Financial services licensees will be well aware that they are required to comply with the financial services laws and the conditions of their licence. They are also required to self-report to ASIC significant breaches of those laws.

In order to show that these obligations are being met some form of compliance program will need to be established. The actual form which this program takes will be dependent on the size of the organisation and the nature of the financial products and services that are involved.

Operating compliance programs is an additional cost of running a business which results in financial pressures to keep them as basic as possible. However, such an attitude ignores the value that effective compliance arrangements can have when a compliance failure does arise (as one almost certainly will).

The recent Federal Court case of ACCC v BUPA Aged Care [2020] FCA 602 shows the value of having compliance arrangements that are both fit for purpose and which are effectively applied to day-to-day business operations. It also shows that there is much to be gained by self-reporting your compliance failures to ASIC before they otherwise come to the regulator's attention.

The background to the BUPA case

As its name suggests, BUPA operates a large number of aged care facilities.

Between April 2013 and June 2018 BUPA charged certain fees to residents of its aged care facilities. These fees were for packages of "extra services" to be provided to residents, including items such as:

  • colour-coordinated décor and quality room fittings;
  • individually controlled room heating and cooling;
  • superior brand name toiletries;
  • separate external buildings available for residents' leisure activities;
  • provision of maximum intellectual stimulation within the resident's individual capacity;
  • provision of an escort to outside appointments;
  • courtyards with children's play areas and gardens for resident use;
  • personalised meal choices and printed menus;
  • dedicated massage and physiotherapy rooms; and
  • a cocktail hour at least three times a week.

Unfortunately for those residents paying for these extra services, life in the BUPA aged care facilities was less utopian than they might have anticipated because, in many instances, BUPA failed to supply these services, either in whole or in part.

BUPA reported and admitted to various contraventions of the Australian Consumer Law resulting from its failure to supply these services. The ACCC then took Court action against BUPA seeking to impose penalties for the contraventions.

The ACCC agreed with BUPA to a 50 per cent discount on the penalty (which was still a rather substantial $6 million - on top of the $18 million in compensation to residents that BUPA would also be paying) for reasons including BUPA's admissions, early cooperation and willingness to implement a comprehensive compliance program.

The Court's decision in relation to the penalty

The Federal Court was required to approve the amount of the agreed penalty.

The Court held that BUPA had not made deliberate attempts to mislead or deceive the affected residents. Instead, the Court found that there were "insufficient" compliance systems and controls in place at BUPA to detect when extra services were not being provided to residents who had paid for them.

The agreed penalty was approved by the Court - despite the Judge expressing concern that the agreed penalty was on the low end of the appropriate range. However, the Court was satisfied that the proposed penalty was appropriate due in large part to:

  • the breadth of the customer remediation undertaken by BUPA;
  • the compliance measures that BUPA had undertaken and agreed to undertake; and
  • BUPA's early admission and ongoing cooperation with the ACCC.

In particular, the Court looked favourably on the fact that BUPA:

  • self-reported the contraventions to the ACCC;
  • consulted with the regulator to design and implement a remediation program;
  • took steps to improve its governance systems and processes immediately after the contraventions were discovered;
  • agreed to create a new compliance function, which included adequate resourcing, complaints and feedback reporting and simplifying staff manuals;
  • implemented a customer remediation plan; and
  • had expressed its contrition to affected residents both publicly and privately.

Take outs from the decision

BUPA's contraventions of the law rightly ended up costing it a large sum of money. However, that amount would have been a lot higher had it not taken the actions which it did once the contraventions were identified. Its situation would have been even better if it had implemented proper compliance arrangements in the first place.

The decision highlights that effective compliance programs will be viewed favourably by regulators and courts when assessing penalties for contraventions. Further, even if a licensee's compliance programs were not sufficient to prevent a contravention, quickly improving or implementing compliance procedures once a contravention is identified could still lead to lower penalties.

The decision also shows that regulators will tend to be more lenient in relation to internally identified and self-reported contraventions of the law compared with situations where the licensee was not aware of the contravention prior to it coming to the regulator's attention.

The fact that the licensee undertakes significant compliance assessment and remediation measures following a contravention will also be looked on favourably by regulators.

Is your compliance program fit for purpose?

At Holley Nethercote, we have considerable experience in designing and reviewing compliance programs for financial services and credit licensees and for AML/CTF purposes. We also sit as external members on compliance committees for a range of financial services businesses.

In our experience, a fit for purpose compliance program should address:

  • developing a corporate culture that expresses a commitment to compliance;
  • the identification and risk assessment of applicable compliance obligations;
  • the implementation of an effective compliance policy and procedures;
  • the operation of a complaints handling system and remediation process;
  • the appointment of qualified compliance staff and a dedicated compliance committee;
  • direct compliance reporting lines to senior management and the directors;
  • staff induction and ongoing training on compliance obligations;
  • potential adverse consequences for staff involved in compliance failures coupled with whistle-blower protections;
  • periodic reviews and updating of the program; and
  • prompt implementation of adjustments to the program to reflect periodic reviews, complaints and identified compliance failures.

There are also a number of Australian and International Standards that cover compliance arrangements and complaints procedures which provide useful guidance on good practice in this area.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.