Compliance breaches: one breach or many?

Court decisions on penalties for compliance breaches often deal with submissions by the non-compliant organisation that multiple breaches of one requirement should not attract the penalty applicable to one breach multiplied by the number of breaches or breaches of different types of requirements.

This approach is reflected in the Banking Code Compliance Committee Guidance Note on Breach Identification and Reporting which discusses, in deciding how breaches are reported, the difference between an incident that results in multiple breaches of the same type and an incident that results in more than one breach of the Code’s obligations that are not of the same type.

This issue is usually considered, amongst other factors, when courts impose penalties for breaches.

Besides looking at the type of breach, regulators and courts look at the seriousness of the breach and whether the breach was one-off or systemic.

For example in Chief Executive Officer of the Australian Transaction Reports and Analysis Centre v Commonwealth Bank of Australia Limited [2018] FCA 930 the Federal Court of Australia declared that CBA had contravened provisions of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (which the Bank admitted) and ordered that it pay a pecuniary penalty in the total sum of AUD $700 million for 53,750 breaches which included failure to provide 53,506 threshold transaction reports.

Justice Yates concluded that “rather than imposing multiple penalties, it is appropriate that a single penalty be imposed that represents the totality of the contravening conduct.”

In Chief Executive Officer of the Australian Transaction Reports and Analysis Centre v Westpac Banking Corporation [2020] FCA 1538, the Federal Court of Australia ordered that Westpac pay to the Commonwealth of Australia a pecuniary penalty in the total sum of $1.3 billion when Westpac admitted to over 23 million breaches of the AML/CTF Act (including failure to report over 19.5 million International Funds Transfer Instructions properly).

In determining the penalty Justice Beach considered the following factors:

  • that the contraventions were not the result of a deliberate intention to breach the Act
  • Nature, extent and duration of conduct;
  • Relevant circumstances, including deliberateness and the role of management;
  • Loss or damage caused by the conduct;
  • Size of contravener and financial position;
  • Prior similar conduct;
  • Deterrence;
  • Cooperation;
  • appropriateness of the penalty, both separately and in the aggregate;
  • Other comparative court decisions;
  • considerations of proportionality and totality.

While the argument of whether multiple breaches of the same type should only be penalised as one breach may be used in negotiations with a regulator, courts will go behind the conduct and look at other factors to make their own decision.

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.

David Jacobson

Author: David Jacobson
Principal, Bright Corporate Law
Email:
About David Jacobson
The information contained in this article is not legal advice. It is not to be relied upon as a full statement of the law. You should seek professional advice for your specific needs and circumstances before acting or relying on any of the content.

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.