (Banks-Smith J).
78. Cassimatis Appeal (n 4) 547 [30], quoting Justice Geoffrey Nettle, ‘The Changing Position and Duties of Company Directors’ (2018) 41(3) Melbourne University Law Review 1402, 1417.
79. Storm intended to give the advice on the terms that it did to the relevant clients—it is an example of where the business activity was executed as intended but designed without proper regard for the applicable regulatory requirements.
80. Mariner (n 57) 598 [542]. The corporation’s compliance failure was ultimately treated as resulting from the commercial decision to initiate a takeover bid which did not unfold as intended.
81. Ibid 599 [550].
82. This corresponds to the duty of loyalty in Delaware corporate law, which is the source of the duty of oversight identified in Re Caremark International Inc Derivative Litigation 698 A 2d 959 (Del Ch, 1996) (‘Caremark’). See Hanrahan and Yates (n 74).
83. Corporations Act (n 2) s 79. See also ALRC Discussion Paper 87 (n 27) ch 7.
84. Cassimatis [No 8] (n 4) 301 [482]. See also Pamela Hanrahan, ‘Directors’ Duties and Public Interests’ (Seminar Paper, UNSW Centre for Law, Markets and Regulation Seminar Series, 11 April 2018). At the extreme, a corporation that cannot effectively manage compliance risk in its business may be practically required to exit that line of business—see, for example, the decision by Citigroup US in 2017 to close its Banamex USA business following the settlement of proceedings involving breach of anti-money laundering laws.
85. (1993) 9 WAR 395, 449–50 (Ipp J, Malcolm CJ agreeing at 418). The allegation was that the director failed to take reasonable steps to ensure that effect was given to the terms of a business plan and management restructure which were contained in the paper prepared by him and adopted by resolution of the board.
86. Maxwell (n 57) 399 [104]. Maxwell arose from corporate contraventions of the fundraising laws. Brereton J said of the defendant director that given his ‘background and the particular skills (building) that he brought to the companies, the apparent distribution of responsibility among the directors of the ProCorp companies, and the involvement of the lawyers and accountants, upon which he was entitled in the absence of grounds for doubt to rely’, his Honour was ‘not persuaded’ that the director ought to have known or ascertained that the fundraising activities were in breach of the law: at 402 [113]. ‘To the contrary, until the intervention of ASIC, he was entitled to suppose that the fundraising activities…were being performed in accordance with appropriate legal and accounting advice’: at 403 [113]. Therefore ‘his duty of care and diligence did not require him to do more than he did to ascertain whether the scheme was not compliant, and it follows that, insofar as he permitted, allowed or failed to prevent the various contraventions committed by those companies, that did not involve a breach of his duty of care and diligence’: at 403 [113].
87. This begs the question of when a business might deliberately disregard existing laws with the intention of disrupting an industry; the example of Uber comes to mind.
88. Cassimatis [No 8] (n 4) 313 [540].
89. Ibid 313–14 [540] (emphasis in original).
90. Ibid 302 [485].
91. In the Final Report of the BFRC, Commissioner Hayne said, ‘[a]ll financial services entities must obey the law, not just those who are willing to do so. And all financial services entities must comply with all the laws that apply to them, not just with those bits of the law that they find to be commercially acceptable’: BFRC Final Report (n 21) 425.
92. Cassimatis Appeal (n 4) 640–1 [459].
93. In a workplace injury case decided in 2001, McHugh J (Gleeson CJ agreeing at 868 [3]) pointed out the ‘erroneous assumption that, if there was a reasonably foreseeable risk of injury to the plaintiff that could have been avoided by using mechanical means, the defendant was necessarily negligent. But the issue in negligence is always whether reasonable care required the elimination of the risk having regard to the consequences of the risk, the probability of its occurrence and the cost, expense and inconvenience of eliminating it’: Liftronic Pty Ltd v Unver (2001) 75 ALJR 867, 871 [25].
94. Mariner (n 57) 589 [482].
95. Contravention of the suitability rule in (the former) s 945A of the Corporations Act was an offence: Corporations Act (n 2) s 945A, as repealed by Corporations Amendment (Further Future of Financial Advice Measures) Act 2012 (Cth) sch 1 item 9. Because the provision formed part of the ‘financial services law’ as defined in the Act, a failure to comply could be a basis for administrative action by ASIC under the AFSL licensing regime: Corporations Act (n 2) pt 7.6.
96. In Cassimatis, the defendants had an unusually high level of control over Storm and its business operations and this was key to the liability finding. As Thawley J observed, ‘[t]he fact was that Mr and Mrs Cassimatis had an intimate knowledge of every level of the business operations, an unsurpassed knowledge of the detail of the Storm model, and the best overall understanding of the general financial profiles of Storm’s clients’: Cassimatis Appeal (n 4) 650 [498]. ASIC did not allege that three other (non-executive) directors of Storm were negligent in failing to identify the compliance risk in the Storm model. At first instance, Edelman J noted without adverse implication that ‘there were real limitations upon the extent to which [the non-executive directors] understood the details of Storm’s business and its model. These limitations were natural given their constraints as non-executive directors’: Cassimatis [No 8] (n 4) 282 [371].
97. ASIC’s only allegation was that the defendants had breached the duty of care; the regulator did not allege that the defendants personally had breached the financial services laws, that they were liable as accessories to Storm’s breach of those laws or that they had failed to act in good faith in the interests of Storm. Before the GFC, Storm was solvent, and the defendants were its only shareholders. The case therefore turned on whether the damage Storm—as a corporate entity—was likely to have suffered because of its breach of the financial services laws was foreseeable and therefore that the directors had a duty to take reasonable care to avoid it.
98. Cassimatis [No 8] (n 4) 370 [833].
99. Ibid 221 [22].
100. Cassimatis Appeal (n 4) 554 [77] (emphasis in original).
101. Ibid 575 [182] (Greenwood J).
102. Ibid 649 [495]–[496] (Thawley J).
103. For example, by failing to obtain unequivocal legal advice that transactions were permissible under applicable legislation and the terms of the constitution of a registered managed investments scheme: Australian Securities and Investments Commission v Australian Property Custodian Holdings Ltd (recs and mgrs apptd) (in liq) (Controllers appointed) (No 3) (2013) 31 ACLC ¶13-073, 1161–2 [568]–[569] (Murphy J); confirmed in Australian Securities and Investments Commission v Lewski (2018) 266 CLR 173.
104. Cassimatis Appeal (n 4) 597 [286].
105. Ibid 574 [179] (Greenwood J), 641 [462] (Thawley J).
106. Ibid 594 [271].
107. Ibid 597 [286].
108. Ibid 596 [282].
109. Ibid 594 [272].
110. Ibid 574 [179] (Greenwood J), 641 [462] (Thawley J).
111. Maxwell (n 57) 402 [110].
112. Yorke (n 49).
113. For example, in the disclosure context, Corporations Act (n 2) s 1041 H.
114. Cassimatis Appeal (n 4) 585 [234]. Cf Anthony Hordern & Sons Ltd v Amalgamated Clothing and Allied Trades Union of Australia (1932) 47 CLR 1, 7 (Gavan Duffy CJ and Dixon J) (‘Anthony Hordern’); David Grant & Co Pty Ltd v Westpac Banking Corporation (1995) 184 CLR 265, 276 (Gummow J, Brennan CJ, Dawson J, Gaudron J and McHugh J agreeing).
115. Cassimatis Appeal (n 4) 597 [286].
116. Ibid 554 [77].
117. Cassimatis Appeal (n 4) 585 [234]. His Honour goes on to observe that ‘ordinarily s 180(1) should be construed so that it does not operate upon express statutory duties imposed directly on a director or officer in other parts of the Act or other statutes’ because of the principle in Anthony Hordern (n 114) 7: at 586 [236].
118. Bednall and Hanrahan (n 1) 503–5.
119. See, eg, Steven Cole, Mind the Expectation Gap: The Role of a Company Director (White Paper, Australian Institute of Company Directors, February 2012) viii, which identified a concern that changing expectations of directors had resulted in ‘more time spent on corporate compliance and conformance, and less time available for strategy, entrepreneurship, risk management and prudential oversight to enhance effective corporate performance’.
120. The role of the board and senior executives in relation to the management of non-financial risk is explored in John Laker, Jillian Broadbent and Graeme Samuel, Prudential Inquiry into the Commonwealth Bank of Australia (Final Report, Australian Prudential Regulation Authority, 1 May 2018). Arguably, the role of the board in relation to compliance is more clearly articulated in the United States, where Delaware directors’ duty of loyalty to the company has been interpreted as requiring them to exercise effective oversight of the corporation’s compliance systems: see Hanrahan and Yates (n 74); Caremark (n 82); Marchard v Barnhill, 212 A.3d 805 (Del SC 2019) (‘Marchard’). In Marchard, Strine CJ noted that the Caremark standard is often criticised as being too low, but that it ‘does require that a board make a good faith effort to put in place a reasonable system of monitoring and reporting about the corporation’s central compliance risks’: at 824.
121. See Westpac Group, ‘Westpac Releases Findings into AUSTRAC Statement of Claim Issues’ (ASX Release, 4 June 2020). Note that the review was commissioned by Westpac and is not, and does not purport to be, a forensic examination of the issue. Available at <https://www.westpac.com.au/content/dam/public/wbc/documents/pdf/aw/media/westpac-releases-findings-into-austrac-statement-of-claim-issues-media-release.pdf>.
122. The review was conducted by an advisory panel comprising Dr Ziggy Switkowski AO, Dr Kerry Schott AO and Colin Carter AM. The panel members are not lawyers; their expertise is as senior company directors.
123. Board Governance of AML/CTF Obligations at Westpac: The Advisory Panel Review (Report, 8 May 2020) 9 (‘Westpac Review’).
124. International Organization for Standardization, ISO 19600:2014 Compliance Management Systems—Guidelines (Standard, 2014); Institute of Internal Auditors, The Three Lines of Defense in Effective Risk Management and Control (Position Paper, January 2013). See generally Hanrahan (n 75).
125. Australian Securities and Investments Commission v Flugge & Geary (2016) 342 ALR 1 (‘Flugge’) 6 [9], 7 [21] (Robson J).
126. The reviewers concluded that there was a problem with the content of the information being provided to the board. They observed that ‘when a Board is not getting correct information or matters are being omitted, its task is made impossible. There is absolutely no evidence that these errors were intentional or that were motivated to mislead the Board. The simple fact is that management did not know and hence could not inform the Board until they did know’: Westpac Review (n 123) 17.
127. For example, in Flugge (n 125), the defendant chairman sought and received assurances from management that arrangements for the sale of wheat to Iraq (subsequently impugned by the Cole Inquiry) were in accordance with United Nations requirements: see Tim Bednall, ‘Australian Securities and Investments Commission v Flugge: Section 180 Strikes Again’ (2018) 36(1) Company and Securities Law Journal 61. In Vocation (n 72) 342 [788], Nicholas J found that information about compliance action by a regulator provided to the board was ‘of very poor quality and…the product of a serious failure on [the CEO’s] part to provide the board with any organised or coherent information or analysis which the board could draw upon for the purposes of determining’ whether disclosure to the market was required.
128. See du Plessis and Mathiopolous (n 38).
129. Australian Securities and Investments Commission v Westpac Banking Corporation (2020) 277 FCR 343, 377 [162].
130. Graham Barclay Oysters (n 67) 611–12 [192] (Gummow and Hayne JJ).
131. Ibid.
132. Review of the Law of Negligence (Final Report, September 2002) 104 [7.11] (emphasis in original) (‘Ipp Review’).
133. In Chapman v Hearse (1961) 106 CLR 112, 115, Dixon CJ said, ‘I cannot understand why any event which does happen is not foreseeable by a person of sufficient imagination and intelligence’.
134. Cassimatis Appeal (n 4) 594–6 [278]–[281]. ASIC had provided particulars of eleven clients (including five couples and one individual) who were retired or near retirement, had limited assets and income, and were inexperienced investors, to establish that Storm had given six statements of advice to those clients that were inappropriate and contravened the former s 945A(1) of the Corporations Act to a civil standard. Rares J noted that ‘the relevant class [constituted by the eleven clients] was relatively small in the overall context of Storm’s clientele’: at 594 [273].
135. Ibid 596 [282] (emphasis in original), quoting Cassimatis [No 8] (n 4) 370 [833] (Edelman J).
136. Ipp Review (n 132) 103 [7.8]. The four components of the Shirt calculus are (a) the probability that the harm would occur if care was not taken; (b) the likely seriousness of that harm; (c) the burden of taking precautions to avoid the harm; and (d) the social utility of the risk-creating activity.
137. Ibid 106 [7.18] (emphasis in original).
138. Cassimatis [No 8] (n 4) 288–95 [413]–[445].
139. See especially Angas Law Services Pty Ltd (in liq) v Carabelas (2005) 226 CLR 507, 528–30 [55]–[64] (Gummow and Hayne JJ); Australian Securities and Investments Commission v Vines (2003) 182 FLR 405, 409–18 [15]–[48] (Austin J); Rosemary Teele Langford, Ian Ramsay and Michelle Welsh, ‘The Origins of Company Directors’ Statutory Duty of Care’ (2015) 37(4) Sydney Law Review 489.
140. Corporate Law Economic Reform Program Act 1999 (Cth).
141. Cassimatis Appeal (n 4) 545 [27] (emphasis in original).
142. Allens, Criminal and Civil Frameworks for Imposing Liability on Directors (Report for the Australian Institute of Company Directors, 2020).
143. See Corporations Act (n 2) s 199A(2).
144. For a summary of the relevant principles, see Australian Securities and Investments Commission v Healey [No 2] (2011) 196 FCR 430, 441–3 [83]–[91] (Middleton J).
145. These policy rationales are examined periodically by government and law reform bodies: see, eg, ALRC Report 136 (n 29); Australian Securities and Investments Commission, ASIC Enforcement Review Taskforce Report (Report, December 2017); Council of Australian Governments, Personal Liability for Corporate Fault: Guidelines for Applying the COAG Principles (25 July 2012); Corporations and Markets Advisory Committee (Cth), Personal Liability for Corporate Fault (Report, September 2006); Australian Law Reform Committee, Principled Regulation: Federal Civil & Administrative Penalties in Australia (Report No 95, December 2002); Corporate Law Economic Reform Program, Directors’ Duties and Corporate Governance: Facilitating Innovation and Protecting Investors (Paper No 3, 1997).
146. The High Court has said ‘whereas criminal penalties import notions of retribution and rehabilitation, the purpose of a civil penalty…is primarily if not wholly protective in promoting the public interest in compliance’ and ‘civil penalties are not retributive, but like most other civil remedies essentially deterrent or compensatory and therefore protective’: Commonwealth v Director, Fair Work Building Industry Inspectorate (2015) 258 CLR 482, 506 [55], 508 [59] (citations omitted) (French CJ, Kiefel, Bell, Nettle and Gordon JJ).
147. This issue is discussed in ASIC Enforcement Review Taskforce Report (n 145) 77–9.
148. Australian Law Reform Commission, Traditional Rights and Freedoms: Encroachments by Commonwealth Laws (Report No 129, December 2015) 256 [8.171].
149. Helen Anderson, Jasper Hedges and Michelle Welsh, Submission to Australian Securities and Investments Commission, ASIC Enforcement Review: Strengthening Penalties for Corporate and Financial Sector Misconduct (13 November 2017) 8.
150. See Hedges et al (n 22).
151. Australian Institute of Company Directors, Director Sentiment Index: Research Findings Second Half 2019 (Report, 2019) 11 <https://aicd.companydirectors.com.au/-/media/cd2/resources/advocacy/research/2019/pdf/2h19-dsi-102519.ashx>. The survey relates to the impact of legislation generally, rather than s 180(1) of the Corporations Act specifically.
152. Again, we are not concerned with an officer’s liability to compensate the corporation for any breach of the private law duty of care.
153. The recent exception is ASIC v Mitchell (n 15).
154. Rich (n 73) 149–51 [7269]–[7278].
155. See du Plessis and Mathiopoulos (n 38).
156. Bednall and Hanrahan (n 1).
157. ASIC Enforcement Review Taskforce Report (n 145) 79–80.
158. See, eg, Corporations Act (n 2) s 1317E(4); Australian Securities and Investments Commission Act 2001 (Cth) s 12GBCL.
159. This is permitted in AGLC4 see example to Rule 1.4.2. Assuming the FAR is not adopted: see above (n 21).
160. ALRC Discussion Paper 87 (n 27) 145 [7.1].
161. This is permitted in AGLC4 see example to Rule 1.4.2. See above (n 15).
162. This is permitted in AGLC4 see example to Rule 1.4.2. For example, of the kind provided in US corporate law by Caremark (n 82): see above (n 74) and accompanying text.