Federal Court and ASIC shine spotlight on supervisory and risk management requirements for CAR arrangements

By Penny Nikoloudis, Marc Privitelli
Financial Services

Important lessons for AFS licensees 7 min read

In its recent decision in Australian Securities and Investments Commission v Lanterne Fund Services Pty Limited [2024] FCA 353, the Federal Court highlighted the risk of breach of the general obligations of Australian financial services (AFS) licensees under the Corporations Act 2001 (Cth) (the Act) arising from corporate authorised representative (CAR) arrangements.

In this Insight, we examine Justice McEvoy's reasoning, and highlight the potential implications for AFS licensees that are party to, or that may in future enter into, CAR arrangements.

Key takeaways

  • Where an AFS licensee is a party to one or more CAR arrangements, it must ensure that, at all times, it maintains adequate systems for:
    • conducting due diligence on prospective CARs and authorised representatives (ARs);
    • reviewing and auditing compliance by CARs and ARs with financial services laws, and addressing instances of non-compliance;
    • identifying and mitigating compliance and regulatory risks, including by implementing a training and competency program for staff and ARs; and
    • ensuring that human resourcing and information technology (IT) capabilities and requirements are always met.
  • In all cases, the adequacy of these systems will depend on the nature and extent of the financial services provided under any CAR arrangements, and the industries across which its CARs and ARs operate.


Lanterne Fund Services Pty Ltd operated a business whereby it authorised entities and individuals to operate as CARs and ARs under its AFS licence in exchange for fees – colloquially, a 'licensee for hire' model. The businesses appointed as CARs under Lanterne's AFS licence operated across various industries – including renewable energy, infrastructure, transport and logistics, cyber and technology, healthcare, real estate and property, biotechnology and agriculture. They included venture capital funds, managed investment schemes, agricultural advisory services, wholesale funds management services, corporate advisory services, wholesale property funds, energy trading funds, digital asset funds and climate change advisory services.

The Australian Securities and Investments Commission (ASIC), the plaintiff, alleged that, at any time during the period commencing 13 March 2019 and ending 5 October 2021 (the relevant period), between 62 and 69 entities, and between 134 and 205 individuals, operated as CARs and ARs under Lanterne's AFS licence, with total funds under management fluctuating between approximately $1.2 billion in March 2021 and $1.66 billion at the end of the relevant period.

For the duration of the relevant period, Mr Peter Cozens was for Lanterne:

  • the only full-time employee;
  • the only active responsible manager; and
  • the sole director and chief executive officer.

The agreed facts

On 16 December 2022, Lanterne and ASIC prepared and filed a statement of agreed facts and admissions (SAFA) under section 191 of the Evidence Act 1995 (Cth), and jointly sought declarations as to the admitted contraventions and compliance orders. The SAFA provided, among other matters, that Lanterne:

  • (arrangements with new CARs) conducted no discernible due diligence on prospective CARs, conducted only limited background checks on their directors, and its template CAR agreement allowed for the nomination of ARs without Lanterne's written consent;
  • (supervisory arrangements) was reliant on self-reporting by CARs and ARs, and did not have any formal or documented processes for reviewing and auditing compliance by ARs with financial services law, following up on reported instances of non-compliance, and monitoring and supervising its own staff;
  • (risk management and compliance) did not have any systems, processes or controls to identify, manage or mitigate compliance and regulatory risks faced by CARs and ARs;
  • (training) did not have a training and competency program in place for CARs and ARs, and did not require any verification of, or information about, training undertaken by its CARs and ARs;
  • (HR) lacked processes to identify human resourcing capabilities and requirements, including the need for an adequate number of suitably qualified responsible managers to oversee the financial services provided by its CARs and ARs; and
  • (IT) lacked adequate IT infrastructure – including protocols, disaster recovery plans and dedicated IT capability – to keep abreast of IT and cyber security issues.

On the above basis, the parties agreed that Lanterne had contravened its general obligations as the holder of an AFS licence and a party to CAR arrangements:

  • under sub-section 912A(1)(h) of the Act to have adequate and documented risk management systems in place to identify and evaluate the risks faced by its business, including any risks relating to its CARs and ARs, and to ensure the sufficiency of its technology and cyber security arrangements;
  • under sub-s912A(1)(e) of the Act to maintain competence to provide financial services, including by maintaining sufficient responsible managers with skills and experience in the financial services offered by its CARs and ARs, and across the industries and businesses in which they operate;
  • under sub-s 912A(1)(f) of the Act to ensure its representatives are adequately trained and competent to provide the relevant financial services, including by establishing a training and competency program, and a process for documenting and assessing the skills and competencies required by its ARs;
  • under sub-s912A(1)(ca) of the Act to take reasonable steps to ensure that its representatives comply with the financial services laws, including by having a documented process for undertaking background checks and due diligence of representatives of prospective CARs and ARs, and for conducting ongoing checks of its appointed ARs to ensure that they remain appropriate while acting in such capacity; and
  • under sub-s912A(1)(d) of the Act to have available adequate resources to provide the financial services covered by its licence, and to carry out supervisory arrangements, including by maintaining adequate internal capability or third-party specialist support to cover its basic functions of risk and compliance (particularly to supervise and monitor ARs), IT functions and financial management.

In addition, the SAFA's terms provided that:

  • Lanterne had failed to comply with its general obligation under s912A(1)(a) of the Act to ensure the financial services covered by its AFSL were provided efficiently, honestly and fairly; and
  • by each respective contravention of ss 912A(1)(a), (ca), (d), (e), (f) and (h), Lanterne had contravened s 912A(5A) of the Act.

Declarations and orders

On the basis of the agreed facts and admissions, Justice McEvoy considered it appropriate to make:

  • declarations as to Lanterne's contravening conduct under s1317E(1) of the Act substantially in the terms set out in the SAFA; and
  • orders under s1101B(1)(a)(i) of the Act requiring Lanterne to undertake compliance measures, including by engaging (and bearing the costs of) an independent expert to:
    • report on the adequacy of its systems, processes and controls, and prepare a written report (the compliance report) making recommendations on the steps to improve such systems, processes and controls, where inadequate; and
    • thereafter, report on the adequacy of Lanterne's implementation of the recommendations in the compliance report (the implementation report), and provide the implementation report to Lanterne and ASIC.

The key point of contention between the parties related to the quantum of the pecuniary penalty to be imposed on Lanterne for its contravening conduct. In this regard, Justice McEvoy accepted ASIC's submission that the comprehensive nature of Lanterne's failure to comply with its fundamental obligations as an AFS licensee required a significant pecuniary penalty, in order to satisfy the objectives of specific and general deterrence. Ultimately, His Honour made an order under s1317G(1), of the Act requiring Lanterne to pay an aggregate pecuniary penalty in the amount of $1.25 million (equating to $250,000 for the contravention of each of sub-ss 912A(1)(ca), (d), (e), (f) and (h) of the Act).1 ASIC did not pursue any penalty for Lanterne's contravention of s912(A)(1)(a), due to the overlap with the factual matters relied on as the basis for the contravention of the above provisions of s912A(1).

Other considerations for AFS licensees

Although Justice McEvoy was largely concerned with Lanterne's 'licensee for hire' business and the comprehensiveness of its failings in operating it, his decision includes several expositions of the law that are relevant for AFS licensees – particularly those that are party to, or that may in future enter into, CAR arrangements. Most relevantly, the decision emphasises that:

  • where the holder of an AFS licence authorises representatives under s916A of the Act, it is the AFS licensee who remains ultimately responsible for complying with the general obligations in s 912A(1) of the Act;
  • the content of, and the manner in which, an AFS licensee may comply with those general obligations will depend on the nature, scale and complexity of the licensee's business and the financial services being offered;
  • there is nothing in the language of:
    • sub-s912A(1)(ca) of the Act that makes a proven contravention of any financial services law; or
    • sub-s912A(1)(a) of the Act that makes a proven contravention or breach of a separately existing legal duty or obligation (whether statutory, fiduciary, common law or otherwise),

    a precondition to a finding of contravention of those provisions; and
  • in determining the quantum of any pecuniary penalty for a breach of one or more of the general obligations in s912A(1) of the Act, the court will have regard to (among other matters):
    • the nature, extent and circumstances of the contravening conduct;
    • the theoretical maximum penalty, and whether the penalty ultimately imposed is just and proportionate (having regard to any overlap in the conduct giving rise to the various contraventions);
    • the risk or potential for harm to consumers as a result of the contravening conduct (whether or not there is evidence of actual harm materialising); and
    • the requirements of specific (if applicable, including where the AFS licensee intends to continue operating in such capacity) and general deterrence, including the need to convey to market participants the standard of corporate behaviour expected of them.

Next steps

If you would like to discuss the issues raised in this Insight, please contact any of the people below.


  1. According to Justice McEvoy, certain mitigating factors, including that Lanterne had worked with ASIC in agreeing to and admitting the facts and contraventions outlined in the SAFA, and had not previously been found to have engaged in similar conduct, justified a penalty lower than the $1.5 million figure proposed in ASIC's submissions. However, the comprehensive nature of Lanterne's breaches meant that the ultimate pecuniary penalty of $1.25 million was substantially higher than the $150,000 figure proposed in Lanterne's submissions, which Justice McEvoy characterised as 'little more than derisory' and 'wholly inappropriate'.