Federal Court of Australia
Australian Securities and Investments Commission v Allianz Australia Insurance Limited [2021] FCA 1062
ORDERS
AUSTRALIAN SECURITIES AND INVESTMENTS COMMISSION Plaintiff | ||
AND: | ALLIANZ AUSTRALIA INSURANCE LIMITED (ACN 000 122 850) First Defendant AWP AUSTRALIA PTY LTD (ACN 097 227 177) Second Defendant | |
DATE OF ORDER: |
Definitions
In these orders the following terms mean:
Allianz Australia means the First Defendant, Allianz Australia Insurance Ltd (ACN 000 122 850).
AWP means the Second Defendant, AWP Australia Pty Ltd (ACN 097 227 177).
Expedia websites means www.expedia.com.au, www.lastminute.com.au and www.wotif.com.au.
Plan D Policy means the insurance policy offered on the Expedia websites available under the Integrated Products known as “Plan D Cancellation Only”.
Integrated Product means an insurance product sold on the Expedia websites in conjunction with other travel products sold by Expedia, such as flights, or flights and accommodation. The Integrated Product had two policy options: a “cancellation-only” policy (which covered costs associated with cancellation of travel arrangements), and an “essentials” policy (which incorporated the cancellation-only cover, and also added cover for medical or hospital cover).
Journey Criterion means the requirement that in order for a customer to have insurance coverage under the Plan D Policy offered on the Expedia websites, the customer’s travel was required to commence, or in some instances commence or conclude, in Australia.
Premium Calculation Statements means words to the following effect, as contained in various product disclosure statements (PDS) issued by Allianz Australia during the period 24 February 2015 to 1 June 2018, in respect of the Integrated Product:
“in calculating [a customer’s premium], we take into account a number of factors, including your destination(s), length of journey and age of persons to be covered under the policy. The amount of any excess payable is also included in the calculation of your premium”
Smart Traveller Statement means the statement on the Expedia websites that “Travel insurance is as essential as your passport regardless of your travel destination – Smart Traveller – Department of Foreign Affairs and Trade”.
PURSUANT TO S 21 OF THE FEDERAL COURT OF AUSTRALIA ACT 1976 (CTH) THE COURT DECLARES THAT:
With respect to the first defendant, Allianz Australia:
Premium Calculation Methodology
1. Between 24 February 2015 and 1 June 2018, Allianz Australia in trade or commerce engaged in conduct in relation to financial services that was liable to mislead the public as to the nature and characteristics of those financial services and thereby contravened s 12DF of the Australian Securities and Investments Commission Act 2001 (Cth) (ASIC Act), in that:
(a) Allianz Australia issued various PDS to customers in respect of the Integrated Product which were made available to customers on the Expedia websites and which contained (amongst other matters) the Premium Calculation Statements; and
(b) Contrary to the Premium Calculation Statements, the calculation of a customer’s premium was made by reference to only two factors (a) the cost of the total travel package being purchased by the customer; and (b) the duration of the customer’s trip.
Smart Traveller
2. From sometime between October 2015 and April 2016 to sometime after 12 September 2018, Allianz Australia in trade or commerce engaged in conduct in relation to financial services that was liable to mislead the public as to the nature and characteristics of those financial services and thereby contravened s 12DF of the ASIC Act, in that it:
(a) failed to take reasonable steps to prevent the addition of, or ensure the timely removal of, the Smart Traveller Statement on the Expedia websites in respect of cancellation-only travel insurance which did not include medical or hospital cover;
(b) in circumstances where the Smart Traveller Statement was published on the website of the Department of Foreign Affairs and Trade in terms and context which indicated that it applied to travel insurance containing medical and hospital coverage.
Journey Criterion
3. Between 24 February 2015 and 12 September 2018, Allianz Australia, in trade or commerce engaged in conduct in relation to financial services that was misleading or deceptive or likely to mislead or deceive and thereby contravened s 12DA of the ASIC Act and s 1041H of the Corporations Act 2001 (Cth) (Corporations Act), in that:
(a) it was a requirement for cover under the Plan D policy that a customer’s travel satisfy the Journey Criterion;
(b) customers were required to enter places of origin and conclusion of their travel during the purchase process on the Expedia websites from which the Plan D policy was available for purchase;
(c) Allianz Australian failed to take reasonable steps to ensure that the Expedia websites contained a control mechanism to prevent customers whose journeys did not satisfy the Journey Criterion from purchasing the Plan D policy; and
(d) 64,911 customers who did not satisfy the Journey Criterion purchased the Plan D policy through the Expedia websites.
Age Criterion
4. During the period commencing on or after 1 December 2016 and ending no later than 15 February 2017, Allianz Australia, in trade or commerce engaged in conduct in relation to financial services that was misleading or deceptive or was liable to mislead or deceive and thereby contravened s 12DA of the ASIC Act and s 1041H of the Corporations Act in that:
(a) it was a requirement for cover under the Integrated Product that customers were under the age of 61 at the time of purchase; and
(b) Allianz failed to take reasonable steps to ensure that Expedia maintained warning text on the Expedia websites which required customers to select an option to confirm that travellers were under 61 years of age prior to purchasing an Integrated Product.
Premium Calculation, Journey Criterion, Age Criterion and Smart Traveller
5. By reason of the matters set out in Declarations 1, 2, 3 and 4 above, Allianz Australia failed to:
(a) do all things necessary to ensure that the financial services covered by its financial services licence were provided efficiently, honestly and fairly, and thereby contravened s 912A(1)(a) of the Corporations Act; and
(b) comply with the financial services laws, and thereby contravened s 912A(1)(c) of the Corporations Act.
With respect to the second defendant, AWP Australia:
Journey Criterion
6. Between 24 February 2015 and 12 September 2018, AWP in trade or commerce engaged in conduct in relation to financial services that was liable to mislead the public as to the characteristics or the suitability for their purposes of financial services and thereby contravened s 12DF of the ASIC Act, in that:
(a) it was a requirement for cover under the Plan D policy that a customer’s travel satisfy the Journey Criterion;
(b) customers were required to enter places of origin and conclusion of their travel, during the purchase process on the Expedia websites from which the Plan D policy was available for purchase;
(c) AWP failed to take reasonable steps to ensure the Expedia websites contained a control mechanism to prevent customers who did not satisfy the Journey Criterion requirement from purchasing the Plan D policy; and
(d) 64,911 customers who did not satisfy the Journey Criterion purchased the Plan D policy through the Expedia websites.
Age Criterion
7. During the period commencing on or after 1 December 2016 and ending no later than 15 February 2017, AWP in trade or commerce engaged in conduct in relation to financial services that was misleading or deceptive or was liable to mislead or deceive and thereby contravened s 12DA of the ASIC Act and s 1041H of the Corporations Act, in that:
(a) it was a requirement for cover under the Integrated Product that customers were under the age of 61 at the time of purchase; and
(b) AWP failed to take reasonable steps to ensure that Expedia maintained warning text on the Expedia websites which required customers to select an option to confirm that travellers were under 61 years of age prior to purchasing an Integrated Product.
Smart Traveller
8. From sometime between October 2015 and April 2016 to sometime after 12 September 2018, AWP in trade or commerce engaged in conduct in relation to financial services that was liable to mislead the public as to the nature and characteristics of those financial services and thereby contravened s 12DF of the ASIC Act, in that it:
(a) failed to take reasonable steps to prevent the addition of, or ensure the timely removal of, the Smart Traveller Statement on the Expedia websites in respect of cancellation-only travel insurance which did not include medical or hospital cover;
(b) in circumstances where the Smart Traveller Statement was published on the website of the Department of Foreign Affairs and Trade in terms and context which indicated that it applied to travel insurance containing medical and hospital coverage.
Journey Criterion, Age Criterion and Smart Traveller
9. By reason of the matters set out in Declarations 6, 7 and 8 above, AWP failed to:
(a) do all things necessary to ensure that the financial services covered by its financial services licence were provided efficiently, honestly and fairly, and thereby contravened s 912A(1)(a) of the Corporations Act; and
(b) comply with the financial services laws, and thereby contravened s 912A(1)(c) of the Corporations Act.
THE COURT ORDERS THAT:
10. Leave be granted for the plaintiff to further amend the Amended Originating Process in the form provided to the Court on 14 July 2021.
11. Pursuant to s 12GBA of the ASIC Act, Allianz Australia pay to the Commonwealth a pecuniary penalty in the amount of AUD$360,000 in respect of the contraventions the subject of declarations 1 and 2.
12. Pursuant to s 12GBA of the ASIC Act, AWP pay to the Commonwealth a pecuniary penalty in the amount of AUD$1,140,000 in respect of the contraventions the subject of declarations 6 and 8.
13. The defendants pay the plaintiff’s costs of the proceeding in equal portions, such costs to be agreed or assessed.
Note: Entry of orders is dealt with in Rule 39.32 of the Federal Court Rules 2011.
ALLSOP CJ:
Introduction
1 In these proceedings, the Australian Securities and Investments Commission (ASIC) complains about the conduct of the two defendants, Allianz Australia Insurance Limited and AWP Australia Pty Ltd, in the period between February 2015 and September 2018 in which AWP marketed and sold Allianz travel insurance products through websites operated by Expedia, Inc. In the course of dealing with the travel insurance products, Allianz engaged in four categories of misconduct, and AWP engaged in three categories of misconduct, in connection with the four separate statutory breaches referred. It is in respect of this misconduct that ASIC has brought the present claim. Both Allianz and AWP have made admissions that they engaged in conduct in relation to financial services that was likely to mislead or deceive, and that they failed to ensure that financial services were provided efficiently, honestly, and fairly. The two defendants have admitted that they otherwise failed to comply with financial services laws. Both Allianz and AWP admit that in so doing, they contravened s 12DA and s 12DF of the Australian Securities and Investments Commission Act 2001 (Cth) (ASIC Act), in addition to ss 912A(1)(a), 912A(1)(c) and 1041H of the Corporations Act 2001 (Cth).
2 Both Allianz and AWP are subsidiaries of the same parent company, Allianz SE. At all material times, the first defendant, Allianz, issued and underwrote travel insurance products. The second defendant, AWP, marketed, sold and managed travel insurance products in relation to which Allianz was the insurer. Among other channels, and at the relevant time, AWP marketed and sold travel insurance products through websites operated by Expedia. The responsibilities of AWP included the development of policy wordings, product disclosure statements and policy terms for those travel insurance products, in addition to the pricing and marketing of those products, and handling and settling claims. AWP acted as agent for Allianz in respect of the relevant travel products. At all material times, both Allianz and AWP were financial service licensees within the meaning of the Corporations Act.
3 The complaints made by ASIC concerned the conduct of the defendants giving rise to four discrete breaches of the ASIC Act and the Corporations Act. All four breaches concerned the marketing and sale of a single insurance product on the Expedia websites. The parties have agreed on the form of proposed declarations of contravention. The parties have further agreed on a recommendation as to the appropriate quantum of pecuniary penalty in relation to the statutory civil penalty provisions. With no contested issues as to liability, at issue in these proceedings, therefore, is the form the declarations ought to take, and the nature of the level of penalty that ought to be imposed in light of these contraventions.
Background
4 On 30 September 2020, ASIC commenced these proceedings by way of originating process and concise statement, alleging contraventions of both the ASIC Act and the Corporations Act in relation to travel insurance products sold through Expedia websites.
5 For the purpose of the hearing, the parties agreed a Narrative of Facts on 12 March 2021 which was marked Exhibit A and a tender bundle of documents which was marked Exhibit B. On 25 June 2021, Allianz and AWP made further admissions and agreed upon further facts in the Further Statement of Agreed Facts and Admissions which was marked Exhibit C. Having made admissions with respect to all issues of liability, the parties further reached agreement as to proposed consent orders, which were marked Exhibit D. ASIC read the affidavit of Naomi Margaret Johnston, sworn on 18 June 2021. The first defendant, Allianz, read the affidavit of Debra Anne Barbour, sworn 18 June 2021. The second defendant, AWP, read the affidavit of Miranda Kate Fennell, sworn 17 June 2021.
The relationship between Allianz and AWP
6 The relationship between Allianz and AWP was governed by a number of agreements. An Underwriting and Claims Management Agreement, entered into by Allianz and AWP on 23 December 2010, provided by cl 2.4(e) that AWP would not “distribute any class of general insurance which [had] not first been approved by Allianz in writing”. Clause 8.1 provided for review by Allianz of all policy documentation:
Documentation prepared by or for [AWP] which has any reference to Allianz or to Policies to be issued pursuant to this Agreement including but not limited to policy documentation compliance documents and Marketing Material shall be reviewed by [AWP] in accordance with documented compliance protocols to the extent those are agreed in writing by the Parties from time to time or otherwise shall be submitted to Allianz for review and approval prior to being issued which approval shall not be unreasonably withheld.
7 By that Underwriting and Claims Management Agreement dated 23 December 2010, amended by a variation agreement dated 9 July 2015, and replaced by an Underwriting Agency Agreement dated 13 July 2018, AWP and Allianz agreed that insurance business could only be issued using Product Disclosure Statements (PDS), policy wordings, policy schedules, proposals and other policy documentation first approved by Allianz in writing (cl 5(c)). Clause 12.2 of that agreement provided that documentation prepared by, or for, AWP was to be reviewed in accordance with the Allianz Document Compliance Sign-off Process (DCSO). Clause 1 defined that Document Compliance Process as
an Allianz system controlled process of review of all external facing documentation which records the approval of all relevant stakeholders.
8 The Document Compliance Sign-off Process was a system maintained by Allianz, through which AWP submitted new or amended documentation for a formal and auditable review and approval program. Pursuant to the Operations and Procedure Manual dated March 2013, any new documents or amendments to an existing document developed by AWP in relation to travel insurance were to be reviewed and approved by Allianz through its DCSO system. This included PDSs, and external partner websites, such as the Expedia websites.
9 The documentation relating to the insurance product the subject of these proceedings, and giving rise to the misleading and deceptive representations comprising the contraventions of the ASIC Act and Corporations Act, was submitted to Allianz by AWP utilising the DCSO system. All relevant documentation obtained approval from Allianz. In two cases, changes were made to the documentation subsequent to its receiving approval.
The relationship between AWP and Expedia
10 The contraventions of the ASIC Act and the Corporations Act the subject of these proceedings all involve the marketing and sale of a single insurance product on Expedia websites. Expedia operated a number of travel booking websites, including: www.expedia.com.au (the Expedia website); www.lastminute.com.au (the Lastminute website); and www.wotif.com.au (the Wotif website) (collectively the Expedia websites). Via these websites, customers were able to book and purchase flights, accommodation, and rental cars, together with associated travel insurance. At all relevant times, Expedia hosted the Expedia websites through which the Integrated Product was sold.
11 The relationship between AWP and Expedia was governed by two agreements: a Master Agreement and a Local Agreement for Travel Insurance Distribution through expedia.com.au. Under the latter agreement, AWP was responsible for advising Expedia regarding legal compliance and other obligations with respect to the promotion of travel insurance products. Clause 4.6 of the Distribution Terms appended to the Local Agreement relevantly provided that AWP shall:
… be responsible for advising and updating Expedia about compliance with and obligations under the Relevant Law relating to the promotion, distribution and sale of the Travel Insurance Products via the Expedia Website. (AWP) will review the Expedia Website from time to time for compliance with the Relevant Law. In the event that any changes are required to the Expedia Website in order to comply with the Relevant Law, the Local Insurer will promptly provide Expedia with prior written notice of such changes by way of a standard form change request …
12 Under this agreement, AWP would review Expedia websites from time to time to ensure their legal compliance. Moreover, Expedia was obliged to provide AWP with reasonable notice regarding any changes to be made to the websites that would affect travel insurance products. Clause 4.7 of the Distribution Terms appended to the Local Agreement relevantly provided that Expedia shall:
… make all disclosures and provide all relevant documents to Customers when it is providing the services authorised under this Local Agreement, as may be required under the Relevant Law and notified to [Expedia] in writing by [AWP] … [and]
… provide [AWP] with reasonable notice of any changes to the Expedia Website which affect the Travel Insurance Products, Selling Price or purchase path. Where [AWP] reasonably believes the changes will cause non-compliance with the Relevant Law and provides [Expedia] with written notice containing details of the alleged non-compliance and the applicable Relevant Law, [Expedia] undertakes not to implement the changes
13 Under the Master Agreement, by way of cl 8(d), AWP and Expedia agreed that
… Expedia acknowledges and agrees that it may not amend the content of the Travel Insurance Product descriptions (including coverage, exceptions and price) without [AWP’s] prior approval. …
14 Clause 7(b) of the Distribution Terms, contained in Appendix 3 to the Master Agreement, provided that AWP shall “ensure that the Travel Insurance Products are sold to Customers in compliance with all applicable legal requirements in force”. Clause 8(f) of those terms provided that Expedia shall implement any changes requested by AWP which are necessary to comply with changes in the regulatory regime.
15 By its concise statement, ASIC contended that Expedia acted as the agent of either or both Allianz and AWP in marketing and selling Allianz products. On this submission, where Expedia made statements on the Expedia websites in relation to Allianz travel insurance products, either or both Allianz and AWP should be taken to have made those statements. In the alternative, ASIC submitted in its concise statement that, to the extent that Expedia made statements on the Expedia websites about Allianz or AWP products, either or both Allianz and AWP were liable as accessories to those statements.
16 By its concise statement in response, Allianz did not accept the contention that Allianz was liable (either as principal or as accessory) for statements made by Expedia on the Expedia websites. By its concise statement in response, AWP denied that Expedia acted as its agent. AWP submitted that the express terms of the agreements between AWP and Expedia, relevantly summarised above, negative the existence of a relationship of agency. Without being critical of counsel, who made most helpful submissions, the argument on the question of agency, both orally and in the parties’ written submissions, was dealt with perfunctorily, and the same approach may be taken in these reasons.
17 In September 2018, both Allianz and AWP lodged breach reports with ASIC in relation to issues the subject of this proceeding. Following the reports of breach, ASIC commenced its investigation. In November 2018, AWP terminated its relationship with Expedia. The two defendants have cooperated with ASIC throughout the course of the proceeding.
The Integrated Product
18 One travel insurance product (the Integrated Product) was the subject of the proceedings. In substance, the Integrated Product provided insurance cover for costs of travel (where such travel was ultimately cancelled) in addition to medical or hospital costs incurred during the course of travel. This product was offered and sold on the Expedia websites in conjunction with the other products offered, namely flights and accommodation, at the end of the booking process. The Integrated Product comprised approximately 98% of the travel insurance products in respect of which Allianz was the insurer, which were distributed by Expedia in Australia.
19 The Integrated Product had two policy options: a “cancellation-only” policy, and an “essentials” policy. A PDS in respect of each of the two policy options was available to customers on the Expedia websites prior to purchase. These Statements were drafted by AWP, and submitted by it to Allianz for approval. Both the PDS for the “cancellation-only” policy, and for the “essentials” policy obtained this approval. The “cancellation-only” policy provided cover for only such costs incurred by customers which were associated with the cancellation of their travel arrangements. The “essentials” policy contained both the cancellation-only cover, and additional cover for medical or hospital expenses, among other benefits.
The claims the subject of this proceeding
20 ASIC alleged (and Allianz and AWP admitted) four distinct breaches of the ASIC Act and the Corporations Act pertaining to the Integrated Product. These were referred to as the:
(1) Premium Calculation Methodology Breaches;
(2) Journey Criterion Breaches;
(3) Age Criterion Breaches; and
(4) Smart Traveller Breaches.
The Premium Calculation Methodology Breaches
21 Between 24 February 2015 and 11 June 2018, the PDS in relation to both the “cancellation-only” cover, and the “essentials” cover, provided:
You will be told the premium payable for your Policy when you apply. In calculating the premium, we take into account a number of factors including your destination(s), length of journey and age of persons to be covered under the Policy. The amount of any excess payable and cover for agreed pre-existing medical conditions is also included in the calculation of your premium.
Your total premium reflects the amount we calculate to cover these factors as well as any relevant government charges, taxes or levies (such as stamp duty or GST) in relation to your Policy. These amounts are included in the total amount payable by you as shown in your Certificate of Insurance.
22 This, however, was not how the premium for the Integrated Product was calculated. In reality, the premium calculation proceeded by reference to only two factors, being: the total cost of the travel package purchased by the customer; and the duration of the trip, where the trip involved return travel. At all relevant times, the premium was calculated as a percentage of the total price of the trip, with the percentage fixed by reference to the duration of that trip.
23 By way of example, in the year 2015, the premium for return travel was calculated as follows:
Duration | Cancellation | Essentials |
1–12 days | 4% | 6% |
13–30 days | 6% | 9% |
31–45 days | 9% | 14% |
Minimum Premium | $14 | $29 |
24 Each of the premium calculation statements present in the various PDSs made available on the Expedia websites during the relevant period were submitted by AWP for Allianz’s approval in accordance with the DCSO process. All but three premium calculation statements were approved by Allianz.
25 In respect of the Premium Calculation Methodology Breaches, Allianz made admissions in the following terms:
(a) Between 24 February 2015 and 1 June 2018, Allianz, in trade or commerce, engaged in conduct in relation to financial services that was liable to mislead the public as to the nature and characteristics of those financial services and thereby contravened s 12DF of the ASIC Act, in that:
(i) Allianz issued various PDS to customers in respect of the Integrated Product which were made available to customers on the Expedia websites and which contained (amongst other matters) the Premium Calculation Statements; and
(ii) Contrary to the Premium Calculation Statements, the calculation of a customer’s premium was made by reference to only two factors: (a) the cost of the total travel package being purchased by the customers; and (b) the duration of the customer’s trip.
26 No admissions were made by AWP with respect to the Premium Calculation Methodology Breach.
27 In making recommendations as to the appropriate penalty to be imposed with respect to the Premium Calculation Methodology Breach, ASIC considered six matters.
28 First, ASIC submitted that the representations in the PDS as to the calculation methodology should be seen as a deliberate attempt to portray a bespoke, nuanced assessment of a customer’s circumstances when, in reality, the calculation of premium was much more simplistic.
29 Secondly, ASIC submitted that the relevant representations in the PDS were published for a long period of time, and subsisted throughout multiple iterations of the PDS. ASIC submitted that the inference was open that Allianz must have known the basis upon which premiums for its own products were calculated, and therefore knew that the representations in the PDS were incorrect. Accordingly, the Premium Calculation Methodology Breach was not a one-off mistake.
30 Thirdly, the PDS was available to all users of the Expedia websites. As such, the misleading conduct was not limited to a small subset of customers making purchases via the Expedia websites, but rather to any customer or potential customer of Allianz or AWP.
31 Fourthly, ASIC drew an analogy between the factual matrix of this case, and the circumstances of Australian Securities and Investments Commission v Port Philip Publishing Pty Ltd [2019] FCA 1483. In that case, a promotion letter was distributed to 200,000 subscribers which was also displayed on a website, concerning an “investment strategy” for shares and exchange-traded funds which did not reflect the strategy utilised, and containing false testimonials. There, a pecuniary penalty of $600,000 was imposed for misleading or deceptive conduct. ASIC submitted, bearing in mind the inherent limitations of comparisons between analogous cases as regards the determination of penalty, that the present case is less serious than Port Philip Publishing in the absence of deliberate mistruths.
32 Fifthly, ASIC submitted that the Court should infer that the number of contraventions would be significant, given that each separate viewing of the PDS constituted a separate contravention.
33 Sixthly, ASIC submitted that it was not possible to evaluate any loss caused by the breaches, nor was there evidence that such breaches involved senior or lower management. This notwithstanding, ASIC submitted that the inference was open that the breach involved a measure of deliberateness.
34 In oral argument, ASIC submitted that the Premium Calculation Methodology Breaches gave rise to two potential forms of harm. The first was that, insofar as a customer believed that premium was calculated by reference to the more nuanced methodology, this would act as a deterrent to shopping elsewhere. In so doing, the customer was likely to pay a higher premium simply by reason of the value or length of their trip. The second potential harm was that for those trips of a long duration or a high value, the value of the premium could act as a deterrent to purchasing travel insurance. Resultantly, it was submitted, consumers may put themselves at risk by not taking out cover.
35 Having regard to the six aforementioned considerations, ASIC recommended (and Allianz did not oppose) a declaration of contravention in respect of the breach of s 12DF of the ASIC Act and s 912A(1)(a) and (c) of the Corporations Act. ASIC further recommended (and Allianz did not oppose) a pecuniary penalty of $120,000 to reflect the culpability attached to the contravention.
The Journey Criterion Breaches
36 One of the policies available under the Integrated Product was what was called a “Plan D” policy. The PDS in relation to this policy provided that, in order for a customer to have insurance coverage under the policy, the travel in question was required to commence in Australia (the Journey Criterion). From 19 May 2017 this criterion changed to include travel commencing or concluding in Australia.
37 In booking and purchasing products through the Expedia websites, customers were required to enter the place from which their journey would commence, and the place at which their journey would conclude. Notwithstanding the provision of this information as part of the purchasing process on the Expedia websites, no control mechanism existed to ensure that only customers whose travel satisfied the Journey Criterion would be permitted to purchase the Plan D policy. As a consequence, between 24 February 2015 and 12 September 2018, 64,911 Plan D policies were purchased by customers who did not satisfy the Journey Criterion and where thereby excluded from coverage. Of those 64, 911 customers, 1,149 customers who did not satisfy the Journey Criterion made a claim under the policy, and of those customers, 16 claims were denied wholly on the basis of the Journey Criterion.
38 The purchase path by which customers who did not satisfy the Journey Criterion were able to acquire the Plan D policy was submitted – in the form of a screenshot – by AWP to Allianz for its approval. Allianz approved the relevant purchase path. Intermittently between (and indeed prior to) the approval of the path in November 2014, and September 2018, Allianz, AWP and Expedia communicated regarding the fact that customers were able to purchase Plan D policies without satisfying the Journey Criterion. Despite the compliance issue being first identified on 16 April 2010 by an Expedia employee, only on 11 September 2018 (some eight years later) did the defendants take steps to ensure that the offering was suspending in light of the compliance issue.
39 In respect of the Journey Criterion breaches, Allianz made admissions as follows:
(a) Between 24 February 2015 and 12 September 2018, Allianz, in trade or commerce, engaged in conduct in relation to financial services that was misleading or deceptive or likely to mislead or deceive and thereby contravened s 12DA of the ASIC Act and s 1041H of the Corporations Act, in that:
(i) it was a requirement for cover under the Plan D policy that a customer’s travel satisfy the Journey Criterion;
(ii) customers were required to enter places of origin and conclusion of their travel during the purchase process on the Expedia websites from which the Plan D policy was available for purchase;
(iii) Allianz failed to take reasonable steps to ensure that the Expedia websites contained a control mechanism to prevent customers who did not satisfy the Journey Criterion requirement from purchasing the Plan D policy; and
(iv) 64,911 customers who did not satisfy the Journey Criterion purchased the Plan D policy through the Expedia websites.
40 In respect of the Journey Criterion breaches, AWP made the following admissions:
(a) Between 24 February 2015 and 12 September 2018, AWP in trade or commerce engaged in conduct in relation to financial services that was liable to mislead the public as to the characteristics or the suitability for their purposes of financial services and thereby contravened s 12DF of the ASIC Act, in that:
(i) it was a requirement for cover under the Plan D policy that a customer’s travel satisfy the Journey Criterion;
(ii) customers were required to enter places of origin and conclusion of their travel during the purchase process on the Expedia websites from which the Plan D policy was available for purchase;
(iii) AWP failed to take reasonable steps to Ensure the Expedia websites contained a control mechanism to prevent customers who did not satisfy the Journey Criterion requirement from purchasing the Plan D policy; and
(iv) 64,911 customers who did not satisfy the Journey Criterion purchased the Plan D policy through the Expedia Websites.
41 In making recommendations as to the appropriate penalty to be imposed with respect to the Journey Criterion Breaches, ASIC raised six matters of relevance.
42 First, ASIC submitted that the evidence demonstrated that AWP had knowledge of the shortfalls of the Expedia system which allowed ineligible customers to purchase insurance. It was submitted that AWP was in possession of this knowledge for a significant period of time, yet failed to redress the issue.
43 Secondly, ASIC submitted that almost 65,000 ineligible customers purchased insurance.
44 Thirdly, ASIC submitted that a number (albeit a small number) of customers were denied coverage under their policies by reason of their failure to satisfy the Journey Criterion.
45 Fourthly, ASIC drew an analogy with two cases: Australian Competition and Consumer Commission v Telstra Corporation Limited [2018] FCA 571; and Australian Competition and Consumer Commission v Optus Mobile Pty Limited [2019] FCA 106. In those cases, penalties of $10 million were imposed against each of Telstra and Optus, wherein the contraventions involved large numbers of customers (one million Optus customers were exposed to the misleading representations each year, while the number of Telstra customers was unknown, potentially being in excess of 100,000 customers per year). ASIC conceded that the number of customers affected in these proceedings was lower, with only a small number being denied coverage under the policy. ASIC therefore submitted that these comparisons were above the appropriate range in the present case.
46 Fifthly, ASIC submitted that there was a significant number of contraventions, insofar as each occasion on which an ineligible customer purchased a policy, it constituted a separate contravention.
47 Sixthly, ASIC submitted that it was not possible to evaluate the potential or actual loss to customers, although it is pertinent to note that some customers had their insurance coverage denied by reason of the Journey Criterion. Here, it was submitted that the breaches involved various levels of Allianz and AWP management, albeit with senior management becoming involved only subsequent to the compliance issue becoming apparent. Correspondence between AWP and Expedia, it was submitted, demonstrated AWP’s knowledge of the issue. It follows, on this submission, that AWP was culpable in not requiring its rectification.
48 With respect to Allianz’s involvement in the Journey Criterion Breaches, ASIC recommended (and Allianz did not oppose) declarations of contravention of s 12DA of the ASIC Act, and s 912A(1)(a) and (c), and s 1041H of the Corporations Act. With respect to AWP’s involvement in the Journey Criterion Breaches, ASIC recommended (and AWP did not oppose) declarations of contravention of s 12DF of the ASIC Act, and s 912A(1)(a) and (c) of the Corporations Act, in addition to a pecuniary penalty of $900,000. The disparity between the remedial response imposed on Allianz and on AWP was said to result from there being no indication, upon the available evidence, that Allianz was aware of the flaws in the system prior to the emergence of the compliance issue.
The Age Criterion Breaches
49 The Integrated Product did not insure customers who were over the age of 60 at the time of purchase (the Age Criterion). For the majority of the period in question, the Expedia websites contained a “check box” informing customers that in order to be insured by the Integrated Product travellers must be under 61 years of age. This was not the case during the relatively short period between 1 December 2016 to 20 January 2017, wherein the Expedia websites ceased to display the “check box” warning, and 15 February 2017, when the warning text was reinstated.
50 The relevant screenshots submitted to Allianz for approval by AWP through the DSCO process contained the age warning text, which was subsequently removed. On or around 30 January 2017, AWP became aware that the warning text had been removed, and wrote to Expedia requesting that it be reinstated as soon as possible.
51 Expedia did not collect information regarding a customer’s age, and it was not possible, therefore, to ascertain the number of customers who purchased the Integrated Product without satisfying the Age Criterion. No customers were identified who had their claims denied solely by reason of the Age Criterion.
52 Both Allianz and AWP made admissions with respect to the Age Criterion Breaches. The admissions of Allianz were in the following terms:
(a) During the period commencing on or after 1 December 2016 and ending no later than 15 February 2017, Allianz, in trade or commerce engaged in conduct in relation to financial services that was misleading or deceptive or was liable to mislead or deceive and thereby contravened s 12DA of the ASIC Act and s 1041H of the Corporations Act in that:
(i) it was a requirement for cover under the Integrated Product that customers were under the age of 61 at the time of purchase;
(ii) Allianz failed to take reasonable steps to ensure that Expedia maintained warning text on the Expedia websites which required customers to select an option to confirm that travellers were under 61 years of age prior to purchasing an Integrated Product.
53 The admissions of AWP were in the following terms:
(a) During the period commencing on or after 1 December 2016 and ending no later than 15 February 2017, AWP in trade or commerce engaged in conduct in relation to financial services that was misleading or deceptive or was liable to mislead or deceive and thereby contravened s 12DA of the ASIC Act and s 1041H of the Corporations Act, in that:
(i) it was a requirement for cover under the Integrated Product that customers were under the age of 61 at the time of purchase;
(ii) AWP failed to take reasonable steps to ensure that Expedia maintained warning text on the Expedia websites which required customers to select an option to confirm that travellers were under 61 years of age prior to purchasing an Integrated Product.
54 In making recommendations regarding the appropriate penalty to be imposed in relation to the Age Criterion Breaches, ASIC made reference to three relevant matters.
55 First, ASIC submitted that both Allianz and AWP admitted that they respectively failed to take appropriate steps to ensure that Expedia retained the warning text regarding the Age Criterion. The contraventions, therefore, arose from a failure to monitor, rather than any actual knowledge that the warning had been removed.
56 Secondly, ASIC submitted that the removal of the warning text was not directed by AWP or Allianz, but rather emerged from an oversight or mistake of Expedia of which both AWP and Allianz were unaware.
57 Thirdly, ASIC submitted that again, potential or actual loss was not determinable nor quantifiable, neither Allianz nor AWP had knowledge of the absence of the warning, which was consequently not attributable to any level of management within the organisations, and there was no evidence that the conduct was deliberate.
58 With respect to Allianz’s involvement in the Age Criterion Breaches, ASIC recommended (and Allianz did not oppose) declarations of contravention of s 12DA of the ASIC Act, and ss 912A(1)(a) and (c), and 1041H of the Corporations Act. With respect to AWP’s involvement in the Age Criterion Breaches, ASIC recommended (and AWP did not oppose) declarations of contravention of s 12DA of the ASIC Act, and ss 912A(1)(a) and (c), and 1041H of the Corporations Act. It was submitted that this declaratory relief was sufficient to satisfy the statutory purpose of the Acts, and that a penalty need not be imposed with respect to the Age Criterion Breaches.
The Smart Traveller Breaches
59 At all relevant times, while booking or purchasing travel accommodation through the Expedia websites, customers were required to make a selection from three options concerning travel insurance. Two of those options provided for the purchase of travel insurance products which were part of the Integrated Product, namely the Plan D policy or the “essentials” policy. The third option allowed a customer to opt out of the purchase of insurance. At the time that screenshots of the purchase path were approved by Allianz, at the request of AWP, the third option read “No, I don’t need travel protection”. At some point between October 2015 and April 2016, in addition to the aforementioned wording, the Expedia websites displayed an additional statement, (Smart Traveller Statement) which was as follows:
Travel insurance is as essential as your passport regardless of your travel destination – Smart Traveller – Department of Foreign Affairs and Trade.
60 The entirety of that statement, as it appeared on the website of the Department of Foreign Affairs and Trade, was in somewhat different terms:
If you incur medical expenses while overseas and you don’t have travel insurance, you are personally liable for covering these costs. The Government cannot pay for medical expenses overseas.
Travel insurance is as essential as your passport, regardless of your travel destination. If you can’t afford travel insurance, you can’t afford to travel!
61 From the point in time at which the Smart Traveller Statement was displayed on the Expedia website, until September 2018, the statement was used in instances where the travel product which was recommended or suggested did not contain hospital or medical cover.
62 Both Allianz and AWP have made admissions with respect to the Smart Traveller Breaches. Allianz’s admissions were in the following terms:
(a) From sometime between October 2015 and April 2016 to sometime after 12 September 2018, Allianz, in trade or commerce engaged in conduct in relation to financial services that was liable to mislead the public as to the nature and characteristics of those financial services and thereby contravened s 12DF of the ASIC Act, in that it:
(i) failed to take reasonable steps to prevent the addition of, or ensure the timely removal of, the Smart Traveller Statement on the Expedia websites in respect of cancellation-only travel insurance which did not include medical or hospital cover;
(ii) in circumstances where the Smart Traveller Statement was published on the website of the Department of Foreign Affairs and Trade in terms and context which indicated that it applied to travel insurance containing medical and hospital coverage.
63 The admissions of AWP were in the following terms:
(a) From sometime between October 2015 and April 2016 to sometime after 12 September 2018, AWP in trade or commerce engaged in conduct in relation to financial services that was liable to mislead the public as to the nature and characteristics of those financial services and it thereby contravened s 12DF of the ASIC Act, in that it:
(i) failed to take reasonable steps to prevent the addition of, or ensure the timely removal of, the Smart Traveller Statement on the Expedia websites in respect of cancellation-only travel insurance which did not include medical or hospital cover;
(ii) in circumstances where the Smart Traveller Statement was published on the website of the Department of Foreign Affairs and Trade in terms and context which indicated that it applied to travel insurance containing medical and hospital coverage.
64 In recommending the appropriate penalty for the Smart Traveller Breaches, ASIC had regard to six relevant matters.
65 First, ASIC submitted that the statement was an attempt to induce customers to purchase insurance in circumstances where those customers had signalled their intention to forego travel insurance. Accordingly, it was submitted that the Smart Traveller Statement was a marketing tool, which created a misleading impression as a means to generate revenue. ASIC submitted that the inference was open that the statement was deliberately employed outside its context.
66 Secondly, ASIC submitted that, at least by June 2018, AWP had turned its mind to the continued relevance of the Smart Traveller Statement, but failed to remove the statement until September 2018. This submission was based on the minutes of a Product Council meeting on 21 June 2018 which queried whether the DFAT statement was “still relevant”.
67 Thirdly, ASIC submitted that no analogous case was available to provide guidance regarding the appropriate penalty.
68 Fourthly, ASIC submitted that, unlike the Journey Criterion Breaches, there was no evidence of knowledge by Allianz or AWP. Thus, while ASIC contended that the Smart Traveller Statement was misleading, it warranted a lesser penalty than the Journey Criterion Breaches.
69 Fifthly, ASIC submitted that the number of contraventions was likely to have been significant, given that each and every occasion on which the websites containing the statement were viewed constituted a discrete contravention.
70 Sixthly, ASIC submitted that while potential and actual loss was indeterminate, the deployment of the Smart Traveller Statement as a marketing tool meant that it was conceivable that it would have induced some customers into purchasing insurance. It was submitted that the inference was open that AWP’s conduct was deliberate.
71 With respect to Allianz’s involvement in the Smart Traveller Breaches, ASIC recommended (and Allianz did not oppose) declarations of contravention of s 12DF of the ASIC Act, and s 912A(1)(a) and (c) of the Corporations Act. ASIC further recommended (and Allianz did not oppose) the imposition of a pecuniary penalty of $240,000. With respect to AWP’s involvement in the Smart Traveller Breaches, ASIC recommended (and AWP did not oppose) declarations of contravention of s 12DF of the ASIC Act, and s 912A(1)(a) and (c) of the Corporations Act. ASIC further recommended (and Allianz did not oppose) the imposition of a pecuniary penalty of $240,000.
Additional Admissions
72 In addition to the admissions made by AWP and Allianz with respect to the four breaches detailed above, both Allianz and AWP made admissions that this conducted also amounted to breaches of s 912A(1)(a) and s 912A(1)(c) of the Corporations Act. These admissions were as follows:
AWP and Allianz failed to:
(a) do all things necessary to ensure the financial services covered by its licence were provided efficiently, honestly and fairly, and thereby contravened s 912A(1)(a) of the Corporations Act; and
(b) comply with financial services laws, and thereby contravened s 912A(1)(c) of the Corporations Act.
The customer remediation process
73 Of relevance to the determination of penalty are the steps taken by Allianz and AWP to remediate customers, to redress systems, policies or practices which facilitated the contraventions in question, and to cooperate with ASIC throughout the course of its investigation and these proceedings.
74 Allianz and ASIC voluntarily undertook a remediation program for premium remediation in relation to the Premium Calculation Methodology Breach, and developed, executed and finalised a compensation process to address the impact of reported issues on customers, including voluntarily undertaking a claims remediation program to ensure that customers who made a claim were not disadvantaged by the operation of the Journey or Age Criteria. Remediation did not take place with respect to the Smart Traveller Breach, as it was submitted that the potential impact on customers was indeterminable and unquantifiable.
75 A total of 15,965 customers were entitled to premium remediation, claims remediation or both, to a total value of $1,135,817.68. As at 8 June 2021, AWP had compensated 6,877 customers a total sum of $539,607.78. For compensation falling below the value of $20, Allianz and AWP provided for a Community Benefit Payment in accordance with ASIC’s Regulatory Guide 256 [256.135]. Allianz and AWP adopted this approach in circumstances in which approximately half of the customers entitled to remediation below the $20 threshold would have been entitled to remediation of, on average, $3, and more than three quarters would have received $10 or less. The Community Benefit Payment amounted to a total of $400,018.32, representing 55,997 customers. This payment was made to Financial Rights Legal Centre (Insurance Division) on 30 April 2021.
The business remediation program
76 In addition to the remediation of customers, Allianz and AWP have taken steps to address the circumstances which facilitated the four contraventions of the ASIC Act and the Corporations Act. In doing so, the relationship with Expedia was terminated in November 2018.
77 AWP undertook a Business Remediation Program which sought to remediate and improve compliance processes and frameworks across the business. As part of the program, AWP developed and implemented a Compliance Framework in December 2018 which provided for the development of local policies and procedures to address compliance requirements, compliance training for staff and representatives, the development of processes and controls to meet compliance obligations, and a clarification of responsibilities for the foregoing.
78 Allianz carried out a program to strengthen compliance with the internal processes for approving content on its direct travel website, including monitoring and approving changes to website content. Allianz further introduced a process for obtaining approval for public facing documentation, including PDSs and website content. A tool has been configured to detect changes in partner website content (such as those changes that were made to the Expedia websites) following which notification is sent to Allianz.
79 In oral argument, ASIC submitted that, due to the nature of the contraventions as arising primarily from omissions and failures to supervise, the corrective measures that Allianz and AWP have since instituted demonstrate that the misconduct in question could have been avoided entirely. ASIC submitted that the business remediation measures could, and should, have been adopted and applied at the beginning of the relevant period, that is, in 2015. This was particularly so in the context of two large and successful companies.
Co-operation with ASIC
80 In the further agreed statement of facts, the parties made clear that Allianz and AWP have co-operated with ASIC throughout the course of its investigation. This took the form of: the provision of regular progress updates on the rectification and remediation of the matters the subject of the breach reports; seeking input from ASIC on the appropriate approach to customer remediation; and responding to ASIC’s requests for information and documents (whether done voluntarily, or in response to compulsory requests made pursuant to s 33 of the ASIC Act and s 912C of the Corporations Act).
81 Following the institution of the proceedings by ASIC, Allianz and AWP have continued to cooperate, by: engaging constructively with ASIC in order to assist in the expeditious resolution of the proceedings; agreeing to directions to resolve the issues of liability; making admissions in relation to matters raised in the concise statement at the earliest opportunity; agreeing a narrative of facts; agreeing proposed declarations of contravention and orders that pecuniary penalties be paid to the Commonwealth; and proposing an expedited timeline to enable issues of penalty and other relief to be heard by the Court at the earliest possible date.
The principles applicable to the determination of penalty
82 There was no real disagreement between the parties as to the proper approach and applicable principles in determining the appropriate penalty. The question therefore becomes whether I am satisfied that the proposed penalties are appropriate in the circumstances. In determining the quantum of the appropriate penalty, the considerations set out in what was s 12GBA(2), and what is now s 12GBB(5), of the ASIC Act are statutorily mandated: Australian Securities and Investments Commission v AGM Markets Pty Ltd (in liquidation) (No 4) [2020] FCA 1499; 148 ASCR 511 at [44]. There are, however, a number of additional factors relevant to the calculus: see Australian Securities and Investments Commission v Westpac Banking Corporation (No 3) [2018] FCA 1701; 131 ACSR 585 at [49]–[50]. As I said in Australian Competition and Consumer Commission v Coles Supermarkets Australia Pty Ltd [2015] FCA 330; (2015) 327 ALR 540 at [6], the nature of this calculus is an “intuitive or instinctive” synthesis, rather than a sequential and mathematical calculation, of all the relevant matters.
83 Of those relevant matters, deterrence (both specific and general) is paramount: Commonwealth of Australia v Director, Fair Work Building Industry Inspectorate [2015] HCA 46; 258 CLR 482 at 506 [55] (Agreed Penalties Case); Pattinson v Australian Building and Construction Commissioner [2020] FCAFC 177; 384 ALR 75 at 84–87 [25]–[37]; Director, Fair Work Building Industry Inspectorate v Construction, Forestry, Mining and Energy Union [2015] FCAFC 59; 229 FCR 331 at 359 [71]. The attainment of a deterrent effect is said to be the “very point of penalty” which seeks to accomplish the “purpose for which the power is given”: Australian Building and Construction Commissioner v Construction, Forestry, Mining and Energy Union [2018] HCA 3; 262 CLR 157 at 173 [44] (Kiefel CJ).
84 In Pattinson 384 ALR 75, at [39], the plurality said:
If one recognises that the imposition of the civil penalty or the imposition of punishment in the nature of a civil penalty has only one object or purpose: the protection of society in promoting the public interest by compliance with the relevant law by putting a price on contravention sufficiently high to deter repetition by the contravenor or by others who might be tempted to contravene, then perhaps little utility and no error can be seen in viewing a civil penalty as a form of punishment. … Whilst the remedy is a penalty, and so correctly to be called penal, the purpose or object of its imposition is protective to bring about regulatory compliance by deterrence. …
85 The Court is required to “attempt to put a price on contravention that is sufficiently high to deter repetition by the contravener and by others who might be tempted to contravene” the applicable regulatory legislation: Trade Practices Commission v CSR Limited [1990] FCA 762; (1991) ATPR 41-076 at [40]; NW Frozen Foods Pty Ltd v Australian Competition and Consumer Commission [1996] FCA 1134; 71 FCR 285 at 292–293. The penalty must be fixed with a view to ensuring that the potential profit to be made from contravention does not outweigh the risk of penalty: the penalty must not be apt to be regarded as an acceptable cost of doing business: Singtel Optus Pty Ltd v Australian Competition and Consumer Commission [2012] FCAFC 20; 287 ALR 249 at 265 [62]–[63]. The demands for specific deterrence are particularly significant where the contravening conduct is found to have been deliberate, systematic and covert, and to have subsisted over a prolonged period of time, as opposed to those contraventions emerging from careless, isolated conduct: Volkswagen Aktiengesellschaft v Australian Competition and Consumer Commission [2021] FCAFC 49; 151 ACSR 407 at [151]. It is important to note, however, that the imposition of an appropriate penalty in pursuit of the object of deterrence does not authorise nor justify the imposition of an oppressive penalty: Pattinson 384 ALR at 104 [100].
86 In determining the appropriate penalty to satisfy the requirements of specific and general deterrence, and in vindicating and promoting the public interest in compliance, the Court may have regard to the factors enumerated in CSR [1990] FCA 762 at [42], and developed by the Full Court in a number of subsequent cases, including NW Frozen Foods; Australian Competition and Consumer Commission v Dattaline.net.au Pty Ltd (in liq) [2007] FCAFC 146; 161 FCR 513 at 527–528 [58]–[62]; Volkswagen at [150]; and Pattinson at 103–104 [99]–[100]. These factors ought not to be treated as a rigid catalogue of matters to be applied in every case. The fixing of a pecuniary penalty instead involves the making of a value judgment: Australian Securities and Investments Commission v GE Capital Finance Australia [2014] FCA 701 at [72]. Those factors include, but are not limited to, the following: the nature and extent of the contravening conduct; the amount of loss or damage caused; the circumstances in which the conduct took place; the size of the contravening company; the degree of power it has, as evidenced by its market share and ease of entry into the market; the deliberateness of the contravention and the period over which it extended; whether the contravention arose out of the conduct of senior management or at a lower level; whether the company has a corporate culture conducive to compliance with the Act, as evidenced by educational programs and disciplinary or other corrective measures in response to an acknowledged contravention; whether the company has shown a disposition to cooperate with the authorities responsible for the enforcement of the Act in relation to the contravention; and the attitude of the contravenor to compliance with the relevant laws.
The submissions on penalty
87 There was no real disagreement concerning the proper approach or applicable principles in determining the appropriate level of penalty. ASIC’s submissions on penalty were addressed in summarising the contraventions the subject of these proceedings. Both Allianz and AWP submitted that the proposed penalties were within the appropriate range. Accordingly, it was submitted that the Court is entitled to treat the agreement between the parties as pertains to the form of declarations as a sufficient basis for making those declarations. As to the quantum of the appropriate penalties, it was submitted (correctly) that while neither Allianz nor AWP cavil at the recommendations made by ASIC, the Court is not bound to give effect to those recommendations.
Allianz’s Submissions on Penalty
88 The first defendant, Allianz, submitted that the penalty sought by ASIC against it – in total, $360,000 – was an appropriate penalty in the circumstances. In making this submission, Allianz made reference to ten relevant considerations, addressing the relevant matters in s 12GBB(5) of the ASIC Act, and largely echoing the factors enumerated in CSR.
89 First, when considering the gravity of Allianz’s conduct, its nature, extent, and duration, the suggested penalty would have the necessary deterrent effect.
90 Secondly, all customers had been remediated by Allianz and AWP with interest where the damage they had suffered was quantifiable (that is, with respect to the Premium Calculation Methodology, Journey Criterion and Age Criterion breaches).
91 Thirdly, Allianz had not previously been found to have engaged in similar conduct.
92 Fourthly, there was no evidence before the Court that the conduct was deliberate, nor that Allianz had knowledge of the conduct prior to June 2018.
93 Fifthly and similarly, there was no evidence that the making of the misleading representations was the consequence of deliberate or reckless conduct by any member of the Allianz senior management.
94 Sixthly, Allianz investigated and reported breaches to ASIC immediately upon determining that a breach had occurred, and cooperated with ASIC during both the investigation and the conduct of these proceedings.
95 Seventhly, Allianz has shown both contrition and remorse.
96 Eighthly, credit ought to be afforded to recognise the systems, processes and frameworks which are now in place, and evidence a culture of compliance within Allianz. These systems reduce the likelihood that similar conduct will occur in future, and thus decrease the relevance of specific deterrence with respect to these proceedings.
97 Ninthly, the substantial commonality in the legal and factual elements of the contraventions means that the conduct principle may be adverted to as a useful analytical tool; and
98 Tenthly, and having regard to the totality principle, a total penalty of $1,500,000 for both Allianz and AWP is proportionate to the contraventions.
99 In the course of oral argument, a point of disagreement between ASIC, on the one hand, and Allianz and AWP, on the other hand, emerged more starkly. This concerned the relevance of deliberateness to determinations of penalty pursuant to the erstwhile s 12GBA and the current s 12GBB(5) of the ASIC Act, and the attribution of any knowledge of Expedia to Allianz and AWP pursuant to a putative relationship of agency. ASIC submitted that, as regards the touchstone of deliberateness, the question with respect to the Age Criterion and Smart Traveller Breaches was whether, in relation to the relationship of agency between Allianz and AWP, and Expedia, the knowledge of Expedia ought to be attributed to Allianz and AWP, notwithstanding that the two corporations did not possess knowledge of the contraventions through their employees.
100 Argument on the question of agency was dealt with in short compass both orally and in the parties’ written submissions. In light of the brevity of the submissions on the existence (or otherwise) of a relationship of agency as between Allianz and AWP, on the one hand, and Expedia on the other, and that these arguments existed largely on the periphery of the main argument with respect to the imposition of penalties and the making of declarations of contravention, it is unnecessary for me to decide the question of agency. This is particularly so insofar as actual or constructive knowledge and deliberateness are not expressly mandated considerations, but rather fall to be considered when having regards to the circumstances in which the contravening acts or omissions took place. The task that the Court is called upon to perform is to determine whether the penalties and declarations agreed upon between the parties are appropriate in those circumstances, and ought to be made by this Court.
AWP’s submissions on penalty
101 On the nature, extent and circumstances of the contravening conduct, and the extent of any resultant loss or damage, the second defendant, AWP, submitted that it did not engage in positive or deliberate conduct which was intended to mislead or deceive. Each of the contraventions involved conduct by omission. It was submitted that at no point did AWP take affirmative steps (which were misleading or deceiving) in an attempt to maximise its profit at the expense of its customers. It was conceded that these considerations do not diminish culpability, but rather assist in characterising the nature of the conduct the subject of the contraventions.
102 It was conceded by AWP that, with respect to the Journey Criterion Breaches, AWP failed to give adequate priority to addressing the issue. It was submitted, however, that the business remediation program demonstrates that significant steps have since been undertaken to address the circumstances giving rise to the contraventions in question, and that a stronger culture of compliance has since been fostered.
103 AWP further submitted that all quantifiable harm has since been remediated, conceding, however, that absence of evidence as to the nature and extent of harm is not determinative of whether harm was in fact caused to consumers: Australian Competition and Consumer Commission v Coles Supermarkets Australia Pty Ltd [2015] FCA 330; 327 ALR 540 at 553–555 [54]–[61].
104 On the size and financial position of AWP, it was submitted that during the relevant period, AWP incurred significant losses. These losses were exacerbated by the termination of its relationship with Expedia in November 2018 and other integrated sales channels, and the ensuing COVID-19 pandemic.
105 It was submitted that it was not possible to determine the profit which was generated by the contravening conduct, but that on any view it was fairly modest. There was, therefore, insufficient evidence to conclude that profit was the motivation for the contravening conduct.
106 On the question of deliberateness, AWP submitted that none of the three contraventions in which it was involved was deliberate.
107 With respect to the contention that the Smart Traveller Breach was a deliberate strategy to increase revenue, AWP submitted that knowledge of the utilisation of the Smart Traveller Statement cannot be said to be coextensive with deliberateness. AWP did not authorise or approve the inclusion of the statement on the Expedia websites. This was because there was no evidence before the Court that AWP appreciated the true context of the Smart Traveller Statement, or that AWP appreciated that any legal issue attended the fact of that statement. ASIC relied on a communication in which AWP queried whether the Smart Traveller Statement was still relevant in making the submission regarding deliberateness. This, it was submitted, demonstrated that AWP believed it to be relevant prior to the making of that inquiry. AWP conceded, however, that once aware of the context of the Smart Traveller Statement in June 2018, it was not rectified (in a context that was misleading) until September 2018. It was submitted that this conduct reflects a pattern of omission, as opposed to one of commission.
108 On the involvement of senior management, AWP submitted that the contraventions did not arise out of the conduct of senior management. Senior management, on its submission, were only made aware of the Journey Criterion and Age Criterion Breaches in July of 2018, and the Smart Traveller Breaches in September of 2018.
109 AWP further accepted that its compliance processes at the relevant times were inadequate, but that this culture has since improved, with the implementation of processes to ensure that similar contraventions do not occur in future. This, it was submitted, demonstrates that AWP now has a corporate culture conductive to compliance with both the ASIC Act and the Corporations Act.
110 On the disposition to cooperate with ASIC, AWP submitted that it has done so consistently since its lodgement of the breach report in September 2018. Further, it was submitted that AWP has demonstrated genuine contrition.
111 Accordingly, AWP accepted that the penalty sought by ASIC against AWP of $1,140,000 was within the appropriate range.
The relevant statutory provisions
112 Section 12DA of compilation 67 of the ASIC Act, which was in force from 5 June 2018 to 17 September 2018, and therefore at the date of the various contraventions, relevantly provided:
12DA Misleading or deceptive conduct
(1) A person must not, in trade or commerce, engage in conduct in relation to financial services that is misleading or deceptive or is likely to mislead or deceive.
…
113 Section 12DF of compilation 67 of the ASIC Act was in the following terms:
12DF Certain misleading conduct in relation to financial services
(1) A person must not, in trade or commerce, engage in conduct that is liable to mislead the public as to the nature, the characteristics, the suitability for their purpose or the quantity of any financial services.
Note: Failure to comply with this subsection is an offence (see section 12GB).
(2) An offence under subsection 12GB(1) relating to subsection (1) of this section is an offence of strict liability.
114 Section 12GBA of compilation 67 of the ASIC Act relevantly provided:
12GBA Pecuniary penalties
(1) If the Court is satisfied that a person:
(a) has contravened a provision of Subdivision C, D or GC (other than section 12DA); or
(b) has attempted to contravene such a provision; or
...
the Court may order the person to pay to the Commonwealth such pecuniary penalty, in respect of each act or omission by the person to which this section applies, as the Court determines to be appropriate.
(2) In determining the appropriate pecuniary penalty, the Court must have regard to all relevant matters including:
(a) the nature and extent of the act or omission and of any loss or damage suffered as a result of the act or omission; and
(b) the circumstances in which the act or omission took place; and
(c) whether the person has previously been found by the Court in proceedings under this Subdivision to have engaged in any similar conduct.
…
(4) If conduct constitutes a contravention of 2 or more provisions referred to in paragraph (1)(a):
(a) a proceeding may be instituted under this Act against a person in relation to the contravention of any one or more of the provisions; but
(b) a person is not liable to more than one pecuniary penalty under this section in respect of the same conduct.
115 Section 912A of the Corporations Act is in the following terms:
912A General obligations
(1) A financial services licensee must:
(a) do all things necessary to ensure that the financial services covered by the licence are provided efficiently, honestly and fairly; and
…
(b) comply with the conditions on the licence; and
(c) comply with the financial services laws; and
(ca) take reasonable steps to ensure that its representatives comply with the financial services laws …
…
(e) maintain the competence to provide those financial services; and
(f) ensure that its representatives are adequately trained (including by complying with section 921D), and are competent, to provide those financial services;
…
116 Section 761A of the Corporations Act defines financial services law as:
(a) a provision of this Chapter or of Chapter 5C, 5D, 6, 6A, 6B, 6C, 6D, or 8A; or
(b) a provision of Chapter 9 as it applies in relation to a provision referred to in paragraph (a); or
(ba) a provision of the Passport Rules for this jurisdiction; or
(c) a provision of Division 2 of Part 2 of the ASIC Act; or
(d) any other Commonwealth, State, or Territory legislation that covers conduct in relation to the provision of financial services (whether or not it also covers other conduct), but only in so far as it covers conduct relating to the provision of financial services;
…
117 Section 1041H of the Corporations Act is as follows:
1041H Misleading and deceptive conduct (civil liability only)
(1) A person must not, in this jurisdiction, engage in conduct, in relation to a financial product or a financial service, that is misleading or deceptive or is likely to mislead or deceive.
Note 1: Failure to comply with this section is not an offence.
…
(2) The reference is subsection (1) to engaging in conduct in relation to a financial product includes (but is not limited to) any of the following:
(a) dealing in a financial product;
(b) without limiting paragraph (a):
(i) issuing a financial product;
(ii) publishing a notice in relation to a financial product;
…
118 Section 21 of the Federal Court of Australia Act 1976 (Cth), pursuant to which the Court is empowered to make declarations, and pursuant to which ASIC requests that the Court makes declarations of contravention in its Further Amended Originating Application, is in the following terms:
21 Declarations of Right
(1) The Court may, in civil proceedings in relation to a matter in which it has original jurisdiction, make binding declarations of right, whether or not any consequential relief is or could be claimed.
(2) A suit is not open to objection on the ground that a declaratory order only is sought.
Consideration
The proposed declarations
119 Following the hearing, ASIC sought to further amend its Amended Originating Application to request that the Court make the proposed declarations pursuant to s 21 of the Federal Court Act, as opposed to declarations made pursuant to the current s 12GBA of the ASIC Act, to facilitate the imposition of penalties pursuant to the current s 12GBB. ASIC sought to amend its position in this regard in light of s 322 of the ASIC Act, which provides that the amendments made to s 12GBA and s 12GBB in March 2019 apply in relation to the contravention of civil penalty provisions if the conduct constituting the contravention of the provision occurs wholly on or after the commencement of those amendments. By analogous reasoning, contraventions occurring prior to March 2019 are to be dealt with under the regime existing prior to those amendments. Neither Allianz nor AWP objected to the proposed amendments to the Amended Originating Application. ASIC is therefore granted leave to make the proposed amendments.
120 The power of the Court to make declarations pursuant to s 21 of the Federal Court Act is a very wide power, limited only by the Court’s discretion: Seven Network Ltd v News Ltd [2009] FCAFC 166; 182 FCR 160 at [1016]. As to the power of the regulator to seek declaratory relief see Australian Securities Investments Commission v TAL Life Limited (No2) [2021] FCA 193; 389 ALR 128 at [223]:
Section 21 of the Federal Court of Australia Act is wide enough to encompass a declaration sought by a regulator to vindicate the public interest in encouraging compliance by a party and others with an Act of public importance which the regulator has a statutory responsibility to administer. The phrase “declaration of right” should not be construed narrowly and extends to any situation involving the field of legal relations: Johnco Nominees Pty Ltd v Albury-Wodonga (NSW) Corporation [1977] 1 NSWLR 43 at 65E-F. See also Sankey v Whitlam [1978] HCA 43; 142 CLR 1 at 23. It extends to obligations and duties of a party the bringing about or encouragement of compliance with which is within the remit of the regulator in its statutory duty of general administration.
121 The declarations proposed by ASIC, and accepted by Allianz and AWP, are appropriate. There is a real interest in the making of those declarations in light of the public interest in deterring contraventions of financial services laws. While the contraventions of the ASIC Act and Corporations Act arose primarily from careless omissions, they nonetheless call for the marking of the Court’s disapproval of those contraventions: Australian Securities and Investments Commission v Monarch FX Group Pty Ltd [2014] FCA 1387; 103 ACSR 453 at 467 [63]. The proposed declarations function as a warning to others of the risk of engaging (even carelessly) in similar contraventions, and thus have an important deterrent effect.
The proposed penalties
122 Bearing in mind the principles applicable to the determination of the appropriate penalty outlined at [82]–[86] above, I am satisfied that the proposed penalties of $120,000 for Allianz’s Premium Calculation Methodology Breaches, $240,000 for Allianz’s Smart Traveller Breaches, $900,000 for AWP’s Journey Criterion Breaches, and $240,000 for AWP’s Smart Traveller Breaches are appropriate and proportionate to the nature and quality of those contraventions and are appropriate to achieve the object of deterrence: both specific and general.
123 In addition to the object of deterrence, the maximum penalty must be borne in mind: it was legislated for, and invites comparison between the worst possible case and the case in question: Australian Securities and Investments Commission v Commonwealth Bank of Australia [2020] FCA 790 at [65]. At the time of the contraventions, the statutory maximum penalty for an offence against a provision of Subdivision D of the ASIC Act by a body corporate was 10,000 penalty units per contravention, with the value of a single penalty unit being $180 in the period from 31 July 2015 to 30 June 2017, and $210 in the period between 1 July 2017 and 30 June 2020. The maximum penalty per contravention was therefore between $1.8 million and $2.1 million during the relevant period. In the circumstances of this case, it is not appropriate to quantify a theoretical maximum in light of ASIC’s submissions that each time a person viewed the websites containing the Smart Traveller and Premium Calculation Methodology statements it constituted a separate contravention. Accordingly, it is appropriate for the Court to roll up the various contraventions in a single assessment. These circumstances call for consideration of the course of conduct, which is addressed later in these reasons. It is nonetheless important to bear this maximum penalty in mind when considering the case before the Court: it provides the yardstick for the worst possible case. The contraventions by Allianz and AWP fall far short of the worst possible case.
124 In circumstances where the contraventions arose from careless omissions and failure to closely monitor the sale of insurance products on partner websites (namely, the Expedia websites), where the loss or damage caused to customers was largely unquantifiable, but where the contravening companies are large, powerful companies that have demonstrated a corporate culture failing to give primacy to compliance with financial services laws, the proposed penalties fall within the appropriate range to deter Allianz and AWP from engaging in similar conduct in the future, and to deter the sector more generally from adopting a lax attitude towards compliance. Here, the impugned conduct was comprised of careless omissions and accordingly general deterrence does not call for the imposition of a penalty that is many multiples of the profits made from the contravening conduct, if that were quantifiable in this case. Further, in light of the demonstrable remorse on the part of both Allianz and AWP and their co-operation with ASIC, the requirement of specific deterrence is somewhat diminished in importance: Volkswagen at [154].
125 Of particular importance to the calculus is the cooperation on the part of both Allianz and AWP with ASIC, and the significant remediation processes the companies have instituted, both in terms of compensating customers, and redressing the erstwhile slipshod culture of compliance. Allianz and AWP reported their own contraventions of the ASIC Act and Corporations Act to ASIC, and provided the regulator with valuable and important evidence regarding those contraventions: Australian Competition and Consumer Commission v Leahy Petroleum Pty Ltd (No 3) [2005] FCA 265; 215 ALR 301 at 309–310 [40]–[42]. Allianz and AWP continued to co-operate with ASIC throughout the course of these proceedings. This cooperation saved the broader community the cost of a lengthy trial, and indicated the resolve of both Allianz and AWP to comply with the relevant law: Agreed Penalties Case 258 CLR at 496 [28]; Australian Competition and Consumer Commission v IPM Operation and Maintenance Loy Yang Pty Limited (No 2) [2007] FCA 11; 59 AILR 100-621 at [61]. It was for this reason that ASIC applied a discount of 20 percent to the proposed penalties to recognise the cooperation of both Allianz and AWP.
126 The principles applicable to circumstances in which parties have jointly proposed a penalty have been comprehensively set out elsewhere, namely in the Agreed Penalties Case 258 CLR at 495–510 [25]–[64]; Fair Work Ombudsman v NSH North Pty Ltd trading as New Shanghai Charlestown [2017] FCA 1301; 275 IR 148 at [42]–[48] and NW Frozen Foods 71 FCR at 290–291 (Burchett and Kiefel JJ). The Court is not bound by a proposed penalty agreed between the parties, and should only impose the recommended penalty insofar as it is satisfied that it is appropriate in all the circumstances: GE Capital Finance at [67].
127 I am satisfied that the penalties proposed by ASIC are appropriate, and fall within the permissible range. I am persuaded of the accuracy of the agreement between ASIC, Allianz and AWP of the narrative of facts, and the consequences that arise therefrom. The Court is grateful for the assistance of ASIC, as a specialist body, with respect to matters within its expertise. Given this expertise, the views expressed by ASIC as to the appropriate penalty to achieve the necessary deterrent effect are highly persuasive: Minister for Industry, Tourism & Resources v Mobil Oil Australia Pty Ltd [2004] FCAFC 72; ATPR 41-993 at [51]–[58]; Agreed Penalties Case 258 CLR at 504–508 [47]–[60]. I accept that, upon consideration of all the relevant circumstances (including the helpful submissions of ASIC), the proposed penalties will achieve the necessary deterrent effect.
128 Finally, there is a public policy interest in giving effect to agreements as to penalty, particularly where such agreement avoids lengthy litigation, as it did here: Agreed Penalties Case at 496 [28]; NW Frozen Foods 71 FCR at 291, 298–299.
The course of conduct
129 It was submitted by both Allianz and AWP that the Court may have regard to the course of conduct principle in determining the appropriate penalty in circumstances where it is neither possible nor appropriate to quantify a theoretical maximum penalty. The so-called principle is only a recognition that in circumstances in which there is a sufficient interrelationship in both the legal and factual elements of the contravening conduct, the Court should ensure that by the penalties or penalty the offender is not punished twice for what is, in substance, the same conduct: Construction, Forestry, Mining and Energy Union v Cahill [2010] FCAFC 39; 269 ALR 1 at 12–13 [39] and [41].
130 The Smart Traveller Breaches and Premium Calculation Methodology Breaches are amenable to the application of this principle insofar as those breaches emerged from a single strategy implemented on the Expedia websites, in circumstances where the legal and factual elements of each individual contravention (being each time the websites containing the statement were accessed) were largely identical: Australian Securities and Investments Commission v Financial Circle Pty Ltd [2018] FCA 1644; 131 ACSR 484 at [206]. That being said, the overall penalty imposed for those contraventions must still be gauged against an assessment of the seriousness of the conduct in its totality.
The totality principle
131 The totality principle is to be applied at the final stage to ensure that the penalty is appropriate and proportionate in light of the totality of the contraventions: Mornington Inn Pty Ltd v Jordan [2008] FCAFC 70; 168 FCR 383 at 386 [5], 397 [42]. The entirety of the underlying contravening conduct must be considered to determine whether the aggregate penalty is just and appropriate. Here, the total penalty imposed against both Allianz and AWP is $1,500,000.
132 ASIC submitted that (applying the principle of totality) the total penalties of $1,500,000 are appropriate in the circumstances. Those circumstances include: a large number of affected customers; misleading statements made to the public at large; and where AWP and Allianz are large and successful organisations. Those circumstances also include cooperation with the regulator, remorse, and remediation. It was submitted that the total penalty achieves the requisite deterrent effect. Allianz and AWP accepted that the total penalties sought against them were proportionate to the contraventions alleged. I accept these submissions.
133 Accordingly, the Court will order that Allianz and AWP pay the proposed penalties to the Commonwealth in accordance with what was s 12GBA of the ASIC Act. The Court will furthermore make declarations in the terms proposed by ASIC.
I certify that the preceding one hundred and thirty-three (133) numbered paragraphs are a true copy of the Reasons for Judgment of the Honourable Chief Justice Allsop. |
Dated: 6 September 2021
