A new enforcement landscape for Australian corporations in 2019 and beyond

By Paul Nicols
Financial Services Litigation Risk & Compliance

In brief 11 min read

The Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry Interim Report, and a raft of announcements at the federal level over the past 12 months, point clearly to a more robust enforcement environment for corporate Australia in 2019 and beyond. Partner Paul Nicols, Senior Overseas Practitioner Chris Kerrigan and Associate Samantha Naylor Brown report.

How does it affect you?

  • As 2018 draws to a close, the Royal Commission Interim Report has given an indication as to the Commissioner's likely recommendation on enforcement activity in the financial sector: more court proceedings and more penalties.
  • The Federal Government and regulators have – through a range of measures and announcements described below – already reacted to criticism in the Royal Commission and other fora relating to the perceived lack of enforcement activity against corporate misconduct.
  • Corporations should prepare themselves now for more interactions with regulators and enforcement agencies that have a greater appetite for, and means to pursue, enforcement outcomes. For many, this is likely to mean increased budgets and personnel numbers for regulatory response teams, and a more structured approach to investigating alleged misconduct and interacting with regulators. For some, it is also likely to mean substantially revised risk and compliance approaches, to put the organisation in the best possible position when responding to increased enforcement activity (or to avoid such activity in the first place).

Enforcement announcements over the past 12 months

Over the past 12 months, the following announcements have been made:

  • In late 2017, the Government approved, or agreed in principle, with all of the recommendations of the Treasury's Taskforce review of the Australian Securities and Investments Commission (ASIC). It has already started actioning these recommendations, including by tabling before the House of Representatives a Bill increasing the maximum imprisonment penalties for serious corporate crimes under the Corporations Act 2001 (Cth) and strengthening penalties for individuals and corporations.1
  • Last month, the Australian Prudential Regulation Authority (APRA) announced its own enforcement strategy review, due to report by the end of March 2019.
  • APRA, ASIC and, most recently, the Commonwealth Department of Public Prosecutions (the CDPP) and the Federal Court, have all received significant funding increases.
  • ASIC has recently announced a new supervisory approach that involves embedding ASIC officers in major financial institutions.
  • APRA and ASIC have each appointed new deputy chairs with a focus on enforcement approaches and policy.
  • The Government is considering vesting the Federal Court with a broader criminal jurisdiction in relation to corporates.
  • The Government has also announced the establishment of a Committee of Regulatory Enforcement Strategy, to be chaired by the Attorney-General's Department.

Royal Commission Interim Report on Enforcement

The Royal Commission's Interim Report, published on 28 September 2018, contained several indications that the Commissioner will likely recommend a changed approach to enforcement from ASIC and APRA. In particular, in Chapter 8 of the Interim Report, the Commissioner was critical of ASIC's historic approach of negotiating and entering into enforceable undertakings with institutions. The Commissioner's strong preference appears to be for court-determined outcomes, commenting that the starting point for ASIC should be to ask whether it can make a case for a breach of the law and, if so, why it would not be in the public interest to bring penalty proceedings in relation to it.2

One point highlighted in the Interim Report was ASIC's failure to take any steps to prosecute licensees for contraventions of the breach reporting obligation in the Corporations Act. As such, the first cab off the rank for ASIC enforcement action may be for failures to identify and report breaches. A recent ASIC review into breach reporting in the financial sector identified significant delays in investigating potential breaches and reporting actual breaches. In its media release about the review's findings, ASIC flagged that it is actively considering enforcement action for failures to report breaches on time,3 and it has recently announced that it will embed staff in major financial institutions, with a focus on breach reporting (see our Unravelled article on close and continuous monitoring).

For more on the Royal Commission's Interim Report, see our special edition of Unravelled.

Although the Royal Commission's mandate is limited to the banking, superannuation and financial services sectors, recommendations relating to ASIC are likely to have broader consequences for enforcement activity outside of these sectors.

ASIC and APRA response

In its response to the Interim Report, ASIC has broadly acknowledged the Commissioner's criticism, accepting that it should alter its enforcement priorities and practices 'to be more agile in initiating and prosecuting court action, and in many instances even commencing with it'. 4 ASIC Chair James Shipton affirmed its commitment to enforcement at the Royal Commission's seventh round of public hearings. In reflecting on alleged shortcomings in ASIC's investigation of potential breaches by several large financial institutions, Mr Shipton assured the Royal Commission that lessons had been learned and was unequivocal that, 'the starting point today would be to ask the question and turn our minds to why not litigate this demonstrable breach.'5

Consistent with its change in approach, ASIC has appointed Daniel Crennan QC as a new deputy chairperson to lead enforcement. At a parliamentary hearing in October, Mr Crennan QC commented on ASIC's use of enforceable undertakings: 'If they want an EU, they will have to admit they contravened the law. Even if they do contravene the law, they will be very lucky, in this new world, to get an EU. We are going to be litigation focused.'6

APRA's written response to the Interim Report was more tempered, acknowledging that changes to regulatory approach could contribute, along with other changes at the institutional level, to addressing misconduct in the financial sector. On enforcement specifically, APRA highlighted that its approach has been to undertake proactive ex ante supervision, rather than ex post enforcement, but that a review of that approach was appropriate.7 Since making its submission, APRA Deputy Chair John Lonsdale has publicly commented that APRA has acknowledged the 'need to consider a stronger appetite for formal enforcement action'.8 Last week, APRA announced that it has commenced proceedings in the Federal Court to disqualify five senior executives and directors of a major superannuation fund, and is seeking to impose additional licence conditions on the fund.9


Additional funding for ASIC, APRA, the CDPP and the Federal Court

Following the release of draft legislation to strengthen penalties for corporate and financial sector misconduct,10 and announcements earlier this year that ASIC and APRA would be provided with an additional $70.1 million and $58.6 million respectively,11 the CDPP and the Federal Court are also set to receive a funding boost. An additional $51.5 million will be provided to help manage the growing volume of prosecutions expected to be generated by increased ASIC activity.12

The CDPP will receive the majority of the additional $51.5 million allocation, with $41.6 million to be provided to it over eight years. The Federal Court will receive the remaining $9.9 million over four years. Little detail has been provided on exactly where that funding will be directed, but media releases and statements from the Treasurer of the Commonwealth of Australia suggest that we can, at least, expect to see two additional judges appointed to the Federal Court to hear civil cases, and an increase in the number of CDPP prosecutors hired.

ASIC's additional $70.1 million is made up of a package of measures, including $26.2 million to increase its enforcement activities. For APRA, its additional funding is also directed more broadly, but at least part of it is intended to fund a review of its enforcement strategy (see below).

APRA enforcement strategy review

APRA's enforcement strategy review will be led by APRA Deputy Chair John Lonsdale, with assistance from an independent advisory panel comprising a former NSW Supreme Court judge, an ACCC commissioner, and a UNSW law professor specialising in markets and regulation.

The review is primarily forward-looking and, among other things, involves an examination of:

  • the relationship between APRA's supervisory approach and enforcement action;
  • any legal, practical or structural impediments to enforcement action; and
  • APRA's decision-making process when determining whether to take enforcement action.

Draft recommendations will be made available to APRA members  by 28 February 2019 and the final review is expected to be presented to APRA members by 31 March 2019.13

Review into the Federal Court's criminal jurisdiction

On multiple occasions during the Royal Commission hearings, suggestions have been made by Counsel Assisting the Commission that the conduct of financial services entities might have amounted to criminal misconduct. At present, criminal cases under the Corporations Act must be brought in state courts.14 As observed in the Commissioner's Interim Report, ASIC has primarily instigated criminal prosecutions in the financial services sector against individuals.15

Perhaps anticipating a finding by the Commission that more criminal prosecutions should be brought against corporations, the Federal Government has announced a review to consider whether the Federal Court's jurisdiction should be expanded to include corporate crime, on the basis that the court may be able to handle cases more quickly and efficiently than state courts.16 The Attorney-General's Department will conduct the review, and will provide its report to the Government in January next year, just before the February publication of Commissioner Hayne's final report on his findings from the Royal Commission.

New Committee of Regulatory Enforcement Strategy

The Federal Government also announced in November that it will establish a Committee of Regulatory Enforcement Strategy to be chaired by the Attorney-General's Department. Other representatives will include 'relevant agencies that regulate the financial services sector' – presumably, ASIC and APRA will both get a seat at the table. The Committee will meet regularly, and will report to the Government on regulatory and civil enforcement policy.

Next steps

With regulators taking a more active and coordinated approach to enforcement, corporations both inside and outside the financial services sector should prepare themselves for:

  • an increasing volume of regulatory requests, surveillance activity and investigations, including requests for the provision of information and documents, and further encouragement to cooperate proactively with regulatory surveillance and investigations;
  • an increased focus from regulators on the ability of their risk and compliance frameworks to deal with and investigate potential incidents, in addition to consideration of the particular incident itself; and
  • regulators that are less amenable to agreeing to enforceable undertakings or other settlement mechanisms, and, consequently, more instances of alleged misconduct needing to be resolved in the courts. Where penalties are imposed, it is likely that the figures will be significantly higher than they have been to date.

The imperative to engage appropriately with regulators and enforcement agencies has never been greater; yet, so are the associated risks, including the ever-present and growing risk of class actions. There is no one-size-fits-all policy for regulatory engagement – the legal requirements and dynamics can differ considerably in relation to different regulators and agencies, as well as across industries. Nevertheless, in this new environment, we are assisting clients with ensuring that they have clarity on the following:

  • a strategy for engagement with regulators and other agencies;
  • accountability within the organisation for regulatory relationships;
  • governance, policies and procedures for identifying and investigating misconduct and regulatory engagement; and
  • adequate cross-functional resources, expertise and personnel to help manage enforcement risk.

If you require assistance, please contact any of the people below.


  1. See Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Bill 2018.
  2. See Chapter 8, Interim Report of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry.
  3. See ASIC media release 18-284MR dated 25 September 2018.
  4. See ASIC's submission in response to the Royal Commission's Interim Report; in particular, paragraph 25.
  5. See Draft Transcript of Day 64, 23 November 2018, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, page 6953.
  6. Public hearing of the Parliamentary Joint Committee on Corporations and Financial Services, Oversight of the Australian Securities and Investments Commission, 19 October 2018.
  7. See APRA's submission in response to the Royal Commission's Interim Report.
  8. See Lewis Panther, FINSIA, APRA's evolution towards taking (enforcement) action, 15 November 2018.
  9. See APRA media release dated 7 December 2018
  10. See our Focus: ASIC's sanctions and powers to be strengthened and media release dated 26 September 2018 from the Treasurer of the Commonwealth of Australia.
  11. See media release dated 7 August 2018 from the Minister for Revenue and Financial Services, Commonwealth of Australia.
  12. See media releases dated 16 November 2018 from the Treasurer of the Commonwealth of Australia and the Attorney-General for the Commonwealth of Australia.
  13. Under the Australian Prudential Regulation Authority Act 1998 (Cth), APRA members are appointed by the Governor-General for terms of up to five years, and are responsible and accountable for APRA's operation and performance.
  14. Section 39B(1A)(c) Judiciary Act 1903 (Cth) and s1338B Corporations Act.
  15. See Chapter 8, Section 2.2, Interim Report of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry.
  16. See media releases dated 16 November 2018 from the Treasurer of the Commonwealth of Australia and the Attorney-General for the Commonwealth of Australia.