Legal development

Cause for Complaint?  First ruling on compliance with Internal Dispute Resolution procedures

By Mark Bradley, Angus Ross, Scott Charaneka, Angela Pearsall and Samantha Carroll

13 May 2026

Share Share
Print
pattern
Share
Print

    What you need to know

    • The Federal Court has issued the first judgment on a contested civil penalty claim alleging contraventions of the internal dispute resolution (IDR) obligations under Regulatory Guide 271 (RG 271). The case clarifies foundational principles in relation to IDR obligations.
    • ASIC was partly successful in establishing contraventions of the IDR obligations by Telstra Super. Among other things, the Court concluded that an IDR delay notification, where a response cannot be given within the applicable timeframe, must reflect consideration of why it is not possible to comply with the timeframe for the particular complaint and articulate the reasons for that, rather than giving a generic response whenever the timeframe was exceeded.
    • ASIC was not successful in establishing a breach of the obligation to adequately resource complaints under RG 271.142 or of the "efficiently, honestly and fairly" obligation. The Court accepted that perfection was not the standard under either obligation, and that while there had been times where resourcing was too limited, Telstra Super had actively reviewed and adjusted the number of staff addressing complaints, while being impacted by factors beyond its control. Further, while a number of contraventions of enforceable provisions of RG 271 were established, this was not of itself sufficiently serious to breach the "efficiently, honestly and fairly" obligation.

    What you need to do

    • Licensees should review the internal dispute resolution procedures, including in relation to IDR delay notifications, in light of the judgment.

    Enforceable Internal Dispute Resolution Requirements

    Financial services and credit licensees are required to have an IDR procedure compliant with the enforceable provisions of RG 271 and to comply with that procedure. The enforceable provisions include strict timeframes for responding to complaints, subject to limited exceptions for complexity and circumstances beyond the licensee's control.

    In ASIC v Telstra Super Pty Ltd [2026] FCA 527, the Federal Court considered the scope of a licensee's enforceable obligations under RG 271, as well as the important related question of whether a breach of those obligations is also a breach of the "efficiently, honestly and fairly" obligation under s 912A(1)(a) of the Corporations Act 2001 and s 47(1)(a) of the National Consumer Credit Protection Act 2009.

    This update considers how the Court interpreted the IDR obligations and the lessons for licensees.

    The decision

    ASIC brought proceedings against Telstra Super alleging that, across 323 complaints received between 22 October 2021 and 13 January 2023, Telstra Super committed 204 breaches of its IDR procedure across 125 complaints. ASIC alleged that Telstra Super had contravened both s 912A(1)(g) (the obligation to comply with the IDR procedure) and s 912A(1)(a) of the Corporations Act. Telstra Super admitted 38 failures to comply with the IDR procedure but otherwise contested the allegations.

    Neskovcin J found a number of breaches of s 912A(1)(g) but rejected others, and found that there was no breach of the efficiently, honestly and fairly obligation. In doing so her Honour ruled on a number of important issues in relation to the operation of IDR procedures.

    Is the obligation to comply with the IDR procedure valid and enforceable?

    ASIC accepted that Telstra Super's IDR procedure complied with the requirements of RG 271. The question was whether Telstra Super had complied with its own procedure. The obligation to do so was not originally in the Corporations Act but has been inserted by the ASIC Corporations, Credit and Superannuation (Internal Dispute Resolution) Instrument 2020/98 (IDR Instrument). Telstra Super challenged the legality of the IDR Instrument on a number of grounds, including that it was unreasonable because it would make it a breach to fail to comply with an IDR procedure that went beyond the minimum standards in RG 271. Neskovcin J rejected those arguments and held that the Instrument was valid, but noted ASIC's arguments that the licensee would not be in breach to the extent that the IDR procedure imposed obligations on staff going beyond minimum requirements, even if staff failed to comply, and that the Instrument could be severed or partially disapplied to the extent that it went beyond the minimum requirements. These arguments may be important to the extent that licensees' IDR procedures go beyond the minimum standards in RG 271.

    Addressing multiple expressions of dissatisfaction – one complaint or two?

    Telstra Super in some cases argued that a member had made more than one complaint over a series of communications, with the first being dealt with within 5 business days and the second being dealt with within the applicable 45 day time limit from the date of the second complaint. ASIC contended that there was really a single complaint which developed over time. Neskovcin J held that the question was whether the expressions of dissatisfaction had a "sufficiently different subject matter", with it also being relevant whether the licensee had in fact treated the complaints as distinct. In one of three cases, there were two distinct complaints and ASIC's contention failed.

    The practical consequence is that, where expressions of dissatisfaction relate to genuinely distinct subject matter, there can be benefit in recording and treating them separately rather than treating them as adding to the first complaint even if it has not yet been resolved – particularly if more time is needed for the second complaint. However, drawing technical distinctions or relying on additional information being provided about the same subject matter is unlikely to support treating two communications as two separate complaints, and the time limit will generally run from the first complaint.

    Closing complaints within 5 business days – exception to the requirement to provide an IDR response

    Generally, licensees are required to provide a formal IDR response to a complaint within specified timeframes. There is an exception where the firm closes the complaint to the customer's satisfaction, or gives the complainant an explanation or apology where it can reasonably take no other action, within 5 business days after receipt.

    Telstra Super sought to rely on that exception in 18 cases on the basis that they had been objectively resolved, despite the fact that it had not marked the complaints as "closed" within its systems and, in some cases, had undertaken further IDR processes in relation to the complaints after the 5th business day.

    Neskovcin J rejected those arguments, concluding that for the exception to apply the complaint must be recorded as closed in the licensee's systems (except where that is done incorrectly) and/or regarded by the licensee as closed (where that outcome was not recorded, by oversight). It was not possible to retrospectively conclude that the complaints had objectively been closed to avoid the obligation give an IDR response.

    The Court placed importance on the licensee's systems for recording and managing complaints: absent clear evidence of a contemporaneous decision to close the complaint (such as recording it as closed in the system) the exception is unlikely to apply.

    No reasonable opportunity exception to the requirement to provide an IDR response

    A licensee does not have to provide an IDR response within the RG 271.56 timeframes where there is no "reasonable opportunity" for it to provide the IDR response because it is particularly complex and/or circumstances beyond the firm's control are causing delays: RG 271.64-65. To invoke this exception, the licensee must send an IDR delay notification including the reasons for the delay, the right to complain to AFCA and AFCA's contact details: RG 271.66.

    Neskovcin J held that Telstra Super was unable to rely on this exception because it had sent a generic IDR delay notification stating that the timeframe could not be met because investigations were ongoing. Telstra Super did not turn its mind to whether the criteria were met in the particular case. In the Judge's view, to invoke the exception, the application of the criteria to the complaint needed to be assessed, and sufficient specific detail given in the notification, having regard to its purpose which was to inform the complainant about the progress of the resolution and provide reasons why the delay had occurred.

    In the alternative, if the test was an objective one, her Honour reasoned that Telstra Super bore the burden of showing that it fell within the exception and, save in a few cases, it had not done so. While the wide range of general circumstances which Telstra Super said were beyond its control, including the COVID-19 pandemic, an unexpected period of leave for an experienced complaints officer and regulatory notices, were potentially the kind of circumstances contemplated by RG 271.65, the cause of the delay and its effect on the particular complaint had to be outside the licensee's control – firms should have a degree of "in-built slack" to deal with developments. Telstra Super also failed to prove a causal connection between those circumstances and particular delays.

    The practical upshot is that licensees are expected, before sending IDR delay notifications, to turn their mind to whether the complaint can be responded to within the timeframe and record the reasons for invoking the exception, rather than providing generic responses. A high level response may be sufficient – the Judge did not determine the precise level of detail required – but this may add to the administrative challenge of dealing with more protracted complaints, particularly for licensees dealing with larger complaint volumes. Further, it appears that the courts will not readily be satisfied with the invocation of general circumstances to justify exceeding the mandatory time limits.

    Telling customers about the right to go to AFCA where they have already complained to AFCA

    The Court concluded that, where customers had already complained to AFCA, the IDR response or delay notification still needed to inform the customer of their right to complain to AFCA and provide AFCA's contact details. Telstra Super's responses were non-compliant because they merely acknowledged the AFCA complaint. This highlights that strict compliance with the enforceable provisions of RG 271 is required.

    Informing customers about the right to complain to AFCA where AFCA lacks jurisdiction

    The Court concluded that Telstra Super was obliged to inform members of their right to complain to AFCA even when (for technical reasons since addressed through retrospective legislation) AFCA in fact lacked jurisdiction to hear the complaints.

    The Court reasoned that it was not for the licensee to determine the extent of AFCA's jurisdiction. Again, this highlights the expectation for strict compliance.

    Adequately resourcing the complaints function

    RG 271.142 requires that the IDR process must be resourced so that it operates "fairly, effectively and efficiently". The parties agreed that this was to be read consistently with the "efficiently, honestly and fairly" standard under s 912A(1)(a).

    Neskovcin J observed that RG 271.142 was a forward-looking obligation, directed at ensuring that the system "produce[s] the intended result, namely, the just and timely resolution of complaints, avoiding unnecessary delays or complexity." This required steps to be taken so that the IDR process operated in a way free from bias or injustice, and which met a reasonable standard of performance which the public was entitled to expect. However, as with s 912A(1)(a), the standard was not one of perfection.

    The Judge reviewed the development of Telstra Super's complaints function and resourcing over time in some detail, before ultimately concluding that ASIC had not established a breach. ASIC's case focused mainly on the complaints team not having adequate staff numbers to deal with the volume of complaints, and internal reporting indicating that Telstra Super was aware of that problem but did not take steps quickly enough to address it. Neskovcin J concluded that there was no breach, based on evidence from Telstra Super that it had turned its mind to the optimal resourcing mix for complaints handling, adjusted its approach over time and been hampered by the impacts of the unexpected leave of a critical staff member and the COVID-19 pandemic. The training offered to staff was also deemed adequate in all the circumstances.

    The case thus provides helpful guidance that active and reasonable consideration and adjustment is required to meet the resourcing obligation, but the mere fact resourcing is not always optimal, leading to some breaches of timeframe requirements, will not be sufficient to show a breach. It is possible that a more onerous standard could be applied outside of the superannuation context – the Judge noted the need in that context to balance resourcing and burdening members with expenses - but the observations seem likely to have broader relevance given the overall standard is not one of perfection but reasonableness.

    The "efficiently, honestly and fairly" obligation

    ASIC alleged a breach of s 912A(1)(a), principally relying on the number of contraventions of s 912A(1)(g), Telstra Super's alleged actual or constructive knowledge of some of those failures, alleged misleading communications to customers in IDR delay notifications, and actual or constructive knowledge that it had not provided resources and training to enable compliance with the complaints obligations. Neskovcin J adopted what is becoming the orthodox approach to the "efficiently, honestly, and fairly obligation", highlighting that:

    • Notwithstanding some suggestions to the contrary, "efficiently, honestly, and fairly" is a compendious concept rather than imposing three separate tests.
    • The obligation is forward-looking, requiring steps to be taken to ensure that failures will not occur in the future. This focuses attention on whether the licensee should have taken additional steps to prevent an error or specific contravention, and means that the mere fact errors or contraventions of other legislation have occurred does not establish a breach.
    • Breach of s 912A(1)(a) does not depend on breaches of other more specific obligations, such as s 912A(1)(g), although the existence of specific breaches can be relevant.
    • An important focus of the inquiry, at least in cases where there is no dishonest or seriously unethical conduct, is on whether the licensee fell below a reasonable standard of performance – in this case, in taking steps to enable it to meet its specific obligations in relation to complaints. The standard is not one of perfection.

    Her Honour concluded that there was no breach, noting that:

    • The IDR delay notifications were not misleading, albeit uninformative.
    • The resourcing breaches were not established, for similar reasons to those for RG 271.142, and emphasising again that forward-looking steps had been taken to meet Telstra Super's IDR obligations which, while not completely successful, did not fall below a reasonable standard of performance .
    • The contraventions established were less extensive than alleged by ASIC. While her Honour was at pains to emphasise the importance of timely and compliant responses to the complaints, those contraventions were not sufficiently serious that their occurrence meant that Telstra Super had not met a reasonable standard of performance in seeking to comply with its obligations.

    This is another case where ASIC led no evidence of the standard of performance required to comply with s 912A(1)(a) and was not successful. There were similar outcomes in ASIC v CBA [2022] FCA 1422 and ASIC v NAB (2022) 164 ACSR 358. This highlights the challenges for ASIC in establishing a breach where the respondent puts forward evidence explaining its approach, in a context where perfection is not expected and there is no clear benchmark for a reasonable standard of performance.

    Wider implications

    The decision clarifies important matters in relation to the complaints handling obligations in RG 271, subject to the possibility of appeal.

    Licensees should review their IDR procedures having regard to the judgment, including the requirements for IDR delay notifications to be properly considered and documented, and consider whether they have taken, and documented, sufficient steps to resource and manage complaints functions to comply with the obligations under RG 271.142 and s 912A(1)(a). The observations may also be of assistance in considering breach reporting obligations.

    More broadly, while ASIC has established some foundational principles in relation to RG 271, it was ultimately unsuccessful on several points and the Judge accepted that, while the complaints obligations were important, the existence of some non-compliance did not necessarily lead to a breach of the efficiently, honestly and fairly obligation – reflecting the reality that few, if any, licensees achieve perfect compliance with the complaints obligations in all cases. It will be interesting to see how the Judge approaches the assessment of penalty in due course.

    Further, the case highlights the challenges for ASIC in establishing breaches of evaluative standards of licensee conduct without presenting expert or other evidence setting a practical benchmark of performance.

    Other author: Charlie Crawford, Graduate.

    Ashurst Risk Advisory Pty Ltd is a proprietary company registered in Australia trading under ABN 74 996 309 133 and is part of the Ashurst Group.

    The Ashurst Group comprises Ashurst LLP, Ashurst Australia and their respective affiliates (including independent local partnerships, companies or other entities) which are authorised to use the name "Ashurst" or describe themselves as being affiliated with Ashurst. Some members of the Ashurst Group are limited liability entities.

    The services provided by Ashurst Risk Advisory Pty Ltd do not constitute legal services or legal advice, and are not provided by Australian legal practitioners acting in that capacity. The laws and regulations which govern the provision of legal services in the relevant jurisdiction do not apply to the provision of non-legal services. For more information about the Ashurst Group, which Ashurst Group entity operates in a particular country and the services offered, please visit www.ashurst.com.

    This material is current as at 13 May 2026 but does not take into account any developments after that date. It is not intended to be a comprehensive review of all developments in practice, or to cover all aspects of those referred to, and does not constitute professional advice. The information provided is general in nature, and does not take into account and is not intended to apply to any specific issues or circumstances. Readers should take independent advice. No part of this publication may be reproduced by any process without prior written permission from Ashurst. While we use reasonable skill and care in the preparation of this material, we accept no liability for use of and reliance upon it by any person.

    Key Contacts