‘Gatekeepers' to the board: regulators' changing expectations of general counsel - Corporate Governance

General counsel have never been under such intense scrutiny. Regulators including the Australian Securities and Investments Commission (ASIC) are zeroing in on officers like general counsel, whom ASIC regard as 'gatekeepers', and seeking to hold them responsible for ensuring the prevention of corporate misconduct.

What are the regulators' expectations of general counsel in managing and highlighting risk? And how do these dynamics impact the role and the potential liability of general counsel?

For many years, those of us interested in the area of governance and directors' duties have been watching ASIC's prosecution 'slate' waiting for the next big 'stepping stone' prosecution.

Many thought it would come out of the Crown Resorts Sydney, Melbourne and Perth casino inquiries, which identified much evidence of senior officers having overseen endemic widespread and serious non-compliance over a number of years – non-compliance that, if not strictly illegal, had caused significant reputational damage and consequent financial loss to the company (including its employees) and its shareholders. Notwithstanding this, there were no cases launched by ASIC against any officers for these missteps.

But then came the Star prosecution, in which ASIC commenced civil penalty proceedings in the Federal Court against 11 current and former directors and officers of The Star Entertainment Group Limited (ASX: SGR) (Star) (discussed in detail below). What made Star different? Maybe it was a perfect storm (at least for the 11 individuals involved) of:

an ASIC Commissioner with a strong belief in 'Gatekeeper Theory' and looking to test it as an enforcement thesis (below); and
' serious and systemic' breaches of federal law occurring over a number of years.

But maybe the biggest issue was the senior management of Star not observing what was happening at Crown and taking immediate steps to stop behaviour that ASIC thinks Star management knew, or ought to have known, gave rise to risks posed by gambling junket Suncity (and junkets generally) in respect of non-compliance with anti-money laundering laws. To ASIC, it seems this foreseeable risk ought to have been better managed by the defendants.

Star – the facts of the case

ASIC commenced civil penalty proceedings in the Federal Court against 11 current and former directors and officers of Star for alleged breaches of their care and diligence duties owed to the company under s 180(1) of the Corporations Act 2001 (Cth). One of those officers was the former group General Counsel. ASIC alleges that Star's board and executives failed to give sufficient focus to the risk of money laundering and criminal associations that were inherent in the operation of a large casino with an international customer base.

This is another 'stepping stone' case brought by ASIC, and is one of very few cases ASIC has sought to bring under s 180(1) of the Corporations Act against officers who are not directors.

The Star prosecution follows the traditional mechanism for a stepping stone case. ASIC alleges that Star's officers failed to exercise the degree of care and diligence that a reasonable person would have exercised in her or his position during the relevant period to 'prevent a foreseeable risk of harm to the interests of the company'. These claims align with comments by then Chief Justice Tom Bathurst that directors and officers could be liable for conduct falling short of a strict breach of the law, which is nevertheless inappropriate or unethical, where such conduct results in significant reputational damage with consequent financial implications.

ASIC does not need to establish that Star necessarily breached the law but rather that the officers' conduct in exposing Star to a potential breach was a breach of the care and diligence obligation. In particular:

that the General Counsel of Star should have taken all reasonable steps to ensure that Star complied with its legal obligations and protected Star from legal risks; and
that the General Counsel failed to take reasonable steps to ensure the board of directors of Star was informed of matters that created or increased a risk that Star would breach its legal obligations.

Cassimatis^¹ showed that a contravention of the law is not a necessary precondition to a breach of directors' duties and that the protections of s 180(1) extend to an obligation to protect a corporation's reputation. While ASIC has emphasised corporate reputation in the Star prosecution, it is not suggesting that this is a case solely involving an issue of reputation. The ASIC case alleges that Star was exposed to the risk it would breach the relevant anti-money laundering / counter-terrorism financing (AML/CTF) legislation. But ASIC is not seeking to prove breaches of that regime. In that respect the case sits better with Vocation,^² in which it was clear that Vocation breached the Corporations Act (i.e. failing to make adequate disclosure). In that case, ASIC showed how, by exposing Vocation to the disclosure breach, the Chair, CFO and CEO had breached their duty of care owed in failing to 'prevent a foreseeable risk of harm to the interests of the company'.

ASIC alleges that the conduct of the officers exposed Star to harm by creating or increasing the risks that:

Star group entities would fail to meet their AML/CTF obligations;
Star's relationship with one of its lenders would be undermined;
Star would suffer significant reputational damage; and
Star would be exposed to investigations by state and federal regulators and to inquiries and legal proceedings resulting from those investigations.

Business judgment rule and stepping stones

For every officer who finds themselves threatened with a stepping stone prosecution, the question that inevitably arises is whether the business judgment defence (s 180(2) of the Corporations Act) will be available. Reliance on this defence requires the individual to show (among other things) that he or she has made a business judgment in good faith, for a proper purpose and rationally believed their judgement to be in the 'best interests' of the company.

Since the onus is on the officer to establish each of the different elements, it has proven quite difficult for officers to rely upon this defence. Unfortunately, the stepping stone cases (and most cases of directors' negligence) contain very few instances where the business judgment rule has aided directors or company officers to avoid liability. This is particularly so in cases where the company's contravention has involved a failure to make disclosure, on the basis that disclosure compliance is not a business judgment matter but instead a question of observing the law.^³

It is probably not the case that the business judgment defence can never apply to a stepping stone or compliance- based case like Star. In Mariner,^⁴ the Court clearly thought that the compliance and business aspects of the decision were inextricably linked and, accordingly, that a business judgment was made. That said, the business judgment rule defence is unlikely to feature in the Star prosecution since it is hard to suggest that Star was permitted to lawfully decide, as a matter of business judgment, that Star should assume the risk of non-compliance with its AML/CTF obligations. In those circumstances, the relevant officers may be liable as an accessory. What s 180(1) is concerned with in this context is the foreseeable risk that failure to take adequate care in relation to Star's compliance with the law would cause harm to the company.

Reliance

Some of the officers who were not responsible for the day-to-day running of Star may believe that they were entitled to rely on other senior executives charged with managing this issue. In the case of their AML/CTF compliance, they might argue that, as a technical area, the adequacy of the organisation's risk management and compliance systems and processes must be informed by advice from people with technical expertise in that area and it was reasonable for officers to rely on those people in the absence of any evidence that their expertise was lacking, or the processes implemented in reliance on their advice were not working.

That said, it is not enough to merely do as advised. Star's officers were bound to inform themselves about the AML/CTF compliance risks and make an independent assessment of the information or advice provided. In that sense, the reliance must also be 'reasonable'. A number of sources of information or advice received by the company would likely improve the likelihood of the ability of the officers to rely on the advice. Further, ASIC alleges that the defendants had information available to them that these risks were not being appropriately managed and failed to act, and therefore appear to have had compelling reasons to question any advice to the contrary.

ASIC and gatekeepers

ASIC has suggested that it can achieve its regulatory objectives by focusing on key individuals within a company and holding them to account for the "sins" of the companies that employ them or which they govern.

The rationale for this theory is that the value an individual attributes to their own personal reputation is such that they will not rationally sacrifice that reputation for a perceived corporate benefit. This places these individuals in a position to prevent corporate misconduct by withholding their validation of poor conduct, thereby mitigating corporate conduct that would expose the company (and expose the officers to a breach of duty claim).

This proposition is a variation of the approach developed in the United States, which focuses on third parties, such as external lawyers and auditors, and emphasises that a corporate gatekeeper is motivated to prevent wrongdoing because the expected liability or reputational harm (arising from failing to prevent misconduct) exceeds the gain in fees received. This model, however, fails to distinguish among gatekeepers or account for how gatekeepers with different incentives respond to legal controls.

The ASIC prosecution theory seems to suggest that investor and financial consumer trust and confidence is likely to be preserved by advancing positive and transparent gatekeeper conduct and culture. Within the group of targeted gatekeepers are company directors and senior executives, including the general counsel.

General counsel clearly play a critical role as a gatekeeper of legal risk and compliance within the organisation. ASIC Commissioner Joseph Longo has observed that "[t]he general counsel is there, frankly, as a gatekeeper, as the conscience of the corporation or the company, and the trusted adviser. It's a privileged position".

The case of the general counsel as a particular officer

As long ago as 2011, the High Court recognised that the general counsel was a particular type of 'officer' and that their responsibilities within a corporation extended to various specific subjects including compliance with all relevant legal requirements and, in particular, with continuous disclosure requirements. Once it was found that their responsibilities extended to those subjects, the question became whether the general counsel undertook those responsibilities with the requisite degree of care and diligence.

In Shafron,^⁵ the High Court found that the functions performed by the General Counsel, Mr Shafron, involved him participating in making decisions that affected the whole or substantial part of the business of James Hardie. Suggestions that participation in a decision meant that the person must have a role in actually making the decision were rejected. The High Court distinguished the role of an external adviser who proffered advice and information in response to particular requirements of the company.

Mr Shafron's position was qualitatively different as:

"...what he did went well beyond his proffering advice and information to the board of the company. He played a large and active part in formulating the proposal that he and others chose to put to the board as one that should be approved. It was the board that ultimately had to decide whether to adopt the proposal but what Mr Shafron did, as a senior executive employee of the company, was properly described as his participating in the decision to adopt the separation proposal that he had helped to devise."

The High Court confirmed that Mr Shafron breached his duty of due care and diligence as an 'officer' of the corporation and endorsed the characterisation of Mr Shafron as having a duty to protect the company 'from legal risk'.

By extension (as seems to be the position ASIC has taken in the Star case) the High Court's decision in Shafron suggests senior in-house lawyers advising a board of directors are gatekeepers responsible for:

promoting the public interest in corporate compliance with continuous disclosure obligations and prohibitions on misleading conduct; and
making sure that the board of directors is properly informed of matters that created or increased a risk that would breach their legal obligations.

Arguably, compliance with the law and being a good corporate citizen are also in the corporation's interests. Indeed, had the law been complied with, many years of litigation and anger from the community may have been avoided.

Looking ahead

Throughout 2023, ASIC has said that it will have a strong focus on governance and directors' duties failures, enforcement activity targeting sustainable finance practices and disclosure of climate risks, financial scams, cyber and operational resilience, and investor harms involving crypto-assets.

We expect ASIC to continue to focus on gatekeepers such as general counsel both to improve the level of disclosure and reporting and to attempt to hold them accountable for the risk of systemic regulatory breaches. It is an opportune time indeed for all general counsel to take a step back to assess the role they play in advising their boards in this wider context, particularly where they hold executive responsibility for a number of functional portfolios and risk areas beyond legal, and to determine if there is anything more they should be doing to discharge their obligations as gatekeepers going forward.

Footnotes

¹ Australian Securities and Investments Commission v Cassimatis (No 8) [2016] FCA 1023, 26 August 2016.

² Australian Securities and Investments Commission v Vocation Limited (In Liquidation) [2019] FCA 807, 31 Ma y 2019.

³ Australian Securities and Investments Commission v Fortescue Metals Group Ltd (2011) 190 FCR 364, 427 [197]; [2011] FCAFC 19 in which Keane CJ commented that disclosure compliance is not a business judgment matter but instead a question of observing the law. In Vocation the finding in Fortescue was affirmed.

⁴ Australian Securities and Investments Commission v Mariner Corporation Limited [2015] FCA 589, 19 June 2015.

⁵ Shafron v Australian Securities and Investments Commission [2012] HCA 18, 3 May 2012.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.