• Blog Topics

  • Enter your email address to follow the CompliSpace blog and receive email notifications of new posts.

    Join 3,020 other followers

  • Twitter Feed

  • Archives

A New Global Standard for Compliance: ISO 19600

ISO 19600 Compliance management systems (ISO 19600), a new International Standard for compliance, is currently being finalised, having been under development for some time.

This standard was developed by Project Committee 271, whose secretariat is based in the offices of Standards Australia. Eleven countries are participating in the project and most of the drafting has been done by an Australian drafting committee.

Due for publication by the end of 2014 (the final draft is still subject to negotiation), the new standard will:

  • update and enhance the existing Australian Standard, AS3806:2006 Compliance programs (AS 3806);
  • introduce an international, cross-jurisdictional standard to measure compliance; and
  • provide an international benchmark for compliance systems.

AS 3806

ISO 19600 is based on AS 3806, a Standard developed in Australia which promotes a leading system of compliance management. AS 3806 was originally created in 1998 following a request from the Australian Competition and Consumer Commission (ACCC). It was updated in 2006 and adopts a ‘principles approach’ to compliance, based on four key aspects of compliance being:

  • commitment;
  • implementation;
  • monitoring and measuring; and
  • continual improvement.

The AS 3806 standard is well respected and is referenced by numerous Australian regulators including the Australian Securities and Investments Commission (ASIC) and the ACCC. It is also referenced in the ASX Corporate Governance Principles and Recommendations.

Why a new standard?

In the global regulatory environment, the law shapes many duties and obligations. In some highly regulated industries, a compliance program is a mandated part of a organisation’s obligations. For example, in Australia, Regulatory Guide 104 obliges Australian Financial Services Licence holders to implement a compliance program.

As the regulatory environment changes, leading to new and challenging influences on an entity, its compliance framework should be flexible enough to adapt to these changes.

Although Australia has had a version of a compliance standard in AS 3806 since 1996, ISO 19600 is the first international standard on this topic. According to Standards Australia, the standard has been designed to ultimately increase market confidence, increase consumer confidence and improve outcomes for government, consumers and investors.

Standards Australia’s policy is to recommend local adoption of international standards where possible so AS 3806 is likely to be replaced by ISO 19600 once it’s been finalised.

A defence against court actions?

ISO 19600 states that ‘in a number of jurisdictions, the courts have considered an organisation’s commitment to compliance through its compliance management system when determining the appropriate penalty to be imposed for contravention of relevant laws’. According to the Governance Risk and Compliance Institute, this position suggests that if companies use ISO 19600 to benchmark their compliance framework against international best practice, the framework could be used to mitigate any potential penalties handed down by regulators or the courts.

Whether this is true remains to be seen but in some cases it is clear that, at the very least, having in place a compliance management system will allow an organisation to demonstrate compliance to regulators or the courts.

Given the ‘compliance’ gap that has existed to date internationally, the new standard is important as it has the potential to be adopted by regulators internationally as the accepted benchmark for making out due diligence defences, and ultimately for the assessment of adequacy of organisational efforts in the context of breaches or control failures.

AS 3806 vs ISO 19600

According to an article by leading Australian law firm Clayton Utz, five ‘key enhancements’ will be incorporated into ISO 19600 being:

  1. The relationship between compliance and governance, risk, audit, legal, environment and health and safety will need to be set out.
  2. The scope of the compliance management system will need to be determined. i.e., whether contractual obligations will be included with statutes and other such duties.
  3. An improvement to the link between risk and compliance, so that controls for these risks and compliance work together.
  4. Compliance will be able to be demonstrated, and reported up to management and the board.
  5. Steps will be taken to have a healthy culture of compliance and compliance behaviours.

Randal Dennings, a Clayton Utz Partner who represents the Law Council of Australia on the Project Committee, writes with Wei-Loong Chen (a Clayton Utz Special Counsel) that ‘organisations who clearly meet the existing requirements of AS3806 should need to do little to meet the requirements of the international standard’.

According to the GRC Institute, ISO 19600 will also improve on AS 3806 by putting a greater emphasis on a risk-based approach to compliance.

ISO 31000 & ISO 19600

As many readers will be aware Australia also leads the way in the development of the International Risk Management Standard (ISO 31000 – 2009) which was based on the original Australian Risk Management Standard (AS/NZ 4360 – 2004).

At CompliSpace we often say that ‘whilst a compliance program can live without a risk management program, a risk management program can’t live without a compliance program’. It is therefore pleasing to see that Australia is once again leading the way with the development of this critical international governance standard.

Financial Services Update: Over 6,000 Submissions Received by Financial System Inquiry

In this edition:

  • ASIC seeks feedback on extending relief to registered schemes; and
  • over 6,000 submissions received by Financial System Inquiry.

ASIC seeks feedback on extending relief to registered schemes

The Australian Securities and Investments Commission (ASIC) has released Consultation Paper 223 (CP) seeking feedback on its updated version of Regulatory Guide 174 entitled ‘Relief for externally administered companies and registered schemes being wound up’ (RG 174). A draft updated RG 174 has also been released.

As its title suggests, the CP considers changes to the current legislative framework provided by the Corporations Act 2001 (Cth) (Corporations Act) and Class Order 03/392 (Class Order) governing how companies in external administration can seek relief from ASIC to defer, or have a full exemption from, meeting their financial reporting obligations and/or their obligation to hold an annual general meeting.

Of more interest to us is how ASIC proposes to extend the scope of their existing relief scheme to registered managed investment schemes that have become insolvent and are in the process of being wound up.  The current version of RG 174, reflecting the current Class Order, is silent on this topic.  ASIC is seeking feedback on its proposal to introduce a new class order to provide an exemption for registered schemes (that are being wound up) from meeting their financial reporting obligations under the Corporations Act where:

    • the scheme is insolvent (i.e. scheme property is insufficient to meet the scheme liabilities to scheme creditors as they fall due);
    • the value of net assets of the scheme is no more than $5,000 throughout the relevant financial year; and
    • ASIC has been formally notified of the commencement of the winding-up of the scheme.

If the above circumstances are met, ASIC will not take action against the responsible entity and its officers, or any court-appointed person responsible for winding up the scheme for their failure to comply with the scheme constitution provisions requiring a final audit of the financial statements to be undertaken as a consequence of the winding-up.

ASIC’s justification for allowing exemptions to apply to insolvent schemes reflects the same reasoning for the current regime that applies to companies. The reasoning is that the time, human resources and financial constraints involved in complying with financial reporting obligations ultimately create an unreasonable burden for the scheme members and creditors, especially where it is likely that there will be little or no return to members.

Other proposed relief initiatives relevant to a registered scheme are options to seek:

  • deferral of its financial reporting obligations where it’s being wound up for a maximum period of 12 months (previously, only externally administered companies could defer their reporting obligations and only for a period of 6 months); and
  • deferral of its financial reporting obligations where the responsible entity, not the scheme, is being externally administered (subject to the responsible entity demonstrating that the appointment of the external administrator had ‘significantly’ disrupted its management of the scheme).  The registered scheme does not have to be wound-up in this case.

If a registered scheme is granted a deferral from its financial reporting obligations, then ASIC makes it clear that (subject to exemptions) it will generally not relieve the responsible entity from its obligation to obtain a compliance plan audit report. If the future of the registered scheme is unclear, the completed audit report will at least provide some useful information for interested parties about the status of its affairs.

The CP also proposes to resolve some ambiguity around whether the Class Order relief applies to a company that is also an Australian Financial Services Licensee (AFSL).  According to ASIC, companies that hold an AFS Licence should not be eligible for the financial reporting exemptions, given that the fundamental obligation of an AFSL is to be able to meet all financial requirements at all times, including debt obligations. Because this is the primary duty of an AFSL, they should apply for cancellation of their AFSL rather than relief.

Comments on the updated RG 174 are due by 20 October 2014.

Over 6,000 submissions received by Financial System Inquiry

The deadline for public submissions in response to the Interim Report released by the Financial System Inquiry (Inquiry) in July closed on 26 August 2014.  On 5 September 2014 the Inquiry announced that it had received over 6,300 submissions in response to the issues set out in the Interim Report.  Over 5,000 submissions, or 79%, were received on the issue of ‘credit card surcharges’.   We previously wrote a blog on the key observations made in the Interim Report and it’s clear from the reaction that the Interim Report has created that the Inquiry’s final report will be highly anticipated.

Although the list of authors of the submissions published on the Inquiry’s website reads like a who’s who of the Australian financial services industry, significantly, a large bulk of submissions are from individual members of the public. These concerned individuals remind us that credit card charges, superannuation and adequate banking regulation is an issue that affects a large body of retail consumers, not just professional service firms and institutional investors.

The final report is due by November 2014.

As we’ve seen over the past few months, the issues identified in the Interim Report are only some of the major concerns affecting the financial services industry in Australia at the moment.  With revelations of compliance issues at Macquarie Private Wealth as well as the notorious problems at Commonwealth Bank’s financial planning arm, we are primed to wonder ‘what (or who) is next?’. What is certain however, is that the profession of financial planning and advice will come under close scrutiny. The question of just how troubled and fraught this industry is remains to be answered.

As reported in the Sydney Morning Herald, recent comments by the Commonwealth Bank conceding that ‘general’ financial advice should in fact be renamed ‘sales’, reveals just how misleading this sector of the industry is. The Commonwealth Bank basically admits that its ‘planners’ are in fact more like salespersons, flogging their wares to unsuspecting superannuants and retirees, rather than acting to uphold their trust and confidence.

The inherent dangers of this misleading approach have recently been aired in the debate accompanying the Federal Government’s Future of Financial Advice changes. The clear conflict of interest apparent from selling incentivised products, rather than giving advice to individual investors seems to be a lesson not yet learnt.

The Interim Report highlighted the area of financial advice as a key area for review and its clear from recent events that reform is crucial in this area.  Given the sheer number of responses it has received, it remains to be seen whether or not the Inquiry will be able to deliver its recommendations by the November deadline, or even by the end of 2014. In a one step forward, two steps back manoeuvre, it will be interesting to see how the Government reacts to any recommendations of the Inquiry requiring increased regulation and scrutiny in the industry, given their ‘reducing red tape’ mantra.

Stay tuned for our response once the final report is released.

1 September 2014: Workplace Relations Update for Executives On-the-go

In this edition:

  • Qantas grounded by poor policy management;
  • Two cases illustrating the changing landscape of sexual harassment claims; and
  • WA harmonisation of WHS laws is getting closer.

Qantas brought down by poor policy management

A recent case before the Fair Work Commission (Commission) provides yet another example of a company’s decision to dismiss an employee has been overturned for being unfair. In the case of Qantas and two flight attendants (Albert Chew v Qantas Airways Limited; Margaret Leong v Qantas Airways Limited [2014] FWC 4885), the poor management of policy and poor record keeping practices factored into the Commission’s decision to reverse Qantas’ decision and reinstate the employees.

Two flight attendants

Albert Chew and Margaret Leong worked for Qantas Airways Limited (Qantas) as flight attendants. They held senior positions. Mr Chew was a Customer Service Supervisor and had worked for Qantas for over 26 years without a blemish on his record. Ms Leong worked for Qantas for over 20 years. Both had Qantas Cabcharge cards.

On 15 trips to and from the airport the pair, who lived near each other, allowed the driver of the hire car to charge the same fare twice, rather than charging a single fare. Because of this conduct, they were fired. They appealed Qantas’s decisions to the Commission, which ordered their reinstatement. The decision gives some important lessons for employers who issue Cabcharge and other charge cards as part of their business.

An Impotent Policy

Qantas had a Cabcharge policy in place. In fact, it explicitly stated that only cabs were to be used, not hire car services and that only one Cabcharge was allowed to be used (per the relevant Passenger Transport Act). Ultimately however, the mere existence of that policy was not enough to protect Qantas. In their claims, the flight attendants stated that:

  • they had no awareness of Qantas policies on the use of hire cars and charge cards;
  • they never signed such a policy; and
  • their behaviour was not fraudulent.

The difficulty for Qantas in this case was that despite the policy being in place, its employees were unaware of its existence or content. Qantas’s defence came undone when the Commission pointed out that:

  • ‘Qantas was unable to produce the signed policies or other records';
  • ‘the evidence was… that it was standard practice for flight attendants to use hire cars/ limousines. This was not contradicted by Qantas'; and
  • ‘there was… no evidence that the applicants had signed or even sighted the [Cabcharge] Policy. Furthermore, there was no evidence of an educational program provided to Flight Attendants on the use of the cards or the travel policy generally’.

In the words of the Commission:

  • ‘I find this somewhat surprising, given the cards were distributed relatively recently in early 2012. Good management practice would have maintained them in the flight attendants’ personnel files'; and
  • ‘Qantas’s procedures for rolling out the cards and ensuring their appropriate use could have been better’.

An Unfair Dismissal. 

The decision to terminate the employment of Mr Chew and Ms Leong was made on the basis of a breach of Qantas’s ‘Standards of Conduct Policy’. The decision was not based solely on the breach of the Cabcharge policy. The Commission went on to remark that Qantas did not base its decision on an allegation that Mr Chew and Ms Leong engaged in fraudulent activity.

When determining whether a dismissal is unfair, the Commission takes into account a wide range of matters. In light of all the factors, it found that the dismissal was unfair, and some other penalty was appropriate. It took into account:

  • Mr Chew and Ms Leong’s long service with Qantas;
  • their apologies and contrition; and
  • the substantial impact of their dismissal in the current state of the airline industry.

A Happy Ending

In the end, the Commission found that ‘there was not a valid reason… for the dismissal of Mr Chew and Ms Leong’. They were reinstated.

They did not get off scot-free however, and did have to suffer the penalty of lost wages between their dismissal and subsequent reinstatement.

The lessons in this case are simple. If you have a policy, you must ensure that it is implemented properly, and it is not just left to languish. Qantas may well have succeeded in this case if it did this. If it ensured that all employees read the policy, understood, and signed it, it may well have made out its case. But more importantly, this entire incident may well never have happened.

Sexual harassment: two landmark cases

Two recent sexual harassment cases decided in the Federal Court send important warnings to employers on the importance of having robust policies and procedures in place to help manage the risks arising from inappropriate workplace behaviour. The cases also emphasis that sexual harassment can take many forms, not just physical conduct.

The Full Federal Court’s appeal decision in Richardson v Oracle Corporation Australia Pty Ltd [2014] FCAFC 82 saw the amount of damages awarded to the victim of sexual harassment increased from $18,000 to $130,000 (damages plus economic loss). The Court had previously held that the complainant, a project manager at Oracle Corporation Australia Pty Ltd, had been harassed by a male co-worker on at least 11 separate occasions in 2008, in private and in front of other employees. The offensive conduct involved a series of slurs and sexual advances. Oracle was found liable for the perpetrator’s conduct as it had failed to show that it took all reasonable steps to prevent the sexual harassment. Oracle was originally ordered to pay $18,000 in damages for the distress caused.

The victim appealed the decision, and the Full Court overturned the original amount of damages finding that it was ‘disproportionately low having regard to the loss and damage she suffered’ and that a higher amount was justified due to the nature and extent of her injuries and ‘prevailing community standards’. The higher amount took account of the damage done to the victim’s personal relationship as a result of the sexual harassment.

The significant financial penalty imposed on Oracle is a reminder to all employers of the serious nature of sexual harassment. In this case, the significantly increased penalty was emblematic of the Court’s serious view of sexual harassment and discrimination.  Indeed, the Court made the statement that it was ‘unable to discern any in-principle difference’ between a bullying and harassment case, and a sexual harassment case. It is interesting to note that during Oracle’s internal investigation into the allegations, the perpetrator had written the victim a letter apologising for what he called ‘light-hearted banter’.

The perpetrator’s description of his conduct as ‘light-hearted banter’, and his attempt to trivialise its impact on the victim, demonstrates the extent to which some people are still ignorant of the serious nature of harassment and that one of the essential elements of harassment is that the behaviour is unwelcome.  It also shows that employers should ensure that they provide clear training on what constitutes inappropriate and illegal behaviour in the workplace.

A second landmark decision by the Federal Court in Vergara v Ewin [2014] FCAFC 100 emphasises that workplace sexual harassment can occur both in and outside of the office.

In that case the complainant was a chartered accountant at entertainment company Living and Leisure Australia Limited (LLA). The Court found that on four occasions in May 2009 she was sexually harassed by a casual accountant, Mr Vergara, employed by LLA. The first three incidents occurred over a three-day period and involved mainly spoken words. The behaviour commenced when Mr Vergara turned the lights off in the office the pair shared at the end of the day and told the complainant that he wanted to talk to her. She agreed and they went to a nearby pub where she was propositioned in ‘very explicit and crude terms’. Mr Vergara later tried to kiss her as they walked to a nearby train station. The fourth incident involved sexual intercourse after a work event at the Melbourne Aquarium. Due to being intoxicated at the time, the complainant had no recollection of the fourth incident taking place.

Mr Vergara appealed the Court’s original finding against him that also saw the complainant awarded nearly $500,000 in damages. Mr Vergara challenged the Court’s initial finding that the incidents of sexual harassment had occurred at a ‘workplace’, as that term is defined in the Sexual Discrimination Act 1984 (Cth). In the Act ‘workplace’ is defined to mean ‘a place at which a workplace participant works or otherwise carries out functions in connection with being a workplace participant.’

The Court held that:

  • a workplace ‘may be a fixed or moving location'; and
  • going to the pub was triggered by what had commenced at the office and therefore the function of both locations was that of ‘workplace’

The first three incidents were all examples of sexual harassment, even though some of them occurred outside the office. The fourth incident occurred at the office and was sexual assault. The Court’s decision in this case is important because it stands for the proposition that sexual harassment can occur outside the office, if there is a sufficient work connection. It is also important that employers are alert to the fact that harassment is not confined to actions between employees, but can extend to conduct between an employee and a contractor – as Mr Vergara was in this case.

Both cases are warnings to employers to ensure that they have adequate harassment and dispute resolution policies in place and that their staff are trained to understand those policies and more importantly, what behaviour constitutes sexual harassment and where it can occur.

WA WHS Laws: harmonisation getting closer?

On 12 August the Western Australian (WA) Minister for Commerce, the Hon Michael Mischin MLC announced that a WA version of the model workplace health and safety (WHS) bill would become available as a draft bill for 3 months of public comment. We’ve previously written about how WA is getting closer to harmonising its WHS laws and this latest announcement is a positive sign that the wheels of action are still in motion.

WA and Victoria are currently the only jurisdictions that have not introduced model WHS laws. While Victoria announced last year that it would not be participating in the national format, the WA government has been ever so slowly but, as is apparent now, surely edging towards implementation. The WA government participated in all of the joint talks and negotiations in developing the harmonised health and safety laws with all of the States, Territories and Federal Government, but has put forward a number of reasons and reviews over the last 3 years to explain its extreme caution in proceeding.

The WA delays have been in some part due to concerns that the impact of the new laws on small businesses in WA outweighed the benefits of a harmonised system. This was addressed by the government commissioning a regulatory impact statement (RIS) to look at the impact of the legislation specifically on WA. The RIS was completed in 2012. The WA government was also concerned that national changes to WHS in the mining sector (which has its own safety legislation) should be completed, so that all of the changes could be introduced at one time. The model mining changes were finalised in 2013. In his Parliamentary statement Mr Mischin spun WA’s delayed introduction as a positive in light of the ‘delays and controversy’ which have plagued the progress of the model legislation elsewhere. Watching the other States and Territories introduce their own model WHS laws had allowed WA ‘the opportunity to observe their experience, to measure the costs of any changes that have been implemented and to consider the advantages and disadvantages of their having made them’.

In the most positive sign in the last 12 months, the WA government will be putting out a ‘green bill’ (draft bill for public comment) based on the model WHS laws and reflecting its core provisions. The green bill has not yet been released, but once it is, it will be open to public comment for three months. According to Mr Mischin, the bill is a ‘tailored’ version of the model WHS laws designed to suit the WA environment and ‘refined to reduce red tape and to maintain the compliance burden at an acceptable level’.

The regulatory impact statement (RIS) which had been provided to the government in 2011, has also finally been made available on the WorkSafe WA website.

The Council of Australian Governments (COAG) is currently investigating ways in which the model WHS laws could be improved, with a particular focus on reducing red tape. COAG’s review is due to be completed by the end of 2014. The outcome of COAG’s review, in addition to the WA RIS and the public comments that the WA government anticipates receiving on the WA green bill, will be used as ‘a foundation upon which the government can consider the best WHS regime for Western Australia’.

In the meantime, the WA mining and resources which have their own separate legislation, will also be brought on board. The Minister also announced that it had approved the continued development of the previously foreshadowed Resources Safety Bill to ‘further modernise resources industry regulation’. The new legislation will incorporate elements of the National Mine Safety Framework and the nationally developed model WHS laws. The new Resources Safety Act will initially replace the Mines Safety and Inspection Act 1994 (WA).

Minister for Mines and Petroleum Bill Marmion said that ‘the best aspects of the model laws will be adopted with those which do not suit the unique Western Australian context amended or removed as necessary’, guided by an intention to ‘place a greater focus on risk management and to be less prescriptive’, with ‘the onus . . . placed on industry to demonstrate they understand hazards and have control measures in place.’ The WA government expects that the resources legislation will be in place by mid-2016.  The public consultation period for the green bill might mean that the introduction and implementation of the model WHS laws takes longer, however one would hope that the timing of the new WHS laws matches that of the resources legislation.


How can CompliSpace help?

CompliSpace’s comprehensive range of cost effective human resources policies, procedures, training and testing modules, ensure that managers and staff know what is expected of them and have key tools and information at their fingertips at all times.

This enables a business to meet its workplace relations obligations while building a positive corporate culture, capturing knowledge and saving time. For more information, contact us on the details below:

P: 1300 132 090

E:  contactus@complispace.com.au

W:  www.complispace.com.au

This blog is a guide to keep readers updated with the latest information. It is not intended as legal advice or as advice that should be relied on by readers. The information contained in this blog may have been updated since its posting, or it may not apply in all circumstances. If you require specific or legal advice, please contact us on 1300 132 090 and we will be happy to assist.

New Privacy Guidelines on Information Security Released

The Office of the Australian Information Commissioner (OAIC) has released a Revised Guide to Information Security: Reasonable steps to protect personal information.  The Guide is an updated version of a 2013 Guide to information security which was published before the amendments to the Privacy Act 1988 (Cth) (Act) were introduced in March. The updated Guide aims to help entities comply with their personal information security obligations under the Act.

Although the Guide is not binding, and is still subject to public consultation (with comments open until 27th August), it can be referred to by the OAIC when assessing whether an entity has complied with its obligations.This is relevant for all entities who are subject to information security obligations under the Act (being government agencies or organisations with turnover of more than $3 million a year and/or health service providers) as the Guide can be referred to by the OAIC when assessing whether an entity has complied with its obligations.

Many of the concepts discussed in the earlier guide are still relevant and are repeated.  For example, the importance of the concept of ‘privacy by design’ and using Privacy Impact Assessments (PIAs) and information risk assessments (IRAs) to achieve it, is not new. Conducting PIAs and IRAs are important because their outcomes will inform an entity how to design their risk management processes so that privacy of personal information can be ‘built’ into a project or process from the start, rather than ‘bolted on’ at a later stage.

More importantly, the new Guide provides entities with guidance on how to comply with their obligations under new Australian Privacy Principle (APP) 11 ‘Security of Personal Information’.  APP 11 imposes more extensive obligations than its predecessor, National Privacy Principle 4 ‘Data Security’, because in addition to requiring entities to take ‘reasonable steps’ to protect personal information they hold from misuse, loss, unauthorised access, modification or disclosure, APP 11 also requires entities to protect the personal information from ‘interference’.

Interference includes, amongst other things, hacking leading to exposure of personal information.

When investigating a possible breach of the information security obligations under the Act the OAIC will consider two factors:

  • the steps that the entity took to protect the information; and
  • whether those steps were reasonable in the circumstances.

‘Reasonableness’ will be assessed in terms of practicability. For example, the Guide gives context to the ‘interference’ to personal information threat by discussing how to manage cyber-safety risks. It may be reasonable for entities who store information remotely or in the Cloud to take additional steps to protect it.

The importance of adopting privacy security measures to suit the infrastructure and processes of a business is also important in the context of outsourced obligations. The Guide makes the important clarification that where an organisation ‘holds’ personal information, APP 11 applies so that it extends beyond physical possession of a record to include a record that an entity has the right or power to deal with.  For example, an entity that outsources the storage of personal information to a third party, but retains the right to deal with that information.  The threat of ‘interference’ to that personal information also extends to the outsourcing situation and the Guide makes it clear that if entities outsource their obligations to a third party, they must satisfy themselves that the third party has adequate security measures in place, especially if the third party is not subject to the Act (e.g it might be an organisation turning over less than $3 million a year or is outside Australia).

In particular, there is an emphasis in the Guide on entities integrating privacy into their governance and risk management strategies. Human error is regularly claimed as the cause of privacy incidents, however according to the OAIC, it usually only occurs where entities do not have a privacy culture, training and appropriate practices, procedures and systems.

Privacy by design and the other concepts discussed above are examples of useful protection mechanisms which can be used in the design and implemention of robust internal information-handling practices, procedures and systems.  The Guide makes it clear that the aim of information security measures should be to:

  • prevent a breach of APP 11;
  • detect breaches promptly; and
  • be ready to respond to potential privacy breaches in a timely and appropriate manner.

Governance arrangements should be in writing and the OAIC expects that entities will also regularly monitor the operation and effectiveness of the steps and strategies they have taken to protect the personal information. This means that you should not create a policy and then leave it lingering on some obscure part of your intranet.  Instead, you should be regularly reviewing it in light of changes to your business’ infrastructure and processes.  Staff should also be trained and tested on their understanding of privacy and information security policies to minimise the risk of human error causing data breaches which can undermine otherwise robust security processes.

Disappointingly, other than noting the importance of having policies in place, the Guide does not provide much clarity on the further obligation of non-government entities under APP 11 to take reasonable steps to destroy or de-identify the personal information they hold once the personal information is no longer ‘needed’.  The ambiguity and confusion caused by the obligation to independently decide how long a record is ‘needed’  if it is not covered by a time period prescribed by financial, accounting or other industry specific legislation is an ongoing issue of concern for organisations, especially if they are operating in an industry that may be susceptible to judicial proceedings and investigations.

The OAIC will be disbanded after 31 December 2014 so the Guide may prove to be one of its final publications on privacy issues.  From 2015 the Privacy Commissioner will administer the Act.  It will be interesting to see if the final version of the Guide varies significantly from the current draft, especially if substantial public feedback is received.

Have you reviewed your information security policies recently?

20 August 2014: Workplace Relations Update for Executives on-the-go

In this edition

  • the loss of a $33.5 million contract shows the importance of complying with privacy laws;
  • two cases illustrating ways of managing moonlighting by employees; and
  • creative donations in WHS Enforceable Undertakings.

OPSM: breach of data leads to loss of major contract

You might be forgiven for thinking that eyeware and eyecare services provider OPSM, and its related entities, would have their focus firmly on clearly looking over all aspects of their client contracts. However, the recent loss by OPSM’s parent company Luxotica Retail Australia (Luxotica) of a $33.5 million contract with Medibank Health Solutions (MHS) to provide services to the Australian Defence Force (ADF) due to a breach of Luxotica’s privacy obligations in its contract with MHS, is a reminder of how important it is for organisations to read and understand the terms of their agreements and their compliance obligations. The collection, use and secure storage of personal information in accordance with privacy principles may well be included as an explicit term of your contracts.

In 2012, MHS awarded Luxotica the exclusive right to supply 80,000 ADF personnel with eye services through OPSM stores (MHS has a contract with the ADF to manage and coordinate its healthcare services). Under its agreement with MHS, Luxotica was required to keep the medical records of the ADF personnel, which contained personal information, in Australia. However, Luxotica breached this term of its agreement by sending ADF medical records overseas. This did not happen in an overt and obvious way – the records were sent to Luxotica’s own server that happened to be located overseas.

Luxotica’s breach of contract was discovered by MHS as part of its regular review process.

What does this mean for your business?

Most service agreements contain contractual obligations requiring the service provider to maintain and protect the confidentiality of ‘confidential information’. A contract may or may not explicitly incorporate the Privacy Act 1988 (Cth) (Privacy Act) requirements, but as a matter of law, where an organisation that turns over more than $3 million and/or provides a health service deals with personal information it must comply with its obligations under the Privacy Act and the Australian Privacy Principles (APPs).

Under the APPs, an organisation must include information in its privacy policy disclosing various details about how it will handle and store the personal information it receives. In addition, the organisation is likely to disclose personal information to overseas recipients—the organisation must advise:

  • The countries in which such recipients are likely to be located, if it is practicable to specify those countries in the policy; and more importantly,
  • Before sending personal information overseas, the organisation must take reasonable steps to ensure that the overseas recipient of personal information does not breach the APPs, either because that country has similar privacy requirements, or because of other privacy safeguards (eg contractual obligations).

This case shows how important it is for organisations to understand how and where their data is stored and handled. Organisations whose data is stored in the Cloud or international organisations whose head office or data centres are overseas, must take steps to ascertain where the server/s for their Australian operations are located.  It is critical that each organisation should conduct an audit of the personal information it collects, and identifies what it then does with it.

According to a report released by the Ponemon Institute entitled ‘2014: Cost of Data Breach Study: Australia’, the cost of lost business associated with cybersecurity breaches has increased over the last five years, from an average of $660,000 in 2010 to an average of $850,000 in 2014. Businesses need to review their data security policies and procedures in addition to understanding their contractual obligations and understand how to mitigate any risk of loss that may arise if data security or the privacy of personal information is compromised.

Have you reviewed your privacy policies and contractual obligations lately?


Employees and second jobs: what can and can’t you control?

It’s not uncommon for employees to have more than one job, either in the same industry or otherwise. But where the issues of the obligations and duties owed to an employer become murky is when an employee’s out-of-hours activities have the potential to have an adverse effect on that employer’s business and interests.

Some employers attempt to protect their interests by including specific contractual provisions in employment agreements or implementing  policies outlining the restrictions and procedures that need to be followed by employees undertaking other employment or activities. Two cases considered by the Fair Work Commission (Commission) provide useful guidance to employers on when their employees’ out-of-hours conduct can be considered ‘serious misconduct’, justifying their termination, and how to ensure that their employment terms are drafted to best protect their business’ interests.

First, we go to what can be the bane of most employers, social media.  The story of a case involving an employee’s misuse of LinkedIn is played out in Bradford Pedley v IPMS Pty Ltd T/A peckvonhartel [2013] FWC 4282 (BP). In BP, Bradford Pedley was appointed as a Senior Interior Designer at an architecture and design company. Prior to his appointment at PVH, Mr Pedley told his employer that he intended to continue to carry out private design work in his own time through his own business Reveal ID. PVH did not prevent him from this pursuit.

Two years later, Mr Pedley sent a group email to some of his LinkedIn connections telling them about his own business and announcing that he was ‘seeking to expand Reveal ID to a full time design practice over the coming year.’ PVH saw the email and dismissed Mr Pedley for breach of his employment contract. The contract included wording to the effect that Mr Pedley could not be engaged or associated with any business or activity that:

  • competes with PVH;
  • adversely affects PVH’s reputation; or
  • hinders the performance of Mr Pedley’s duties.

The Commission found that PVH had validly dismissed Mr Pedley because his LinkedIn email attempted to solicit PVH clients to work with Reveal ID and this amounted to ‘serious misconduct’ under the Fair Work Act in that it:

  • was inconsistent with the continuation of the contract of employment; and
  • caused serious and imminent risk to the reputation, viability or profitability of the employer’s business.

The Commission’s decision in BP is in contrast to its later decision in Adidem Pty Ltd T/A The Body Shop v Suckling [2014] FWCFB 361.  In that case, Nicole Suckling was employed by The Body Shop as a Consultant Support Adviser for its online sale division. Ms Suckling’s role required her to take and make phone calls with independent contractors to record details of sales and other activities. During her employment at The Body Shop, Ms Suckling entered into an independent consulting agreement with a company called PartyLite Pty Ltd (PartyLite), which sold candles to independent consultants who then on-sell them to consumers. The Body Shop also sold candles.

The Body Shop terminated Ms Suckling’s employment when she refused to resign from PartyLite.

Ms Suckling’s employment contract contained a conflict of interest clause that stated: ‘it is considered an employee cannot be totally committed to The Body Shop if working for a competitor. Thus, whilst working for The Body Shop employees cannot simultaneously work for any other enterprise this Company considers a market place competitor; to do so is considered misconduct and may lead to termination of employment.’

The Commission found that Ms Suckling had been unfairly terminated from her employment at The Body Shop and ordered that The Body Shop pay her $20,084.68, representing five months pay. The Commission’s reasoning was based on the fact that Ms Suckling was not actually ‘working’ for PartyLite, she was working for herself, meaning her conduct was not in breach of the conflict of interest clause in her employment agreement with The Body Shop because she was not ‘working’ for a competitor. An underlying factor was that this case dealt with a junior employee, whose candle-selling in her spare time was unlikely to significantly impact on her employer or her ability to do her ‘support advisor’ role.

Lessons from BP and The Body Shop

The outcome of the BP case demonstrates the benefits of having a well-drafted restraint clause in an employment contract. BP’s prevention of Mr Pedley from ‘being associated’ with a competitor was an effectively drafted contractual restriction. The Body Shop’s clause, on the other hand, was not as effective in achieving the intention of the employer. Both cases show the importance of employers:

  • Setting clear expectations, preferably in employment agreements, relating to their employees’ out-of-hours employment or activities which could have a detrimental effect on the business; and
  • Following through with general and social media policies which adequately explain the business’ approach and tolerance for their employee’s online activities.

How do you manage your employees’ moonlighting activities?


Enforceable Undertakings: a popular way to achieve WHS objectives

The option for an organisation to enter into an enforceable undertaking (EU) with authorities in relation to a breach of the model Work Health and Safety (WHS) laws is proving to be a popular means of achieving compliance with WHS laws.  So far this year, six EUs have been entered into in Queensland and one in New South Wales.

An EU is a useful tool that is available to regulators as an alternative to prosecution and the resulting court action, penalties and fines where an alleged breach of the applicable State and Territory WHS laws has occurred. A party that is subject to the EU is legally obligated to carry out the agreed corrective action without the need to go through a lengthy court process.  The terms of an EU are proposed by the business and must be agreed upon by the health and safety regulator. An EU may be considered if there are remedial steps that the organisation can take to remedy the breach by improving safety in the workplace. It is not available for the most serious (Category 1) offences under the WHS laws.

An EU is a promise by an organisation which obliges them to refrain from, or carry out, specific activities to improve not only work health and safety, but which may also deliver benefits to industry and the broader community. The relevant state or territory regulator monitors the organisation to ensure that the EU commitments are being delivered.  If an accepted EU is not complied with, the regulator may apply for a court order to enforce compliance and impose financial penalties.

An EU can contain some very creative terms and achieve things a court order cannot.  WHS authorities have issued guides that detail what an EU must contain. Among the more interesting requirements are adopting strategies that will deliver worker, industry and community benefits.

In one example, a company promised to pay $5,000 per year, for the next three years to the Westpac Rescue Helicopter, as the increased funding would improve the response to traffic incidents, a key work health and safety risk in the company’s operations.

The full EU is available on each regulator’s website (see here for Workplace Health and Safety Queensland and here for WorkCover New South Wales).

The estimated value of the EUs which have been entered into in Queensland and NSW are worth noting ($427,335 in NSW for Terex Australia Pty Limited EU).  They are significant but are likely to be less than any court and legal fees which the businesses involved would incur if they were prosecuted by the regulator in court.

The maximum penalty for failure to comply with an EU is $50,000 for an individual or $250,000 for a body corporate. You should note however, that maximum penalties for Category 2 offences which do not follow the EU route and proceed to prosecution range from $300,000 for an officer, to $1.5 million for a company.

Have you done a WHS health check recently?


How can CompliSpace help?

CompliSpace’s comprehensive range of cost effective human resources policies, procedures, training and testing modules, ensure that managers and staff know what is expected of them and have key tools and information at their fingertips at all times.

This enables a business to meet its workplace relations obligations while building a positive corporate culture, capturing knowledge and saving time. For more information, contact us on the details below:

P: 1300 132 090

E:  contactus@complispace.com.au

W:  www.complispace.com.au

This blog is a guide to keep readers updated with the latest information. It is not intended as legal advice or as advice that should be relied on by readers. The information contained in this blog may have been updated since its posting, or it may not apply in all circumstances. If you require specific or legal advice, please contact us on 1300 132 090 and we will be happy to assist.

ASX Update: Gold fools: Newcrest’s woes continue

Gold fools: Newcrest’s woes continue

We recently wrote a blog about the importance of ASX listed entities maintaining satisfactory continuous disclosure practices and procedures following Newcrest Mining Limited’s (Newcrest) highly publicised breaches of its continuous disclosure obligations. On 2 July 2014 the Federal Court (Court) determined that Newcrest had on two occasions contravened its continuous disclosure obligations under the Corporations Act 2001 (Cth) and applied penalties of $1.2 million. The Australian Securities and Investments Commission (ASIC) and Newcrest had previously provided Joint Submissions to the Court which outlined their agreement on the proper penalties in relation to breaches that occurred between 28 May and 6 June 2013.

Newcrest’s time in court in 2014 has not ended there though. Slater & Gordon Lawyers (SGH) has commenced class action proceedings in Court on behalf of security holders who traded in Newcrest shares between 13 August 2012 and 6 June 2013, a wider range of dates than under the ASIC enforcement action. The class action alleges that Newcrest misled the market during the claim period by providing gold production guidance in August 2012 without reasonable grounds. It is also alleged that Newcrest breached its continuous disclosure obligations by failing to inform the market of price sensitive information.

On 7 June 2013, Newcrest informed the market that it would:

  • downgrade its forecast FY14 gold production;
  • write down all of the $3.8bn of goodwill on its balance sheet;
  • impair the carrying value of its mining operations by a total of $2.2bn; and
  • not declare a final dividend in FY13.

Newcrest’s share price fell by almost 20% following the disclosure of this information and subsequently, it announced an independent review of its disclosure and investor relations practices. Slater & Gordon is seeking compensation for the members of the class action who suffered loss or damage as a result of Newcrest’s alleged continuous disclosure contraventions, either because they acquired Newcrest shares which they would not have done, or they acquired them at a higher price then what they should have paid, had the market been properly informed.

Although Newcrest admitted to the disclosure breaches which formed the basis of the ASIC Settlement, it has said that it intends to ‘vigorously defend’ the class action. This latest court proceeding is emblematic of a new paradigm of class actions, where any breaches of corporate law may be subject to litigation-funder backed actions. Actions based on breaches of continuous disclosure obligations are currently in vogue, and are likely to continue in the current legal landscape.

As a side note, we admire Slater & Gordon’s audaciousness in taking on such a class action case as it is itself, an ASX listed entity. We hope any sermonising about continuous disclosure and shareholder rights do not come back to haunt it.

Win for Treasury Wine Estates and Leighton Holdings in class action

In a small win for Treasury Wine Estates Limited (TWE) and Leighton Holdings Limited (Leighton), the Supreme Court of Victoria has ruled that the solicitor for the lead class action plaintiff against each company is restrained from acting for that plaintiff. The solicitor in question is Mark Elliott, and the lead plaintiff, Melbourne City Investments Pty Ltd (MCI), happens to be an entity of which he is the sole shareholder and director.

MCI is a curious entity. According to the judgment, it owns small parcels of shares in TWE, Leighton and WorleyParsons Limited. These parcels were each acquired for less than $700 and this amount would be the most MCI could recover if the actions succeeded. On the facts, Justice Ferguson was prepared to draw the inference that:

  • MCI was created as a vehicle for class actions against these companies (for breaches of continuous disclosure obligations);
  • MCI would be the representative plaintiff in these class actions; and
  • Mr Elliott would act as MCI’s solicitor and earn legal fees from doing so.

Although Mr Elliott is acting on a ‘no win, no fee’ basis, Justice Fergurson noted that ‘it’s common knowledge that most litigation settles before judgment and that this is treated as a ‘win’ such that lawyers’ fees are paid’. Justice Ferguson ruled that, although the proceedings brought by MCI were not an abuse of process (that is, they were not brought for a predominately improper purpose), the proper administration of justice required that Mr Elliott be barred from acting as the solicitor for MCI. The factors that this decision was based on were:

  • a reasonable observer would conclude that Mr Elliott was the decision maker in the conduct of the proceedings both as MCI director and solicitor; and
  • ‘Mr Elliott is compromised in his role as a solicitor such that there would be a real risk that he could not give detached, independent and impartial advice’.

The upshot of this ruling is that Mr Elliott cannot act as the solicitor for MCI in this class action. Meaning that MCI must either engage separate representation (for fees), or a different lead plaintiff would need to be substituted in this action.

Although, in the scheme of this action, this victory does not represent a big win for the defendant listed entities, it is a rebuff to what could be said to be opportunistic lawyers. The ruling means that a strategy which involves incorporating a company for the purpose of class actions is not without hurdles. Justice Ferguson found that the proceedings themselves did not bring the administration of justice or the legal profession into disrepute, meaning that, with some procedural adjustments, they could continue.

For TWE and Leighton, this victory may prove futile, as the proceedings against them continue.

Pitfalls and protesters: Whitehaven Coal hoaxer sentenced

Anti-coal campaigner Jonathan Moylan has been sentenced in the NSW Supreme Court. He is to serve a a suspended sentence of 1 year and 8 months, on condition that he be of good behaviour for two years.

Mr Moylan earned the ire of market participants, shareholders and journalists when, on 7 January 2013, he published a false media release in the name of ANZ banking Group Limited (ANZ) informing the market that the bank had purportedly withdrawn a $1.2 billion loan facility from Whitehaven Coal Limited’s (Whitehaven) Maules Creek Coal Project. In doing so, Mr Moylan contravened s 104E(1) Corporation Act 2001 (Cth), an offence which carries a maximum penalty of 10 years imprisonment, or a fine of $765,000, or both. He also impersonated an ANZ officer and fielded enquiries as such from journalists.

Those actions had serious repercussions. In the period between the release and the subsequent hold on trading in Whitehaven’s shares, 2,881,334 shares were traded – more than 20 times the average volume of trades. The persons who made these trades were investors, brokers acting for self-managed super funds, managed funds and other wholesale investors. There was a 8.7% reduction in Whitehaven’s share price, which represented a reduction to the market capitalisation of Whitehaven of $300 million.

It was of considerable interest in this case that the offence was unique. As Justice Davies stated in his judgment, ‘persons ordinarily charged under this section have tended to disseminate false information for the purpose of receiving some gain for themselves or for some company which they are involved’.  However the section has the capacity to extend beyond those types of cases and in Mr Moylan’s case, his motivations were for personal political reasons, rather than personal financial gain.

In his Honour’s judgment, Justice Davies considered a statement made by Mr Moylan’s barrister, to the effect that ‘the journalists more than the Offender ought to be held to account for the ultimate effect on the market [of the false press release]. In rejecting this submission, Justice Davies said that ‘it is quite hypocritical of the Offender to point the finger at them when he set up the false media release intending… that at least some of them would accept it as genuine’.

Mr Moylan will be required to be of good behaviour for the next two years, which includes not committing any further offences. Mr Moylan was required to pay a $1000 surety and he is now asking for community donations to recompense him for this payment via his website.

ASX entities should take note of the risks of such activism and fraudulent behaviour. Although the law properly provides a deterrent to such actions, Mr Moylan’s actions demonstrate the relative ease at which individuals can sabotage an ASX entitiy’s formal communications and disclosure processes. To commit his offence Mr Moylan purchased the domain name ‘anzcorporate.com’ and created an email address ‘media@anzcorporate.com’. He also downloaded the ANZ logo. An ASX entity’s intellectual property is one of its most important assets and Mr Moylan’s actions should sound an alarm-bell for entities to check their own intellectual property inventories and re-visit, or develop, their current policies and procedures in place to protect it.

ASX entities are required to formally manage risk, and in light of Mr Moylan’s case there are some measures which should be considered as part of good corporate practice:

  • as a control for possible misinformation, entities should remember that official ASX market announcements are the ‘front door’ of information for investors;
  • assess inherent risks to IP protection and implement policies to address those risks;
  • entities should consider the political risks associated with their activities; and
  • entities should have in place a means by which to quickly and effectively execute their obligations to manage their listings on the ASX, such as the use of the trading halt.

Financial Services Update: ASIC cracks down on AFSL compliance breaches

In this edition:

  • Deficient advice and supervision results in ASIC action; and
  • ASIC tip-off leads to unfair dismissal claim from whistleblower.

Deficient advice and supervision results in ASIC action

Deficient and lax compliance at PGW Financial Services Pty Ltd (PGW) has led to the acceptance by the Australian Securities and Investments Commission (ASIC) of an enforceable undertaking (EU) from PGW. As part of the EU, PGW must appoint an independent expert or risk losing its Australian Financial Services Licence (AFSL). This serves as a reminder to all financial services providers to have appropriate resources and procedures in place when providing advice to clients. PGW provided the EU to ASIC after surveillance by ASIC in April 2013 found deficiencies in its advice to clients and arrangements for supervising its authorised representatives.

First, a little history. PGW had appointed a number of ex-representatives of AAA Financial Intelligence Limited and AAA Shares Pty Ltd (together, the AAA Group). The AAA Group had its AFSL cancelled by ASIC in February 2013 for ‘comprehensively and repeatedly’ failing to comply with its obligations under the Corporations Act 2001 (Cth) (Corporations Act) and the conditions of its AFSL. ASIC was particularly concerned about the level of supervision of the representatives which the AAA Group had appointed and, in effect, their conduct and the advice they provided to retail clients.

Fast forward 12 months to 2014, and PGW has found itself haunted by the legacy AFSL issues of the AAA Group.

The ASIC action focuses around the obligations AFSL holders need to comply with under the Corporations Act. Namely that, in addition to ensuring that their financial services are provided ‘efficiently, honestly and fairly’, they need to:

  • take reasonable steps to ensure that its authorised representatives comply with the financial services laws;
  • ensure that its authorised representatives are adequately trained, and are competent to provide those financial services; and
  • have available adequate resources (including financial, technological and human resources) to provide the financial services covered by their AFSL and to carry out supervisory arrangements.

ASIC’s surveillance of PGW and its 49 authorised representatives found:

  • numerous instances where financial product advice provided by PGW to clients did not demonstrate:
    • a reasonable basis for the recommendations made; and
    • compliance with disclosure obligations applying to advice on switching financial products;
  • failures by PGW to maintain:
    • human and technological resources; and
    • records of financial services provided to clients.

Regarding the supervision of its authorised representatives, ASIC was concerned that PGW failed to:

  • assess the competency of representatives before their appointment;
  • ensure the adequate training of representatives; and
  • respond to failures identified during the licensee’s audit process.

As part of its EU, the ASIC-approved independent compliance expert must also assess PGW’s provision of financial services, including a review of the personal advice provided by its authorised representatives.

AFSL holders should see this case as an illustration of the compliance risks inherent when they ‘rapidly increase their numbers of representatives, particularly where those representatives have come from other licensees’. Changes to a business’s size and structure will alter its risk profile, necessarily meaning that its risk management procedures will need to adapt accordingly. An adequate risk management system should account for the need to monitor and train authorised representatives as part of a strategy to control the risks of a compliance breach.

ASIC has various Regulatory Guides (RGs) which explain its expectations not only of the required practices, but also good and prudent industry practice by AFSL holders (for example, RG104 Licensing: Meeting the general obligations and RG146 Licensing: Training of financial product advisers).

ASIC expects AFSL holders to ensure that their authorised representatives meet their obligations under the Corporations Act. To do this, they must have in place policies and processes for the training, supervision and monitoring of its authorised representatives to meet the standards laid out by ASIC.

Policies should not be ‘tokenistic'; they must be actively enforced by the organisation. It is not enough to just simply ask authorised employees to undertake an internal training program upon their commencement of employment as this is not a reasonable way of ensuring compliance. Proper employee screening should be done prior to their engagement to confirm that prospective employees have adequate training. An AFSL holder is also responsible for ensuring that its authorised representatives maintain the skills necessary to ensure that it continues to provide financial services advice which complies with its legal obligations, in addition to protecting its clients from incompetent financial advice. 

Ultimately, PGW’s chickens came home to roost in this case as the EU reminds them that regardless of how, or by whom, the financial services were provided under the AFSL, PGW was responsible. All AFSL holders should re-visit their own risk management and training procedures in light of PGW’s failures.


ASIC tip-off leads to unfair dismissal claim from whistleblower

The foreign-exchange broker at Pepperstone Financial (Pepperstone) who told ASIC about alleged insider trading activity between the Australian Bureau of Statistics (ABS) and National Australia Bank (NAB) has launched an unfair dismissal claim against Pepperstone after he was sacked.

Joel Murphy was running the sales division of Pepperstone when allegedly he says he noticed suspicious trading on the foreign exchange market between two clients, NAB employee Lukas Kamay and ABS employee Christopher Hill.  Pepperstone informed ASIC about the unusual activitiy, which led to an investigation by the Australian Federal Police.  The AFP’s investigation revealed an alleged $7 million insider trading operation and Mr Kamay and Mr Hill were arrested in May after the Police monitored foreign exchange trades allegedly made by Mr Kamay through his Pepperstone account.

Mr Murphy claims that his employment contract with Pepperstone was terminated on the same day that the news of the insider trading scandal broke.  According to a report by the Sydney Morning Herald, Pepperstone’s reason for Mr Murphy’s termination was due to ‘global FX market volatility being at record lows … and the entire FX trading market contracting’.
Mr Murphy is claiming that he was unlawfully terminated by Pepperstone as a result of the protected disclosure and that he should have been offered protection under the whistleblower protection provisions under the federal Corporations Act 2001 (Cth) (Corporations Act).  The Corporations Act protects certain whistleblower activities, and protects whistleblowers from victimisation. These protections are designed to encourage people within companies, or with special connections to companies, to alert ASIC and other authorities to illegal behaviour.
To fall within the whistleblower protections under the Act, the whistleblower must meet the following criteria:
  1. they must be an officer, employee, contracted supplier or employee of an contracted supplier of the company the disclosure is about;
  2. the conduct must be reported to ASIC, a member of the company’s auditing team, an officer of the company, member of company senior management or another person authorised to receive that information at the company;
  3. they must disclose their name to the authorised person/ASIC when making the disclosure;
  4. they must have reasonable grounds to believe that the company or an officer/employee of the company has, or may have, contravened the Act or the Australian Securities and Investments Commission Act 2001 (Cth); and
  5. the disclosure is made in good faith.

Mr Murphy is seeking damages of $904,779 based on bonuses he says he was owed for the period.

However, even though the Corporations Act makes it a criminal offence to victimise a whistleblower, as well as entitling the whistleblower to seek reinstatement and compensation, ASIC is not actually obliged to take action itself under the Act to protect the whistleblower.  On its website ASIC maintains that it ‘can and will’ investigate allegations of victimisation, but that due to its limited resources it will concentrate on investigating the alleged misconduct rather than the victimisation.  Under ASIC’s current whistleblower approach, it’s up to the whistleblower to enforce their rights for protection and reinstatement or compensation if they believe that they have been victimised as a result of their disclosure. The ASIC website repeatedly recommends that the whistleblower seek their own legal advice.

The Senate Economics Committee’s (Committee) report on ASIC’s performance (see our blog) acknowledged the importance of encouraging whistleblowers and was generally scathing  in its criticism of ASIC’s approach, and highlighted the need for legislative reform.

The Committee also acknowledged the importance of companies having internal whistleblower systems in place. Employees are more likely to report misconduct, fraud and corruption, if they are confident that the company will protect them.  A company whistleblower policy is also a sign that the comany takes its ethical obligations seriously. Vincent Quattropani, Managing Director, Your-Call Disclosure Management Services explains the organisational benefits of having a clear and comprehensive whistleblowing policy:

‘from our experience, companies that have a robust whistleblowing regime, that is compliant with Australian Standards and legislation, will always operate at a higher level of corporate governance’.

Having an internal, well-communicated whistleblower process benefits the company by encouraging the reporting of non-compliance to them in the first instance.  While painful in the short term, the disclosure enables a company to fix problems which can minimise or avoid the risk of significant financial losses to the company, legal penalties and public relations discussion.


How CompliSpace can help
Australian Financial Services Licence holders are inundated with a raft of corporate governance obligations and an ever-growing compliance burden, that can distract focus away from core business activities.

CompliSpace provides industry-specific policies, programs and procedures to ease the burden of compliance.

Our compliance and corporate governance solutions include Whistleblower, AFSL, AML/CTF and other industry-specific compliance programs.

Contact Details
P: 1300 132 090
E: contactus@complispace.com.au
W: http://www.complispace.com.au

This blog is a guide to keep readers updated with the latest information. It is not intended as legal advice or as advice that should be relied on by readers. The information contained in this blog may have been updated since its posting, or it may not apply in all circumstances. If you require specific or legal advice, please contact us on 1300 132 090 and we will be happy to assist.




Get every new post delivered to your Inbox.

Join 3,020 other followers

%d bloggers like this: