Federal Court of Australia
Australian Securities and Investments Commission v Statewide Superannuation Pty Ltd  FCA 1650
SAD 25 of 2021
AUSTRALIAN SECURITIES AND INVESTMENTS COMMISSION
STATEWIDE SUPERANNUATION PTY LTD (ACN 008 099 223)
1 This is a proceeding brought by the Australian Securities and Investments Commission (ASIC) against Statewide Superannuation Pty Ltd (Statewide) seeking relief under the Corporations Act 2001 (Cth) and the Australian Securities and Investments Commission Act 2001 (Cth) (the ASIC Act). The relief sought by ASIC consisted of declarations of contraventions of both the Corporations Act and the ASIC Act, the imposition of pecuniary penalties, an adverse publicity order, an order requiring the establishment and implementation of a review and remediation program and an order for costs.
2 The parties agreed a detailed statement of facts which were put before the Court under s 191 of the Evidence Act 1995 (Cth). In addition, six affidavits, one by ASIC and five by Statewide, were tendered as well as a Court Book. The parties each filed detailed and thorough written submissions and identified their principal contentions in oral submissions. As between the parties, the only contentious issue concerning relief was the appropriate amount of the pecuniary penalties.
THE COURT DECLARES THAT:
1. Statewide in trade or commerce engaged in conduct in relation to financial services that was misleading or deceptive or was likely to mislead or deceive and thereby contravened s 1041H(1) of the Corporations Act 2001 (Cth) and s 12DA(1) of the Australian Securities and Investments Commission Act 2001 (Cth), in that Statewide issued annual statements to members:
a. on at least 9,011 occasions in respect of the year ending 30 June 2018;
b. on at least 4,013 occasions in respect of the year ending 30 June 2019,
that stated that the member held insurance cover as at 30 June of the relevant year, when the member did not then have insurance cover under the Statewide Insurance Policies.
2. Statewide in trade or commerce engaged in conduct in relation to financial services that was misleading or deceptive or was likely to mislead or deceive and thereby contravened s 1041H(1) of the Corporations Act and s 12DA(1) of the ASIC Act, in that Statewide issued annual statements to members:
a. on at least 6,779 occasions in respect of the year ending 30 June 2018;
b. on at least 7,779 occasions in respect of the year ending 30 June 2019,
that stated that one or more insurance premiums had been deducted from the member’s superannuation account, at times when the member did not have insurance cover under the Statewide Insurance Policies, which in all the circumstances represented that, at the time the deduction(s) was (were) made:
(i) the member held insurance cover under the Statewide Insurance Policies, when he/she did not; and
(ii) Statewide was entitled to deduct that/those insurance premium(s), when it was not; and
(iii) the member was required to pay that/those insurance premium(s), when he/she was not.
3. During the period 1 May 2017 to 30 June 2020, Statewide in trade or commerce engaged in conduct in relation to financial services that was misleading or deceptive or was likely to mislead or deceive and thereby contravened s 1041H(1) of the Corporations Act and s 12DA(1) of the ASIC Act, in that Statewide sent to members:
a. on approximately 14,136 occasions, ‘U$4k Warning Letters’ or ‘Nil Balance Warning Letters’; and
b. on approximately 476 occasions, ‘PYS Warning Letters’,
which represented that:
c. the member had insurance cover that may cease; and
d. action needed to be taken in order to maintain insurance cover,
at times when the member did not hold insurance cover under the Statewide Insurance Policies.
4. By reason of the matters in paragraph 2, Statewide in connection with the supply of financial services made a false or misleading representation to each member who received an annual statement referred to in paragraph 2 with respect to the amount required to have been paid by the member as a member of the Fund, and by each such representation thereby contravened s 12DB(1)(g) of the ASIC Act.
5. By reason of the matters in paragraph 2, Statewide in connection with the supply of financial services made a false or misleading representation to each member who received an annual statement referred to in paragraph 2 concerning the existence of a right of Statewide, namely the right to deduct the applicable insurance premium(s) and, further, a condition imposed on that member, namely the obligation to pay the applicable insurance premium(s), and by each such representation thereby contravened s 12DB(1)(i) of the ASIC Act.
6. On each occasion that Statewide contravened ss 12DA(1), 12DB(1)(g), or 12DB(1)(i) of the ASIC Act or s 1041H(1) of the Corporations Act, as referred to in paragraphs 1 to 5 above, Statewide breached its general obligation as a financial service licensee to comply with financial services laws, in contravention of s 912A(1)(c) of the Corporations Act.
7. By its conduct in each of:
a. issuing correspondence to members in respect of their insurance cover that was in error having regard to the terms of Statewide Insurance Policies, as referred to in paragraphs 1 to 3 above;
b. failing to adequately and properly test insurance data migrated to, and insurance coding within, its administration platform Acurity;
c. failing to ensure that the terms of the Statewide Insurance Policies as to cancellation were accurately reflected in rules applying in its Acurity administration system and in the administration of the U$4K Rule;
d. failing to maintain and implement adequate policies for the executive authorisation or consideration of changes to be made to or within the Acurity administration system, and the testing of changes prior to their implementation;
e. deducting, on or after 1 July 2017, approximately $2,700,000 in insurance premiums from member superannuation accounts in circumstances where member insurance cover had ceased under the terms of the relevant Statewide Insurance Policies;
f. failing, on or after May 2018 when Statewide became aware of instances of Mischarging Conduct to up to 1,300 members whose insurance coverage had ceased, to (1) inform those members of the overcharging (2) prevent further overcharging of those members and (3) prevent the issue of subsequent Currently Insured Representations to those and other members,
Statewide breached its obligation to do all things necessary to ensure that the financial services covered by its AFSL were provided efficiently, honestly and fairly, and thereby contravened s 912A(1)(a) of the Corporations Act.
8. By failing to lodge a written report with ASIC before 6 August 2019, on matters relating to breaches by it of obligations under ss 912A(1)(a) or 912A(1)(c) of the Corporations Act that were significant for the purposes of s 912D(1)(b) of the same, arising from the making of false or misleading representations to Fund members concerning their insurance cover, Statewide contravened ss 912D(1B) and 912D(3) of the Corporations Act, in circumstances where it became aware of such breaches by no later than 22 July 2019.
THE COURT ORDERS THAT:
9. Pursuant to s 12GBA(1) and 12GBB(3) of the ASIC Act (the former in respect of contraventions arising from conduct prior to 13 March 2019), Statewide pay to the Commonwealth pecuniary penalties in the aggregate amount of $3,500,000 in respect of Statewide’s contraventions of ss 12DB(1)(g) and (i) of the ASIC Act referred to in declarations  and  above.
10. Pursuant to s 1317G(1) of the Corporations Act, Statewide pay to the Commonwealth a pecuniary penalty in the amount of $500,000 in respect of Statewide’s contravention of s 912D((3) of the Corporations Act referred to in declaration  above.
11. Pursuant to section 12GLB(1)(a) of the ASIC Act within 30 days of this Order, Statewide publish, at its own expense, a written adverse publicity notice (Written Notice) in terms set out in Annexure A to this Order, by, for a period of no less than 90 days, maintaining a copy of the Written Notice, in font no less than 10 point in an immediately visible area of:
a. the following web addresses:
b. the webpage to appear before a person uses credentials to log into Statewide’s secure online service via the ‘member’ or ‘employer’ sections of the webpage; and
c. if practicable, on the “Statewide app” controlled by Statewide and ensure that notification:
A. appears immediately after a person uses credentials to log into the app, stating
“ADVERSE PUBLICITY NOTICE
Click here for more information about an important recent Federal Court decision. No action is required”
B. is hyperlinked, via the words referred to in A. above, to the Written Notice published under order 11.a.ii.
12. Pursuant to s 1101B(1) of the Corporations Act, Statewide is to by 31 March 2022:
a. establish and implement a review and remediation program to:
i. identify all past and present members of the Fund whose insurance status was subject to application of the U$4K Rule or Nil Balance Rule during the period from 1 May 2017 to (and including) 30 June 2020 (the Relevant Period);
ii. determine whether the insurance status of past and present members of the Fund was correct under the terms of the Statewide Insurance Policies in place at all applicable times during and after the Relevant Period;
iii. identify all past and present members of the Fund who during the Relevant Period either or both (1) received correspondence from Statewide indicating current insurance under Statewide Insurance Policies at a time when the member did not hold such insurance or (2) were charged insurance premiums when the member did not hold insurance cover under the Statewide Insurance Policies in place at the relevant time;
iv. inform past and present members of the Fund of any corrections to their insurance status during or after the Relevant Period arising from the undertaking of the review and remediation programme, and any compensation entitlement;
v. compensate past and present members of the Fund for all overcharged premiums arising from any failure to apply the U$4K Rule or Nil Balance Rule in accordance with Statewide Insurance Policies (including for loss of return on amounts incorrectly charged, with the aim to place the member in the position they would have been had incorrect charging not occurred);
vi. further to (i) to (v), make payment to any affected past and present members of the Fund of all such entitlements to compensation assessed in accordance with the review and remediation programme;
b. appoint (at its cost) a suitably qualified independent expert agreed by the plaintiff or determined by the Court to prepare and provide to ASIC a report on the review and remediation program, including as to whether the expert perceives any deficiencies in the implementation and effectiveness of that review and remediation program.
13. Statewide pay the plaintiff’s costs of and incidental to this proceeding fixed in the amount of $240,000.
4 I said that I would deliver reasons for making those orders and these are my reasons.
5 The following summary is based on the Amended Statement of Agreed Facts. That document is very detailed and it is neither practicable nor necessary to summarise the whole document. I will identify the key facts relevant to the contraventions and then the agreed facts concerning the matters which, having regard to the authorities, are relevant to the determination of appropriate pecuniary penalties.
6 Statewide is a body corporate and it is the trustee and registrable superannuation entity licensee in respect of the Statewide Superannuation Trust (the Fund). Statewide holds an Australian Financial Services Licence. As at 30 June 2020, the Fund had approximately 160,000 member accounts and Statewide managed Fund assets of $9.9 billion. The funds managed by Statewide represented approximately 1.32% of total assets by value in Australia’s industry fund superannuation sector (0.51% of the value of all superannuation funds, excluding those with four or less members), and had 1.35% of the industry fund sector. I was told that Statewide is an industry fund standing as a profit-for-members fund and that it does not have an independent balance sheet. I was told that Statewide acts solely for members of the Fund.
7 The events which are relevant in this proceeding occurred between 1 May 2017 and 30 June 2020. I will refer to this as the relevant period.
8 During the relevant period, Statewide maintained group life and income protection insurance policies with MetLife Insurance Limited (MetLife) under which members of the Fund were eligible to be insured pursuant to policy terms from time to time. The status of a member’s insurance cover was determined by the terms of the applicable Statewide insurance policy. Statewide and MetLife are unrelated entities. Statewide provided the Statewide insurance policies as a service to members. Statewide received a fee of 6.3278% of death only insurance premiums, 6.3278% of death and total and permanent disablement insurance premiums and 13.7255% of income protection insurance premiums from its members in connection with the provision of insurance which the Superannuation Industry (Supervision) Act 1993 (Cth) (the SIS Act) requires to be charged on a cost recovery basis. Statewide does not make a profit by providing insurance as a service to its members.
9 The terms of superannuation products offered within the Fund, as contained in the Fund trust deed, product disclosure statements and other member information documents issued by Statewide from time to time, included the provision of insurance cover for death and total and permanent disablement as required by legislation as well as income protection insurance cover. The cost of member insurance cover was met by Statewide through payment to MetLife. In turn, premiums were deducted monthly by Statewide from a member’s superannuation account based on the insurance data contained within Statewide’s administration system.
10 The Statewide insurance policies included terms automatically ceasing insurance cover for a Fund member, subject to reinstatement, at each of the following times (among others):
(a) on the date that there was insufficient money in the member’s account to cover the next premium payment (the Nil Balance Rule); and
(b) (from 1 July 2016 until 1 November 2018) on the date that was three months after the end of the quarter in which an employer-sponsored member’s account balance fell below $4,000 and had not received an on-time employer contribution for 10 months, provided that neither an on-time employer contribution, nor a rollover from another superannuation fund to increase the member’s account balance to more than $4,000, had been received in the first-mentioned three month period (the U$4K Rule).
11 The U$4K Rule was implemented by Statewide in July 2016 to protect the interests of the members of the Fund by seeking to limit erosion of their account balances (consistent with its obligations under s 52(7) of the SIS Act). At that stage, an initiative such as the U$4K Rule was voluntary. Legislative amendments were later effected by the Treasury Laws Amendment (Protecting Your Superannuation Package) Act 2019 (Cth) (the PYS Act) to similar effect. The U$4K Rule was abolished by Statewide on 1 November 2018 in anticipation of the PYS Act amendments.
12 Prior to May 2017, Statewide used a platform known as “SuperB” to assist its administration of the Fund. Upon the implementation of the U$4K Rule, SuperB was considered by Statewide not to have sufficient functionality to automatically implement the U$4K Rule and other prospective legislative requirements.
13 On and from May 2017, Statewide ceased using the SuperB platform and instead started using a system known as Acurity, provided by Financial Synergy Holdings Pty Ltd which became a subsidiary of Iress Limited (Iress).
14 Correspondence to and charging of Fund members, including for insurance premiums and administration fees, occurred through operation of, and with regard to data and insurance status recorded in, the Acurity system. A report was run in Acurity at the end of each month to determine the applicable premiums and fees to be deducted. The U$4K Rule was manually administered in the Acurity system by Statewide until June 2018 when it was administered automatically through the Acurity system.
15 Member data recorded within Acurity that was relevant to correspondence to and charging of Fund members (including for insurance premiums and insurance status) included member age, account balance, and the type and timing of superannuation contributions made.
16 Acurity recorded a member’s insurance coverage status as “in force”, “lapsing”, “lapsed”, “cancelled” or “out of force”, having regard to Statewide insurance policy insurance lapsing and reinstatement rules (such as the Nil Balance Rule and the U$4K Rule) as those rules had been coded into the Acurity system, as follows:
(a) if a member holds insurance, the member’s insurance status is “in force”;
(b) a member’s insurance status changes to a “lapsing” status on the date that he/she satisfied a lapsing rule (such as the Nil Balance Rule or U$4K Rule);
(c) a member’s insurance status would then:
(i) change to a “lapsed” status if no reinstatement criteria (such as a superannuation guarantee contribution) was met in the time period allowed for reinstatement; or
(ii) change to a “in force” status if the member met a reinstatement criteria within the relevant time period allowed for reinstatement.
17 During the relevant period, the insurance cover of certain Fund members ceased due to the operation of the Nil Balance Rule or the U$4K Rule under the terms of the Statewide insurance policies. This occurred without the corresponding insurance status update occurring in Acurity at the time of the cessation. Of Statewide’s approximately 160,000 members, at least 14,209 members, inclusive of current and exited members, were so affected.
18 Statewide deducted at least one monthly insurance premium from the superannuation account of at least:
(a) 6,779 affected members in the year ending 30 June 2018;
(b) 7,779 affected members in the year ending 30 June 2019; and
(c) 2,718 affected members in the year ending 30 June 2020
at times when the members’ insurance cover under the Statewide insurance policies had previously ceased by operation of either the Nil Balance Rule or the U$4K Rule, and where the affected member did not otherwise have insurance cover under the Statewide insurance policies. This conduct is referred to in the Amended Statement of Agreed Facts as the Mischarging Conduct.
19 ASIC’s case was that Statewide made representations to its members which were misleading or deceptive or likely to mislead or deceive, or false or misleading. It sought eight declarations of contraventions by Statewide and those declarations were made and are set out above. The declarations set out the conduct which constituted the contraventions. The pecuniary penalties were sought with respect to the conduct identified in the second, fourth, fifth and eighth declarations.
The Relevant Legislative Provisions
20 The first, second and third declarations identify conduct which contravened s 1041H(1) of the Corporations Act and s 12DA(1) of the ASIC Act. Section 1041H(1) of the Corporations Act is in the following terms:
1041H Misleading or deceptive conduct (civil liability only)
(1) A person must not, in this jurisdiction, engage in conduct, in relation to a financial product or a financial service, that is misleading or deceptive or is likely to mislead or deceive.
Note 1: Failure to comply with this subsection is not an offence.
Note 2: Failure to comply with this subsection may lead to civil liability under section 1041I. For limits on, and relief from, liability under that section, see Division 4.
21 Section 12DA(1) of the ASIC Act is in the following terms:
12DA Misleading or deceptive conduct
(1) A person must not, in trade or commerce, engage in conduct in relation to financial services that is misleading or deceptive or is likely to mislead or deceive.
22 The fourth and fifth declarations relate to the conduct referred to in the second declaration and identify it as conduct contravening s 12DB(1)(g) and (i) of the ASIC Act. Contraventions of these provisions carry a pecuniary penalty (s 12 GBA(6)). They are in the following terms:
12DB False or misleading representations
(1) A person must not, in trade or commerce, in connection with the supply or possible supply of financial services, or in connection with the promotion by any means of the supply or use of financial services:
(g) make a false or misleading representation with respect to the price of services; or
(i) make a false or misleading representation concerning the existence, exclusion or effect of any condition, warranty, guarantee, right or remedy (including an implied warranty under section 12ED) …
23 Section 12GBB(5) of the ASIC Act provides as follows:
(5) In determining the pecuniary penalty, the Court must take into account all relevant matters, including:
(a) the nature and extent of the contravention; and
(b) the nature and extent of any loss or damage suffered because of the contravention; and
(c) the circumstances in which the contravention took place; and
(d) whether the person has previously been found by a court (including a court in a foreign country) to have engaged in any similar conduct; and
(e) in the case of a contravention by the trustee of a registrable superannuation entity—the impact that the penalty under consideration would have on the beneficiaries of the entity.
24 The sixth and seventh declarations, in addition to the sections already referred to, refer to s 912A(1)(a) and (c) of the Corporations Act. Those subsections provide as follows:
(1) A financial services licensee must:
(a) do all things necessary to ensure that the financial services covered by the licence are provided efficiently, honestly and fairly; and
(c) comply with the financial services laws …
25 The context of the obligation in s 912D of the Corporations Act to report the identified matters to ASIC includes the following provisions in the Corporations Act.
26 Section 912D appears within Ch 7 of the Corporations Act. The objects of Ch 7 are set out in s 760A which at all relevant times provided as follows:
The main object of this Chapter is to promote:
(a) confident and informed decision making by consumers of financial products and services while facilitating efficiency, flexibility and innovation in the provision of those products and services; and
(b) fairness, honesty and professionalism by those who provide financial services; and
(c) fair, orderly and transparent markets for financial products; and
(d) the reduction of systemic risk and the provision of fair and effective services by clearing and settlement facilities.
These objects and, in particular, sub-s (b) and (c) inform the purpose of the reporting obligation in s 912D.
27 Section 11(1) of the ASIC Act provides that ASIC has such functions and powers as are conferred on it by or under the ASIC Act and the Corporations Act. Pursuant to s 798F of the Corporations Act, ASIC has the function of supervising financial markets the operators of which are licensed under the Corporations Act.
28 Finally, a breach or breaches of a licensee’s obligations under s 912A, the reporting of which is required by s 912D, enlivens ASIC’s powers to make a banning order under s 920A and to apply to the Court for a disqualification order under s 921A.
29 The eighth declaration, in addition to sections already referred to, refers to s 912D(1B) and (3) of the Corporations Act. Section 912D at all relevant times provided, relevantly:
(1) A financial services licensee must comply with subsection (1B) if:
(a) the licensee breaches, or is likely to breach:
(i) any of the obligations under section 912A or 912B, other than the obligation under paragraph 912A(1)(c); or
(ii) the obligation under paragraph 912A(1)(c), so far as it relates to provisions of this Act or the ASIC Act referred to in paragraphs (a), (b), (ba) and (c) of the definition of financial services law in section 761A; or
(b) the breach, or likely breach, is significant, having regard to the following:
(i) the number or frequency of similar previous breaches;
(ii) the impact of the breach or likely breach on the licensee’s ability to provide the financial services covered by the licence;
(iii) the extent to which the breach or likely breach indicates that the licensee’s arrangements to ensure compliance with those obligations is inadequate;
(iv) the actual or potential financial loss to clients of the licensee, or the licensee itself, arising from the breach or likely breach;
(v) any other matters prescribed by regulations made for the purposes of this paragraph.
(1B) The financial services licensee must, as soon as practicable and in any case within 10 business days after becoming aware of the breach or likely breach mentioned in subsection (1), lodge a written report on the matter with ASIC.
Note: Failure to comply with this subsection is an offence (see subsection 1311(1)).
(3) A person contravenes this subsection if the person contravenes subsection (1B) or (2).
Note: This subsection is a civil penalty provision (see section 1317E).
30 As the note to s 912D(3) of the Corporations Act indicates, it is a civil penalty provision. Section 1317G(6) of the Corporations Act provides as follows:
(6) In determining the pecuniary penalty, the Court must take into account all relevant matters, including:
(a) the nature and extent of the contravention; and
(b) the nature and extent of any loss or damage suffered because of the contravention; and
(c) the circumstances in which the contravention took place; and
(d) whether the person has previously been found by a court (including a court in foreign country) to have engaged in similar conduct; and
(e) in the case of a contravention by the trustee of a registrable superannuation entity—the impact that the penalty under consideration would have on the beneficiaries of the entity.
31 Both s 12GBB(5)(e) of the ASIC Act and s 1317G(6)(e) of the Corporations Act commenced operation on 1 January 2021.
32 The differences between the parties in terms of the appropriate pecuniary penalties are as follows:
(1) ASIC seeks pecuniary penalties in the aggregate amount of $9 million in respect of Statewide’s contraventions of s 12DB(1)(g) and (i) of the ASIC Act. Statewide contends that a penalty of $3 million is appropriate with respect to these contraventions; and
(2) ASIC seeks a pecuniary penalty in the amount of $1 million in respect of Statewide’s contravention of s 912D(3) of the Corporations Act. Statewide contends that a nominal amount is appropriate for this contravention.
33 Although Statewide does not oppose the making of the declarations, the Court must be satisfied that it is appropriate to make them.
34 The declarations identify the contravening conduct and making them marks the Court’s disapproval of the conduct. They may well provide assistance for future investigations and cases. I am satisfied that the making of the declarations represents an appropriate exercise of the Court’s power in s 21 of the Federal Court of Australia Act 1976 (Cth).
35 The adverse publicity order under s 12GLB(1)(a) of the ASIC Act is appropriate. It furthers the important aim of deterrence, both general and specific. It is also informative to members of the Fund in terms of their rights to compensation for loss or damage resulting from the contravening conduct. It offers protection to those members.
36 The order under s 1101B(1) of the Corporations Act for a review and remediation program is appropriate as it provides for compensation to all past and present members of the Fund for loss and damage resulting from Statewide’s contravening conduct.
37 That leaves for consideration the determination of appropriate pecuniary penalties.
The Pecuniary Penalties to be imposed
38 I have imposed pecuniary penalties in the aggregate amount of $3,500,000 payable by Statewide to the Commonwealth in respect of Statewide’s contraventions of s 12DB(1)(g) and (i) of the ASIC Act. Those contraventions involved Statewide, in trade or commerce and in connection with the supply of financial services, making a false or misleading representation in annual statements sent to members on at least 6,779 occasions in respect of the year ending 30 June 2018 and on at least 7,779 occasions in respect of the year ending 30 June 2019 with respect to the amount required to have been paid by the member as a member of the Fund, thereby contravening s 12DB(1)(g), and a false or misleading representation concerning the existence of a right of Statewide, namely the right to deduct the applicable insurance premium(s) and, further, a condition imposed on that member, namely the obligation to pay the applicable insurance premium(s), thereby contravening s 12DB(1)(i) of the ASIC Act. The annual statements which contained the false or misleading representations stated that one or more insurance premiums had been deducted from the member’s superannuation account, at times when the member did not have insurance cover under the Statewide insurance policies, which, in all the circumstances, represented that, at the time the deduction(s) was (were) made: (1) the member held insurance cover under the Statewide insurance policies, when he/she did not; (2) Statewide was entitled to deduct that/those insurance premium(s) when it was not; and (3) the member was required to pay that/those insurance premium(s) when he/she was not.
39 The pecuniary penalties were imposed pursuant to s 12GBA(1) of the ASIC Act in respect of contraventions arising from conduct prior to 13 March 2019 and s 12GBB(3) in respect of contraventions arising from conduct after that date. Those sections require the Court in determining the appropriate pecuniary penalty to have regard to all relevant matters, including the following:
(1) the nature and extent of the contravention; and
(2) the nature and extent of any loss or damage suffered as a result of the contravention; and
(3) the circumstances in which the contravention took place; and
(4) whether the person has previously been found by a Court (including a Court in a foreign country) to have engaged in any similar conduct; and
(5) (as at 1 January 2021) in the case of a contravention by the trustee of a registrable superannuation entity—the impact that the penalty under consideration would have on the beneficiaries of the entity.
(s 12GBA(2) and s 12GBB(5).)
40 ASIC submitted at the hearing that pecuniary penalties in the aggregate amount of $9 million was appropriate, whereas Statewide submitted that pecuniary penalties in the aggregate amount of $3 million was appropriate.
41 I have imposed a pecuniary penalty in the amount of $500,000 payable by Statewide to the Commonwealth in respect of Statewide’s contravention of s 912D(3) of the Corporations Act. That contravention involved Statewide, as a financial services licensee, failing to lodge a written report with ASIC before 6 August 2019 on matters relating to breaches by it of obligations under s 912A(1)(a) or (c) of the Corporations Act that were significant within s 912D(1)(b) of the Corporations Act, arising from the making of false or misleading representations to Fund members concerning their insurance cover, thereby contravening s 912D(1B) and (3) of the Corporations Act, in circumstances where Statewide became aware of such breaches by no later than 22 July 2019.
42 Statewide lodged a written report with ASIC on 20 September 2019, some 45 days after 6 August 2019.
43 I mention one matter at this stage which should be noted, although I do not think it is of great significance when all the relevant matters are considered. As will be seen, Statewide has generally cooperated with ASIC in its investigation. However, at the time of the Statement of Agreed Facts, it contended that s 912D(1B) was engaged on 20 August 2019, rather than 22 July 2019. By the time of the Amended Statement of Agreed Facts, it agreed with ASIC that the relevant date was 22 July 2019.
44 Again, in determining the appropriate pecuniary penalty, the Court must have regard to all relevant matters, including the same five matters identified in s 12GBB(5) of the ASIC Act and set out above (s 1317G(6) of the Corporations Act).
The Matters Identified in the Legislation
1. The nature and extent of the contraventions and the circumstances in which the contraventions took place
45 It is convenient to deal with these two matters together.
46 Statewide’s conduct giving rise to the admitted contraventions other than s 912D(1B) and (3) occurred from at least 1 May 2017. The particular conduct which gave rise to the contraventions occurred when, in November and December 2018, Statewide issued annual statements to members on at least 6,779 occasions in respect of the year ending 30 June 2018 and when, in November and December 2019, Statewide issued annual statements to members on at least 7,779 occasions in respect of the year ending 30 June 2019.
47 Statewide did not deliberately engage in the conduct involving the incorrect deduction of insurance premiums or deliberately make the false or misleading representations concerning the insurance status of certain members and its conduct was not motivated by profit.
48 Statewide’s failure to make a timely report to ASIC pursuant to s 912D(1B) of the Corporations Act was not deliberate.
49 Statewide decided to change its administration system from the SuperB platform to the Acurity administration system prior to early 2016 and preparations for the change commenced in early 2016. The SuperB platform was used for all of Statewide’s back office internal administration processes, including processing of member contributions and benefits, and was integrated into other systems and programs used by Statewide.
50 The preparatory steps taken by Statewide with the assistance under a Management Services Agreement of the provider of the Acurity administration system, Iress, are described in the Amended Statement of Agreed Facts. By approximately October 2016, Statewide identified the migration of data to Acurity as a key project risk and that a failure to test processes prior to implementation may lead to errors. Statewide and Iress used a project management software called “JIRA” to log issues with the operation of the Acurity administration system and track the status of work that had been or was to be completed. From approximately May 2017, Statewide received complaints from members about their insurance status and from that date, errors in the insurance status of members and the debiting of insurance fees were logged in the JIRA software.
51 The reason that during the relevant period the insurance coverage status of certain members as contained in the Acurity administration system could, and did, differ from their status under the Statewide insurance policies was that prior to the commencement of the use of the Acurity administration system in May 2017, the migration and processing of member insurance data to, and coding of insurance rules aligning to the terms of the Statewide insurance policies in, the Acurity administration system was not completed correctly.
52 Statewide accepts that it did not do the following: (1) adequately and properly test member insurance data migrated to the Acurity administration system; (2) ensure that the terms of the Statewide insurance policies, as to lapsing and the cancellation of cover, were accurately reflected in rules in the Acurity administration system and in the administration of the U$4K Rule; and (3) carry out structured, successful testing of member insurance data and end of month processes by which insurance status was updated and premiums deducted within the Acurity administration system.
53 Furthermore, Statewide accepts the following: (1) during the relevant period, it did not at all times have a policy whereby problems with its administration identified by its non-management personnel were escalated to its leadership team; and (2) changes in coding and to member data which affected the records relating to Fund members were made within the Acurity administration system between May 2017 and September 2019 using JIRA projects without those changes being the subject of oversight and prior approval by senior management. Statewide did not maintain policies or structures requiring managerial authorisation or consideration of the implementation of changes within the Acurity administration system.
54 ASIC submitted, correctly in my view, that there was within Statewide inadequate management and risk control.
55 The cumulative changes, referred to within Statewide as “data fixes”, to the records of Fund members relating to insurance between May 2017 and September 2019 did not correct the errors within the Acurity administration system.
56 The insurance premiums which were incorrectly deducted by Statewide were remitted to MetLife even though the insurance cover of the relevant members had ceased.
57 ASIC identified two other matters which it submitted were relevant to the nature and extent of the contraventions and the circumstances in which the contraventions took place.
58 First, in May 2018, the leadership team within Statewide identified an incorrect deduction of insurance premiums affecting approximately 1,300 members, but did not in May 2018 notify those members of what had taken place. Statewide did not prevent continued charging for insurance cover for all such members which had ceased and it did not prevent those members from subsequently receiving representations that they were currently insured. In or about June 2018, approximately 1,300 members affected by the incorrect charging of insurance premiums identified in May 2018 were remediated approximately $182,250.08.
59 Secondly, Statewide failed to correct data or prevent the making of incorrect statements in and after July 2019 and prior to the annual statements for the year ending 30 June 2019 being sent to members in November and December 2019. This occurred despite the fact that on or about 7 July 2019, Statewide’s then head of insurance circulated a briefing paper to Statewide’s general counsel and then chief risk officer in which he observed that a recent “data fix” occurred of around 12,800 member insurance records identified in mid-2018 as having “glitches” and that it was “highly likely that a number of members may have received statements inaccurately representing their insurance status in 2018 and, if not remediated in time, may have incorrect information in 2019”. This briefing paper was subsequently provided to Statewide’s leadership team.
60 This second submission was put in response to Statewide’s submission that it continued to labour under the same misapprehension throughout the relevant period. As I understand it, that misapprehension was that the problems which had been experienced by Statewide could be resolved by data fixes and were not such, as later discovered, as involving a systems failure from the outset which required, as counsel for Statewide put it, “the need to go back and rebuild the material for each of these affected members on a continuum from the beginning of their membership right through until the end of the relevant period”. Statewide’s submission that it laboured under the same misapprehension throughout the relevant period was one of a number of submissions Statewide made in support of a general submission that I should characterise the conduct constituting the contraventions of s 12DB(1)(g) and (i) of the ASIC Act as a single course of conduct for the purpose of determining the appropriate pecuniary penalty for those contraventions.
61 The dispute between the parties was as to whether the conduct contravening s 12DB(1)(g) and (i) of the ASIC Act should be characterised as a single course of conduct (Statewide’s contention) or as two courses of conduct, one constituted by the issuing of annual statements to members for the year ending 30 June 2018 and sent to members in November and December 2018, and the second by the issuing of annual statements to members for the year ending 30 June 2019 and sent to members in November and December 2019 (ASIC’s contention).
62 Statewide points to the following matters in support of its contention of a single course of conduct:
(1) The representations to affected members were by the same mode of communication, that is to say, annual statements, which are largely standard form documents, except for member-specific details, generated using the same process;
(2) The errors in the annual statements issued and sent to members in 2018 and 2019 are the result of one underlying cause, that is to say, the existence of errors in the insurance data contained within the Acurity administration system;
(3) Statewide was continuing to labour under the same misapprehension throughout the relevant period. The fact that the conduct occurred over the course of two rounds of annual statements reflects only that the systems error was not detected throughout the period and it would be artificial to treat the two periods as separate and independent; and
(4) In the same way as it would be artificial to separate each false or misleading representation, it would be artificial to treat the two periods as separate and independent courses of conduct.
(1) It quite fairly accepts that on one view, it can be said that the root cause of the problems in each year was the systems error that attended the Acurity administration system. However, it submitted that this is not decisive in determining whether there was one course of conduct or two;
(2) There was a difference in Statewide’s state of knowledge between the two periods, although ASIC made it clear that in making this submission, it did not depart from the agreed position in the Amended Statement of Agreed Facts that the conduct constituting the contraventions of s 12DB(1)(g) and (i) of the ASIC Act was not deliberate;
(3) ASIC points to the increasing state of knowledge of Statewide’s leadership team from the point at which the annual statements for the year ending 30 June 2018 were sent to members to the point at which the annual statements for the year ending 30 June 2019 were sent to members, that to use counsel’s words, “these problems are increasingly not being fixed”.
64 In support of its contention of an increasing state of knowledge on the part of Statewide’s leadership team, ASIC relied on the matters set out in paras 39 to 57 of the Amended Statement of Agreed Facts and it is important that I set those paragraphs out in full:
39 By around March 2019, Statewide had increased its internal risk rating for its insurance team and had conducted meetings with lress, according to Statewide’s head of insurance, to “get a better understanding of what exactly is the root cause of the ongoing system failures”. This resulted in ongoing briefings to leadership team meetings on matters relating to insurance and remediation by way of ‘data fixes’.
40 A data fix was implemented in June 2019. That data fix had associated code that was designed to:
(a) correct the insurance status of all Affected Members;
(b) review the updated (and presumably correct) insurance status of all Affected Members and calculate the insurance premiums payable by each Affected Member; and
(c) perform a ‘true up’ to determine whether an Affected Member had underpaid or overpaid premiums and adjust those amounts accordingly.
The ‘true up’ resulted in 1,124 members being refunded $348,242.44 as at 30 June 2019.
41 By around late June 2019, Statewide’s general counsel and then chief risk officer, who were members of the leadership team, were informed by Statewide’s then head of insurance that Currently Insured Representations had been made, and on and from around 5 July 2019, including on 8 and 11 July 2019, as well as in informal discussions throughout July 2019, leadership team members met and discussed the same. Under the IBR Policy, the chief risk officer was responsible for ensuring the timeline for reporting of significant breaches was complied with by all parties.
42 On around 7 July 2019, Statewide’s then head of insurance circulated a briefing paper to Statewide’s general counsel and then chief risk officer. That paper was subsequently distributed to the leadership team. The paper identified that:
(a) a recent ‘data fix’ occurred of around 12,800 member insurance records identified in mid-2018 as having ‘glitches’; and
(b) it was ‘highly likely that a number of members may have received statements inaccurately representing their insurance status in 2018 and, if not remediated in time, may have incorrect information in 2019’.
43 Between 9 and 18 July 2019, Statewide’s general counsel sampled certain individual member records including annual statements, U$4K Warning Letters and PYS Warning Letters issued to those members, finding the U$4K Rule was not being applied correctly within Acurity and that Currently Insured Representations had been made to those members.
44 By 18 July 2019, the leadership team requested that the applications support team and insurance personnel undertake a review of the approximately 12,800 member records the subject of the June data fix to identify which of those members received incorrect correspondence and the dates on which insurance cover of those members should have lapsed or reinstated based on the terms of the Insurance Policy. The applications support team is Statewide’s information technology group which was tasked with assisting with data management, support and analysis and the management of external systems.
45 By 22 July 2019, Statewide’s general counsel had:
(a) sent correspondence copied to the then chief financial officer which confirmed the further review requested on 18 July 2019 were a priority and stated that, ‘It is my view that this should be your top priority (so that we can correct misrepresentations to members in the shortest possible timeframe)’; and
(b) circulated correspondence to five other leadership team members setting out categories of potentially Affected Members who received Currently Insured Representations with the “Number of Affected Members” column left blank.
46 As at 22 July 2019, the Leadership Team knew a data fix had been run in June 2019 in respect of 12,500 Affected members and was aware that:
(a) an undefined portion of those members received incorrect correspondence;
(b) the data fix had not properly corrected data or insurance status errors for at least some of those members; and
(c) Statewide’s application support team was conducting a review of member records and data.
47 On or around 30 July 2019, Statewide’s leadership team met and the following was discussed:
(a) a remediation plan has to be developed and approved by the leadership team, and was to be provided to the leadership team in the next few weeks;
(b) the full impact or areas of concern regarding the data fix (and therefore the Currently Insured Representations and Mischarging Conduct) could not be assessed until the required data was obtained by the applications support team as part of its review; and
(c) a concern that there were some members who were led to believe that they had insurance when they did not and had been charged premiums incorrectly; and
(d) that a further ‘data fix’ needed to occur in relation to approximately 3,000 members whose records were still wrong.
48 On or around 6 August 2019, Statewide’s leadership team met and was advised that a lot of data analysis was being carried out to understand the impact of the data fix across various categories of members.
49 On around 13 August 2019, Statewide’s leadership team met about matters referred to in paragraphs 40 to above to develop or discuss:
(a) a communications plan to members;
(b) a remediation plan of members; and
(c) a plan to communicate with Statewide’s board.
Breach reporting to ASIC or APRA was not discussed or considered at that time.
50 On 20 August 2019, Statewide’s general counsel circulated a ‘Data Fix Paper’ to the chief executive officer, the then chief risk officer and chief operating officer containing substantially similar information as was ultimately contained in the Breach Report. The paper identified a proposed approach to communicate and remediate 4,095 Affected Members and also referred to 4,375 Affected Members whose accounts who [sic] had been closed and who were excluded from the numbers pertaining to the proposed communication and remediation plan. This paper was presented to the Statewide board on 29 August 2019.
51 On 10 September 2019, a leadership team meeting occurred at which an update on the remediation plan was provided and in which the following statement was recorded in the meeting minutes, ‘the incident report requires completion before LT can consider whether this is a reportable breach. This decision has been carried over to the next meeting.’ At this time, investigations remained ongoing into the extent and scope of the issue.
52 Statewide accepts that its IBR Policy in place from November 2018 required any incident report to have been prepared within two business days of any Statewide employee knowing or reasonably suspecting that an event had occurred that resulted in Statewide incurring a loss (financial or otherwise, including reputational).
53 On around 17 September 2019, a further 3,654 current members, then determined to be Affected Members, had their records corrected. Of those 3,654 members, 8 were refunded premiums in the total amount of $2,511.33.
54 On 17 September 2019, the leadership team met and:
(a) received a copy of the incident report, which was prepared by the then chief risk officer. That incident report was substantially similar to the paper circulated by the general counsel on 20 August 2019; and
(b) sought a report from the general counsel as to whether the incident, as reported, was a reportable breach.
55 On 18 September 2019, the general counsel conducted an analysis of the incident against the IBR Policy.
56 On or around 19 September 2019, an informal extraordinary meeting of the leadership team occurred, at which the general counsel provided an update of her analysis, and a decision was made to file a breach report with ASIC and APRA.
57 On 20 September 2019, Statewide lodged a breach report with ASIC that identified a contravention of s 912A(1)( a) of the Corporations Act which was stated to have occurred on 19 June 2019 in respect of Currently Insured Representations being made to up to 12,500 Fund members, of which breach Statewide was expressed to have become aware on 10 September 2019 (Breach Report).
65 Those facts indicate that the leadership team at Statewide was attempting to address the problems by making plans, authorising the carrying out of data fixes and refunding premiums. It is true that those steps did not correct the errors in the Acurity administration system and there is an acceptance by Statewide that, in fact, its attempts at “data fix” remediation in 2018 and 2019 were likely to be incomplete, in that the “data fixes” did not successfully correct the insurance data of all affected members, having regard to the terms of the Statewide insurance policies. Nevertheless, in light of the agreed position that the contravening conduct was not deliberate and that the conduct was not motivated by profit and the steps actually taken by Statewide, I am not prepared to find that Statewide’s leadership team knew that to send unqualified annual statements in November and December 2019 was, to use counsel for ASIC’s words, “creating a high risk of misleading members”.
66 It is true, as counsel for ASIC submitted, that identifying one or more courses of conduct is no more than an analytical tool in the process of determining the appropriate pecuniary penalty. Nevertheless, I consider the contravening conduct so far as it concerns s 12DB(1)(g) and (i) of the ASIC Act should be characterised as a single course of conduct.
67 With respect to the conduct which constituted a contravention or contraventions of s 912D(1B) and (3) of the Corporations Act, as I have said, the written report to ASIC should have been provided on 6 August 2019, but was not in fact provided until some 45 days later on 20 September 2019.
68 Statewide’s own policy document — Incident and Breach Reporting Policy dated 29 November 2018 — provided as follows:
6. Determining whether to report an Incident
A Significant Breach notification must be made to the relevant regulator as soon as practicable and, in the case of notifications to ASIC and APRA, within 10 business days after a member of the Risk Services team becomes aware of an Incident. This timeframe is a regulatory requirement and cannot be extended.
Note: Failing to report a Significant Breach, or likely breach, to ASIC within the prescribed timeframe is itself considered a breach.
In addition, if the Incident consists of an event which has a significant adverse effect on the financial position of the entity, Statewide Super must immediately notify APRA in writing to [sic]. Any individual employee of Statewide Super who becomes aware of an event with a potentially significant adverse effect should immediately report the matter to the CRO or in his absence to a member of the Risk Services team.
An Incident involving a potentially, likely or actual Significant Breach must be identified and assessed as quickly as possible. This may require the regulator to be notified before:
• all avenues of investigation have been completed to determine whether the breach is significant;
• the breach has been fully considered by the board of directors or legal advisers; or
• the breach has been rectified.
ASIC warns against delaying notification of a potential AFSL breach due to incomplete investigations, escalation to the board of directors, awaiting legal advice, or implementation of rectification steps.
The following process has been designed to ensure that the identification and assessment of an Incident can be concluded within 10 business days. Each participant in the process should be aware of the maximum reporting timeframe. All participants in the process should seek to conclude their actions as soon as reasonably practicable.
An overview of the Incident and breach reporting process, based on the responsibilities of the respective individuals involved, is as follows.
The relevant criteria for determining whether an Incident gives rise to a Significant Breach is explained in paragraph 8 of this policy.
69 The steps which the leadership team of Statewide took between 6 August 2019 and 20 September 2019 are set out in paras 48 to 57 of the Amended Statement of Agreed Facts. Those paragraphs are set out above (at ). It is implicit in Statewide’s admission to the conduct that contravened s 912D(1B) and (3) of the Corporations Act that it accepts that rather than taking those steps, or, in addition to taking those steps, Statewide should have lodged a written report on the relevant matters with ASIC on 6 August 2019.
70 Statewide described the delay in lodging a written report with ASIC as “relatively short”. It submitted that it has not been able to identify any judicial consideration of the imposition of a civil pecuniary penalty for contraventions of s 912D(1B) and (3). Statewide referred to Australian Securities and Investments Commission v Commonwealth Bank of Australia  FCA 423 (ASIC v CBA) and submitted that on the facts of that case, there appeared to be a more egregious failure to comply with s 912D(1B) and (3) and yet ASIC did not seek a declaration or pecuniary penalty with respect to those apparent contraventions. I note in this context that ASIC described the delay in this case as a relatively moderate period while at the same time making the point that the statutory period was “as soon as practicable and in any case within 10 business days”.
71 Statewide referred to a number of matters as being relevant to the determination of the appropriate pecuniary penalty for the contraventions of s 912D(1B) and (3) of the Corporations Act. I accept, as submitted by Statewide, that the following matters are correct as a matter of fact and are relevant: (1) the delay of 45 days or 34 business days is relatively short; (2) there is no obvious harm occasioned by the delay in reporting; (3) Statewide’s leadership team was taking steps to both investigate and remedy the problems during the delay; (4) Statewide’s leadership team was investigating whether the circumstances gave rise to a reportable breach and ultimately did lodge a written report with ASIC and; (5) the contraventions were not deliberate.
2 The nature and extent of any loss or damage suffered as a result of the contraventions
72 During the relevant period, Statewide accepted insurance premiums of at least $2.7 million and insurance administration fees of at least $320,000 from members who had been incorrectly charged and those members were deprived of not only those monies, but also the opportunity to generate income on those monies. The insurance premiums deducted by Statewide were paid by it to MetLife.
73 Furthermore, as ASIC submitted, a member who thought that he or she had insurance when in fact there was no insurance, may suffer a loss if a claim for indemnity is made and then refused. Statewide has agreed that in cases where it was represented to members that they had insurance when they did not, it will pay or procure to be paid any claims made that would have validly been made under the policy had insurance been in place.
74 Statewide has refunded to members incorrectly charged premiums as follows:
(1) The amount of approximately $182,250.08 with respect to approximately 1,300 members in June 2018;
(2) The amount of $348,242.44 as at 30 June 2019 with respect to 1,124 members; and
(3) The amount of $2,511.33 with respect to 8 members on 17 September 2019.
75 The steps which Statewide has taken to remedy the loss to members are set out in paras 76 to 88 of the Amended Statement of Agreed Facts. Those paragraphs are as follows:
76 Statewide accepts that its attempts at ‘data fix’ remediation in 2018 and 2019 were likely to have been incomplete, in that the ‘data fixes’ did not successfully correct all Affected Member insurance data having regard to the terms of the Statewide Insurance Policies. As at May 2020, insurance status data errors relating to the U$4K Rule and Nil Balance Rule continued to exist.
77 By 20 September 2019, when Statewide lodged the Breach Report, Statewide’s proposed remediation plan was scoped to remediate the 5,715 current Affected Members (estimated compensation of $1.1 million) and not the 6,698 Affected Members who had exited the Fund or whose accounts had been closed.
78 By early 2020, Statewide undertook further actions to develop a remediation program, in that it:
(a) in around February 2020, engaged Deloitte Australia as external independent consultants to conduct investigations in respect of the data and root cause of the issue;
(b) engaged with lress (as vendor of the Acurity administration system) and MetLife (as provider of the Statewide Insurance Policies) with a view to remediation of Affected Members and conferral of insurance entitlements not otherwise conferred by the policies; and
(c) by around May 2020, developed a draft remediation plan methodology, which it included in a position paper provided to ASIC, which proposed to remediate all Affected Members (exited or current) (Initial Remediation Plan).
79 Statewide accepts that a significant challenge in the development and implementation of a remediation plan was and is the reliability and correctness of data and insurance status recording of members within Acurity. As at May 2020, Statewide accepts that various ‘data fixes’ attempted to that point had not been effective and had not correctly implemented the terms of the Statewide Insurance Policies, and that insurance status data errors relating to the U$4K Rule and Nil Balance Rule continued to exist.
80 On 19 August 2020, Statewide and MetLife executed addendums to the Statewide Insurance Policies relating to the application of the U$4K Rule and Nil Balance Rule (Addendums). The effect of the Addendums was that, in the event of any discrepancies between the wording of the applicable insurance policy and the insurance status recorded in Acurity by Statewide, the insurance status in Acurity would prevail. At the time, Statewide believed that the implementation of the Addendums would form part of the remediation plan for the Affected Members.
81 By 23 October 2020, the status of Statewide’s remediation plan was that:
(a) it would take approximately 24 months to implement the remediation plan with a team consisting of internal and external consultants and with a budget of approximately $2 million; and
(b) Statewide was continuing to engage with lress.
82 On 13 November 2020, Statewide engaged an external consultant, the IQ Group, to assist Statewide with the preparation of its remediation report.
83 In around November 2020, Statewide prepared a detailed draft “Remediation Plan” in conjunction with the IQ Group (Remediation Plan) in order to:
(a) ensure that all Affected Members are identified;
(b) correct any insurance status errors on member accounts;
(c) ensure premiums charged align to the correct insurance status;
(d) refund overpaid premiums and lost earnings thereon; and
(e) inform all Affected Members of:
(i) any refund;
(ii) the reason for any refund; and
(iii) the basis for any calculation.
84 On 18 December 2020, a draft copy of the Remediation Plan was provided to ASIC. It identified that the task to be completed involved an examination of each potentially Affected Member’s account in detail in order to determine the correct insurance status, using data such as age, account balance and contribution history.
85 Statewide has undertaken the following measures to increase its governance and oversight of the Remediation Plan:
(a) established a project team for the purpose of overseeing and implementing the execution of the Remediation Plan including members of Statewide’s leadership team, legal, risk and insurance groups who are required to approve key milestones and activities and sign off on key deliverables;
(b) established a project board consisting of Statewide’s chief executive officer, general counsel, chief technology officer and current chief risk officer; and
(c) further engaged the IQ Group on 11 January 2021 to assist with the implementation and execution of the Remediation Plan. This work remains ongoing as at the date of this statement.
86 On 4 February 2021, Statewide appointed Graeme Arnott of Rice Warner as an independent assurance review expert in respect of the Remediation Plan, an engagement separate to the role of the consultant referred to in paragraph 85(c) above. The scope of work includes:
(a) preparing a report detailing the suitability of the Remediation Plan in general and providing commentary on the ability of Statewide to properly carry out the Remediation Plan; and
(b) providing ongoing assurance over the execution of the Remediation Plan.
87 As at the date of this statement, Statewide has not made remediation payments to Affected Members of premiums, Insurance Administration Fees or lost earnings pursuant to the Remediation Plan.
88 Statewide is working with the IQ Group to execute the Remediation Plan, with input from Rice Warner regarding the suitability of that Remediation Plan. The ongoing work with the IQ Group involves examining each potentially Affected Member’s Account in order to determine the Member’s correct insurance status throughout the Relevant Period and to date, and in turn to identify the quantum of remediation required to each member.
76 Further details of the steps taken by Statewide are set out in the two affidavits of Mr David Cook who is the chief technology officer of Statewide.
77 Statewide has agreed to establish and implement a review and remediation program and an order under s 1101B(1) of the Corporations Act has been made. The particulars of that order are set out above (at ).
3 Whether the person has previously been found by a Court (including a Court in a foreign country) to have engaged in any similar conduct
78 Statewide has not previously been found to have contravened any relevant laws.
4 (As at 1 January 2021) in the case of a contravention by the trustee of a registrable superannuation entity—the impact that the penalty under consideration would have on the beneficiaries of the entity
79 The contravening conduct in this case took place before the introduction of this consideration into the ASIC Act and the Corporations Act. Nevertheless, the parties proceeded on the basis that the impact of a penalty on the beneficiaries of the entity was a relevant consideration irrespective of whether it was referred to in the legislation.
80 Statewide sought to rely on this matter, but only to the extent that penalties exceeding $5 million was under consideration. The reason for that approach is as follows.
81 During the relevant period, Statewide held Superannuation Fund Insurance cover and the policy provided professional liability cover on certain terms and conditions, including for fines and pecuniary penalties. The policy provides for a sub-limit of liability for fines and pecuniary penalties of $5 million. A claim on the policy was made by Statewide in connection with the matters which are the subject of this proceeding in February or March 2020. The insurer has agreed to extend indemnity to Statewide for any civil liability arising from this proceeding, including any penalties imposed by the Court up to the sub-limit amount of $5 million, but has reserved its position with respect to the extent of any indemnity for the remediation of members and the costs thereof, and the costs Statewide may incur under the order establishing the review and remediation program.
82 The position of the insurer is that the sub-limit of liability amount is the limit of the amount available with respect to the pecuniary penalties in this proceeding.
83 Statewide is a profit-for-members fund which means that it does not have recourse to assets owned beneficially by Statewide from which pecuniary penalties could be paid. This means that to the extent any pecuniary penalties imposed in this proceeding exceed the sub-limit of liability amount of $5 million, that excess would need to be funded by Statewide by recourse to its “member owned” fund reserves or by the imposition of a fee on members.
84 In view of the insurer’s reservation of rights with respect to indemnity for remediation costs, Statewide is already in a position of having to consider the possibility of the payment of remediation costs from reserves or the imposition of a fee on members.
85 I reached the conclusion that pecuniary penalties totalling $4 million were appropriate and, in those circumstances, it is not necessary for me to consider this factor.
Other Matters Relevant to the Determination of the Appropriate Pecuniary Penalties
5 The maximum penalties
86 During the relevant period, a Commonwealth penalty unit amount was $210.00.
87 The maximum penalty for a contravention of s 12DB(1) of the ASIC Act before the enactment of the Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Act 2019 (Cth) (the Strengthening Penalties Act) (commencing on 13 March 2019) was 10,000 penalty units, that is, the amount of $2,100,000. The maximum penalty for a contravention of s 12DB(1) following the Strengthening Penalties Act is, relevantly, 50,000 penalty units, that is, $10,500,000 (see s 12GBCA of the ASIC Act). The Strengthening Penalties Act is an indication of Parliament’s concern to eradicate the type of conduct which contravenes sections such as s 12DB(1) of the ASIC Act.
88 The maximum penalty for a contravention of s 912D(3) of the Corporations Act is also $10,500,000 (s 1317G(4) of the Corporations Act). By reason of s 1317QA of the Corporations Act which came into effect on 13 March 2019, there is a separate contravention on each day the contravention occurs.
89 A mathematical application of these penalties to the contraventions in this case results in aggregate amounts which are not instructive in terms of determining the appropriate pecuniary penalties. That is not to say that they do not provide an indication of how serious Parliament considers contraventions of this type to be. Nevertheless, I consider there is, in this case, as there was in Australian Securities and Investments Commission v Dover Financial Advisers Pty Ltd (No 3)  FCA 170; (2021) 150 ACSR 185 (ASIC v Dover), no meaningful overall maximum penalty. In ASIC v Dover, O’Bryan J said (at ):
Fourth, in considering the sufficiency of a proposed civil penalty, regard must ordinarily be had to the maximum penalty for the reasons stated (in a criminal sentencing context) in Markarian v R (2005) 228 CLR 357 at : first, because the legislature has legislated for them; secondly, because they invite comparison between the worst possible case and the case before the court at the time; and thirdly, because in that regard they do provide, taken and balanced with all other relevant factors, a yardstick. However, as stated by the Full Federal Court in Australian Competition and Consumer Commission v Reckitt Benckiser (Australia) Pty Ltd  FCAFC 181; 340 ALR 25 (Reckitt Benckiser) at , care must be taken to ensure that the maximum penalty is not applied mechanically, instead of it being treated as one of a number of relevant factors, albeit an important one. In that case, the Full Court observed (at ) that the theoretical maximum penalty on the facts of that case was in the trillions of dollars (some 5.9 million contraventions at $1.1 million per contravention) and that it followed that the appropriate range for penalty in the circumstances of that case was best assessed by reference to other factors, as there was no meaningful overall maximum penalty given the very large number of contraventions over a long period of time.
90 The contravention of s 912D(1B) and (3) provides a good illustration of a maximum penalty which is not a meaningful guide. The maximum penalty is in the order of half a billion dollars (45 days x $10.5 million per day).
91 As I have said, I treat the conduct giving rise to the contraventions of s 12DB(1)(g) and (i) of the ASIC Act as a single course of conduct.
92 For completeness, I mention that when Parliament in the Finance Sector Reform (Hayne Royal Commission Response) Act 2020 (Cth) introduced as relevant to the determination of a pecuniary penalty the impact of a penalty on the beneficiaries of a registrable superannuation entity (s 12GBB(5)(e) of the ASIC Act and s 1317G(6)(e) of the Corporations Act), Parliament at the same time introduced in respect of penalties imposed on or after 1 January 2022, a new s 56(2) of the SIS Act wherein s 56(2)(b) prevents trustees of superannuation entities from being indemnified from trust assets for liability for an amount of a criminal, civil or administrative penalty incurred by the trustee of the entity in relation to a contravention of a law of the Commonwealth.
6 Deterrence – general and specific
93 The principal object of imposing a pecuniary penalty is the deterrence of the contravening conduct or similar conduct by the contravener before the Court (specific deterrence) and by others who might otherwise be tempted to engage in similar conduct (general deterrence): Australian Competition and Consumer Commission v TPG Internet Pty Ltd  HCA 54; (2013) 250 CLR 640 (ACCC v TPG Internet) at  per French CJ, Crennan, Bell and Keane JJ; Commonwealth v Director, Fair Work Building Industry Inspectorate  HCA 46; (2015) 258 CLR 482 at  per French CJ, Kiefel J (as her Honour then was) Bell, Nettle and Gordon JJ. The pecuniary penalty must be a real deterrent and not such as to be said by the contravener and others as an acceptable cost of doing business (ACCC v TPG Internet at  per French CJ, Crennan, Bell and Keane JJ). The size of the contravener will be relevant to that matter and that is addressed below as a separate topic.
94 Statewide is proposing to merge with Host Plus Pty Ltd (Host Plus). Host Plus is a larger superannuation fund. Mr Kenneth Williams, the chairman of the board of Statewide, in his affidavits tendered in this proceeding outlined Statewide’s consideration of a merger with another superannuation fund commencing in October 2020, the steps taken by Statewide since that date and the arrangements between Statewide and Host Plus at the date of the hearing of this proceeding. A Heads of Agreement between Statewide and Host Plus was signed in about mid-2021 and a draft Successor Fund Transfer Deed was presented to the board of Statewide in November 2021. The Successor Fund Transfer Deed was executed by Statewide and Host Plus on 9 December 2021.
95 The evidence of Mr Williams establishes that the management of Statewide formed the view that a merger would be in the best financial interests of members because a successful merger with a larger fund would likely provide members with “lower fees, comparable service, more efficient and cost effective personalised engagement through digital channels and therefore better retirement outcomes”.
96 Mr Williams addressed the matters which he considered were relevant to the need for Statewide to consider a merger in the short term, including matters related to the subject matter of these proceedings. He said that the matters he identified informed his decision-making process regarding the merger and his decision to ultimately vote to approve Statewide entering into due diligence with its preferred merger partner. The matters he identified are as follows:
(a) The conduct of the investigations related to these proceedings and the conduct of the proceedings themselves had a significant impact on the business and it was forecast that the associated costs (together with the cost of remediating the affected members) could deplete Statewide’s reserves to a point where Statewide could be required to charge increased fees to its members in order to replenish its reserves to the minimum target reserve levels under the prudential guidance which I refer to below, and under Statewide’s reserve policies. I explain this in more detail below.
(b) The investigation into the matters the subject of these proceedings demonstrated certain areas where improvements to Statewide’s policies and procedures needed to be put in place in order to ensure Statewide was delivering the best outcomes to members and in turn fully complying with the changing regulatory requirements. Statewide has taken steps to implement these improvements to its policies and procedures, however given the increased costs to members of these changes, I hold concerns regarding Statewide’s ability to be able to provide ongoing sufficient funding for such matters and to be in a position to respond to any further investigations by the regulator without increasing members’ fees to a point whereby Statewide may become uncompetitive. In my view, a larger superannuation fund would be better placed to do so and these matters were relevant to my decision that it was in the best interests of Statewide’s members to merge with another fund.
(c) I also considered a merger needed to happen within a short time period as I held concerns that Statewide’s negotiating position would diminish over time as its reserves were depleted, including as a result of expenditure relating to these proceedings as I have referred to above.
97 Mr Williams also addressed merger imperatives which he said included the following:
(a) Regulatory considerations were identified as being a merger imperative. I recall discussion during the 24 June 2021 Board meeting regarding this item, which related to the ever increasing burden of regulation (including as demonstrated through the time and costs incurred by Statewide relating to the investigation in connection with these proceedings). I considered this to be a relevant factor to whether Statewide should proceed with a merger, as a larger fund would be better equipped to respond to regulatory compliance matters, including by having greater financial resources available.
(b) The financial resilience of a larger entity, including the operational risk financial requirement (ORFR) level, was also identified as a relevant consideration. The ORFR level is the operational risk reserves target level required to be held by a superannuation entity, which I explain in more detail below. In this respect, financial resilience referred to the fact that a larger fund would be better placed to respond to the expenditure required to be incurred out of the operational risk reserves (including investigation costs).
98 I am satisfied that to a greater or lesser extent these views were shared by the other board members of Statewide. The consequences of the contravening conduct was a factor in the decision to consider a merger, or at least to consider a merger at the time it did.
99 Statewide submitted that the merger is relevant because it bears on the extent to which deterrence is material in this case. There are conditions precedent in relation to the merger so it seems to me appropriate to regard it as likely rather than certain. As far as the need for specific deterrence is concerned, the submission is that it will have been overtaken by the merger because Statewide will likely no longer have a separate existence and, as far as general deterrence is concerned, “it is material that the implications of the contraventions, and these proceedings, have been the ultimate demise of Statewide as an independent fund”.
100 In my opinion, the likely merger means that specific deterrence is of less importance in this case compared with other cases. Also relevant to the assessment of the need for specific deterrence is Statewide’s contrition, cooperation and the remedial measures it has undertaken. Further, I consider it relevant to the approach to general deterrence that there is a connection between the contravening conduct and the likely merger.
7 Corrective measures
101 In addition to the remedial steps taken with respect to compensation for loss and damage suffered by members outlined above, Statewide has completed a review of its organisational structure. It has created the role of and appointed a chief technology officer. The chief technology officer has a background in financial services administration and data, is a member of Statewide’s leadership team and manages Statewide’s project management office and applications support team. Statewide has moved the former head of applications support to a different role not related to the administration of Acurity, with the applications support team now overseen by the chief technology officer and it has appointed a new head of service governance responsible for a data governance, security and quality program.
102 The former chief financial officer and the former chief risk officer are no longer employed at Statewide effective from 20 January 2020. In March 2019, Statewide appointed a new chief executive officer.
8 Cooperation and remorse
103 Statewide was informed of ASIC’s investigation when it received two notices from ASIC on 10 December 2019. Since that date, Statewide has cooperated with ASIC in its investigation of the Mischarging Conduct and the currently insured representations on and from the date it received notices from ASIC and it has assisted with the efficient and cost-effective resolution of the proceedings.
104 Examples of Statewide’s cooperation and assistance are as follows: (1) Statewide has conducted an externally assisted investigation and provided a detailed position paper on findings to ASIC in around May 2020 covering matters relating to the subject matter, annexing, among other things, certain relevant documents and witness statements and waiving privilege over the same; (2) Statewide has complied with all notices for discovery and interviewing of staff; (3) save as to the date upon which s 912D(1B) was engaged (see  above), Statewide has made complete admissions at the first opportunity after the commencement of the proceeding, that is to say, in its Concise Statement in Response, and by agreeing to the declaratory relief sought by ASIC; (4) Statewide has participated in the preparation and completion of a thorough statement of agreed facts; and (5) Statewide has developed the remediation plan as previously discussed.
105 Statewide has offered a form of enforceable undertaking on each of 3 November 2020 and 18 December 2020. Those undertakings were not before the Court and, in those circumstances, I agree with ASIC’s submission that Statewide’s offers are of limited assistance in assessing Statewide’s contrition and cooperation.
9 The nature and size of Statewide
106 It is agreed that at the financial year ending 30 June 2020, the Fund had assets and members as follows:
107 In terms of the appropriate pecuniary penalties, Statewide relies on its relatively modest size in comparison with large corporations such as banks. The submission is made that Statewide is an industry, profit-for-members superannuation fund and deals with largely low-balance and inactive members. As at 30 June 2020, Statewide managed Fund assets of $9.9 billion, its member fee revenue less operating expenses return figures are modest and, in fact, Statewide was operating at a deficit in the financial years ending 30 June 2019 and 30 June 2020. The financial position for the year ending 30 June 2019, in terms of an operating deficit after deductions from general reserves was $1,864,309.25 and in relation to the year ending 30 June 2020, the operating deficit after deductions from general reserves was $2,865,019.36.
108 I note that the relationship of trustee and beneficiary does not lead, automatically, to the imposition of higher penalties (see Australian Securities and Investments Commission v MLC Nominees Pty Ltd  FCA 1306; (2020) 147 ACSR 266 (ASIC v MLC Nominees). On the other hand, I bear in mind, as ASIC submitted, that the insurance cover in this case was an “opt-out” procedure and the errors tended to affect those members with relatively low balances in their accounts. Plainly, members were entitled to expect that they would be given accurate information about the insurance held by them.
10 Whether the contraventions arose out of conduct of senior management or at a lower level
109 I have set out above a summary of the circumstances in which the contraventions took place. The conduct contravening s 12DB(1)(g) and (i) of the ASIC act was that of the management of Statewide or a failure to have in place policies which would ensure problems were referred to the appropriate level of senior management.
110 The conduct or failure to act constituting the contraventions of s 912D(1B) and (3) was that of Statewide’s leadership team.
111 There is an overlap between the considerations which inform course of conduct principles and those which lie behind the totality principle.
112 A consideration of the totality principle as described by Yates J in ASIC v MLC Nominees (at ) did not cause me to consider any change to the penalties I had otherwise considered to be appropriate by reference to the principles I have identified, including the course of conduct principle.
113 The Court was referred to a number of cases, including, by way of example, the following: Australian Securities and Investments Commission v Westpac Banking Corporation (No 3)  FCA 1701; (2018) 131 ACSR 585 at , –, – and ; Australian Securities and Investments Commission v AGM Markets Pty Ltd (in liq) (No 4)  FCA 1499; (2020) 148 ACSR 511 at –, – and ; Australian Securities and Investments Commission v Australia and New Zealand Banking Group Limited (No 3)  FCA 1421; Australian Securities and Investments Commission v Commonwealth Bank of Australia  FCA 790 at , , –, ,  and ; ASIC v MLC Nominees at , , –; Australian Securities and Investments Commission v BT Funds Management Ltd  FCA 844; and Australian Securities and Investments Commission v Allianz Australia Insurance Limited  FCA 1062. These cases contain a number of clear statements of the relevant principles concerning the fixing of pecuniary penalties. However, as far as the contraventions of s 12DB(1)(g) and (i) are concerned, none of them are closely analogous with the present case in terms of the facts. As far as the contraventions of s 912D(1B) and (3) are concerned, there is, as ASIC put it, “no directly applicable precedent for imposition of a pecuniary penalty for its contravention”.
114 The parties directed particular submissions to the decision of Lee J in ASIC v CBA. At a general level, there are similarities between that case and the present case. First, in ASIC v CBA, the relevant conduct was the overcharging of customers. Secondly, the overcharging of customers occurred not as a result of a deliberate decision, but rather due to what Lee J described as “an unfortunate systems error” (at ).
115 There are a number of significant differences and a number of those differences are the reason I have determined the penalties as I have in this case.
116 First, specific deterrence was of considerable importance in ASIC v CBA (see at ) whereas, because of the proposed merger with Host Plus, it is of less significance in this case.
117 Secondly, it is clear from the whole of the judge’s reasons that what he described as the “CBA delay” was of considerable significance in his assessment of the appropriate pecuniary penalty. His Honour said (at ):
Given the way that I have drawn these threads out of the chronology, no doubt, it would already be evident that I regard this conduct, which I will describe as the CBA delay, as both serious and reflecting poorly upon those that were aware the bank was holding onto money to which it was not entitled. Indeed, this was not a case of any complexity – even the most junior member of the bank apprised of all the relevant details would be aware of the fundamental relationship between a bank and its customer and the premise that a customer is likely to take a statement given to them by the bank at face value. Further, the customer is likely to be influenced by matters such as the Banking Code of Practice, which is supposed to provide for protections (or at least assurances) addressing the imbalances between a bank and customer.
A little later, his Honour said (at ):
Although the conduct in this case does not reflect the seriously wrongful conduct of the representatives in ASIC v AMP, the CBA delay is particularly troubling given the nature of the commercial relationship between the bank and its customers. One would expect an organisation such as the CBA to do the right thing without having to be activated by customer complaints.
118 Thirdly, there is a substantial difference between the size of the Commonwealth Bank of Australia (the CBA) and the size of the defendant in this case. As can be seen from the Statement of Agreed Facts and Admissions which are Annexure A to Lee J’s reasons in ASIC v CBA, the CBA is a major Australian bank which reported a net profit of $9.634 billion after tax for the financial year ending 30 June 2020 and reported a net profit of $4.877 billion after tax for the half year ending 31 December 2020. In addition, the CBA as at 12 February 2021, had a market capitalisation of approximately $154.116 billion which was the largest of any listed company in Australia.
119 Fourthly, the CBA identified the misconduct as a matter in a table provided to the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry. Two months later, the CBA submitted a breach report to ASIC in relation to the overcharging errors.
120 Finally, the CBA had a prior contravention.
121 The contraventions of s 12DB(1)(g) and (i) of the ASIC Act are serious. They affected a large number of members of the Fund and remediation for those members is an ongoing process. The cause of the contravening conduct was an inadequate implementation of the change to the Acurity administration system and then the failure to address adequately and in a timely fashion the problems and errors resulting from that implementation. I bear in mind the seriousness of the contravening conduct as reflected in the maximum penalties, including the changes in those penalties effected, as of 13 March 2019, by the Strengthening Penalties Act.
122 On the other hand, the Fund is a profit-for-members fund and none of the conduct was deliberate and, importantly, none of the conduct was motivated by a desire to generate profit. Furthermore, the likely merger with Host Plus means that the rationale of specific deterrence is of less importance in this case compared with other cases. In addition, as far as general deterrence is concerned, the likely merger and the connection between it and the contravening conduct and its consequences is relevant to how others will view the consequences of engaging in similar conduct. That is a relevant matter. I considered all the matters identified in these reasons, but the two matters I have identified led me to conclude that pecuniary penalties less than might otherwise be imposed were appropriate in the circumstances of this case. The pecuniary penalty I fixed for these contraventions was $3,500,000.
123 As far as the delay to report significant breaches to ASIC is concerned, the delay was not substantial and the conduct was not deliberate. The reporting obligation is an important one in terms of the regulation of the financial services industry and I reject the submission of Statewide that no penalty, or only a nominal penalty, was appropriate. Having regard to all the matters I have identified in these reasons, I fixed the pecuniary penalty in the amount of $500,000.