Federal Court of Australia
Australian Securities and Investments Commission v Lanterne Fund Services Pty Limited [2024] FCA 353
ORDERS
AUSTRALIAN SECURITIES AND INVESTMENTS COMMISSION Plaintiff | ||
AND: | LANTERNE FUND SERVICES PTY LIMITED Defendant | |
DATE OF ORDER: |
THE COURT DECLARES THAT:
1. Pursuant to s 21 of the Federal Court of Australia Act 1976 (Cth) (FCA Act) and s 1317E of the Corporations Act 2001 (Cth), during the period 13 March 2019 to 5 October 2021 (the Relevant Period), Lanterne Fund Services Pty Limited breached its obligation to have adequate risk management systems, and thereby contravened ss 912A(1)(h) and 912A(5A) of the Corporations Act by:
(a) failing to identify and assess the risks faced by its business, including the risks relating to its corporate authorised representatives (CARs) and authorised representatives (ARs);
(b) failing to document any identification or assessment of the risks faced by its business, including failing to have a risk management framework and basic risk management tools;
(c) relying on initial due diligence of directors of potential CARs and pro forma monthly compliance self-assessments by the CARs to monitor the CARs and ARs and identify risks associated with their conduct;
(d) failing to have an adequate compliance management system having regard to the nature, scale and complexity of its business and instead relying on a compliance manual which was out of date, inapplicable to its business, and omitted regulatory and compliance obligations of CARs, ARs and Lanterne;
(e) failing to have sufficient employees or officers with appropriate risk management expertise and failing to engage external consultants with risk management expertise for the purpose of risk management;
(f) failing to have any independent oversight or monitoring of its risk management systems; and
(g) otherwise failing to have systems, processes or controls to manage or mitigate risks, including failing to have an incident management process.
2. Pursuant to s 21 of the FCA Act and s 1317E of the Corporations Act, during the Relevant Period, Lanterne breached its obligation to do all things necessary to maintain competence to provide the financial services covered by its financial services licence, and thereby contravened ss 912A(1)(e) and 912A(5A) of the Corporations Act, by:
(a) failing to have responsible managers with sufficient time effectively to conduct their roles;
(b) failing to have a sufficient number of responsible managers with appropriate knowledge and skills across the financial services offered by Lanterne's CARs and in the industries and businesses operated by Lanterne's CARs; and
(c) failing to have any processes for ensuring it had appropriately qualified managers.
3. Pursuant to s 21 of the FCA Act and s 1317E of the Corporations Act, during the Relevant Period, Lanterne breached its obligation to ensure that its representatives were adequately trained and competent to provide the financial services covered by its financial services licence, and thereby contravened ss 912A(1)(f) and 912A(5A) of the Corporations Act by:
(a) failing to assess the skill and competency requirements of its ARs, and failing to take any or adequate steps to address those requirements;
(b) failing to provide or arrange any or adequate training, professional development or other instructional programs for its CARs and ARs; and
(c) relying only on monthly self-assessment compliance reports completed by the CARs and ARs to satisfy itself that they had undertaken training, and not requesting, obtaining and inspecting CARs’ or ARs' training records or other evidence of relevant training.
4. Pursuant to s 21 of the FCA Act and s 1317E of the Corporations Act, during the Relevant Period, Lanterne breached its obligation to take reasonable steps to ensure that its representatives complied with the financial services laws, and thereby contravened ss 912A(1)(ca) and 912A(5A) of the Corporations Act by:
(a) failing to have a documented and rigorous due diligence and background check process for prospective CARs and ARs, and failing to conduct ongoing checks to ensure ARs remained appropriate;
(b) failing to provide clear and practical guidance to CARs and ARs about the nature, extent and discharge of their obligations under the financial services laws;
(c) failing to have a systematic and documented audit process, and failing to conduct regular audits of the CARs and ARs;
(d) failing to document the matters the subject of its informal discussions with the ARs;
(e) relying on pro forma monthly compliance self-assessments by the CARs to monitor the CARs and ARs and identify risks associated with their conduct;
(f) failing to record or follow up any exceptions noted in the compliance self-assessments; and
(g) failing to conduct regular performance reviews of its employees, management or responsible manager.
5. Pursuant to s 21 of the FCA Act and s 1317E of the Corporations Act, during the Relevant Period, Lanterne breached its obligation to have available adequate resources (including technological and human resources) to provide the financial services covered by its financial services licence, and thereby contravened ss 912A(1)(d) and 912A(5A) of the Corporations Act, by:
(a) failing to have adequately trained and skilled compliance and risk management personnel (particularly to undertake audits and reviews of CARs and ARs);
(b) failing to have an adequate information technology capability and any human resources capability having regard to the nature and scale of Lanterne's business;
(c) failing to have a human resources plan or process to establish and maintain the adequacy of Lanterne's human resources;
(d) failing to have staff training, development plans or reviews;
(e) failing to have plans for the temporary or permanent absence of its only operational responsible manager who also held the position of managing director;
(f) failing to have a technology resourcing plan or an up-to-date disaster recovery plan, and relying on outdated back up processes;
(g) failing to update its software to meet the needs of a business of its nature, scale and risk profile; and
(h) until September 2020, relying on paper files and records and failing to use a suitable software system in its monitoring and supervision of CARs and ARs.
6. Pursuant to s 21 of the FCA Act and s 1317E of the Corporations Act, during the Relevant Period, by the conduct alleged in:
(a) paragraphs 1(a) to (g);
(b) paragraphs 2(a) to (c);
(c) paragraphs 3(a) to (c);
(d) paragraphs 4(a) to (g); and/or
(e) paragraphs 5(a) to (h),
together, or in any combination, Lanterne breached its obligation to do all things necessary to ensure the financial services covered by its financial services licence were provided efficiently, honestly and fairly, and thereby contravened ss 912A(1)(a) and 912A(5A) of the Corporations Act.
THE COURT ORDERS THAT:
7. Pursuant to s 1317G(1) of the Corporations Act, in respect of the contraventions the subject of the declarations in paragraphs 1 to 5 above, Lanterne pay to the Commonwealth of Australia a pecuniary penalty in the amount of $1.25 million within 30 days of the making of this order.
8. Pursuant to s 1101B(1)(a)(i) of the Corporations Act, Lanterne is required to:
(a) engage an independent expert within 30 days of this order, the identity of whom is to be agreed between the parties, and in the absence of agreement, to be determined by the court (Independent Expert), who will be required to, within 4 months of the order:
(i) review Lanterne's systems, processes and controls so as to report on the adequacy of those systems, processes and controls for the purpose of ensuring compliance with ss 912A(1)(a), (ca), (d), (e), (f) and (h) of the Corporations Act;
(ii) where any aspect of Lanterne's systems, processes and controls is considered to be inadequate, make recommendations as to the steps which should be taken to make the relevant systems, processes and controls adequate; and
(iii) prepare a written report setting out the results of the review and recommendations referred to above, and deliver a copy of the report to the plaintiff and Lanterne (compliance report);
(b) within two months of receipt of the compliance report, establish a risk management and compliance program and take any other necessary steps, including implementation of any recommendations in the compliance report, to ensure Lanterne's systems, processes and controls are adequate to secure compliance with ss 912A(1)(a), (ca), (d), (e), (f) and (h) of the Corporations Act;
(c) engage the Independent Expert to, within three months of the receipt by the plaintiff and Lanterne of the compliance report, prepare a short written report opining on the adequacy of Lanterne's implementation of the recommendations in the compliance report (implementation report) and deliver a copy of the implementation report to the plaintiff and Lanterne; and
(d) pay the costs of the Independent Expert.
9. Costs be reserved.
10. On or before 4:00pm on 24 April 2024 the plaintiff and the defendant file and serve written submissions not exceeding one page to be prepared with 1.5 line spacing and 12-point font, on the question of costs.
11. Costs will be determined on the papers pursuant to s 20A of the FCA Act.
Note: Entry of orders is dealt with in Rule 39.32 of the Federal Court Rules 2011.
MCEVOY J:
1 The plaintiff in this proceeding, the Australian Securities and Investments Commission (ASIC), alleges that Lanterne Fund Services Pty Ltd has contravened ss 912A(1)(a), (ca), (d), (e), (f) and (h) and 912A(5A) of the Corporations Act 2001 (Cth) in the conduct of its business. Lanterne’s business involves authorising companies and individuals to operate as corporate authorised representatives (CARs) and authorised representatives (ARs) under Lanterne’s Australian Financial Services Licence (AFSL). Lanterne received fees in return for the provision of these services and does not directly provide any financial services to clients. ASIC has described Lanterne as a “licensee for hire”.
2 ASIC alleges that from 13 March 2019 to 5 October 2021 (Relevant Period) between 62 and 69 CARs operated under Lanterne’s AFSL and between approximately 134 and 205 ARs operated under those CARs. During the Relevant Period the total funds under management of all CARS fluctuated between $1.2 billion in March 2021 and approximately $1.658 billion by the end of the Relevant Period.
3 Lanterne has admitted to the contraventions of ss 912A(1)(a), (ca), (d), (e), (f) and (h) and 912A(5A) of the Act and on 16 December 2022 the parties jointly prepared and filed a statement of agreed facts and admissions (SAFA) in support of liability pursuant to s 191 of the Evidence Act 1995 (Cth). The parties jointly seek declarations as to the admitted contraventions, and compliance orders. The parties disagree, however, on the pecuniary penalty that ought to be imposed on Lanterne for the contraventions. The quantum of the penalty is the primary issue to be determined.
4 In addition to declarations of the contravention and the compliance orders, ASIC seeks a total pecuniary penalty of $1.5 million. This represents a penalty of $300,000 for the contraventions of each of s 912A(1)(ca), (d), (e), (f) and (h) of the Act, each of which is a contravention of s 912A(5A) of the Act. ASIC does not seek a penalty for the contravention of s 912A(1)(a), by reason of the overlap between the factual matters relied on as the basis for the contravention of s 912A(1)(a) and the other contraventions. Lanterne submits that a total pecuniary penalty in this amount would be excessive and that an aggregate pecuniary penalty in the order of $150,000 (in effect $30,000 per contravention) would be more appropriate.
5 In support of its submissions on penalty, ASIC relies upon the following documents:
(a) the expert report of compliance and risk management expert Sarah Birkensleigh dated 28 October 2022 (Birkensleigh report);
(b) the SAFA dated 16 December 2022; and
(c) written submissions on liability, relief and penalties dated 28 April 2023.
6 Lanterne relies upon:
(a) affidavits of Mr Peter Cozens dated 5 April 2023 and 8 May 2023; and
(b) written submissions dated 8 May 2023.
7 For the reasons that follow there will be declarations and compliance orders substantially in the form sought by ASIC and agreed to by Lanterne. Insofar as the pecuniary penalty is concerned, I have formed the view that $150,000 would be an entirely insufficient penalty to impose. The contraventions in this case have been serious and they have been systemic. I have given careful consideration to whether the penalty of $1.5 million proposed by ASIC would, in all the circumstances, be appropriate. Although the matter is evenly balanced, ultimately I have formed the view that there are some factors which support a slightly lower penalty amount. Weighing matters carefully I have determined that Lanterne should be ordered to pay a total pecuniary penalty of $1.25 million; that is to say, $250,000 per relevant contravention. In these reasons I have drawn from the SAFA and, where appropriate, the written submissions of the parties.
The Principal Statutory Provisions
8 Part 7.6 of Ch 7 of the Act concerns licensing of providers of financial services.
9 Pursuant to s 911A(1) of the Act, a person who carries on a financial services business in this jurisdiction must hold an AFSL covering the provision of the financial services. The “general obligations” of AFSL holders are set out in s 912A(1) relevantly as follows:
(1) A financial services licensee must:
(a) do all things necessary to ensure that the financial services covered by the licence are provided efficiently, honestly and fairly; and
…
(ca) take reasonable steps to ensure that its representatives comply with the financial services laws, except to the extent that:
(i) those representatives are insurance fulfilment providers; and
(ii) the financial services laws relate to the provision of claims handling and settling services by those representatives; and
…
(d) subject to subsection (4) – have available adequate resources (including financial, technological and human resources) to provide the financial services covered by the licence and to carry out supervisory arrangements; and
(e) maintain the competence to provide those financial services; and
(f) ensure that its representatives are adequately trained (including by complying with the CPD provisions), and are competent, to provide those financial services; and
…
(h) subject to subsection (5)—have adequate risk management systems;
…
10 A person contravenes s 912A(5A), which is a civil penalty provision, if the person contravenes, as here, s 912A(1)(a), (ca), (d), (e), (f), or (h) of the Act.
11 An AFSL holder may authorise a person to provide a specified financial service or financial services on behalf of the licensee: s 916A(1) of the Act. This authorisation may cover some or all of the financial services covered by the licensee’s AFSL: s 916A(2) of the Act. Where an AFSL holder authorises representatives under s 916A, it is the AFSL holder who remains responsible for complying with the “general obligations” in s 912A(1) of the Act.
Agreed factual background
Lanterne’s business
12 As has been mentioned, Lanterne operated a business in which it authorised others to operate as CARs and ARs under its own AFSL in exchange for fees. The CARs operating under Lanterne’s AFSL operated across a number of industries including renewable energy, infrastructure, transport and logistics, cyber and technology, healthcare, real estate and property, biotechnology and agriculture. The businesses operating as CARs under Lanterne’s AFSL included venture capital funds, managed investment schemes, agricultural advisory services, wholesale funds management services, corporate advisory services, wholesale property funds, energy trading funds, digital asset funds, and climate change advisory services. The fees typically charged by Lanterne during the Relevant Period to CARs were as follows:
(a) an initial upfront fee of $5,000 to become authorised under its AFSL, although this fee was reduced or waived in some instances;
(b) approximately 45% of CARs were charged ongoing fees of $3,000 per month; and
(c) the remaining CARs were charged ongoing fees of up to $2,500 per month.
Lanterne’s responsible manager
13 During the relevant period Mr Cozens was the only full time employee of Lanterne as well as its only active responsible manager. Mr Cozens was also the sole director and chief executive officer. Lanterne had three part time employees for various periods throughout the Relevant Period (and only two at any given time) whose roles were limited to administrative functions such as bookkeeping and administrative support. It would seem that for all effective purposes Mr Cozens was Lanterne.
14 Mr Cozens became Lanterne’s responsible manager in 2004 when Lanterne obtained its AFSL. Mr George Lucas was listed as a second responsible manager of Lanterne during the Relevant Period until 8 July 2021. However, Mr Lucas had no direct involvement in Lanterne’s business and did not carry out any duties or responsibilities during the Relevant Period. It is agreed that only Mr Cozens acted as Lanterne’s responsible manager in the Relevant Period.
15 Mr Cozens had not completed any formal qualifications. He applied for and obtained responsible manager status through a written submissions to ASIC as to his knowledge and skills for the role. ASIC considered and accepted Mr Cozens’ application and written submissions to be a responsible manager.
16 Lanterne had previously been a funds management business and at that time Mr Cozens worked as its chief operating officer. Mr Cozens had experience working as a stockbroker and was also the chief operating officer of LHC Capital Pty Ltd, a Wholesale Equities Funds Manager, from June 2012 to June 2013. LHC Capital was a CAR of Lanterne at that time.
17 It is an agreed fact that Mr Cozens did not have experience in all the businesses and industries in which Lanterne’s CARs and ARs operated.
18 Mr Cozens also acted and was registered with ASIC as a responsible manager for three other entities at times during the Relevant Period.
Lanterne’s processes, systems and resources
19 The SAFA outlines Lanterne’s processes, systems and resources, a summary of which is set out below.
Arrangements with new CARs
20 In respect of new CARs, Lanterne relied largely on referrals of prospective CARs from law firms and other persons. Lanterne conducted no discernible due diligence on the prospective CAR and only limited background checks on the entity’s directors. The SAFA notes that in some cases the CAR entity was incorporated at the same time, or only slightly before, it was appointed a representative of Lanterne and so no meaningful due diligence could be conducted. Background checks of the directors typically involved Mr Cozens interviewing a representative of the prospective CAR and Lanterne obtaining copies of identification documents, two references, an Insolvency Trustee Service Australia bankruptcy check, and police checks. It is agreed that Lanterne did not otherwise verify the information provided by prospective CARs about their directors’ or prospective ARs’ education, experience, or membership of professional bodies. The due diligence process was not documented.
21 When an entity became a CAR under Lanterne’s AFSL, the CAR was required to execute an agreement with Lanterne which set out the terms of the appointment and attached a copy of Lanterne’s AFSL. The agreement provided that CARs could nominate ARs with the written consent of Lanterne. It contained limited guidance about the legal obligations of CARs and ARs, was not tailored to the CAR’s particular industry, and was largely identical for each CAR.
Supervisory arrangements
22 Under the agreement, CARs were required to provide written confirmation each month to Lanterne about certain matters relating to risk and compliance and to attest that they had met their obligations under the agreement. As part of this reporting, CARs were required to report any “exceptions” to compliance. Mr Cozens sometimes conducted informal meetings with representatives of CARs and ARs, and in some of those meetings compliance was discussed. However, no minutes or notes were ever taken of those meetings. Lanterne was reliant on self-reporting by CARs and ARs, and did not have a documented process for recording or following up on any of the exceptions reported. There was also no formal or documented review or audit process to assess ARs compliance with financial services laws and nor did Lanterne have any structured or formal processes for monitoring or supervising its staff.
Risk management and compliance systems
23 Lanterne did not have a formal or documented risk management system. It did not have any systems or processes in place to enable it to identify and assess the various risks it faced, nor controls or other measures to manage and mitigate those risks.
24 Lanterne had two manuals in the Relevant Period: the AR Procedures Manual and a compliance procedures manual (Compliance Manual). The Procedures Manual contained inadequate guidance for ARs in relation to their financial services obligations and some measures Lanterne considered necessary to comply with those obligations. The Compliance Manual was out of date and did not reflect Lanterne’s business of authorising CARs and ARs to operate under its AFSL.
25 Lanterne did not have a documented or functional incident management process pursuant to which it could investigate any breaches notified to it by its CARs and ARs. Lanterne otherwise did not have any systems, processes or controls to identify, manage or mitigate compliance and regulatory risks faced by CARs and ARs. There was no independent governing body which could oversee and challenge decisions taken and practices adopted by Mr Cozens as the sole director and CEO of Lanterne.
Training
26 There was no training provided or offered to CARs and ARs by Lanterne, nor was there any training and competency program in place. Lanterne did not require any verification of, information about, or record of training undertaken by, its CARs and ARs. Nor did Lanterne have any internal resources capable of developing or implementing a training program, and it did not seek any third-party assistance prior to April 2021 to support it in doing so on any ongoing basis. Lanterne did, however, arrange for a third-party compliance consultant, Haystack Consulting, to prepare a marketing document offering training to ARs. This was circulated to CARs on 20 April 2021. Lanterne did not maintain a record of training undertaken by its CARs and ARs.
Human resources
27 Other than Mr Cozens, Lanterne did not have any employees with qualifications or experience in risk management or compliance. Lanterne did not outsource its risk management or compliance function to any third-party specialists, other than for the preparation of the Compliance Manual. Mr Cozens did have limited risk management experience in his previous role as chief operating officer of LHC Capital for around 12 months. Lanterne had insufficient human resources to monitor and supervise its CARs and ARs.
28 Mr Cozens, and Lanterne’s other employees, were not subject to any performance reviews to assess whether they understood their roles and compliance obligations, and to assess and remedy any skills gap. Mr Cozens performed all management roles, and so there was a lack of segregation of duties. There were no processes to identify human resourcing capabilities and requirements, nor for ensuring that there were an adequate number of suitably qualified responsible managers to oversee the financial services businesses operated by Lanterne or its CARs and ARs, or to ensure that responsible managers remained appropriately qualified.
Technological resources
29 Lanterne did not have:
(a) adequate information technology (IT) infrastructure to keep abreast of issues such as IT security or cyber security;
(b) an IT resources plan;
(c) a security management plan;
(d) an IT back-up protocol;
(e) a disaster recovery plan (for hard or soft copy records);
(f) any compliance software for its supervision and monitoring of CARs and ARs or general compliance purposes; or
(g) any internal dedicated IT capability (and nor did it outsource its IT function).
30 Until September 2020 Lanterne maintained its records using a paper filing system. Since September 2019 it has engaged a third-party IT provider to review the adequacy of its digital security and carry out improvements.
Lanterne’s obligations as holder of an AFSL
31 Lanterne accepts that as the holder of an AFSL it had the following obligations.
Risk management systems
32 To comply with the obligation under s 912A(1)(h) of the Act to have adequate risk management systems, a financial services licensee in Lanterne’s position should have a risk management system which identifies and evaluates risks faced by its business, including the risks of non-compliance with financial services laws and the risks relating to its ARs and CARs.
33 The risk management system should include a documented risk management framework describing how the licensee manages risk (including regulatory, authorised representatives, operational and financial risk), together with risk management tools such as a risk matrix of key risks, and an incident management process.
34 The licensee’s risk management system should integrate a compliance management system to identify, evaluate and respond to regulatory risks, which is regularly reviewed.
35 A licensee in Lanterne’s position should implement and monitor controls designed to manage and mitigate the identified risks. A licensee should regularly review and, if necessary, update its analysis of risks. It should have regular independent oversight of its risk management systems.
36 A licensee needs to understand its own processes and controls for managing risk but also the processes and controls that its CARs and ARs have in place to manage their businesses, including that the financial services offered are within the scope of their authority and that their technology is sufficient, including cyber security arrangements.
37 Lanterne accepts that during the Relevant Period, it:
(a) failed to identify and assess the risks faced by its business, including the risks relating to its ARs and CARs;
(b) failed to document any identification or assessment of the risks faced by its business, including by failing to have a risk management framework and basic risk management tools;
(c) relied on initial background checks of directors of potential CARs, and monthly compliance self-assessments by the CARs, to monitor the CARs and ARs and identify risks associated with their conduct;
(d) failed to have an adequate compliance management system having regard to the nature, scale and complexity of its business and instead relied on a Compliance Manual which was out of date, inapplicable to Lanterne’s business, and omitted regulatory and compliance obligations of ARs and Lanterne as the licensee;
(e) failed to have any employees or officers with appropriate risk management expertise and failed to engage external consultants with risk management expertise for the purpose of risk management;
(f) failed to have any independent oversight or monitoring of its risk management systems; and
(g) otherwise failed to have adequate systems, processes or controls to manage or mitigate risks, including failing to have an incident management process.
Maintain competence to provide financial services
38 To comply with the obligation under s 912A(1)(e) of the Act to maintain competence to provide financial services, a financial services licensee in Lanterne’s position should have sufficient responsible managers with the skills and experience in the financial services offered by its CARs and ARs and across the industries and businesses in which they operate, with sufficient time to conduct their role effectively.
39 A licensee should have documented and implemented processes for assessing its responsible managers and for ensuring they remain appropriately qualified, including taking account of changes to the business over time.
40 Lanterne accepts that during the Relevant Period it:
(a) failed to have a sufficient number of responsible managers with appropriate expertise for the businesses operated by Lanterne and its CARs, for the financial services offered by its CARs, and for the number of CARs and ARs operating under Lanterne’s AFSL;
(b) failed to have responsible managers with sufficient time to conduct their roles effectively; and
(c) failed to have any processes for ensuring it had a sufficient number of responsible managers with appropriate expertise for the businesses operated by Lanterne and its CARs, for the financial services offered by its CARs, and for the number of CARs and ARs operating under Lanterne’s AFSL.
Adequate training
41 To comply with the obligation under s 912A(1)(f) of the Act to ensure its representatives are adequately trained and are competent to provide the financial services, a financial services licensee in Lanterne’s position should establish a training and competency program and process which documents the skills and competencies required by its ARs to provide the authorised financial services, and includes a needs analysis which assesses each AR against the documented required skills and competencies.
42 The licensee should develop and implement training programs, whether in-house or externally, which address the identified skills and competency needs, and which ensure those skills and competencies are maintained and kept up to date.
43 A licensee should maintain a record of training and assess the effectiveness of the training at least annually.
44 Lanterne accepts that during the Relevant Period it:
(a) failed to assess the skill and competency requirements of representatives of its CARs or ARs, and failed to take any or adequate steps to address those requirements;
(b) failed to provide or arrange any or adequate training, professional development or other instructional programs for its CARs and ARs; and
(c) relied only on the monthly reports completed by the CARs and ARs to satisfy itself that they had undertaken training, and did not request, obtain or inspect CARs’ or ARs’ training records or other evidence of relevant training.
Reasonable steps to ensure representatives comply with financial services laws
45 To comply with the obligation under s 912A(1)(ca) of the Act to take reasonable steps to ensure that its representatives comply with the financial services laws, a financial services licensee in Lanterne’s position should have an effective and documented process for background checks and due diligence of representatives of prospective CARs and ARs. The process should include recording all documentation, verifying all claims made (including education, qualifications and memberships of relevant bodies), obtaining police checks and conducting reference checks.
46 The licensee should conduct ongoing checks of its appointed ARs, to ensure they remain appropriate while acting as ARs.
47 The licensee should provide clear guidance and instructions to its CARs and ARs about their obligations regarding compliance with the financial services laws.
48 The licensee should design and implement an effective system for monitoring and supervising its CARs and ARs through a program of reviews and audits following a prescribed methodology. The frequency of audits should depend upon the risk assessment of each CAR and AR, with higher risk CARs and ARs reviewed and audited more frequently.
49 A licensee should also have a system for responding to negative audit findings, events and breaches, which should include preparing a rectification plan where necessary. Performance against any rectification plan should be monitored by an independent specialist.
50 A licensee in Lanterne’s position should also have processes in place to ensure its employees are complying with the financial services laws, including regular reviews, performance reviews and reports to management and the board identifying deficiencies and recommendations for remediation. There should also be an appropriate form of oversight over management and the responsible managers, ideally by the board of directors or an independent party.
51 Lanterne accepts that during the Relevant Period it:
(a) failed to have a documented and rigorous due diligence and background information check process for prospective CARs and ARs (such as verifying education, qualifications and memberships of relevant bodies);
(b) failed to conduct ongoing checks to ensure ARs remained appropriate;
(c) failed to provide adequate practical guidance to CARs and ARs about the nature, extent and discharge of their obligations under the financial services laws;
(d) failed to have a systematic and documented audit process, and failed to conduct regular audits of the CARs and ARs;
(e) failed to document the matters the subject of Mr Cozens’ informal discussions with the CARs and ARs;
(f) relied on pro forma monthly compliance self-assessments by the CARs to monitor the CARs and ARs and to identify risks associated with their conduct;
(g) failed to record or follow up any exceptions noted in the compliance self-assessments; and
(h) failed to conduct regular, or any, performance reviews of its employees, including Mr Cozens, to determine whether they understood their compliance obligations, and to remedy any gaps in their understanding and skills.
Resources
52 To comply with the obligation under s 912A(1)(d) of the Act to have available adequate resources to provide the financial services covered by the licence and to carry out supervisory arrangements, a financial services licensee in Lanterne’s position should, in relation to human resources, have systems and processes to ensure it understands its human resource needs, and implement a plan to fulfill those needs, which is regularly reviewed.
53 A licensee in Lanterne’s position requires human resources covering its basic functions of risk and compliance (particularly to supervise and monitor ARs); IT functions; financial management; and human resources. Absent internal capability, a licensee should obtain third-party specialist support. A licensee should have a documented performance management system, a staff training and development program, and a plan to deal with the loss of key persons.
54 Lanterne accepts that during the Relevant Period, in relation to human resources, it did not have:
(a) adequately trained and skilled compliance and risk management personnel (particularly to undertake audits and reviews of ARs and CARs);
(b) any human resources capability;
(c) adequate information technology capability, or adequate financial management capability, having regard to the nature and scale of its business;
(d) a human resources plan or process to establish and maintain the adequacy of its human resources;
(e) staff training, development plans or reviews, or contingency plans for the temporary or permanent absence of Mr Cozens.
55 In relation to technological resources, a licensee in Lanterne’s position should:
(a) document a technology resourcing plan based on an assessment of its hardware and software needs;
(b) undertake a security assessment, including cyber security;
(c) develop and implement a response to that assessment;
(d) develop and implement a disaster recovery plan;
(e) acquire and install necessary hardware and software relevant to its business operations and its number of employees; and
(f) regularly review its IT requirements to ensure the resources remain adequate and up to date and that systems are appropriately upgraded.
56 Lanterne accepts that during the Relevant Period, in relation to technological resources, it:
(a) failed to have a technology resourcing plan or up to date disaster recovery plan;
(b) relied on outdated back-up processes;
(c) failed to update its software to meet the needs of a business of its nature, scale and risk profile;
(d) until September 2020, relied on paper files and failed to use a suitable software system in its monitoring and supervision of ARs and CARs; and
(e) failed to have internal information technology capabilities, and had limited third-party support.
Other relevant matters
57 As a result of the matters which are the subject of the SAFA, Lanterne accepts that it put the ultimate clients of its ARs and CARs at risk of harm in relation to the financial services provided to them by the ARs and CARs under Lanterne’s AFSL. Significantly, Lanterne also accepts that it benefited by receipt of fees from its CARs, without applying those fees to ensure that the financial services provided under its licence were provided in accordance with the financial services laws.
The Contraventions of the Act
58 As has been mentioned, Lanterne has admitted that it breached the following obligations of an AFSL holder contained in s 912A(1) of the Act:
(a) to take reasonable steps to ensure that its representatives comply with the financial services laws: s 912A(1)(ca);
(b) to have available adequate resources (including technical and human resources) to provide the financial services covered by its financial service licence: s 912A(1)(d);
(c) to maintain the competence to provide the financial services covered by its financial services licence: s 912A(1)(e);
(d) to ensure that its representatives are adequately trained and competent to provide the financial services covered by its financial service licence: s 912A(1)(f); and
(e) to have adequate risk management systems: s 912A(1)(h).
59 ASIC does not press the allegation included in the Originating Process and Concise Statement dated 6 July 2022 that Lanterne breached its obligations under s 912A(1)(d) in respect of financial resources (the obligation to have available adequate financial resources). However, ASIC does press the allegation of a breach of s 912A(1)(d) in relation to technological and human resources of Lanterne.
60 Lanterne has also admitted that by the conduct which constituted the contraventions referred to above, Lanterne breached its obligation to do all things necessary to ensure the financial services covered by its AFSL were provided efficiently, honestly and fairly: s 912A(1)(a).
61 Lanterne admits that by each contravention of ss 912A(1)(a), (ca), (d), (e), (f) and (h), it contravened s 912A(5A) of the Act. This is the basis upon which ASIC and Lanterne have agreed to seek declarations of these contraventions from the court.
62 ASIC submits, and I accept, that only limited guidance may be obtained from other cases in which the general obligations under s 912A(1) of the Act have been considered. Obviously enough, the content of the general obligations, and the way a licensee may comply with the obligations, will depend upon the nature, scale and complexity of their business and the financial services they offer, as well as the particular circumstances of each case.
63 The parties are agreed as to the steps required to comply with the relevant obligations under s 912A(1) by a financial services licensee in Lanterne’s position, and about the way in which Lanterne contravened each provision.
64 Having regard to ASIC’s submissions, I turn then to the legal principles relevant to the various contraventions. Consistently with the approach adopted in ASIC’s submissions, I deal with the relevant contraventions of s 912A(1) of the Act in an order more conducive to an understanding of the conduct of Lanterne’s business which has resulted in the contraventions described above.
Section 912A(1)(h) – adequate risk management systems
65 Section 912A(1)(h) of the Act requires a licensee to have adequate risk management systems. In Australian Securities and Investments Commission v RI Advice Group Pty Ltd (2022) 160 ACSR 204, Rofe J approved orders agreed by the parties, and made the following observations about the scope of the obligation (at 215-216 [54]-[55]):
[54] Although s 912A(1)(h) does not appear to have been the subject of any relevant prior judicial consideration, the notion of “adequacy” again imports a normative standard of conduct against which the licensee’s performance can be judged. The particular focus of this provision is on “risk management systems”, and in the context of RI Advice, whose business is conducted on its behalf through its Authorised Representatives, this necessarily places the focus on the risks to Authorised Representatives, and the necessity for RI Advice to have “adequate” systems to manage those risks.
[55] The assessment of “adequate risk management systems”, in the context of cyber risk management, requires consideration of the risks faced by a business in respect of its operations and IT environment. As I have noted above in relation to s 912A(1)(a), cyber risk management is a highly technical area of expertise. While the standard of “adequacy” is ultimately one for the Court to decide, the Court’s assessment of the adequacy of any particular set of cyber risk management systems will likely be informed by evidence from relevantly qualified experts in the field.
Section 912A(1)(f) – adequate training and competence of representatives
66 Section 912A(1)(f) of the Act requires the licensee to ensure that its representatives are adequately trained and are competent to provide the financial services covered by the licence.
67 The obligations under s 912A(1)(f) have been considered and applied in several regulatory proceedings brought by ASIC, with the nature of the obligations dependent upon the particular circumstances of the entities concerned in those cases: see Australian Securities and Investments Commission v Westpac Banking Corporation (No 2) (2018) 266 FCR 147 (ASIC v Westpac (BBSW)) (Beach J) at 317-324 [2490]-[2533]; Australian Securities and Investments Commission v Commonwealth Bank of Australia (2018) 128 ACSR 289 (Beach J) at 297 [48], 298 [57], see also orders 3 and 4; Australian Securities and Investments Commission v National Australia Bank Limited (2017) 123 ACSR 341 (Jagot J).
68 It has been said that subsections (1)(ca) and (f), in combination, suggest that the holder of an AFSL should undertake a continuing training program that is calculated to produce competent representatives or maintain their level of competence: see Avoca Consultants Pty Ltd v Millennium3 Financial Services Pty Ltd (2009) 179 FCR 46 at 105 [344] (Barker J); Australian Securities and Investments Commission v NSG Services Pty Ltd (2017) 122 ACSR 47 at 55 [31] (Moshinsky J); ASIC v Westpac (BBSW) at 317 [2490].
Section 912A(1)(ca) – reasonable steps to ensure representatives’ compliance
69 Section 912A(1)(ca) of the Act provides that a financial services licensee must take reasonable steps to ensure representatives comply with financial services laws. “Financial services laws” is broadly defined in s 761A to include a provision of Chapters 5C, 5D, 6, 6A, 6B, 6C, 6D, 7 or 8A of the Act and Division 2 of Part 2 of the Australian Securities and Investments Commission Act 2001 (Cth).
70 I accept ASIC’s submission that as a matter of statutory construction, there is nothing in the language of s 912A(1)(ca) that makes proven contraventions of any financial services law a precondition to a finding of contravention of s 912A(1)(ca). Accordingly, there can be a failure to take reasonable steps to procure compliance without proof that the failure led to an actual contravention of the other provisions: Australian Securities and Investments Commission v Financial Circle Pty Ltd (2018) 131 ACSR 484 at 508 [123] (O’Callaghan J) (ASIC v Financial Circle). In the present case, ASIC does not allege that any of Lanterne’s representatives contravened any financial services laws.
71 The obligations under s 912A(1)(ca) of the Act have been considered and applied in several regulatory proceedings brought by ASIC: see Australian Securities and Investments Commission v Westpac Banking Corporation (Omnibus) (2022) 407 ALR 1 (Beach J) (ASIC v Westpac (Omnibus)); ASIC v Westpac (BBSW); ASIC v Financial Circle; Australian Securities and Investments Commission v RI Advice Group Pty Ltd (No 2) (2021) 156 ACSR 371 (Moshinsky J) (RI Advice (No 2)).
72 In ASIC v Westpac (Omnibus), Beach J observed that what steps are reasonable will depend upon the nature of the obligation to be complied with, and the circumstances of the licensee. His Honour held that while the precise content of the obligation has not received detailed consideration (at 17 [76]):
[s 912A(1)(ca)] may be taken to impose an obligation to establish an adequate system for the supervision of representatives, as well as policies and procedures that are designed to address identified or reasonably identifiable risks of non-compliant conduct by representatives.
73 Justice Beach accepted that by failing to have in place adequate risk management procedures directed to detecting breaches of particular aspects of the financial services laws, and directed to monitoring internal controls, Westpac had failed to take reasonable steps to ensure that its representatives complied with the financial services laws: ASIC v Westpac (Omnibus) at 66 [514]-[516], see also orders 3 to 6 made in NSD 1241 of 2021.
74 ASIC submits, and I accept, that there are some similarities between the conduct in this matter and the contravening conduct in Australian Securities and Investments Commission v AGM Markets Pty Ltd (in liquidation) (No 3) (2020) 275 FCR 57 (Beach J) (ASIC v AGM Markets). In that case, AGM held an AFSL and it had authorised two other defendants as CARs under the AFSL, which were authorised to provide financial product advice. The CAR defendants provided the advice to clients via “account managers”, whom the CARs engaged. The court found that AGM had outsourced to the account managers certain key functions for providing financial product advice to its clients, making the observation that “the responsibility for ensuring that the advice was provided in a fair, honest and efficient manner remained with AGM. AGM could outsource the function but not its responsibility under its AFSL”: ASIC v AGM Markets at 146 [493].
75 In ASIC v AGM Markets, Beach J concluded that AGM failed to comply with s 912A(1)(a) and (ca) by reason of, among other matters, the following conduct (at 146-148 [487]-[504]):
(a) the training provided to the account managers was inadequate, and while there was some initial effort by AGM to ensure that account managers received adequate training, there was no evidence that the AMs in fact received the training or that AGM took any steps to follow up on its initial admonition that such training should occur.
(b) prior to the provision of any services by the CARs or the account managers on AGM’s behalf, AGM should have undertaken due diligence on all the entities that provided the account managers. The due diligence should have confirmed that the CARs and all the account managers had sufficient resources to provide the outsourced functions, had the requisite knowledge of the Australian financial services laws, and understood the obligations they were being given as a representative of an AFSL holder. AGM should have been confident that the CARs and all AMs could provide the services fairly, honestly and efficiently, in accordance with AGM’s obligations under its AFSL, prior to any services being provided.
(c) AGM should have ensured that prior to any services being provided by the account managers, adequate training had been undertaken by all account managers. AGM should have ensured the training was completed to meet the obligations of its AFSL.
(d) AGM should have had in place a system for monitoring the activities of its CARs and all account managers when providing financial product advice. This system should have included regular monitoring and review of telephone conversations, emails and any other communications between the account managers and the clients.
(e) The compliance departments of AGM and its CARs should have ensured they had a close working relationship.
76 In Australian Securities and Investments Commission v Wealth & Risk Management Pty Ltd (No 2) (2018) 124 ACSR 351 (ASIC v Wealth & Risk Management), Moshinsky J accepted that a financial services licensee providing financial advice should have a compliance framework which included:
(a) policies and procedures addressing and providing guidance on the statutory requirements for provision of financial advice;
(b) regular and targeted risk-based monitoring and supervision of ARs;
(c) effective ongoing training;
(d) effective record keeping; and
(e) regular reviews of the providers’ measures, processes and procedures.
77 Justice Moshinsky accepted that the financial services provider in that case had serious deficiencies in its compliance manual, training and supervision, and registers. His Honour found that the defendant had failed to take reasonable steps to ensure its representatives’ compliance with the financial services laws, and had failed to ensure the financial services were provided efficiently, honestly and fairly: ASIC v Wealth & Risk Management at 372-373 [111]-[113].
78 In ASIC v Financial Circle, O’Callaghan J approved a settlement and made proposed orders by consent, to the effect that Financial Circle had failed to take reasonable steps to ensure its representatives complied with financial services laws in contravention of s 912A(1)(ca) by the following conduct, among other matters (at 496-498 [59]-[67]):
(a) Financial Circle’s compliance manual failed to provide detailed, practical and specific guidance on how advisers could ensure they complied with the law;
(b) Financial Circle’s conflicts register did not adequately identify conflicts of interest, address the impact of conflicts or give adequate guidance on how conflicts should be managed;
(c) Financial Circle’s complaints register, and incidents register did not facilitate Financial Circle identifying, remediating or reporting on the underlying causes of the complaints or incidents; and
(d) Financial Circle did not provide formal or substantive training to advisers on their obligations to comply with the financial services laws.
Section 912A(1)(d) – adequate resources
79 Section 912A(1)(d) provides that a financial services licensee must have available adequate resources (including financial, technological and human resources) to provide the financial services covered by the license and to carry out supervisory arrangements.
80 There do not appear to be any decisions in which the court has considered the scope and content of s 912A(1)(d), although adapting the court’s analysis in RI Advice at 215 [54]-[55] in the context of s 912A(1)(h), the notion of adequacy may be said to import a normative standard of conduct against which the licensee’s performance can be judged. The focus of this provision is on the resources (relevantly human and technological) required to provide the applicable financial services (which in this case are provided by ARs and CARs) and to carry out supervisory arrangements. The standard of adequacy is ultimately one for the court to decide, informed where appropriate by qualified experts in the field.
Section 912A(1)(e) – maintaining competence
81 Section 912A(1)(e) requires licensees to maintain the competence to provide the financial services covered by its licence.
82 ASIC Regulatory Guide 105 (RG 105) addresses what a licensee must do to comply with this provision. By way of overview, RG 105 (unexceptionally, it may be observed) provides that a licensee must have responsible managers with sufficient knowledge and skills in relation to the financial services provided by the licensee, having regard to the size of the business and the financial services and products provided.
83 In Australian Securities and Investments Commission v National Australia Bank Limited [2021] FCA 1013 (Davies J), the court considered s 912A(1)(e) and made declarations of contravention by consent.
84 The case relevantly concerned the NAB’s failure to establish and maintain documented policies, procedures and systems which were adequate to identify whether it had provided review services in accordance with ongoing service agreements and financial disclosure statements, and whether it was prohibited from charging clients ongoing fees. Davies J accepted the parties’ joint submissions that (at [46]):
[C]ompetence to provide financial services in a financial planning context does not only extend to the qualitative standard of substantive advice provided, but also to competence to comply with statutory and contractual obligations applicable to the provision of financial advice. The admitted compliance deficiencies thus bore upon NAB’s competence to provide the review services, pursuant to its ongoing fee arrangements.
Section 912A(1)(a) – provision of financial services efficiently, honestly and fairly
85 Section 912A(1)(a) requires a financial licensee to do all things necessary to ensure the financial services covered by its license are provided efficiently, honestly and fairly.
86 The provision has been interpreted as follows:
(a) the words “efficiently, honestly and fairly” connote a requirement of competence in providing advice and in complying with relevant statutory obligations;
(b) the word “efficient” refers to a person who performs his duties efficiently, meaning the person produces the desired effect, and is capable and competent. Inefficiency may be established by demonstrating that the performance of a licensee’s functions falls short of the reasonable standard of performance by a dealer that the public is entitled to expect;
(c) it is not necessary to establish dishonesty in the criminal sense. The word “honestly” may comprehend prevention of conduct which is not criminal, but which is morally wrong in the commercial sense; and
(d) the word “honestly” when used in conjunction with the word “fairly” tends to give the flavour of a person who not only is not dishonest, but also is ethically sound.
See generally Australian Securities and Investments Commission v Camelot Derivatives Pty Ltd (in liq) (2012) 88 ACSR 206 at 225 [69], [70] (Foster J) (ASIC v Camelot); Australian Securities and Investments Commission v Cassimatis (No 8) (2016) 336 ALR 209 at 337-338 [673]-[674] (Edelman J) (ASIC v Cassimatis); ASIC v Financial Circle at 510 [137]; Australian Securities and Investments Commission v Westpac Securities Administration Limited, in the matter of Westpac Securities Administration Limited (2019) 133 ACSR 1 at 87-90 [413]-[426] (Gleeson J); ASIC v AGM Markets at 148-149 [505]-[512].
87 In ASIC v Westpac (BBSW) at 294 [2350], Beach J confirmed that:
… a contravention of the “efficiently, honestly and fairly” standard does not require a contravention or breach of a separately existing legal duty or obligation, whether statutory, fiduciary, common law or otherwise. The statutory standard itself is the source of the obligation.
88 Consistently with this, the other authorities on s 912A(1)(a) emphasise that the section does not require dishonesty in the traditional or criminal sense: ASIC v Camelot at 225 [69(d)], 226 [72]; ASIC v Cassimatis at 337 [673]. In Australian Securities and Investments Commission v Westpac Securities Administration Limited (2019) 272 FCR 170 at 210 [173] (ASIC v Westpac Securities), Allsop CJ observed that the section reflects a legislative policy of promoting adherence to social or commercial norms or standards of behaviour; but see ASIC v AGM Markets at [518]-[519] (Beach J). Contravention does not rely on any proof or finding of intent, rather it is determined by reference to objective circumstances. Accordingly, a finding of contravention of s 912A(1)(a) can be made even though it is not shown that the contravener engaged in an intentional wrong: Australian Securities and Investments Commission v MLC Nominees Pty Ltd (2020) 147 ACSR 266 at 276 [51] (Yates J).
89 In the first decision considering a contravention of s 912A(1)(a) after it became a civil penalty provision, although it was a decision in which contraventions were admitted and orders were sought by consent, Beach J held that there was no good reason not to apply the existing authorities about the scope of the provision; including his Honour’s own observations about the provision in ASIC v AGM Markets: ASIC v Westpac (Omnibus) at 13-15 [60]-[61].
90 As ASIC submits, the authorities have predominantly emphasised that the words “efficiently, honestly and fairly” must be read as a compendium describing a person who goes about their duties efficiently having regard to the dictates of honesty and fairness, honestly having regard to the dictates of efficiency and fairness, and fairly having regard to the dictates of efficiency and honesty: Story v National Companies and Securities Commission (1988) 13 NSWLR 661 at 672 (Young J); ASIC v AGM Markets at 148 [506], 149 [516]. However, contrary views have more recently been expressed. In ASIC v Westpac Securities the Full Court considered s 912A(1)(a). O’Bryan J expressed “considerable reservations” about the view that the phrase should be construed compendiously in that manner: ASIC v Westpac Securities at 267 [424], [426]; but cf Allsop CJ at 209 [170].
91 In subsequent consideration of s 912A(1)(a), single judges of this court have found it unnecessary to resolve this question, and have observed that it is best left for an appropriate circumstance for resolution: see Australian Securities and Investments Commission v Australia and New Zealand Banking Group Limited (No 3) [2020] FCA 1421 at [48] (Allsop CJ); RI Advice (No 2) at 473-474 [377] (Moshinsky J); Australian Securities and Investments Commission v MobiSuper Pty Ltd [2021] FCA 855 at [39] (Jackson J); Australian Securities and Investments Commission v Australia and New Zealand Banking Group Limited [2023] FCA 1150 at [52]-[57] (Beach J). In ASIC v Westpac (Omnibus), Beach J stated that, given the section has civil penalties attached, if there was any ambiguity as to whether the expression is to be interpreted compendiously (which his Honour considered there was not), that ambiguity should be resolved in favour of a compendious approach: ASIC v Westpac (Omnibus) at 16 [66].
92 It is not necessary to resolve this issue for the purposes of the present case given that Lanterne’s conduct by which it contravened the various subsections of s 912A(1) addressed above are the basis for its contravention of s 912A(1)(a). No additional conduct is relied upon.
93 ASIC submits and I accept that whether the statutory phrase in s 912A(1)(a) is to be construed compendiously does not affect whether Lanterne contravened s 912A(1)(a). Regardless of the construction adopted, the authorities on s 912A(1)(a) emphasise that the section does not require dishonesty in the criminal sense. The aggregated contravening conduct of Lanterne outlined above satisfies the requirement that the financial services were not being provided “honestly” in this sense of this provision.
94 It may be accepted that Lanterne’s conduct fell well short of the reasonable standard of performance of an AFSL holder, which the public is entitled to expect. It failed to demonstrate competence in performing its obligations as an AFSL holder and competence in complying with its applicable statutory obligations. It thereby failed to provide financial services “efficiently, honestly and fairly” within the meaning of that term in s 912A(1)(a) of the Act.
Declarations
The court’s power
95 The court has a wide discretionary power to make declarations pursuant to s 21 of the Federal Court of Australia Act 1976 (Cth) (FCA Act): Australian Securities and Investments Commission v Commonwealth Bank of Australia [2020] FCA 790 at [152] (Beach J) (ASIC v CBA). See also s 1101B(1) of the Act and Wellington Capital Limited v Australian Securities and Investments Commission (2014) 254 CLR 288 at 298-299 [10] (French CJ, Crennan, Kiefel and Bell JJ); Australian Securities and Investments Commission v Park Trent Properties Group Pty Ltd (No 3) [2015] NSWSC 1527 at [478] (Sackville AJA); ASIC v Financial Circle at 513 [155].
96 Section 1317E(1) of the Act requires the Court to make a declaration of contravention if it is satisfied that a person has contravened a civil penalty provision of that Act. Subsection 1317E(2) prescribes the matters which must be specified in the declaration.
Relevant principles
97 In Australian Securities and Investments Commission v Mercer Financial Advice (Australia) Pty Ltd [2023] FCA 1453 at [52]-[54] I outlined the principles relevant to the making of declarations in the present circumstances. What follows is drawn in substantial part from my reasons in Mercer.
98 The utility of declarations which set out the particular liability found and the basis for the penalties ordered is well established: see Australian Securities and Investments Commission v Axis International Management Pty Ltd (2009) 178 FCR 485 at 491-496 [26]-[43] (Gilmour J) and, more generally, Rural Press Limited v ACCC (2003) 216 CLR 53 at 92 [95] (Gummow, Hayne and Heydon JJ); Australian Softwood Forests Pty Ltd v Attorney-General (NSW); Ex relatione Corporate Affairs Commission (1981) 148 CLR 121 at 125 (Mason J), 144-5 (Wilson J); Tobacco Institute of Australia Ltd v Australian Federation of Consumer Organisations Inc (No 2) (1993) 41 FCR 89 at 97-9 (Sheppard J), 106 (Foster J), 107 (Hill J); Stuart v Construction, Forestry, Mining and Energy Union (2010) 185 FCR 308 at 322 [35] (Moore J), 334 [94] (Besanko and Gordon JJ); Australian Competition and Consumer Commission v MSY Technology Pty Ltd (2012) 201 FCR 378 at 388 [35] (Greenwood, Logan and Yates JJ); and Australian Securities and Investments Commission v Allianz Australia Insurance Limited [2021] FCA 1062 at [120]-[121] (Allsop CJ).
99 In Australian Building and Construction Commissioner v Construction, Forestry, Mining and Energy Union (2017) 254 FCR 68 (ABCC v CFMEU), the Full Court stated (at 87 [90]):
The fact that the parties have agreed that a declaration of contravention should be made does not relieve the Court of the obligation to satisfy itself that the making of the declaration is appropriate. … It is not the role of the Court to merely rubber stamp orders that are agreed as between a regulator and a person who has admitted contravening a public statute...
(Citations omitted.)
100 The Full Court continued (at 87 [93]):
Declarations relating to contraventions of legislative provisions are likely to be appropriate where they serve to record the Court’s disapproval of the contravening conduct, vindicate the regulator’s claim that the respondent contravened the provisions, assist the regulator to carry out its duties, and deter other persons from contravening the provisions…
(Citations omitted.)
101 In Forster v Jododex Australia Pty Ltd (1972) 127 CLR 421 at 437-438, Gibbs J, referring to Lord Dunedin’s summary of the Scottish rules in Russian Commercial and Industrial Bank v British Bank for Foreign Trade Ltd [1921] 2 AC 438 at 448, accepted that there are three requirements that should be satisfied before the discretion is exercised in favour of making a declaration:
(a) the question must be a real and not a hypothetical or theoretical one;
(b) the applicant must have a real interest in raising it; and
(c) there must be a proper contradictor.
See also Australian Competition and Consumer Commission v Coles Supermarkets Australia Pty Ltd [2014] FCA 1405 at [70]-[76] (Gordon J); MLC Nominees at 284 [110]; Rural Press at 92 [95]; Australian Competition and Consumer Commission v Construction, Forestry, Mining and Energy Union [2007] ATPR 42-140, [2006] FCA 1730 at [6] (Nicholson J) and the cases there cited, applied in ABCC v CFMEU at 87 [93].
102 The High Court considered the principles applicable to the making of civil regulatory orders by consent in Commonwealth of Australia v Director, Fair Work Building Industry Inspectorate (2015) 258 CLR 482 (the Agreed Penalties Case) (French CJ, Kiefel, Bell, Nettle and Gordon JJ). The High Court there emphasised (at 503-504 [46]) the important public policy involved in promoting predictability in the outcome of civil penalty proceedings.
103 The principles are not confined to agreed submissions on pecuniary penalties, but apply equally to agreement on other forms of relief. It may be accepted that the High Court’s conclusions in the Agreed Penalties Case as to the desirability of acting upon agreed penalty submissions were made in the context of broader recognition that civil penalties were one of several forms of relief which regulators could choose and pursue as a civil litigant in civil proceedings: at 495 [24], 507-508 [57]-[59], 509 [63], 521 [103], 522-523 [107]. ASIC submits, and I accept, that this approach is consistent with the long-standing judicial support for agreed positions on declarations, injunctions and other relief in civil penalty proceedings: see for example NW Frozen Foods Pty Ltd v Australian Competition and Consumer Commission (1996) 71 FCR 285 (Burchett, Carr and Kiefel JJ).
The proposed declarations
104 ASIC proposes declarations in the following terms:
1. Pursuant to s 21 of the Federal Court of Australia Act 1976 (Cth) (FCA Act) and s 1317E of the Corporations Act 2001 (Cth), during the period 13 March 2019 to 5 October 2021 (the Relevant Period), Lanterne Fund Services Pty Limited breached its obligation to have adequate risk management systems, and thereby contravened ss 912A(1)(h) and 912A(5A) of the Corporations Act by:
(a) failing to identify and assess the risks faced by its business, including the risks relating to its corporate authorised representatives (CARs) and authorised representatives (ARs);
(b) failing to document any identification or assessment of the risks faced by its business, including failing to have a risk management framework and basic risk management tools;
(c) relying on initial due diligence of directors of potential CARs and pro forma monthly compliance self-assessments by the CARs to monitor the CARs and ARs and identify risks associated with their conduct;
(d) failing to have an adequate compliance management system having regard to the nature, scale and complexity of its business and instead relying on a compliance manual which was out of date, inapplicable to its business, and omitted regulatory and compliance obligations of CARs, ARs and Lanterne;
(e) failing to have sufficient employees or officers with appropriate risk management expertise and failing to engage external consultants with risk management expertise for the purpose of risk management;
(f) failing to have any independent oversight or monitoring of its risk management systems; and
(g) otherwise failing to have systems, processes or controls to manage or mitigate risks, including failing to have an incident management process.
2. Pursuant to s 21 of the FCA Act and s 1317E of the Corporations Act, during the Relevant Period, Lanterne breached its obligation to do all things necessary to maintain competence to provide the financial services covered by its financial services licence, and thereby contravened ss 912A(1)(e) and 912A(5A) of the Corporations Act, by:
(a) failing to have responsible managers with sufficient time to effectively conduct their roles;
(b) failing to have a sufficient number of responsible managers with appropriate knowledge and skills across the financial services offered by Lanterne's CARs and in the industries and businesses operated by Lanterne's CARs; and
(c) failing to have any processes for ensuring it had appropriately qualified managers.
3. Pursuant to s 21 of the FCA Act and s 1317E of the Corporations Act, during the Relevant Period, Lanterne breached its obligation to ensure that its representatives were adequately trained and competent to provide the financial services covered by its financial services licence, and thereby contravened ss 912A(1)(f) and 912A(5A) of the Corporations Act by:
(a) failing to assess the skill and competency requirements of its ARs, and failing to take any or adequate steps to address those requirements;
(b) failing to provide or arrange any or adequate training, professional development or other instructional programs for its CARs and ARs; and
(c) relying only on monthly self-assessment compliance reports completed by the CARs and ARs to satisfy itself that they had undertaken training, and not requesting, obtaining and inspecting CARs or ARs' training records or other evidence of relevant training.
4. Pursuant to s 21 of the FCA Act and s 1317E of the Corporations Act, during the Relevant Period, Lanterne breached its obligation to take reasonable steps to ensure that its representatives complied with the financial services laws, and thereby contravened ss 912A(1)(ca) and 912A(5A) of the Corporations Act by:
(a) failing to have a documented and rigorous due diligence and background check process for prospective CARs and ARs, and failing to conduct ongoing checks to ensure ARs remained appropriate;
(b) failing to provide clear and practical guidance to CARs and ARs about the nature, extent and discharge of their obligations under the financial services laws;
(c) failing to have a systematic and documented audit process, and failing to conduct regular audits of the CARs and ARs;
(d) failing to document the matters the subject of its informal discussions with the ARs;
(e) relying on pro forma monthly compliance self-assessments by the CARs to monitor the CARs and ARs and identify risks associated with their conduct; and
(f) failing to record or follow up any exceptions noted in the compliance self-assessments; and
(g) failing to conduct regular performance reviews of its employees, management or responsible manager.
5. Pursuant to s 21 of the FCA Act and s 1317E of the Corporations Act, during the Relevant Period, Lanterne breached its obligation to have available adequate resources (including technological and human resources) to provide the financial services covered by its financial services licence, and thereby contravened ss 912A(1)(d) and 912A(5A) of the Corporations Act, by:
(a) failing to have adequately trained and skilled compliance and risk management personnel, (particularly to undertake audits and reviews of CARs and ARs);
(b) failing to have an adequate information technology capability and any human resources capability having regard to the nature and scale of Lanterne's business;
(c) failing to have a human resources plan or process to establish and maintain the adequacy of Lanterne's human resources;
(d) failing to have staff training, development plans or reviews;
(e) failing to have plans for the temporary or permanent absence of its only operational responsible manager who also held the position of managing director;
(f) failing to have a technology resourcing plan or an up-to-date disaster recovery plan, and relying on outdated back up processes;
(g) failing to update its software to meet the needs of a business of its nature, scale and risk profile; and
(h) until September 2020, relying on paper files and records and failing to use a suitable software system in its monitoring and supervision of CARs and ARs.
6. Pursuant to s 21 of the FCA Act and s 1317E of the Corporations Act, during the Relevant Period, by the conduct alleged in:
(a) paragraphs 1(a) to (g);
(b) paragraphs 2(a) to (c);
(c) paragraphs 3(a) to (c);
(d) paragraphs 4(a) to (g); and/or
(e) paragraphs 5(a) to (h),
together, or in any combination, Lanterne breached its obligation to do all things necessary to ensure the financial services covered by its financial services licence were provided efficiently, honestly and fairly, and thereby contravened ss 912A(1)(a) and 912A(5A) of the Corporations Act.
105 Section 1317E of the Act applies in respect of s 912A. ASIC submits that each party has agreed to the making of the declarations set out in the Schedule to the SAFA (and outlined above), on the basis of the facts set out in the SAFA which have been agreed and admitted pursuant to s 191 of the Evidence Act. In each instance, the court must make declarations of contraventions where it is satisfied that Lanterne has contravened.
106 In respect of the admitted contraventions of s 912A of the Act, I am satisfied that the requirements referred to above at paragraph [101] are met.
107 I am also satisfied that the contraventions that are the subject of the proposed declarations are established by the facts and admissions set out in the SAFA, and that there would be utility in making them. No independent adjudication of whether the facts of the contraventions exist is necessary in circumstances where the agreed facts provide sufficient foundation for the declarations and orders sought and admissions have been made: s 191 of the Evidence Act and ASIC v CBA at [12] (Beach J).
108 It is therefore appropriate to make the declarations substantially in the terms that ASIC proposes. Declarations in these terms will identify the contravening conduct and record the Court’s disapproval of it.
Pecuniary penalties
Significance of the Relevant Period to penalty
109 Prior to 13 March 2019 (being the start of the Relevant Period) ss 912A(1)(a), (ca), (d), (e), (f) and (h) of the Act were not civil penalty provisions. Section 912A of the Act was amended by s 76 in Schedule 1 of the Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Act 2019 (Cth) (Treasury Laws Amendment Act) to add subsection (5A). The effect of this subsection is that from 13 March 2019 a contravention of ss 912A(1)(a), (ca), (d), (e), (f) or (h) of the Act is a contravention of s 912A(5A), which is a civil penalty provision.
110 Section 912A(5A) applies in relation to the contravention of the civil penalty provision if the conduct constituting the contravention of the provision occurs wholly on or after the commencement day, being 13 March 2019. Consequently the contraventions rely only on conduct which occurred on and after 13 March 2019.
The court’s power
111 Part 9.4B of the Act is concerned with the civil consequences of contravening civil penalty provisions. Section 1317G(1) of the Act gives the court power to impose a pecuniary penalty in respect of the contravention of a civil penalty provision where a declaration of contravention under s 1317E has been made. The pecuniary penalty ordered must not exceed the maximum pecuniary penalty: s 1317G(2) of the Act.
Relevant principles
112 In Mercer at [62]-[80] I outlined the principles relevant to the imposition of pecuniary penalties. What follows is drawn substantially from my exposition of the principles in Mercer.
113 The power to impose a penalty is to be exercised judicially, that is, fairly and reasonably: Australian Building and Construction Commissioner v Pattinson (2022) 274 CLR 450 at 467 [40] (Kiefel CJ, Gageler, Keane, Gordon, Steward and Gleeson JJ). Bearing in mind that the discretion to be applied in setting a pecuniary penalty must be guided by the relevant statutory provisions, the legal principles that govern the assessment of the quantum of a pecuniary penalty that should be imposed for civil contraventions are well established. These principles are summarised below.
Deterrence
114 The primary or sole purpose of civil penalties is deterrence, both specific and general: Pattinson at 457 [9]-[10], 459-460 [15]-[18]; the Agreed Penalties Case at 506 [55], referring to Trade Practices Commission v CSR Ltd (1991) ATPR 41-076 at 52,152 (French J). See also Re HIH Insurance Ltd (in prov liq) and HIH Casualty and General Insurance Ltd (in prov liq); Australian Securities and Investments Commission v Adler (2002) 42 ACSR 80 at 114-116 [125]-[126] (Santow J).
115 Specific deterrence is for the purpose of deterring repetition of the contravening conduct by the contravener and general deterrence is for the purpose of deterring others who might be tempted to engage in similar contraventions: Pattinson at 457 [9], 459 [15], 468 [42], 470 [47]-[48]; the Agreed Penalties Case at 506 [55] and 523-524 [110] (Keane J); Australian Competition and Consumer Commission v TPG Internet Pty Ltd (2013) 250 CLR 640 at 659 [65] (French CJ, Crennan, Bell and Keane JJ); viagogo AG v Australian Competition and Consumer Commission [2022] FCAFC 87 at [129] (Yates, Abraham and Cheeseman JJ). Penalties will be imposed to promote the public interest in compliance: the Agreed Penalties Case at 506 [55], referring to CSR at 52, 152. The penalty imposed should be no greater than necessary to achieve this objective: Pattinson at 457 [10], 610 [40]; Australian Securities Commission v Donovan (1998) 28 ACSR 583 at 608 (Cooper J).
116 While the civil penalty should not be so high that it is oppressive, it should not be so low as to be regarded by the contravener as “an acceptable cost of doing business”: Pattinson at 460 [17], 467-468 [40]-[41]; Australian Building and Construction Commission v Construction, Forestry, Mining and Energy Union (2018) 262 CLR 157 at 195-196 [116] (Keane, Nettle and Gordon JJ); TPG at 659 [66]; Singtel Optus Pty Ltd v Australian Competition and Consumer Commission (2012) 287 ALR 249 at 265 [62]-[63] (Keane CJ, Finn and Gilmour JJ); NW Frozen Foods at 293 (Burchett and Kiefel JJ); Australian Securities and Investments Commission v Westpac Banking Corporation [2019] FCA 2147 (ASIC v Westpac Banking) at [255] (Wigney J).
117 Whatever penalty is to be imposed must be “proportionate” and “appropriate” in the sense that it strikes a reasonable balance between oppressive severity and deterrence in the circumstances of the case: see Pattinson at 467-468 [40]-[41], 470 [46]. Although there may be no indication that a defendant will contravene a civil penalty provision in the proximate future, a penalty must be imposed which will act as a reminder to that defendant and the community of consequences of the admitted contraventions, and this can be the most significant factor in determining penalty in particular cases: Australian Competition and Consumer Commission v Telstra Corporation Limited (2010) 188 FCR 238 at 273 [204] (Middleton J) citing Australian Competition and Consumer Commission v Rural Press Ltd (2001) ATPR 41-833 at 43,289-43,290 [15].
118 The Full Court has held that a substantial penalty can be supported, even where the contravening conduct has not been shown to have caused loss to the public: Singtel Optus at 264 [57].
Maximum penalty
119 During the Relevant Period a penalty unit was $210 until 30 June 2020, and $222 from 1 July 2020: s 4AA of the Crimes Act 1914 (Cth).
120 For a body corporate, the maximum pecuniary penalty for a contravention of ss 912A(1)(a), (ca), (d), (e), (f) or (h), is the greatest of:
(a) 50,000 penalty units (equating to $10.5 million until 30 June 2020, the value of a penalty unit at that time being $210, and $11.1 million from 1 July 2020, the value of a penalty unit at that time being $222); and
(b) if the court can determine the benefit derived and detriment avoided because of the contravention – that amount multiplied by three; and
(c) either:
(i) 10% of the company’s annual turnover for the 12-month period ending at the end of the month in which the body corporate contravened, or began to contravene, the civil penalty provision; or
(ii) if 10% of the company’s annual turnover is greater than an amount equal to 2.5 million penalty units, then 2.5 million penalty units (equating to $525 million until 30 June 2020, the value of a penalty unit at that time being $210, and $555 million from 1 July 2020, the value of a penalty unit at that time being $222).
121 The court should have regard to the prescribed maximum penalty, however it should not start with the maximum penalty and then proceed by way of making proportional deductions from this amount: Markarian v The Queen (2005) 228 CLR 357 at 372 [31] (Gleeson CJ, Gummow, Hayne and Callinan JJ). Rather, consideration of the maximum penalty allows the court to make comparison between the worst possible case and the case that it is being asked to address: Australian Securities and Investments Commission v Westpac Securities Administration Limited (2021) 156 ACSR 614 at 619 [24] (O’Bryan J), citing Markarian at 372 [31]. As the plurality emphasised in Pattinson at 457 [10], citing Australian Competition and Consumer Commission v Reckitt Benckiser (Australia) Pty Ltd (2016) 340 ALR 25 at 63 [156], the maximum penalty is not reserved only for the most serious examples of offending conduct. What is required is that there be “some reasonable relationship between the theoretical maximum and the final penalty imposed”: Pattinson at 457 [10]. The requisite relationship will be established where the maximum penalty does not exceed what is reasonably necessary to deter future contraventions of a like kind by the contravener, and by others: Pattinson at 457 [10]. Considerations of deterrence, and the protection of the public interest, justify the imposition of the maximum penalty where it is apparent that no lesser penalty will be an effective deterrent against further contraventions of a like kind: Pattinson at 471 [50].
Factors to be considered
122 Self-evidently the court exercises its discretion when determining the size of the penalty and must consider a series of factors: Pattinson at 460-461 [18]-[19], 470 [46]-[48]; Adler at 114-116 [126]. No one factor is decisive, and all of the circumstances should be weighed: Australian Securities and Investments Commission v GE Capital Finance Australia [2014] FCA 701 at [75] (Jacobson J). The court is not generally assisted by a comparison of penalties imposed in other cases, due to the widely differing circumstances of each case: Singtel Optus at 264 [60], citing Telstra Corporation at 275 [215].
123 The court must also have regard to the totality principle, which requires a level of satisfaction that the total aggregate penalty is not unjust or disproportionate to the conduct, having regard to the circumstances of the case: Pattinson at 467 - 468 [40]-[41], 470 [46]; Registrar of Aboriginal and Torres Strait Islander Corporations v Matcham (No 2) (2014) 97 ACSR 412 at 437 [198] (Jacobson J).
124 The factors that the court should take into consideration, keeping in mind the objective of the pecuniary penalty provisions, have been essayed in numerous cases. In Pattinson at 460 [18] the plurality endorsed the factors identified by French J in CSR, that is (and noting that these should not be regarded as a “legal checklist”: Pattinson at 460-461 [18]-[19], 472 [54]):
1. The nature and extent of the contravening conduct.
2. The amount of loss or damage caused.
3. The circumstances in which the conduct took place.
4. The size of the contravening company.
5. The degree of power it has, as evidenced by its market share and ease of entry into the market.
6. The deliberateness of the contravention and the period over which it extended.
7. Whether the contravention arose out of the conduct of senior management or at a lower level.
8. Whether the company has a corporate culture conducive to compliance with the Act, as evidenced by educational programs and disciplinary or other corrective measures in response to an acknowledged contravention.
9. Whether the company has shown a disposition to co-operate with the authorities responsible for the enforcement of the Act in relation to the contravention.
125 In Australian Securities and Investments Commission v Westpac Banking Corporation (No 3) (2018) 131 ACSR 585 at 594 [49], (ASIC v Westpac (No 3)) Beach J formulated the factors to be taken into account in the following terms:
(a) the extent to which the contravention was the result of deliberate or reckless conduct by the corporation, as opposed to negligence or carelessness;
(b) the number of contraventions, the length of the period over which the contraventions occurred, and whether the contraventions comprised isolated conduct or were systematic;
(c) the seniority of officers responsible for the contravention;
(d) the capacity of the defendant to pay, but only in the sense that whilst the size of a corporation does not of itself justify a higher penalty than might otherwise be imposed, it may be relevant in determining the size of the pecuniary penalty that would operate as an effective specific deterrent;
(e) the existence within the corporation of compliance systems, including provisions for and evidence of education and internal enforcement of such systems;
(f) remedial and disciplinary steps taken after the contravention and directed to putting in place a compliance system or improving existing systems and disciplining officers responsible for the contravention;
(g) whether the directors of the corporation were aware of the relevant facts and, if not, what processes were in place at the time or put in place after the contravention to ensure their awareness of such facts in the future;
(h) any change in the composition of the board or senior managers since the contravention;
(i) the degree of the corporation’s cooperation with the regulator, including any admission of an actual or attempted contravention;
(j) the impact or consequences of the contravention on the market or innocent third parties;
(k) the extent of any profit or benefit derived as a result of the contravention; and
(l) whether the corporation has been found to have engaged in similar conduct in the past.
See also Australian Securities and Investments Commission v MLC Limited [2023] FCA 539 at [83] – [91] (Moshinsky J); Australian Securities and Investments Commission v Australia and New Zealand Banking Group Limited [2023] FCA 256 at [63] – [72] (O’Bryan J); Australian Securities and Investments Commission v GetSwift Limited (Penalty Hearing) [2023] FCA 100 at [34] – [48] (Lee J); Australian Securities and Investments Commission v AMP Financial Planning Proprietary Limited (2022) 164 ACSR 64 at 85-86 [103] – [108] (Moshinsky J) (ASIC v AMP).
126 Ultimately the court’s task is to determine the “appropriate” penalty in the circumstances of the case: Pattinson at 461 [19]; ABCC v CFMEU at 89 [101]. The process of having regard to the various relevant factors in deriving a penalty figure involves a process of intuitive synthesis: Australian Competition and Consumer Commission v Murray Goulburn Co-Operative Co Ltd [2018] FCA 1964 at [36] (Beach J); Australian Securities and Investments Commission v AGM Markets Pty Ltd (in liq) (No 4) (2020) 148 ACSR 511 at 523 [47] (Beach J); ASIC v CBA at [78] (Beach J); Australian Securities and Investments Commission v Austal Ltd [2022] FCA 1231 at [83] (O’Bryan J). The process requires a consideration of all factors taken together by reference to the civil penalty provisions contravened, in their statutory context: Australian Securities and Investments Commission v Australia and New Zealand Banking Group Limited [2018] FCA 155 at [22(5)] (Middleton J). The objects of Ch 7 of the Act include promoting the provision of suitable financial products to consumers of financial products, and promoting fairness, honesty and professionalism by those who provide financial services: s 760A of the Act.
Mandatory considerations
127 Section 1317G(6) of the Act states that in determining the pecuniary penalty, the court must take into account all relevant matters, including:
(a) the nature and extent of the contravention; and
(b) the nature and extent of any loss or damage suffered because of the contravention; and
(c) the circumstances in which the contravention took place; and
(d) whether the person has previously been found by a court (including a court in foreign country) to have engaged in similar conduct.
Course of conduct principle
128 In Pattinson at 469-470 [45] the plurality recognised that some concepts familiar from criminal sentencing, including the course of conduct principle, may usefully be deployed in the enforcement of the civil penalty regime. The course of conduct principle requires the court to consider whether the multiple contravening acts arise out of the same course of conduct or the one transaction in determining whether it is appropriate that a “concurrent” or “single penalty” should be imposed for the contraventions: ASIC v Westpac Securities at 619 [25], citing Australian Competition and Consumer Commission v Yazaki Corporation (2018) 262 FCR 243 at 296 [234] (Allsop CJ, Middleton and Robertson JJ); see also Australian Securities and Investments Commission v Westpac Banking Corporation (The Consumer Credit Insurance Case) [2022] FCA 359 at [80] (Katzmann J). In ABCC v CFMEU the Full Court observed at 100 [149]:
… It may be appropriate for the Court to impose a single penalty in such circumstances, for example, where the pleadings and facts reveal that the contraventions arose from a course of conduct and the precise number of contraventions cannot be ascertained, or the number of contraventions is so large that the fixing of separate penalties is not feasible, or there are a large number of relatively minor related contraventions that are most sensibly considered compendiously …
129 The “course of conduct principle” may apply where there is an “interrelationship between the legal and factual elements” of two or more contraventions: Australian Securities and Investments Commission v Westpac Banking Corporation [2019] FCA 2147 at [264] (Wigney J) citing Royer v The State of Western Australia (2009) 197 A Crim R 319 at 328 [22] (Owen JA).
The parties’ respective positions on penalty
ASIC’s submissions
130 ASIC submits that a penalty of $1.5 million is appropriate ($300,000 for each contravention of s 912A(5A)), and necessary to achieve specific and general deterrence in this instance. ASIC contends that Lanterne’s contraventions concerned core aspects of its operations. They were systemic and did not involve isolated conduct. ASIC submits that the conventions concerned critical aspects of Lanterne’s obligations as an AFSL holder such that the necessary processes, systems, and operations were in some cases non-existent and in other cases fundamentally non-compliant with Lanterne’s basic obligations as a licensee. ASIC submits that Lanterne’s conduct affected all of its CARS and ARs, and therefore potentially adversely affected their provision of financial services to all of their ultimate clients. ASIC notes that Lanterne admits that it put the ultimate clients at risk of harm in relation to the financial services provided to them by the ARs and CARs under Lanterne’s AFSL. It is ASIC’s position that the potential impact of Lanterne’s conduct and risk of harm to ultimate consumers was significant in circumstances where Lanterne had CARs and ARs operating under its licence with an aggregate of up to $1.685 billion under management.
131 ASIC relies on the Birkensleigh report in support of its proposed penalty orders insofar as the report opines on the nature and extent of the contravening conduct and the resulting risks and effect thereof. ASIC submits that Ms Birkensleigh is an experienced risk management and compliance expert who undertook an extensive and careful analysis of Lanterne’s operations and procedures. Her opinions can be summarised as follows:
(a) in relation to the adequacy of risk management systems (s 912A(1)(h)) Lanterne’s absence of adequate risk management systems meant that risks inherent in Lanterne’s business were not properly assessed or mitigated. The operations of the CARs were not homogenous, were broad, and were across a wide range of industries, with over $1 billion in aggregate funds under management, meaning that Lanterne’s business had a high degree of complexity and needed an effective risk management system to understand and appropriately manage the risks of each of the ARs and the risks of its own day to day business. The absence of manuals and compliance documents made if difficult for employees and other parties to understand their obligations and ensure compliance. Having considered all the aspects of Lanterne’s risk management systems, Ms Birkensleigh concluded that Lanterne’s risk management systems, to the extent they existed, were “wholly deficient”;
(b) in relation to the compliance of representatives with financial services laws (s 912A(1)(ca)), ARs represent a significant risk to the licensee because if ARs do not understand their obligations and do not comply then this potentially puts clients who are receiving financial services from the AR, under Lanterne’s AFSL, at risk of suffering financial loss. Ms Birkensleigh opined that understanding and ensuring that its ARs are operating appropriately is achieved through effective monitoring and supervision by the licensee of its ARs. She concluded that there is no evidence that Lanterne did anything to ensure that its ARs were fully aware of the relevant legislative and regulatory obligations and that without such information the ARs would be unsure about what was required of them to ensure compliance with their specific obligations.
(c) in relation to the availability of adequate resources (s 912A(1)(d)), Lanterne’s IT infrastructure and capability were not fit for purpose. Without the right technological resources, client data and other business data would not be secured and could be lost permanently. The lack of an effective disaster recovery plan meant that Lanterne was not prepared for an event that could disrupt its business for an extended period. This would put at risk Lanterne’s capacity to provide financial services covered by its AFSL and supervision and monitoring of its ARs.
(d) in relation to competence, and whether a licensee has the appropriate number of suitably qualified responsible managers (s 912A(1)(e)), where, as here, the CARs and ARs cover a diverse range of products and industries, more than one responsible manager would be required as it would be unusual for such person to have the breadth of qualifications and skills to cover such diversity. Further, in determining the number of responsible managers needed, the licensee needs to take into account the number of CARs and ARs it has authorised. Lanterne did not have sufficient appropriately qualified responsible managers with the relevant knowledge and skills to understand the inherent risks in the financial services the CARs and ARs were offering under its AFSL. Consequently there was a real risk that there was not sufficient oversight of Lanterne’s CARs and ARs.
132 ASIC submits that Mr Cozens, as sole director and responsible manager, was responsible for Lanterne’s conduct and that it may be inferred that the contraventions were a result of Mr Cozens being at least reckless as to Lanterne’s obligations as an AFSL holder. In oral submissions ASIC contended that Mr Cozens’ conduct was reckless because he communicated an awareness of the relevant provisions, or at least the content of them, to the ARs and in these circumstances it must be concluded that he consciously decided to ignore their requirements.
133 ASIC contends that despite the proceeding being issued in July 2022, and Lanterne having been aware of ASIC’s investigation since January 2021, many of the deficiencies which form the basis for the contraventions continue, and Lanterne has not put into evidence plans or proposals to remedy many of the outstanding deficiencies.
134 ASIC does accept, based on the affidavit of Mr Cozens dated 5 April 2023, that Lanterne has taken certain steps. However, ASIC maintains that significant gaps remain to be addressed. ASIC’s position is that there is little to be seen in terms of evidence that there have been changes in the conduct of the way in which Lanterne’s business is conducted and that it is not apparent whether or not the culture of the business has actually changed. ASIC submits also that Lanterne’s position of waiting for compliance orders to be made does not help the market or address the existing risk in the interim.
135 In relation to risk management (s 912A(1)(h)), ASIC accepts, based on Mr Cozens’ affidavit dated 5 April 2023 and supporting documents that Lanterne has taken the following steps:
(a) engaged Haystack Compliance to prepare a risk assessment review, which was completed in July 2022;
(b) updated its Procedures Manual to include a section entitled “Risk Management System” which appears to have been copied from the Haystack Report and which provides a framework for identifying risks and outlines who is responsible for ensuring risks are monitored and managed; and
(c) engaged Xenia Compliance Consulting on 30 March 2023 to assist in updating its compliance processes.
136 However, ASIC maintains that:
(a) there is no evidence that the updated “Risk Management System” drafted into the Procedures Manual has in fact been implemented by Lanterne nor any indication of when, how or by whom that work will be done;
(b) there is no evidence that Xenia’s work to update Lanterne’s compliance processes has yet commenced, or has resulted in any changes to the processes; and
(c) there is otherwise no evidence that Lanterne’s actual practices regarding compliance and risk management have changed to address the admitted deficiencies.
137 Accordingly, ASIC submits that many of the admitted deficiencies regarding risk management remain unaddressed, and notes that one of the steps to address the deficiencies was only undertaken shortly before the hearing on penalty.
138 In relation to training (s 912A(1)(f)), ASIC accepts that Lanterne has taken the following steps in respect of its obligations under s 912A(1)(f):
(a) since April 2021, Lanterne has offered formal training to CARs and ARs which is conducted by Haystack Compliance; and
(b) CARs and ARs are required to complete training registers which are collected twice a year and reviewed at compliance meetings between Lanterne and the CAR.
139 However, ASIC maintains that there is no evidence that Lanterne has established a program which documents the skills and competencies required by its ARs to provide the authorised financial services, and which includes a needs analysis which assesses each AR against the documented required skills and competencies. ASIC contends that this remains a significant gap in Lanterne’s compliance with its obligations under s 912A(1)(f).
140 In relation to reasonable steps to ensure compliance with financial services laws (s 912A(1)(ca)), ASIC accepts, based on the evidence filed by Lanterne, that Lanterne has taken the following steps to address the admitted deficiencies in its compliance with s 912A(1)(ca):
(a) on or after May 2021, Lanterne commenced using a platform entitled “Salesforce” to record client documentation, including background check information, training registers, and communications with Lanterne (the platform “allows” Lanterne to monitor matters arising from this information);
(b) in August 2021, Lanterne commissioned an external review by Xenia of its systems and processes for monitoring its CARs and ARs; and
(c) in December 2022, Lanterne updated its checklist for onboarding new CARs and ARs, which sets out information required from CARs and ARs and requires confirmation that the information has been provided.
141 ASIC notes that Mr Cozens also gives evidence that Lanterne has formalised its process for having compliance meetings with its CARs and ARs and keeps a record of those interactions.
142 However, ASIC submits that:
(a) there is no evidence as to whether Lanterne in fact utilises the Salesforce platform to monitor matters arising from the information recorded in the platform, nor of any formalised process to do so. Further, the example Salesforce page exhibited to the affidavit of Mr Cozens dated 5 April 2023 contains many blank cells, suggesting either that the platform is not being fully utilised to record information or that Lanterne does not possess critical information about its CARs and ARs;
(b) no documents recording or evidencing the formal process for compliance meetings has been put into evidence, so limited weight may be given to Mr Cozens’ evidence about the new process;
(c) while Mr Cozens deposed that Lanterne is working to implement the recommendations of the Xenia report, that evidence is vague and little specific information is given about the status and extent of the implementation; and
(d) there is no evidence that the other aspects of Lanterne’s admitted noncompliance have been addressed.
143 In relation to the availability of adequate resources (s 912A(1)(d)), ASIC submits that Lanterne has not filed any evidence of steps taken to address the deficiencies with its IT resources. The only evidence filed by Lanterne in relation to human resources is the introduction of a business continuity plan.
144 In relation to competence to provide financial services (s 912A(1)(e)), ASIC accepts that Lanterne has sought to appoint an additional responsible manager, and the outcome of the application, at the time of its submissions, is awaiting approval from ASIC. However, ASIC notes that no other steps have been taken to address Lanterne’s deficiencies in respect of its compliance with s 912A(1)(e).
145 ASIC submits also that the contraventions occurred over a two and a half year period and were identified by ASIC through an investigation, and not by Lanterne itself. Steps were only taken by Lanterne to address the contravening conduct after ASIC’s investigation was commenced.
146 In relation to general deterrence, ASIC submits that the penalty must be sufficient to ensure that penalties for contraventions involving obligations under s 912A(1) of the Act are not viewed as likely to be less costly than licence holders doing all that is required in the implementation of adequate risk management systems, compliance systems, monitoring and supervision of CARs and ARs, IT and human resources, and other aspects of the obligations. ASIC submits that the penalties imposed in this instance will be important to establishing the standards required of licensees in the future and informing investment decisions they will make about their systems and processes to ensure compliance with s 912A of the Act.
147 ASIC submits that specific deterrence is a relevant and important aspect of the determination of the appropriate penalty in this instance because Lanterne has indicated that it intends to continue to operate under the same business model. ASIC reiterates that any penalty must not be, nor be seen to be, an acceptable cost of doing business.
148 In this regard ASIC refers to Lanterne’s financial statements for the Relevant Period which provide the following revenue and profit information:
(a) 2020: revenue was $1,416,051 and profit before income tax was $940,301;
(b) 2021: revenue was $1,729,588 and profit before income tax was $1,716,657;
(c) 2022: revenue was $2,116,252 and profit before income tax was $1,948,656; and
(d) in the nine months ending 31 March 2023: total income was $1,017,901 and profit before income tax was $499,982.
149 Although Lanterne makes the point that not all of its profit is derived from the license fees, ASIC submits that the financial statements indicate that the largest component of Lanterne’s income was the fees it charged for CARs for operating under the AFSL. Thus, ASIC submits, while it is not possible to identify the precise benefit to Lanterne of its contravening conduct, it is apparent that Lanterne benefited from receiving fees from CARs without applying those fees to invest in the appropriate systems to ensure that the financial services provided under its licence were provided in accordance with the financial services laws. ASIC submits that Lanterne’s operating costs were minimal during the Relevant Period and significant profits were derived from the business, in circumstances where Mr Cozens is a beneficiary of the trust company that is the sole shareholder of Lanterne.
150 Having regard to these matters ASIC submits that:
(a) Lanterne prioritised the generation of profits for its shareholder at the expense of investment and expenditure to comply with the law;
(b) this conduct occurred in circumstances where Mr Cozens, based on his experience, should have been aware that Lanterne’s compliance arrangements and systems were entirely deficient and that prioritisation of, and investment in, those things was essential to ensure compliance with the law and, ultimately, protection of its CARs’ and ARs’ clients;
(c) such conduct can properly be characterised as reckless;
(d) Lanterne’s delay in implementing wholesale and effective changes to its systems and practices demonstrates that it does not yet fully grasp the importance of ensuring compliance with the general obligations of an AFSL holder; and
(e) there was an absence of contrition on the part of Mr Cozens for the significant and ongoing failures demonstrated by the absence of suitable acknowledgement of the seriousness of the contraventions and that Lanterne’s submissions evidenced an attempt to downplay or minimise the seriousness of the contraventions.
151 ASIC submits that the penalty of $1.5 million it proposes takes account of mitigating factors including that Lanterne has not previously been found to have engaged in similar conduct, or any contravention of the Act, and also that Lanterne sought to resolve the proceedings at an early stage.
152 In relation to actual loss suffered, ASIC acknowledges that there is no evidence of actual loss but it submits that this does not allow the court to make a finding that no loss or damage flowed, or that the potential losses were insignificant: Australian Securities and Investments Commission v MobiSuper Pty Limited [2022] FCA 990 at [119]-[120] (Charlesworth J) (ASIC v MobiSuper). Rather, the extent of the compliance failings and the size of the funds under management by CARs and ARs combine to create the potential for extremely significant loss and harm.
153 As has been mentioned, ASIC does not seek a penalty in relation to the contravention of s 912A(1)(a) due to the overlap between the factual matters relied upon as a basis for that contravention and the other contraventions. ASIC submits that the factual and legal elements of the contraventions of s 912A(1)(ca), (d), (e), (f), and (h) are distinct from one another and address separate and qualitatively different aspects of the business conducted by the holder of the AFSL. ASIC contends that Lanterne has contravened each requirement by a different species of conduct and therefore that the course of conduct principle does not apply and Lanterne’s conduct should be treated as five discrete contraventions of s 912A(5A).
154 Applying subsection (a) of s 1317G(6) of the Act (the court has insufficient information for the calculations under subsections (b) or (c)), the maximum penalty for one contravention by a body corporate of s 912A(5A) over the relevant period would be $10.5 million. Accordingly, the maximum penalty for five contraventions would be $52.5 million.
155 ASIC acknowledges that comparisons to penalties in other cases are of limited utility and that in any event it has not identified any other recent cases which might be used as a suitable comparator.
156 In response to Lanterne’s submission that the conduct was at the less serious end of the spectrum, senior counsel for ASIC submitted that this had a tendency to downplay the conduct in as much as it amounted to a suggestion that the contraventions were trivial in nature, rather than a reference to the absence of any obvious harm or loss arising from the contraventions. ASIC submitted that Lanterne could not say that the contravening conduct is towards the less serious end of the spectrum and still be contrite about the seriousness of the contraventions. ASIC also submitted that Lanterne’s conduct has been insufficient to demonstrate contrition, noting Mr Cozens’ affidavit of 8 May 2023 in this regard.
157 ASIC also emphasises that the present proceeding is about the responsibilities of Lanterne not its ARs, and contends that Lanterne cannot make the submission in the abstract that because there is no evidence of non-compliance on the part of the ARs they were all competent and compliant. ASIC submitted that an absence of evidence cannot give rise to any inference of compliance and competence.
158 In relation to Lanterne’s ability to pay any pecuniary penalty ordered, ASIC referred to Australian Competition and Consumer Commission v High Adventure Pty Limited [2005] FCAFC 247 at [11] where Middleton J observed:
… by focusing on the detriment to the respondents the judge ignored both the seriousness of the contravention as well as the need to fix upon an appropriate penalty by reference to the need to deter future contraventions. As the cases to which the judge was referred show, the principal, if not the sole, purpose for the imposition of penalties for a contravention of the antitrust provisions in Part IV is deterrence, both specific and general. This rule is so well entrenched that citation of authority is unnecessary. Moreover, as deterrence (especially general deterrence) is the primary purpose lying behind the penalty regime, there inevitably will be cases where the penalty that must be imposed will be higher, perhaps even considerably higher, than the penalty that would otherwise be imposed on a particular offender if one were to have regard only to the circumstances of that offender. In some cases the penalty may be so high that the offender will become insolvent. That possibility must not prevent the Court from doing its duty for otherwise the important object of general deterrence will be undermined.
ASIC contends that it is entirely irrelevant to consider the impact of the total penalty on Lanterne’s business, and it is submitted that the impact on Lanterne’s business has not been quantified and cannot demonstrably be linked in any causative way to the proceeding or what has occurred as a result of ASIC’s investigation. ASIC also submits that any penalty needs to be in addition to the costs of compliance, which Lanterne must bear.
159 ASIC submits that Lanterne’s failure to comply with its fundamental obligations as a licensee is striking given that this was the very thing that formed the basis of its business. ASIC contends that this, and the involvement of Lanterne’s senior officer, weigh in favour of a significant penalty to deter Lanterne and other licensees from disregarding critical obligations and putting ultimate consumers of the financial services at real risk of harm.
Lanterne’s submissions
160 As has been mentioned, although Lanterne admits to the contraventions alleged by ASIC and set out in the SAFA and consents to the declaratory and remedial relief sought by ASIC, its position is that the pecuniary penalty sought by ASIC of $1.5 million is excessive and disproportionate.
161 Lanterne contends that the contraventions relate to failures to have in place formal and documented processes for checking and monitoring the training, competence and compliance of its ARs, associated informality and laxity in such checking and monitoring, and a concomitant lack of resources properly to formalise, document and implement those required processes. Lanterne submits that there is no allegation or evidence of dishonesty or deliberate contravention, nor any suggestion that the ARs were not competent or properly trained or did not comply with their statutory obligations. Lanterne also emphasises that there is no suggestion that third persons have suffered any harm as a result of the contraventions.
162 Lanterne submits that the admitted contraventions occurred in circumstances where Mr Cozens had informally assessed and vetted potential clients and only admitted them as an AR if satisfied that they would comply with their obligations, and that it monitored whether clients were undertaking training and were in compliance (albeit by relying on reports from clients).
163 Lanterne notes that ASIC has not revoked its AFSL, imposed a banning order, or otherwise prevented Lanterne from carrying out its business.
164 Lanterne contends that ASIC has arrived at its proposed penalty of $1.5 million by imposing separate $300,000 penalties for each of the five contraventions, and submits that this approach does not reflect that the contraventions are overlapping and related and in this sense it results in an outcome that is disproportionate to the totality of the contravening conduct. Lanterne submits that the total penalty sought by ASIC is almost equal to its net asset position and significantly exceeds revenue and profit for FY2023. In oral submissions, counsel for Lanterne submitted that High Adventure does not stand for the proposition that the impact of the penalty on the business is irrelevant, rather that there may be cases where the contraventions are so bad that a penalty must be imposed that is so high the offender cannot bear it. It is in this context that Lanterne contends its submissions regarding seriousness are made: not to downplay the seriousness of what has occurred, but rather in response to a penalty which Lanterne submits exceeds or equals its annual profits or its net asset value and for this reason would be excessive.
165 Lanterne also submits that the proceeding has had and will continue to have a substantial detrimental effect on its business outside of any pecuniary penalty in that it has ceased taking on new clients and has lost existing clients. Lanterne will also incur the costs of carrying out the independent expert review and implementing the resulting recommendations. Lanterne submits that an aggregate penalty of $1.5 million or anything in that order would exceed what is necessary to achieve deterrence and that a penalty of $150,000 is adequate to achieve specific and general deterrence. Lanterne contends that its proposed penalty of $150,000 would account for about a third of a year’s profit and so would be a reasonable deterrent and not just a “cost of doing business”, particularly in circumstances where it has to remedy the contraventions and potentially loses business.
166 In relation to the seriousness of the contraventions, Lanterne contends that the conduct lies towards the less serious end of the spectrum. Lanterne accepts that the ultimate clients of its ARs were put at risk of harm, but submits that little significance should be attributed to this in the assessment of penalty. Lanterne does not make any admission as to the magnitude of the risk created by its conduct, and it submits that the magnitude of funds under management does not shed any light on the matter. Lanterne also rejects the suggestion that Mr Cozens was reckless as to Lanterne’s obligations. It submits that Mr Cozens evidence was that he assessed the suitability of potential clients and checked and monitored the training and compliance of those clients, albeit in an informal and undocumented way having regard to the size of his business and his degree of personal involvement. Lanterne submits that the allegation of recklessness was not pleaded, was not in the SAFA, and has not been put to Mr Cozens. Lanterne also maintains that Mr Cozens’ evidence does not suggest recklessness, and that the contraventions were careless, but not deliberate.
167 Regarding the ongoing failure to remedy the contraventions, Lanterne submits that it has taken steps towards compliance and that ASIC acknowledges this, although the exercise is not yet complete. Lanterne contends that the significance of this consideration in assessing penalty is low in circumstances where it has been aware of and accepted ASIC’s proposed regime (that is, the appointment of an independent expert review and the requirement to implement recommendations.)
168 In relation to contrition, Lanterne’s counsel referred to Mr Cozens’ affidavit of 8 May 2023 in which he deposed that:
(a) he is uncertain how ASIC formed the impression that he failed to demonstrate contrition and does not consider that to be an accurate impression for ASIC to have formed;
(b) when the proceedings were commenced by ASIC Lanterne moved quickly to seek to agree relevant facts and make admissions of contraventions where appropriate;
(c) Lanterne’s approach to agreeing facts and making admissions was motivated by a recognition that many of its systems and processes for managing risk were inadequate and required improvement;
(d) the contraventions the subject of the SAFA were unintentional and Lanterne at all times was seeking to manage the risk associated with CARs;
(e) Lanterne had failed to implement and document appropriate systems and controls;
(f) he regrets the contraventions that have occurred; and
(g) Lanterne is committed to rectifying its risk and compliance frameworks and ensuring its business is “unquestionably compliant”.
169 In relation to the suggestion that Lanterne may have delayed in making changes and not yet fully grasped the importance of ensuring its compliance with the general obligations of an AFSL holder, Mr Cozens deposed in his affidavit of 8 May 2023 that:
(a) Lanterne has sought to address many areas of concern to ASIC including updating its systems and processes for recording information provided by CARs and ARs, updating the training program, appointing a second responsible manager and engaging Xenia;
(b) Lanterne is aware of the compliance orders sought in this proceeding, has agreed to those orders, and has been operating on the assumption that through that process it would identify all matters which it was necessary to address and then be in a position to implement the necessary program of work.
170 Lanterne’s position is that general deterrence does not justify a penalty of $1.5 million where there is no evidence that it saved $1.5 million during the Relevant Period by reason of its contraventions. Lanterne submits that when weighing up whether to contravene rather than incur the costs of implementing proper systems, a person would consider the proportionate size of the penalty compared to revenue and profits as well as the other costs of the contraventions, such as the cost of the mandatory compliance regime and the adverse effect of declarations of contravention.
171 Lanterne rejects ASIC’s submission that the present case is important to establish the standards required of licensees in the future in the context of general deterrence and submits that the declarations made in this case in light of the admissions in the SAFA will serve to establish those standards. Lanterne submits that the size of the penalty does not inform this consideration.
172 In relation to specific deterrence, Lanterne has indicated that it intends to continue to operate its business, however it submits that it will do so subject to the proposed compliance regime. Lanterne submits that the penalty will not be an acceptable cost of doing business because it will not be doing business on the same basis going forward. Mr Cozens deposed in his affidavit of 8 May 2023 that ASIC’s proposed penalty would represent a very significant adverse financial impact on the business and would be what he expects to be between two and three years of anticipated future profit, which would be a significant imposition and threat to the future viability of the business.
173 In response to ASIC’s submissions regarding Lanterne’s financial position, Lanterne contends that the purpose of civil penalties is not to punish, nor to ensure disgorgement of profits. Lanterne submits that in any event ASIC accepts that it is not possible to identify the precise benefit it gained from the contravening conduct and in these circumstances it is difficult to see how a $1.5 million penalty could be appropriate. Further it is said that whether Lanterne would see the penalty as an acceptable cost of doing business must take into account the cost to Lanterne of the declaratory and mandatory compliance orders, and that the proceedings have had and will continue to have a substantial detrimental effect on Lanterne.
174 Lanterne submits that the fact that it has not been found to have engaged in contraventions previously supports a lower penalty, and it is not clear where and how these matters have been recognised and taken into account in the proposed $1.5 million figure. These matters are said to support a much lower figure.
175 Lanterne also submits that ASIC’s submission regarding the risk of harm to consumers posed by the contravening conduct downplays the relevance of the fact that there is a lack of evidence of actual harm. Lanterne contends that the significance of an absence of evidence of loss depends on the circumstances, and that ASIC v MobiSuper can be distinguished from the present case. Lanterne submits that there is no evidence and no suggestion in this case that its clients were not adequately trained, not competent, or did not comply with their financial services obligations in dealing with investors. Lanterne also contends that it did not entirely disregard training, competence and compliance of its clients; rather it addressed those matters informally such that the lack of harm cannot be said to be happenstance. Lanterne submits that the absence of evidence that investors suffered harm is relevant to the determination of penalty, and that an absence of such evidence cannot be used to justify ASIC’s proposed penalty of $1.5 million. Rather, so Lanterne submits, the absence of evidence is a factor supporting the appropriateness of a lower penalty.
176 Insofar as the assessment of penalty is concerned, Lanterne contends that ASIC’s submissions take an unduly narrow view of the course of conduct principle. Lanterne submits that different provisions will by their nature focus on different aspects of conduct, but that this is where the principle operates. It is Lanterne’s position that there is substantial overlap or interrelationship between the various contraventions. Lanterne submits that the contraventions overlap with each other such that a separate penalty for each of the contraventions would penalise Lanterne more than once for substantially the same wrongdoing. Lanterne also emphasises that it is appropriate and necessary to ensure that the total penalty imposed reflects and is proportionate to the seriousness of the conduct and is no more than what is necessary to achieve the objective of deterrence. Consequently, Lanterne submits that there is substantially one course of conduct which is at the lower end of any scale of seriousness such that a penalty of $1.5 million is substantially disproportionate to the conduct as a whole and relative to the significance of that amount for Lanterne.
177 While acknowledging that other cases are of limited assistance, Lanterne emphasises that the penalty imposed in ASIC v Mobisuper was at the bottom end of the appropriate range at $125,000. Lanterne submits that that case involved a situation where consumers were misled and subjected to an identified specific risk of causing significant harm and that the contraventions in that case were more serious than those in the present case such that it is hard to see how the range in this case could extend to ASIC’s proposed amount of $1.5 million.
The appropriate pecuniary penalty
178 The process of intuitive synthesis involved in deriving a penalty figure having regard to the relevant factors requires a weighing together of all relevant factors rather than an arithmetical algorithmic process that starts from some pre-determined figure then makes incremental additions or subtractions for each factor according to a set of predetermined rules: Murray Goulburn at [36]-[37] (Beach J). As has been mentioned, the process requires a consideration of all factors taken together by reference to the civil penalty provisions contravened, in their statutory context.
179 As I have indicated, in all the circumstances I accept ASIC’s submission, informed by Ms Birkensleigh’s report, that Lanterne’s comprehensive failures to comply with its fundamental obligations as a licensee merit a significant pecuniary penalty in order to satisfy the requirements of general and specific deterrence. Lanterne, and other licensees, must be deterred from disregarding their statutory obligations and putting the ultimate consumers of the relevant financial services at real risk of harm.
180 Taking all relevant matters into account, including a limited number of mitigating factors, I have concluded that a pecuniary penalty of $1.5 million is probably somewhat more than would be required to achieve the necessary deterrent effect and may thus be said to be inappropriate. Yet a pecuniary penalty of $150,000 would be little more than derisory and for that reason would be wholly inappropriate. As I explain below, I consider that an aggregate pecuniary penalty of $1.25 million is appropriate in all the circumstances.
Maximum penalty
181 In considering the quantum of the pecuniary penalty to be imposed on Lanterne for its admitted contraventions I have had regard to the maximum penalty prescribed by s 1317G for contraventions in the Relevant Period. I have also had regard to statements of the plurality in Pattinson, including those to the effect that:
(a) there is no place for a “notion of proportionality” in a civil penalty regime (at 457 [10] and 468 [41]-[42]);
(b) insistence upon the deterrent quality of a penalty should be balanced by insistence that it “not be so high as to be oppressive” (at 467-468 [40], citing NW Frozen Foods at 293);
(c) it is necessary to have regard to the circumstances of the contravenor and the contravention (at 474 [60]);
(d) contrition and substantial changes in an organisation’s personnel may mean that a more modest penalty is appropriate (at 470 [47]); and
(e) what is required is “some reasonable relationship between the theoretical maximum and the final penalty imposed” (citing Reckitt at 63 [156]), which will be established where the penalty does not exceed what is reasonably necessary to achieve the purpose of the provision, being the deterrence of future contraventions of a like kind by the contravener and others (citing NW Frozen Foods at 293) (at 457 [10]).
182 What follows should be understood in this context.
The nature, extent and circumstances of the contravening conduct
183 Considered as a whole, the conduct which is the subject of the proceeding and which has been described above was extensive and serious. The fact that ASIC has not revoked Lanterne’s AFSL is beside the point. I accept ASIC’s submission that the failures leading to each contravention were striking in circumstances where they were so comprehensive and consisted of failures to comply with fundamental obligations of a licensee, being the very thing that formed the basis of the business. The failures have occurred over an extended period and involved Lanterne’s senior officer. There has also been an ongoing failure on the part of Lanterne to remedy the contravening conduct. These factors weigh in favour of a significant pecuniary penalty.
184 I do not accept Lanterne’s submission that the contraventions are on the “less serious” end of the spectrum. Putting to one side whether or not this submission was an attempt to downplay the seriousness of the conduct (as ASIC submits it was), the failures were clearly comprehensive and at the more serious end. Lanterne had no risk management system, scant processes for compliance, informal and largely undocumented processes for vetting new ARs and supervising and monitoring CARs, as well as minimal staff and technological resources. It is no answer for Lanterne to say that potential clients were only accepted if Mr Cozens was satisfied that they would comply with their obligations if this was never effectively monitored. Lanterne was content to take the benefit of the fees, but it was not prepared to invest some of them in appropriate compliance systems. Lanterne’s admitted contraventions of s 912A(1) of the Act constituted substantial failures and they are unacceptable.
185 As has been mentioned, ASIC contends that Mr Cozens has been at least reckless as to Lanterne’s obligations as an AFSL holder. Lanterne rejects this characterisation, submitting that the contraventions were careless, but not deliberate. In my assessment it is unnecessary to determine whether it is appropriate to describe Lanterne’s failure to comply with its statutory obligations as reckless, and I have not proceeded on the basis that it was reckless. The real point which must be reflected in the penalty imposed is that these obligations were effectively ignored by Lanterne and in consequence the ultimate consumers of financial services were exposed to risks which could have been mitigated had there been compliance with the requirements of s 912A(1) of the Act. This requires a substantial penalty.
186 Although Lanterne’s contraventions were serious, I accept that Lanterne has taken some steps to remediate the deficiencies in its processes and procedures and has agreed to a compliance regime to be ordered by the court. Importantly, Lanterne has cooperated with ASIC in these proceedings, has not been found to have contravened the Act before, has agreed the relevant background facts and has admitted the relevant contraventions. These are, in my assessment, matters of significance. I regard these aspects of Lanterne’s conduct as supporting a slightly lower penalty than ASIC proposes, even if Lanterne has not yet implemented its new regime of compliance.
Course of conduct and totality principle
187 Lanterne submits that there are aspects of the contravening conduct that overlap such that the course of conduct principle should apply. In particular, Lanterne contends that the principle operates where there is an interrelationship between the factual and legal elements of two or more contraventions, and that there is a substantial overlap or interrelationship in this case between the subject matter of the contraventions. In all the circumstances, however, I do not consider that the course of conduct principle is of assistance in assessing the appropriate penalty and I do not accept Lanterne’s submissions on this point. As Moshinsky J observed in ASIC v AMP at 91 [122]:
[T]he “course of conduct” principle does not have paramountcy in the process of assessing an appropriate penalty. It cannot operate as a de facto limit on the penalty to be imposed for contraventions of civil penalty provisions of (in this case) the ASIC Act. The present case is one where, even if the conduct can be described as a single “course of conduct”, the contravening conduct affected a large number of members and involved the wrongful deduction of (in total) a substantial sum of money. In my view, in the circumstances of this case, the preferable approach is to have regard to the nature and extent, and the circumstances, of the contravening conduct, including its common features, rather than determining whether the conduct constitutes a single “course of conduct”.
188 Justice Moshinsky’s observations in ASIC v AMP resonate in the present circumstances. While the nature and extent of the conduct in this instance is similar, its similarity is by virtue of the fact that Lanterne had completely inadequate systems and processes in relation to multiple facets of its business and its obligations as an AFSL holder. The similarity of the conduct stems from its extent and the comprehensiveness of the relevant failures. Doing little (if anything) to comply with the obligations of an AFSL holder does not make the course of conduct principle applicable so that it operates as a de facto limit on what would otherwise be a suitable pecuniary penalty, nor does it mean that the contravening party should receive the benefit of some sort of course of conduct penalty reduction. Each of the contraventions of s 912A(1) of the Act which ASIC relies on as the basis for a penalty are separate and they reflect separate failures on the part of Lanterne.
189 As to the totality principle, it may be accepted that the various contraventions of s 912A of the Act overlap in the sense that Lanterne’s conduct has had the effect of contravening several statutory provisions. The total penalty for the various contraventions should thus be assessed in aggregate and the court should be satisfied that the total penalty is not unjust or disproportionate. I have adopted this approach in coming to the penalty amount and I am satisfied that, in the circumstances, the total penalty is not unjust or disproportionate to the conduct.
Harm / loss caused to clients
190 Lanterne admits that it put the ultimate clients of its ARs and CARs at risk of harm in relation to the financial services provided to them by the ARs and CARs under Lanterne’s AFSL. In these circumstances, I accept ASIC’s submission that Lanterne’s conduct led to a serious risk or potential for harm to consumers which was significant in circumstances where Lanterne had CARs and ARs operating under its licence with an aggregate of up to $1.685 billion under management. Although there is no evidence of actual harm in the present proceeding, this does not somehow serve to negate the risk of harm that was created by Lanterne’s contraventions. I accept that there was the potential for significant loss and harm. The penalty to be imposed must demonstrate to the market that allowing such a risk to develop will not be tolerated.
191 Insofar as Lanterne submits that ASIC v Mobisuper provides a comparison to the present case in relation to the total penalty, I do not accept that this is so. It is well established that the parity principle is generally of limited assistance in cases concerning pecuniary penalties. As Beach J observed in ASIC v Westpac (Omnibus) (at 27 [140]), it can be conceptually problematic to look at penalties in other cases to calibrate a figure for the instant case when all that one has from the other cases are single point determinations produced by “opaque intuitive synthesis”. In the present circumstances the comparisons drawn by Lanterne in relation to the penalty range in ASIC v Mobisuper are not especially helpful and significant difficulties attend doing so. Lanterne’s submissions in this regard pay insufficient attention to the extent and serious systemic nature of the contraventions in this case.
Deterrence
192 The following factors are significant in considering the importance of deterrence and achieving a balance between specific and general deterrence and oppressive severity.
Specific deterrence
193 Lanterne has indicated that it intends to continue to operate its business subject to compliance orders to be made by the court. Thus it says that the payment of a pecuniary penalty will not be seen as an acceptable cost of doing business because it will not be doing business on the same basis going forward. Accepting this to be the case, I do not accept that Lanterne’s proposed penalty of $150,000 would achieve an appropriate level of specific deterrence. There has been no relevant change in personnel at Lanterne, and the compliance regime envisaged by the orders proposed by the parties has not yet been implemented. In these circumstances Lanterne has apparently only taken limited steps to reform its processes and systems, and there is more to be done. In light of what has occurred, it is important that Lanterne ensure that it has robust systems in place going forward across the spectrum of the financial services that it provides.
194 Lanterne’s capacity to pay and its resources are relevant considerations in determining the size of the penalty, but only in the sense that while the size of a corporation does not of itself justify a higher penalty than might otherwise be imposed, it may be relevant in determining the size of the pecuniary penalty that would operate as an effective specific deterrent: ASIC v Westpac (No 3) at 594 [49(d)]. As has been mentioned, Lanterne submits that ASIC’s proposed penalty of $1.5 million is almost equal to its net asset position and exceeds revenue and profit for FY2023, while its proposed penalty of $150,000 (effectively $30,000 per contravention) is about a third of a year’s profit. Mr Cozens deposed in his affidavit of 8 May 2023 that ASIC’s proposed penalty would be a significant imposition and a future threat to the viability of the business. In response ASIC submits, and I accept, that there is no evidence that Lanterne does not have the capacity to pay a significant penalty. Mr Cozens does not say that Lanterne will be unable to continue, only that a penalty in the dimension sought by ASIC would make it difficult for Lanterne. In all the circumstances I consider that the penalty needs to be sufficiently substantial to demonstrate to Lanterne that its business should not have been conducted on the basis that it has been conducted. A penalty of $150,000 would, in my assessment, be entirely insufficient to achieve effective specific deterrence. A much higher penalty is required, and the fact that Lanterne will be met with increased compliance costs going forward is not the point.
General deterrence
195 There is plainly a need to impose a penalty to deter other businesses in a similar position from engaging in such conduct. This is a consideration of the highest importance. Having regard to the comprehensive failings of systems, processes and procedures which have occurred with respect to Lanterne, it is necessary that the penalty ordered be significant (without being disproportionate or oppressive), and signal the court’s disapproval of the contraventions. It must also be sufficient to convey to market participants the standard of corporate behaviour which is expected, and the importance of ensuring that systems and processes are adequate to ensure compliance with regulatory requirements. ASIC notes that this is one of the first litigated cases relating to a “licensee for hire” business and the contraventions here go to the core of that business model. Contrary to Lanterne’s submission that the declarations will establish the standards required by licensees in the future and that the size of the penalty does not inform the matter, I consider that the declarations and the penalty together are critically important in setting the standards required of licensees in the future and the standards of behaviour expected of AFSL holders. The overriding purpose of s 912A(1), and Ch 7 of the Act, supports a substantial penalty to ensure financial services licensees comply with their statutory obligations.
Conclusion on pecuniary penalty
196 I have accepted that the contraventions in the present case were serious. They were comprehensive, they covered various areas of the business, and they continued over a sustained period of time. They were identified by ASIC through its own investigations rather than by Lanterne reporting the deficiencies to ASIC. It is noteworthy that the contraventions occurred in the context of the increased public and regulatory focus on the obligations of AFSL holders brought about by the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry. Lanterne, through Mr Cozens, should have known better.
197 As Allsop CJ observed in Australian Securities and Investments Commission v Australia and New Zealand Banking Group Limited (No 3) [2020] FCA 1421 at [74], market efficiency, upon which consumer confidence rests, relies on reliability, good faith, fairness and honesty of conduct. These obligations are of fundamental importance, and they underpin the efficient functioning of the Australian economy. It is important never to lose sight of them. It must be made clear to Lanterne, and to all businesses, that consumers are to be dealt with in the way for which Parliament has legislated. The community is entitled to expect that robust systems and processes will be put in place and maintained in the market for financial services, in accordance with statutory obligations, to ensure that the risks posed by the conduct of the kind which has occurred in this case does not occur.
198 Whatever may be said about Lanterne’s failure to comply with legislated norms of corporate behaviour and whether there was an element of recklessness in the behaviour, the fact is that there was such a failure. Lanterne’s contraventions of the Act are deserving of a significant penalty to achieve the objectives of specific and general deterrence in light of what has occurred.
199 Although I have given serious consideration to acceding to ASIC’s submissions that the total penalty should be $1.5 million, there are mitigating factors which I have taken into account in determining that a slightly lesser penalty would be appropriate. These include that Lanterne has worked with ASIC in agreeing to and admitting the facts and contraventions outlined in the SAFA, and that Lanterne has not been found to have engaged in similar conduct in the past. Lanterne has agreed to a compliance regime to be put in place by the orders that will be made. Whatever the actual position, Mr Cozens at least says that he is contrite about what has occurred.
200 In weighing all these matters, and endeavouring to balance the need for specific and general deterrence with the importance of ensuring that the amount of the pecuniary penalty is not so high as to punish and be oppressive, I consider a pecuniary penalty of $1.25 million to be appropriate in the circumstances of this case. This equates to $250,000 for each relevant contravention of the Act. Anything less, in my assessment, would be insufficient to achieve the relevant objectives.
Compliance Orders
201 Section 1101B(1) of the Act provides the court with a broad discretionary power to make such orders it sees fit where a contravention of Ch 7 of the Act has been established. Section 912A is to be found within Ch 7.
202 In this instance ASIC seeks and Lanterne consents to certain compliance orders. ASIC submits that the making of compliance orders by consent in this instance would achieve the overall purpose of upholding or restoring public confidence in Lanterne as an AFSL holder, and that the orders are directly connected to Lanterne’s contravening conduct. ASIC also submits that in circumstances where Lanterne has not addressed all of the admitted deficiencies, it is appropriate for the court to make compliance orders directed towards rectification of those deficiencies.
203 Given that the compliance program orders sought by ASIC are consented to by Lanterne, and they appear to be suitable, it is appropriate that they be made. The regime to be put in place will ensure that Lanterne is brought into a state of compliance through the appointment of an independent expert review and the requirement to implement recommendations arising from that review.
204 There will be compliance regime orders in the terms proposed.
Costs
205 At the hearing, counsel for Lanterne submitted that Lanterne may wish to make further submissions regarding any order as to costs having regard to the Birkensleigh report. There was agreement between counsel that such submissions could be confined to a page, or less. Accordingly, there will be an order that the parties may make submissions of no more than one page as to costs within the next 14 days. The question of costs will then be determined on the papers.
I certify that the preceding two hundred and five (205) numbered paragraphs are a true copy of the Reasons for Judgment of the Honourable Justice McEvoy. |
Associate:
