The Return of ASIC Court Enforceable Undertakings: Devil in the Detail
In Short
The Situation: On 22 November 2021, the Australian Securities and Investments Commission ("ASIC") released an updated Regulatory Guide 100: Court Enforceable Undertakings ("RG 100") for the first time in seven years. ASIC's updated RG 100 sets out ASIC's revised approach to court enforceable undertakings ("CEUs"), which contain a set of undertakings offered to, and accepted by, ASIC and are enforceable in a court. RG 100 sets out the circumstances in which ASIC will consider accepting a CEU and the terms that may be acceptable to ASIC.
The Result: ASIC's updated RG 100 reflects the commission's new regulatory enforcement strategy as set out in its Corporate Plan for 2021-25, which is focused on achieving targeted regulatory solutions. ASIC intends to undertake speedier investigations and seek timely and effective outcomes using the full suite of enforcement tools, with CEUs (which had fallen out of favour) expected to play an important role, whether as a standalone remedy or pursued together with other enforcement action.
Looking Ahead: Whilst we expect ASIC to be more willing to consider CEUs as an enforcement tool going forward, CEUs are only one of the options in its regulatory toolkit, which also includes civil penalty proceedings, product intervention orders, and infringement notices. ASIC's willingness to consider a range of different regulatory tools indicates that there will be greater scope for regulated entities to proactively engage with ASIC prior to and during investigations in relation to potential enforcement action, particularly where a regulated entity has acted swiftly to identify and rectify the issue, and remediate consumers.
ASIC's Approach to CEUs
Prior to the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry ("Royal Commission"), ASIC routinely accepted CEUs as a form of administrative settlement and as an alternative to civil court action or other administrative actions. In the five year period up to and including 2018, on average ASIC entered into 21 CEUs each year with individuals and regulated entities.
The Royal Commission, in its final report delivered in February 2019, heavily criticised ASIC's historical reliance on CEUs, in which entities typically only acknowledged ASIC's concerns, rather than acknowledging or admitting their breach of a specific statutory provision, and agreed not to contravene the law with or without an immaterial 'public benefit payment'.
As a result of this criticism, ASIC reversed its approach to CEUs and agreed to CEUs in only very limited circumstances. In 2019 and 2020, ASIC accepted only four CEUs:
- One which was already well advanced and entered into only a week after the delivery of the Royal Commission's final report;
- One entered into via a delegation granted by ASIC to the Australian Competition and Consumer Commission ("ACCC");
- One entered into as part of the settlement of Federal Court proceedings for alleged contraventions of the responsible lending laws, which was agreed to by ASIC after the Full Court of the Federal Court ruled against ASIC in ASIC v Westpac Banking Corporation [2020] FCAFC 111 involving similar conduct; and
- One entered into by an ASX listed lender in relation to admitted contraventions of the licensing provisions of the National Consumer Credit Protection Act 2009 (Cth). It is notable that in that case ASIC pursued enforcement proceedings in parallel to the CEU seeking declarations of contravention and civil penalties, notwithstanding the CEU and the fact that in its submissions to the Court ASIC described the respondent's level of cooperation since the commencement of ASIC's investigation and during the proceedings as "exemplary". (Australian Securities and Investments Commission v GoGetta Equipment Funding Pty Ltd [2021] FCA 420 at [38].)
ASIC's updated RG 100 may signal a return to ASIC's pre-Royal Commission approach to CEUs, which is consistent with ASIC's new mandate as set out in its Corporate Plan for 2021-25 (which we wrote about in a previous Commentary). As part of its new mandate, ASIC is adopting a targeted and pragmatic approach to regulatory enforcement action focused on the greatest areas of harm to consumers and markets. In executing this strategy, ASIC intends to undertake speedier investigations and seek more timely and effective outcomes for consumers and markets using the full suite of enforcement tools. CEUs will likely play an important role in its strategy.
In a recent interview with Jones Day, Ms Sarah Court, ASIC Deputy-Chair and Head of Enforcement, highlighted the benefits of CEUs from ASIC's perspective, including the speed and cost effective way in which the matter can be resolved, flexibility with respect to terms negotiated by the parties, the ability to provide swift remediation to consumers, and the ability for ASIC to impact the future conduct of the entity.
When Will ASIC Consider a CEU as an Enforcement Remedy?
Whilst we can expect ASIC to be more willing to consider CEUs as an enforcement remedy going forward, ASIC will not consider them appropriate in all cases. ASIC has reminded regulated entities that CEUs are only one of the enforcement options in its regulatory toolkit, which also includes civil penalty proceedings, product intervention orders, and infringement notices (among others).
In RG 100, ASIC confirms that it will only consider accepting a CEU if it has reason to believe there has been a contravention of relevant legislation administered by ASIC and where it determines that a CEU will achieve an effective and appropriate regulatory outcome that is in the public interest. (Note: Legislation administered by ASIC includes the Corporations Act 2001 (Cth), Australian Securities and Investments Commission Act 2001 (Cth), National Consumer Credit Protection Act 2009 (Cth), and the Superannuation Industry (Supervision) Act 1993 (Cth).)
ASIC will consider a range of case-specific factors before accepting a CEU:
- Whether the person is likely to comply with the CEU;
- The likely effect on the person's future conduct, including whether the CEU is likely to deter the person from engaging in misconduct in the future;
- Whether the CEU will deter others from engaging in similar conduct;
- The public interest, including the benefits of concluding matters quickly and cost effectively and compensating affected consumers for their damages;
- The significance of the issues to the market and the community;
- The nature and seriousness of the alleged contravention; and
- The compliance history of the party providing the CEU.
ASIC says they will not usually accept a CEU from a party and instead will refer a brief of evidence to the Commonwealth Director of Public Prosecutions for potential criminal prosecution (i) where the misconduct is deliberate or involves a high level of recklessness; (ii) where there is a need to send a strong deterrent message to the broader regulated community; or (iii) as an alternative form of relief if conditional relief has not been complied with.
What Terms May be Covered in a CEU?
There are a number of terms that ASIC will expect to be included in a CEU, such as terms that provide for compliance monitoring and reporting mechanisms (internal and/or external); identification and remediation of loss suffered by consumers; notices to correct any misleading or deceptive impression; compliance attestations; independent assurance of an entity's compliance with the CEU; publicity around ASIC's entry into the CEU and public access to the terms of the CEU itself.
Critically, when ASIC accepts a CEU in final resolution of a matter, it will generally require that the CEU contain admissions by the party that it contravened specific legislative provisions and that the admissions properly reflect the seriousness of the conduct. ASIC may also insist on a term which provides that ASIC's acceptance of the CEU does not affect or negate ASIC's power to bring enforcement proceedings. Admissions made in CEUs will continue to pose a risk of collateral litigation, particularly shareholder class actions, which may be commenced against regulated entities and their directors and officers.
ASIC has stated that it will not accept a CEU if it does not contain expected terms or details of the conduct giving rise to the CEU. ASIC will also not accept a CEU if it contains confidentiality terms, terms denying liability, or terms establishing defences for possible non-compliance with the CEU.
Three Key Takeaways
- Under ASIC's new targeted approach to enforcement action, regulated entities and their boards and senior management can expect speedier investigations. CEUs are expected to play an important role as a flexible and less costly administrative remedy to improve and enforce compliance with the law, whether as a standalone remedy or possibly pursued together with other enforcement action.
- ASIC's willingness to consider a range of different regulatory tools suggests that there may be greater scope for regulated entities to proactively engage with ASIC prior to and during investigations in relation to potential enforcement action, particularly where a regulated entity has acted swiftly to identify and rectify the issue, and remediate consumers.
- All regulated entities, as well as their directors and officers, should ensure that there are appropriate frameworks and resources in place for the proactive identification and rectification of actual or potential breaches of their regulatory obligations. Legal advice should be sought at an early stage with respect to strategic engagement with ASIC in relation to potential enforcement action. Where a CEU is pursued, careful consideration should be given to the collateral risks posed by any agreed facts and admissions contained in the CEU.