The International Investigations Review: Australia


The Australian government has empowered several regulatory bodies to investigate and prosecute corporate misconduct. These include:

  1. the Australian Securities and Investments Commission (ASIC), which is Australia's primary corporate regulator. ASIC enforces and regulates company law;
  2. the Australian Competition and Consumer Commission (ACCC), which enforces and regulates competition and consumer laws;
  3. the Australian Tax Office (ATO), Australia's principal revenue collection agency, which enforces and administers the federal taxation system; and
  4. the Australian Transaction Reports and Analysis Centre (AUSTRAC), which is the national financial intelligence agency. It enforces anti-money laundering and counterterrorism financing laws.

When a matter is referred for criminal investigation, it is often investigated by the Australian Federal Police (AFP), the national enforcement agency. The AFP is solely responsible for investigating contraventions of commonwealth criminal law. The Commonwealth Director of Public Prosecutions (CDPP), the national prosecutorial agency, is in turn responsible for the prosecution of alleged offences against commonwealth law.

These agencies conduct joint investigations. In 2015, the federal government established the Serious Financial Crime Taskforce (SFCT), which is an ATO-led joint-agency taskforce that includes the AFP, the Australian Criminal Intelligence Commission, AUSTRAC, ASIC and CDPP. The SFCT focuses on serious financial crime typologies such as offshore tax evasion, illegal phoenix activity and investment fraud. The SFCT facilitates inter-agency information, resource and skills sharing to identify and address the most serious and complex forms of these crimes, both in Australia and overseas.

All of these regulatory bodies and law enforcement agencies have, in some form, compulsory powers that can require individuals and companies to produce documents and information, including attendance at compulsory examinations where there is no privilege against self-incrimination. They also encourage cooperation when exercising their investigative functions.

When Australian legal practitioners conduct an internal investigation, it is likely to be in the context of a regulatory probe by one of these Australian government bodies, which may also include a concurrent criminal investigation by the AFP.


i Self-reporting

Australian regulators have had long-standing formal mechanisms in place for self-reporting of both civil and criminal wrongdoing. The AUSTRAC, the ACCC and ASIC, for example, all have specific mechanisms for self-reporting, whether it be mandatory or voluntary. The ACCC has detailed provisions for the reporting of cartel conduct; if you are in a cartel, you can apply for immunity from prosecution in exchange for helping with the ACCC's investigation. Similarly ASIC relies heavily on self-reporting to fulfil its regulatory oversight of the financial services sector. If a corporate cooperates with ASIC, it can:

  1. fully recognise that cooperation (taking into account whether the corporate has a self-reporting obligation);
  2. negotiate alternative resolutions to the matter;
  3. take into account the degree of cooperation provided during the investigation when determining the type of remedy or remedies sought, depending on all the circumstances of the case;
  4. in administrative and civil matters (other than civil penalty matters), make particular submissions to the tribunal or court as to what the outcome should be;
  5. in civil penalty matters, take the corporate's cooperation into account; and
  6. in criminal matters, take the corporate's cooperation into account.2

Another notable example of self-reporting is the recent formalisation of policy concerning foreign bribery, reflective of Australia's ever-growing presence on the international stage. In 2017, the AFP and the CDPP released joint guidelines clarifying the principles and processes that apply to corporations who self-report conduct involving a suspected breach of Division 70 of the Criminal Code 1995 (Cth) (the Criminal Code)3 concerned with the bribery of foreign public officials. While there is no obligation to self-report suspected breaches of Division 70, a corporate may report to the AFP suspected criminal conduct by the corporation, its officers, employees or agents. A corporation may self-report conduct by its officers or employees without admitting criminal responsibility on the part of the corporation. There are, as the guidelines suggest, many reasons why a corporate would choose to self-report wrongdoing:

  1. to proactively identify and address wrongdoing within the company;
  2. to comply with directors' statutory and fiduciary duties to act in the best interests of the company;
  3. to limit corporate criminal liability;
  4. to minimise reputational damage;
  5. to demonstrate a cooperative intent with the AFP in investigating the conduct;
  6. to maximise the sentencing discount that will be available to the company in any relevant prosecution of the company; and
  7. to be a good 'corporate citizen'.4

A corporation that has made a self-report is subsequently expected to provide full and frank disclosure and assistance to investigating authorities. The corporation is expected to give full access to related documents, including the provision of reports prepared by the corporation or its lawyers, and access to any potential witnesses who may ultimately give evidence in court. Assistance has its clear benefits; the corporation can be given an undertaking that evidence given by the corporation as a witness is not admissible, whether directly or derivatively, against the corporation in any civil or criminal proceedings.5 The corporation can also be given an indemnity from prosecution, but this indemnity does not prevent a proceeds of crime authority from commencing civil confiscation proceedings under the Proceeds of Crime Act 2002 (Cth).

The implementation of the guideline is in line with Australia's overall commitment to combat foreign bribery. Australia is a signatory to the Organisation for Economic Co-operation and Development's (OECD) Anti-Bribery Convention. The Phase 4 review of Australia's implementation of the Anti-Bribery Convention occurred in December 2017, and the Phase 4 follow-up was completed in 2019. The 2021 addendum to the follow-up notes that Australia continues to progress several recommendations, including adequately funding the CDPP to ensure that the agency is sufficiently resourced to prosecute foreign bribery cases, including against corporate persons.6

ii Internal investigations

The 2017 Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (the Royal Commission) shed light on the practices and culture of the financial services industry, revealing inadequacies in the investigative and reporting practices adopted by some of Australia's largest corporate entities. Common criticisms levelled at these entities concern the delay in reporting misconduct, general obfuscation, misleading behaviour and interference with functions of the corporate regulator, and questionable 'independent reporting' by law firms retained to conduct internal investigations and respond to regulatory probes.

The final report of the Commissioner, the Honourable Kenneth M Hayne AC QC, was submitted on 1 February 2019. The report included 76 recommendations relating to the conduct of banks, mortgage brokers, financial advisers and superannuation trustees as well as Australia's financial services regulators. The Commissioner invited ASIC to investigate 11 potential instances of criminal misconduct, with the view of instigating criminal or other legal proceedings as appropriate. The report stressed the need for supervisory bodies such as the Australian Prudential Regulation Authority and ASIC to build a supervisory programme 'focused on building culture that will mitigate the risk of misconduct'.7

Following the release of the final report, ASIC announced that it would establish an internal 'Office of Enforcement', creating a separate department for enforcement staff with a specific focus on court-based outcomes.8 The ASIC Office of Enforcement is now established and is operational following a A$404 million federal government investment package. A marked shift by the agency towards increased investigation and litigation is evidenced by the 99 investigations that it commenced between January and June 2020, and its laying of 233 criminal charges. Between 1 January 2020 and 30 June 2020, ASIC prioritised the following kinds of misconduct:

  1. significant market misconduct: misconduct that is serious either by its nature or extent of harm, or that involves a large market participant or licensed entity;
  2. misconduct that involves a high risk of significant consumer harm, particularly involving vulnerable consumers; and
  3. misconduct by individuals, particularly criminal conduct or governance failures, at board or executive level.9

The inadequacies revealed by the Royal Commission illustrate that the decision to investigate can be a difficult one, particularly where there is a grave risk of reputational damage and the consequent erosion in public confidence in the organisation. Of primary concern is whether an internal investigation is required to comply with a relevant law, regulation or corporate policy. A secondary concern must always be the exercise of balancing the costs associated with any internal investigation and the effects of inactivity, delay and failing to investigate.

Commonly, internal investigations are undertaken by a lawyer or team of in-house lawyers. Sometimes, because of the scope or complexity of an investigation, external law firms will be briefed alongside specialist investigators, auditors and accountants. These firms usually specialise in civil litigation and corporate law more generally. However, the emerging understanding of the internationalisation of economic crime may change this paradigm. Advances in digital technology have driven an increase in incidences of white-collar crime and cybercrime. Corporations may think it prudent to use specialist criminal lawyers to provide advice much earlier in the investigation process and, where appropriate, assist in the conduct of the internal investigations. Where there is a concurrent regulatory probe with parallel criminal investigations in multiple jurisdictions, complex transnational criminal issues may arise that concern:

  1. the right against self-incrimination;
  2. the use of the exchange of information and data between jurisdictions for criminal investigation and prosecution; and
  3. if there is a request for extradition, whether dual criminality or double jeopardy is applicable.

In-house lawyers need to be aware of the possibility that an internal investigation can lead to both civil and criminal proceedings, sometimes running concurrently, and sometimes crossing multiple jurisdictions.

iii Whistle-blowers

In 2019, the Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 20197 (the Act) came into force, some 13 years after the introduction of the first legislative protection for whistle-blowers in the Corporations Act 2001 (Cth) (the Corporations Act).

The Act created a single, consolidated whistle-blower protection regime under Part 9.4AAA of the Corporations Act and a regime in the Taxation Administration Act 1953 (Cth) through various legislative amendments. It also repealed previous financial whistle-blower regimes.

The Act was introduced because of perceived deficiencies in the existing regime, namely gaps in whistle-blower protection. Prior to its introduction, statutory protection for some whistle-blowers was non-existent or only piecemeal in other areas, and some protections had not been adjusted to reflect the actual remits of regulators.

The amendments to the Corporations Act were designed to encourage the disclosure of civil and criminal wrongdoing, particularly in the private sector, to improve overall compliance with laws and regulations by corporations. The government considers that whistle-blowers play a critical role in uncovering corporate crime, particularly because of the difficulties faced by law enforcement in detecting corporate misconduct.

The changes to protections in the Corporations Act are overwhelmingly positive. Whistle-blowers are no longer required to identify themselves when making a disclosure, and the types of persons and bodies that are allowed to disclose the identity of whistle-blowers have been comprehensively clarified. A qualifying disclosure now exists where the whistle-blower 'has reasonable grounds to suspect' that the information concerns:

  1. misconduct;
  2. an improper state of affairs or circumstances;
  3. conduct that represents a danger to the public or the financial system; or
  4. a contravention of any law.

Previously the disclosure had to have been made in good faith to qualify.

Existing immunities have been extended and the amendments ensure that information that is part of a protected disclosure is not admissible in evidence against that whistle-blower in a prosecution for an offence (other than in proceedings concerning the falsity of the information). The remedies available to whistle-blowers who suffer detriment because of a qualifying disclosure have been expanded. The Act creates a civil penalty provision to address the victimisation of whistle-blowers and allows for the criminal prosecution of victimisers. Other remedies, such as compensation, have been simplified. A person can seek compensation for loss, damage or injury suffered as a result of a victimiser's conduct, where that conduct causes any detriment to another person or threatens to cause detriment to another person, believing or suspecting that a person made, may have made, proposes to make, or could make a qualifying disclosure; and the belief or suspicion is the reason, or part of the reason, for the conduct.

As of 1 January 2020 the Act also addresses corporate governance concerns by introducing a requirement for large proprietary companies and proprietary companies that are trustees of registrable superannuation entities to implement whistle-blower policies. The policies must detail the protections available to whistle-blowers, how and to whom disclosures can be made, the support that the corporate will offer to whistle-blowers, the corporate's investigation process and how the corporate will ensure fair treatment of employees mentioned or referred to in whistle-blower disclosures.

Comparable amendments to the Taxation Administration Act 1953 (Cth) introduced protections and remedies for whistler-blowers who make disclosures about breaches or suspected breaches of Australian taxation law or taxation-related misconduct. As with the amendments to the Corporations Act, the revised Act offers protection for whistle-blowers from civil, criminal and administrative liability in respect of qualifying disclosures, the creation of offences in respect of conduct that causes detriment to a person, and offers a mechanism for court-awarded compensation to persons who suffer damage in respect of a qualifying disclosure.

The whistle-blower amendments align Australia with international developments, and will lead to an increase in regulatory and criminal investigations, as well as prosecutions of corporations.


i Corporate liability

Civil and criminal corporate liability can be derived from common law or from statute. The standard of proof in civil proceedings is 'on the balance of probabilities', while in criminal proceedings it is 'beyond a reasonable doubt'.

Under common law, a corporation is liable for the conduct and guilty mind of a person or persons who are the directing will and mind of the corporation. Commonly, that person or persons will be the managing director, board of directors or a person who has the authority to act on the corporation's behalf. Corporate criminal liability can also extend to employees or agents acting within the actual or apparent scope of their employment, if the corporate expressly, tacitly or impliedly authorises or permits the conduct that is the subject of the offence.

Statutory liability is more clearly defined. Chapter 2, Part 2.5, Division 12 of the Criminal Code outlines corporate criminal responsibility as it applies to the Code. The Criminal Code applies to bodies corporate in the same way it applies to individuals (or where provided, with modifications). For the most part, offences under the Criminal Code have physical elements (action or conduct) and fault elements (intention, knowledge, recklessness or negligence). These elements must be satisfied beyond reasonable doubt for an offence to be proven beyond reasonable doubt. Notably, a body corporate may be found guilty of any offence under the Criminal Code, including one punishable by imprisonment.

Where a physical element of an offence is committed by an employee, agent or officer of a body corporate acting within the actual or apparent scope of their employment, or within their actual or apparent authority, the physical element must also be attributed to the body corporate. If intention, knowledge or recklessness is a fault element in relation to a physical element of an offence, that fault element must be attributed to a body corporate that expressly, tacitly or impliedly authorised or permitted the commission of the offence. Authorisation or permissions may be established by various modes of proof.

Other acts of Parliament, such as the Corporations Act and the Australian Securities and Investments Commission Act 2001 (Cth) (the ASIC Act), contain similar liability provisions.

However, it is anticipated that Australia's existing corporate liability regime will soon be subject to radical transformation. In 2019, the Attorney-General of Australia referred to the Australian Law Reform Commission (ALRC) for inquiry and report a consideration of whether and, if so, what reforms are necessary or desirable to improve Australia's corporate criminal liability regime. The ALRC delivered its report on Corporate Criminal Responsibility to the Attorney-General on 30 April 2020, concluding that:

In its current form, the law relating to corporate misconduct is both unjust and unfair. The civil regulatory regime does not adequately reflect the culpability of individuals who commit the crimes for the advantage of a business . . . [under the current law] the model for corporate liability was and remains manifestly at odds with the realities of the diffusion of managerial powers in large corporations.

The Report made 20 recommendations for reform intended to simplify and standardise the law. The ALRC recommended that the Australian government:

  1. ensure there is a principled basis for criminalising corporate conduct, justify new offence provisions, and stop the use of infringement notices for criminal offences applying to corporations;
  2. use one clear method to determine whether a corporation is responsible for a crime, hold corporations responsible for persons acting on their behalf regardless of their job title, and ensure organisational fault is required for conviction of corporations;
  3. introduce new criminal laws to prevent repeated civil penalties from being treated as a 'cost of doing business';
  4. give courts specific factors to consider and allow courts to impose non-monetary penalties, dissolve a corporation and disqualify its management. Provide the ability to order pre-sentence reports and consider victim impact statements. Develop a national debarment regime to restrict corporations convicted of criminal offences from obtaining government contracts;
  5. review individual accountability mechanisms for corporate misconduct within five years of the new Financial Accountability Regime coming into force;
  6. consider laws to hold corporations responsible when they fail to prevent an associate from committing serious crimes overseas on the corporation's behalf; and
  7. require judicial oversight and publication of reasons in open court.

While the federal government has acknowledged the ALRC's recommendations, the extent to which they will be implemented remains to be seen. However, the shift towards more assertive enforcement action has already commenced, reform focusing on simplification of Part 2.5 of the Code and consolidation of the presently diverse corporate liability regulatory landscape in Australia will further strengthen and simplify means by which the regime can be used to attribute corporate criminal liability and create an environment hostile to criminal contraventions on the part of corporate bodies.

ii Penalties

The main form of penalty imposed on a corporate body is a fine.

Statutory fines have defined maximum limits, either expressed by a maximum number of penalty units that can be imposed or by a monetary figure. As of 1 July 2020, in a law of the commonwealth or territory ordinance, unless the contrary intention appears, one penalty unit amounts to A$222. The quantum of the fine can be significant. For example, if a corporate body is found guilty of the offence of bribery of a commonwealth public official, the maximum fine that can be imposed is 100,000 penalty units (amounting to more than A$22 million).

Serious offences can, in certain circumstances, lead to the company being wound up pursuant to Section 461 of the Corporations Act 2001 (Cth). Similarly, serious offences can lead to confiscation proceedings being brought by the AFP pursuant to the Proceeds of Crime Act 2002 (Cth) (the Act). The Act provides a scheme to trace, restrain and confiscate the proceeds of crime against commonwealth law. In some circumstances, it can also be used to confiscate the proceeds of crime against foreign law or the proceeds of crime against state law (if those proceeds have been used in a way that contravenes commonwealth law). It is expected that the proceeds of crime laws will increasingly be applied to white-collar matters where, in the past, they have been mostly applied to general crime.

Under 2018 amendments to the Corporations Act and the ASIC Act, the maximum civil penalty amounts for individuals are at least 5,000 penalty units (amounting to A$1.11 million) or three times the financial benefits obtained or losses avoided; and, for corporations, at least 50,000 penalty units (amounting to A$11.1 million) or three times the value of benefits obtained or losses avoided, or 10 per cent of annual turnover in the 12 months preceding the contravening conduct (but not more than 2.5 million penalty units (A$555 million)).

Other penalties include enforceable undertakings, where the company must carry out or refrain from certain conduct. These are not available where the penalty imposed is dealt with by criminal sanction and are only appropriate for minor breaches of the law.

iii Compliance programmes

A corporate's compliance programme will be relevant to the corporate's criminal liability. For example, liability for some offences charged pursuant to the Criminal Code can be established on the basis that the corporate impliedly authorised the offending conduct by failing to create and maintain a culture that required compliance with the relevant provision. In addition, the existence of a compliance programme would be relevant under Section 12.3(3) of the Criminal Code, which holds that Section 12.3 (2)(b), relating to the requisite intent, does not apply if the body corporate proves that it exercised due diligence to prevent the conduct, or the authorisation or permission. The proposed ALRC recommendations considered above suggest that a compliance programme be expressly provided for as a defence.

Notably, a corporation may rely on the defence of mistake of fact pursuant to Section 9.2 of the Criminal Code. To do so, the corporate must prove that the corporation exercised due diligence, in which a case a compliance programme would be a relevant consideration. Additionally, the existence and effectiveness of a compliance programme may be a relevant factor at sentence proceedings, as it can change the court's assessment of objective criminality of the offence.

The requirements or recommended elements of any corporate compliance programme are dependent on the statutory regime engaged. For example, the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 requires 'reporting entities' to have an anti-money laundering and counterterrorism financing compliance programme specifying how they comply with the relevant legislation and how they identify, mitigate and manage the risk of products or services being used for money laundering or terrorism financing. The relevant regulatory body, AUSTRAC, can impose a range of legal actions against entities that fail to comply with the regime, including the issuance of infringement notices and the imposition of civil penalty orders of up to 100,000 penalty units ($A22.2 million) for a corporate.

iv Prosecution of individuals

Chapter 2D, Part 2D.1, Division 1 of the Corporations Act provides for the general duties of officers and employees of a corporation. Section 180 imposes a civil obligation of care and diligence; Section 181 imposes a civil obligation to act in good faith in the best interests of the corporation; Section 184 makes it a criminal offence if a director or other officer of a corporation is reckless or intentionally dishonest in failing to exercise their powers and discharge their duties in good faith in the best interests of the corporation or for a proper purpose. Furthermore, under Section 184, if an employee of a corporation uses their position or uses information dishonestly to gain an advantage, they are also liable to a criminal penalty.

Whether an individual is prosecuted or not for contraventions of the Corporations Act will depend on the severity and nature of the contravention.


i Extraterritorial jurisdiction

By being dependent upon the offence, Australia's corporate and criminal laws have limited extraterritorial application. Typically, the laws will require the act, omission or person to have some connection with Australia.

Under the Criminal Code, a person does not commit an offence unless the conduct of the alleged offence occurred wholly or partly in Australia, or the result of the conduct occurs wholly or partly in Australia.10 Geographical jurisdiction is extended in certain circumstances; for example, where at the time of the alleged offence the offence occurs wholly outside the jurisdiction of Australia, and the person is an Australian citizen or the person is a body corporate incorporated by or under a law of the commonwealth or of a state or territory.11

The regulation of corporations under the Corporations Act extends to foreign corporations who are 'carrying on business' in Australia.12 For example, the power to disqualify individuals under the Corporations Act is limited to the time when those individuals are managing a foreign corporation, unless the act or omission occurred in connection with the foreign company carrying on business in Australia; or if the act or omission was done or proposed to be done in Australia; or if the act or omission was a decision made by the foreign company whether to carry out or to refrain from doing an act in Australia.13

ii International cooperation

Australia cooperates with overseas law enforcement and regulatory bodies through both formal and informal channels, across multilateral and bilateral treaties and under international conventions.

Inter-agency cooperation

ASIC, for example, has agreements with several other countries' law enforcement authorities, including Austria, Brazil, China, France and Japan. These memorandums of understanding enable the exchange of information and for mutual cooperation and assistance to investigations.14 However, there are some restrictions on the extent to which ASIC can provide assistance to foreign authorities. Sections 6 and 7 of the Mutual Assistance in Business Regulation 1992 (Cth) require ASIC to receive authorisation from the Attorney-General prior to obtaining documents and testimony on behalf of foreign authorities.

Other Australian law enforcement agencies also have agreements with their international counterparts. Notably, the AFP is part of the International Foreign Bribery Taskforce. This force involves the Federal Bureau of Investigations, the Royal Canadian Mounted Police, the AFP and the United Kingdom's National Crime Agency working together to provide information and cooperation on cross-border anti-corruption investigations; it allows for the agencies involved to share knowledge, investigative techniques, methodologies and best practice.15

Australia is also a member of the Joint Chiefs of Global Tax Enforcement (J5), established in 2018 in response to a call from the OECD for countries to better tackle enablers of tax crime. The J5, which includes the United Kingdom, the United States, Canada and the Netherlands, seeks to combat the interrelated issues of global tax evasion, money laundering and cryptocurrency. Australia participates in the J5 through the ATO and SFCT. The partner nations share information and intelligence. The ATO website notes that there have been hundreds of data exchanges between J5 partner agencies and estimate that there has been more data exchanged in the past year than in the previous 10 years combined.16 This information and resource sharing allows the SFCT to more effectively combat financial crime that operates across multiple tax jurisdictions.

Tax information exchange agreements

International cooperation on issues of corporate crime is also achieved through Australia's involvement in tax information exchange agreements (TIEAs) as developed by the OECD. These agreements allow for an obligation between Australia and non-OECD countries to assist each other by requesting the exchange of tax information to eliminate the avoidance of tax. The information that can be exchanged is limited to when a specific investigation is occurring.17 Australia has TIEAs with a number of countries, including the Bahamas, the Cayman Islands, Guatemala, Liechtenstein and Vanuatu.18

Treaties and conventions regulating international criminal cooperation

Australia is party to several treaties regulating international criminal cooperation between state parties. Extradition requests (either made by Australia or received by Australia) are governed by the operation of the Extradition Act 1988 (Cth), while requests for investigative assistance are governed by the Mutual Assistance in Criminal Matters Act 1987 (Cth) (the MLA Act). Extradition is most commonly used for offences committed against the person; however, the MLA Act is regularly used in respect of white-collar offences and increasingly for asset confiscation proceedings, which could have ongoing utility with regard to corporate misconduct. Notably, mutual legal assistance requests can be made by a defendant with the approval of a court. However, the court will consider several matters, which the defendant ought to demonstrate, including a legitimate forensic interest in the documents and unfair prejudice in the substantive proceedings should the material not be available.19

Similarly the Hague Convention on the Taking of Evidence Abroad in Civil or Commercial Matters allows for evidence to be taken through Australian courts for use in a foreign civil proceeding following a request by a foreign court.20 Every state and territory in Australia has legislation that allows for evidence to be taken in this way, and often when such evidence is being sought, it is not uncommon for there to be a criminal investigation already under way. Notably, some protections are preserved under the Convention, the fifth amendment, for example, can be claimed in Australia where the subpoenaed party faces criminal charges in the United States. The use of international mechanisms such as the Hague Convention, when corporations are subjected to both regulatory and criminal prosecutions, is likely to become more prevalent, until such time as an international convention or treaty specifically focusing on economic crime is adopted. In the meantime, substantive legal issues such as mutual assistance across jurisdictions, including adequate safeguards for human rights such as the right to a fair trial and privacy, will need to be considered by the courts on a case-by-case basis, under domestic law's interpretation of the Hague Convention.

iii Local law considerations

Privacy is a major concern when information is shared with overseas entities and authorities. Schedule 1 of the Privacy Act 1988 (Cth) contains the Australian Privacy Principles (APPs). These principles outline that where information is being shared by an APP entity (including the AFP and bodies established by a commonwealth enactment such as ASIC) to an overseas recipient, the entity must take reasonable steps to ensure that the recipient does not breach the principles.21 However, this principle does not apply where disclosure is required or authorised by an international agreement relating to information sharing, or is reasonably necessary for enforcement-related activities.22 This means that the principles will not apply in instances such as when the AFP or ASIC sends information to other regulatory agencies to provide information relevant to ongoing investigations. Currently, there is little jurisprudence in Australia dealing with the proper parameters on the exchange of information across jurisdictions where criminal sanctions may apply. This is an area in which Australian courts may become more involved, as the internationalisation of economic crime has been attended by a significant increase in the dissemination and sharing of information about individuals and corporations with, to date, very little oversight by Australia's judiciary.

Year in review

The past year has confirmed Australia's ongoing shift towards aggressive enforcement action against corporate misconduct. In 2019, the federal government continued its post-Royal Commission reform measures by announcing a A$35 million investment to extend the federal court's jurisdiction to cover corporate crime. Similarly in 2018, the federal government committed A$127.6 million to the SFCT over four years for investigations and prosecutions that address specific crime typologies, including investment fraud and tax evasion.

In response to the federal government's push for enforcement, there have been several high-profile cases concerning corporate conduct across federal and state jurisdictions.

In the recent matter of Australian Securities and Investments Commission v. Westpac Banking Corporation (Omnibus) [2022] FCA 515, the ASIC instituted six proceedings in the Federal Court against Westpac Banking Corporation (Westpac), a major Australian bank, for widespread compliance failures across multiple businesses, including Westpac's banking, superannuation, wealth management and insurance brands, including charges service fees to over 11,800 deceased customers. The ASIC deputy chair stated that 'the breaches found by the Court in these six cases demonstrate a profound failure by Westpac over many years and across many areas of its business to implement appropriate systems and processes to ensure its customers were treated fairly'.23 The Federal Court fined Westpac a total of A$113 million.

In 2021, Australian Competition and Consumer Commission v. Google LLC,24 the ACCC instituted proceedings in the Federal Court against Google LLC and Google Australia Pty Ltd (together, Google), alleging misleading conduct and false or misleading representations. The case reflects the ACCC's ongoing focus on the use of consumer data, consent, and data privacy, with the ACCC alleging that Google misrepresented the 'Location History' setting as the only setting that affected whether Google collected, kept or used personally identifiable data about location. In fact, 'Web & App Activity', a setting enabled by default, also allowed Google to collect, store and use such data. The Federal Court found that a number of representations published by Google to Australian consumers were false or misleading and that Google engaged in misleading or deceptive conduct, in contravention of the Australian Consumer Law. In this matter, the ACCC did not consider that the conduct warranted referral to the CDPP to bring criminal proceedings. However, the ACCC is seeking declarations, pecuniary penalties, publication orders and compliance orders against Google.

Comparatively, criminal charges were brought in February 2021, against two Australian insurance companies, Allianz Australia Insurance Limited (Allianz) and AWP Australia Pty Ltd (AWP), for making false or misleading statements in breach of Section 1041E of the Corporations Act. It was alleged that Allianz and AWP published information online that misrepresented the characteristics or level of coverage of travel insurance on sale to consumers. The conduct was first referred to ASIC by the Royal Commission and since then ASIC has brought a range of civil proceedings and enforcement actions against the companies, forcing them to pay A$45.6 million back to 68,000 customers in 2018. On 7 September 2021, the Federal Court ordered Allianz and AWP to pay penalties totalling A$1.5 million. In reaching this amount, the Court noted that it had taking into consideration Allianz and AWP's early efforts to make admissions of liability.

Legislative and regulatory developments also suggest increasing regulation and criminalisation of corporate conduct. The 2020 ALRC report is likely to result in changes to the corporate criminal liability regime and improve the ease with which charges can be brought against serious corporate misconduct. In addition, after being endorsed in early 2020 by the Legal and Constitutional Affairs Legislation Committee, the Crimes Legislation Amendment (Combatting Corporate Crimes) Bill 2019 (Cth) is likely to be passed by the Australian Senate within the next year. The bill will introduce a new corporate offence for failure to prevent a foreign bribery offence, under Section 70.5A of the Criminal Code. The new laws will also require companies to impose a range of compliance measures specifically targeting bribery risks. In this respect, the Attorney-General's 'Draft guidance on the steps a body corporate can take to prevent an associate from bribing public officials', released in November 2019, provides information on the steps that a body corporate can take to prevent an associate from bribing foreign public officials.

In 2020, the Department of Foreign Affairs and Trade established the Australian Sanctions Office (ASO), which works to implement and monitor the Australian sanctions regime. Australia implements both United Nations Security Council sanctions and its own complex autonomous sanctions regime. The autonomous regime includes new regulations that commenced in March 2022, targeting the Russian threat to the Ukraine. These regulations impose, inter alia, measures against designated persons or entities, which the Minister is satisfied are complicit in the threat to the sovereignty and territorial integrity of Ukraine or have been engaging in an activity or performing a function that is of economic or strategic significance to Russia. It is an offence to deal with the assets of designated persons or entity, and penalties for contravening a sanction, without a permit, include substantial fines and prison terms. The Russian sanctions have resulted in an increase in the number of permit applications to the ASO and no doubt will result in increased litigation against both individuals and corporate entities dealing who continue dealing with sanctions entities or persons.25

Finally, a number of high-profile white-collar criminal cases in various Australian federal and state jurisdictions during the past few years have required Australian courts to consider the appropriate sentencing principles and penalties for corporate offenders.

In Hui (Steven) Xiao v. R,26 an appeal to the Court of Criminal Appeal on the severity of a sentence, the appellant had pleaded guilty to one count of procuring another person to acquire financial products while possessing inside information contrary to Sections 1043A(1)(d) and 1311(1) of the Corporations Act and one count of entering into an agreement to commit an offence under Sections 1043A(1)(d) and 1311(1) of the Corporations Act. The appellant had been sentenced to an overall term of imprisonment of eight years and three months with a non-parole period of five years and six months.

The appellant was the managing director of Hanlong Mining Investment Pty Ltd, a subsidiary of the Chinese corporation Sichuan Hanlong Group Co Ltd. The appellant's role was to identify possible opportunities for investment. In 2010, Bannerman Resources Ltd and Sundance Resources Ltd were identified as investment targets. In early 2011, the appellant was involved in the preparation of a potential takeover of both companies. In July 2011, Sichuan Hanlong decided to make takeover offers. Because of his involvement with Sichuan Hanlong, the appellant was aware of the decision shortly after it was made.

The appellant used his wife's trading account and the trading company that he owned and controlled to purchase financial products in both Bannerman and Sundance prior to the announcement of the takeover. There was an agreement made with a Mr Zhu and others, whereby Mr Zhu would purchase financial products in Bannerman and Sundance for the benefit of the appellant and others using funds borrowed from Hanlong Mining.

The Court of Criminal Appeal had quashed the original sentence and imposed an overall term of imprisonment of seven years with a non-parole period of four years and six months because of parity concerns, and because of the possibility that the sentencing judge erred in not taking account of evidence that the appellant would experience more onerous custody as he was a foreign national.

Notably, no error was established in respect of the sentencing judge's findings that the conduct was 'carefully planned and premeditated', that the appellant's attempt to conceal his involvement in procuring illegal trades was an aggravating feature of the offending, or by having multiple regard to the appellant's concealment of his identity by making purchases that were not in his own name, or to the fact that the loan to finance the purchases was drawn from a related party of Hanlong Mining.

In the case of ACCC v. Yazaki Corporation,27 it was found that Yazaki Corporation had engaged in collusive conduct with a competitor, Sumitomo Electric Industries Ltd, in the course of supplying Toyota Australia with goods in the form of wire harnesses for motor vehicles. The offending cartel conduct involved an agreement, observed over an extended period, relating to requests for quotations issued by Toyota. Following the ACCC's successful appeal against the fine imposed at first instance, the Full Federal Court of Australia imposed a penalty of A$45 million. This represents the highest financial penalty imposed under the Competition and Consumer Act 2010 (Cth).

As new legislation is introduced with increased maximum penalties, it is likely that the courts will approach sentencing principles such as general and specific deterrence against the new maximum penalties that will apply. This is likely to lead to an overall increase in the length of terms of imprisonment that will be imposed as punishment for serious white-collar offences.

Conclusions and outlook

Recent legislative and regulatory developments confirm Australia's shift, since the 2017 Royal Commission, towards aggressive enforcement action against corporate misconduct, and rising penalties. Increased enforcement activity, particularly by way of litigation, is set to continue in the foreseeable future. It is also anticipated that the next 12 to 18 months will be a period of increased legislative and policy reform in the area of white-collar crime. Central to this reform are the final recommendations of the ALRC in relation to corporate criminal responsibility, which have the potential to prompt radical legislative transformation of Australia's existing criminal liability regime for corporate bodies.


1 Dennis Miralis, Phillip Gibson and Jasmina Ceic are partners and Kartia Zappavigna is a defence lawyer at Nyman Gibson Miralis.

2 ASIC Information Sheet 172 (INFO 172), issued in February 20211.

3 AFP and CDPP Best Practice Guidelines: Self-reporting of Foreign Bribery and Related Offending by Corporations, 8 December 2017.

4 ibid.

5 ibid.

6 Implementing the OECD Anti-Bribery Convention Phase 4 Follow-Up Report: Australia, 2021.

7 Recommendation 5.7, Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry.

8 ASIC update on implementation of Royal Commission recommendations, 19 February 2019.

9 ASIC Enforcement Update Report: January to June 2020 (Report 666), p. 5.

10 Division 14, Criminal Code 1995 (Cth).

11 Division 15, Criminal Code 1995 (Cth).

12 Part 5.B, Division 2, Corporations Act 2001 (Cth).

13 Section 206H, Corporations Act 2001 (Cth).

19 Section 39A, Mutual Assistance in Criminal Matters Act 1987(Cth).

20 Convention of 18 March 1970 on the Taking of Evidence Abroad in Civil or Commercial Matters.

21 Section 6, Privacy Act 1988 (Cth); Australian Privacy Principle 8.1.

22 Australian Privacy Principle 8.2.

24 Australian Competition and Consumer Commission v. Google LLC (No. 2) [2021] FCA 367.

26 Hui (Steven) Xiao v. R [2018] NSWCCA 4.

27 ACCC v. Yazaki Corporation [2018] FCAFC 73.

The Law Reviews content