Breach reporting and evidentiary issues for regulators
What you need to know
- While the 'why not litigate' world may lead our regulators to pursue more breaches through the courts, it is not all one way traffic.
- Reports and documents created for internal investigations and breach reports 'after the fact', may be of limited evidentiary value in proceedings alleging contraventions of regulatory obligations. It is unlikely that statements about breaches of obligations in such reports and documents will, of themselves, represent admissions that can be used against regulated entities in litigation.
Background
Earlier this year Government released an exposure draft of legislation to reform the breach reporting regime for Australian financial services and credit licensees. As we reported at that time, the proposed legislation, if passed, will significantly expand the matters which financial services licensees will have to report to ASIC under s 912D of the Corporations Act. The objective is that it be easier and faster for ASIC to investigate and pursue breaches of the Corporations Act.
On 8 May 2020, the Government announced a six month deferral of the introduction of Hayne Royal Commission related legislation, including the draft legislation in relation to breach reporting. In the meantime, ASIC has pressed ahead with mandating the use of its regulatory portal to submit breach reports. The portal requires licensees to provide a response to a range of detailed questions for each identified breach. We'll discuss this in more detail in a future Breakfast Bite.
If the Government's anticipated breach reporting reform comes into effect and the breach reporting floodgates are opened, financial services and credit licensees might take some comfort in a recent decision of the Federal Court of Australia which held that breach reports, of themselves, did not represent admissions of contravening conduct.
Australian Prudential Regulation Authority v Kelaher [2019] FCA 1521
In Australian Prudential Regulation Authority v Kelaher [2019] FCA 1521, APRA pursued IOOF superannuation trustees and some of their directors and officers for alleged contraventions of the Superannuation Industry (Supervision) Act 1993 (the SIS Act). The claimed breaches of the SIS Act involved decisions by the trustees which APRA asserted were not made in the best interests of members, and alleged failure to act with due care and skill. In a lengthy judgment, Justice Jagot held that APRA failed to prove any contraventions of the SIS Act, and dismissed APRA's case with costs.
APRA had sought to prove its case by relying entirely on documents created by IOOF. Its principal evidence comprised of IOOF documents brought into existence for the purpose of internal investigations and self-reporting, including breach notices lodged with APRA by IOOF, and reports to IOOF's board, stating that certain matters were considered to be significant breaches of the SIS Act. APRA relied on those documents as admissions by IOOF of the contraventions that APRA was asserting.
Justice Jagot found, among other things, that the statements in those documents did not constitute admissions. They were expressed at a high level of abstraction, with assumed knowledge of IOOF's systems, policies and processes (which APRA did not seek to separately prove), by authors whose qualifications and experience were not put before the Court. They were prepared with the benefit of hindsight after investigating previously unknown circumstances, whereas establishing breaches of the SIS Act required assessment of the objective circumstances that existed at the time of the conduct, about which APRA did not present any evidence. In short, the statements in the documents relied on by APRA were inadmissible opinions. Whether or not there were breaches of the SIS Act was a legal conclusion that was a matter for the Court based on all the evidence, not something that could be effectively admitted via such documents. It was for APRA to prove the primary facts on which its allegations of contraventions depended and in the Court's view, the way in which it sought to do so was fundamentally inadequate.
Implications for the use of breach reporting in subsequent litigation
The IOOF case should serve as a timely reminder that regulators, armed with a range of new powers, are still subject to uniform evidence provisions and related burdens of proof. This is notable as the breach reports required under a range of financial regulatory regimes (including the breach reporting regime for financial services licensees) are usually prepared with the benefit of hindsight and expressed at a high level without regard to rules on the admissibility of evidence. That does not mean that the content of breach reports can never serve as evidence in subsequent litigation. Nevertheless, the decision in Kelaher exposes the limitations of those reports as an evidentiary foundation for claims of regulatory contraventions. In light of the IOOF case, one can expect that the regulators will invest more effort in gathering primary evidence to support such claims.
While the proposed new breach reporting legislation will likely increase the number of breaches reported to the regulators, it does not give them a free pass through the courts.
Authors: Rani John, Partner and Tim Hardwick, Senior Associate.
Key Contacts
We bring together lawyers of the highest calibre with the technical knowledge, industry experience and regional know-how to provide the incisive advice our clients need.
Keep up to date
Sign up to receive the latest legal developments, insights and news from Ashurst. By signing up, you agree to receive commercial messages from us. You may unsubscribe at any time.
Sign upThe information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
Readers should take legal advice before applying it to specific issues or transactions.