Skip to content


2021 saw another year of high levels of regulatory activity in Australia. The regulatory landscape has continued to experience significant shifts against the backdrop of the COVID-19 pandemic’s impact on Australia’s economic and political spheres.

ASIC, the financial services regulator, has departed from its much-publicised and controversial “why not litigate” approach in favour of an approach that prioritises promoting Australia’s economic recovery. Parliament has enacted legislation in a wide range of areas impacting on white collar crime and investigations, with more reform on the horizon, including in relation to money laundering and terrorism financing, foreign bribery, and corruption. However, legislative priorities may shift in the lead-up to, and aftermath of, Australia’s next federal election, which must be held by May 2022. The first enforcement action against a company for cybersecurity failings is almost certainly a sign of more to come.

Investigations trends/developments

A revised enforcement approach to support economic recovery

The Australian Securities and Investments Commission (ASIC) has been active, with 159 investigations and 26 civil penalty proceedings in the year to June 2021.

ASIC indicated in March 2021 that it would be moving away from its “why not litigate” approach, which it adopted in 2018 during the Royal Commission into Misconduct in the Banking, Superannuation and Financial Securities Industry (Royal Commission). Instead, ASIC announced that it would adopt a “lighter and more impactful” approach, including by holding “express investigations” that featured a high level of cooperation with businesses. This change was spurred by criticisms from the Australian Government and Reserve Bank of Australia that ASIC was not showing the commerciality required in the current economic climate, and that its aggressive stance could deter the lending necessary to assist Australia’s post-pandemic economic recovery.

Shortly after ASIC committed to this new approach, it also announced changes in its top personnel, including that Joe Longo would become its new chair. That announcement — and Mr Longo’s first media interview — emphasised ASIC’s new priority of supporting Australia’s economy and businesses. 

A focus on cybersecurity

ASIC’s Corporate Plan 2021-2025 includes a focus on cybersecurity. ASIC is bringing its first court action against a company for failing to have adequate cybersecurity systems in place, which is proceeding to trial in April 2022. The proceedings relate to a business that provides financial advice and its authorised representatives. One of the authorised representatives of the business was subject to a ‘brute force’ attack whereby a malicious user successfully gained remote access to its server. The attacker spent more than 155 hours within the server, which contained sensitive client information.

ASIC alleges that the business failed to implement (including on the part of its authorised representatives) adequate policies, systems and resources which were reasonably appropriate to manage the cybersecurity risk.

ASIC has asked for a penalty in an amount thought appropriate by the Court. The civil penalty provisions have recently been amended such that the maximum penalty is now the greater of: (1) AUD10.5 million; (2) three times the benefit derived from (or detriment avoided by) the contravention; or (3) 10% of revenue up to AUD525 million.

More enforcement activity is expected in this area.

More encouragement for whistleblowers

ASIC continues to encourage whistleblowing individuals. It urged businesses in October 2021 to ensure that their whistleblower policies were compliant with regulatory requirements and working as intended, and released a new immunity policy, offering immunity from civil and criminal liability, to the first reporting individual, for contraventions of the Corporations Act 2001 (Cth) relating to market misconduct such as insider trading and market manipulation. Ongoing and significant cooperation by the first reporting individual is required by ASIC/the Commonwealth Director of Public Prosecutions (CDPP) in order to maintain the safe harbour of the policy.

While it is in many respects similar to the Australian Competition and Consumer Commission’s (ACCC) immunity policy, one of its notable differences is that it only applies to individuals and not corporations.

While we are yet to see the policy employed, we do expect that it will contribute to an increase in investigation and prosecution activity for market misconduct offences.

Significant law reforms impacting corporate criminal liability

“Phase 1.5” of Australia’s anti-money laundering and counter-terrorism financing (AML/CTF) reforms came into effect in June 2021, with a view to making it easier for reporting entities (being entities that provide designated services under the AML/CTF Act of 2006, such as financial, gambling, bullion or digital currency exchange services) to comply with their reporting obligations. We summarised the key changes in these reforms in our article here

Further reforms are on the horizon, with Australia’s Legal and Constitutional Affairs References Committee currently conducting an inquiry into the adequacy and efficiency of Australia’s AML/CTF regime (due to report by March 2022), and additional impetus provided by the recent release of the Pandora Papers and law reforms proposed in the United States such as the ENABLERS Act. The Committee is likely to consider extending the AML/CTF reporting regime to professions such as lawyers, accountants and real estate agents.

“Failure to prevent” offence inches forwards but still not in force

Australia’s efforts to amend foreign bribery laws and introduce a federal anti-corruption watchdog have languished for several years. However, in 2021 the Government recommended that the Senate approve proposed foreign bribery law amendments. The Foreign Bribery Bill, which is likely to be passed in the coming months, proposes a new criminal offence of bribery by an associate (for which a corporation may be convicted unless it has in place “adequate procedures” designed to prevent that conduct) that is punishable by a fine that is the greater of:

  • AUD21million;
  • three times the value of the benefit provided; or
  • 10% of the corporation’s annual turnover.

This offence is very similar to the ‘failure to prevent bribery’ offence in the UK Bribery Act 2010. We summarised other key elements of this Bill in our article here. The Bill also allows for deferred prosecution agreements. 

While the Australian Government announced in 2018 that it would establish a Commonwealth Integrity Commission to investigate corruption by Commonwealth employees, a consultation draft of legislation that would provide for this was only released in November 2020, and has not yet been introduced into the Australian Parliament. However, public debate about the proposed Commonwealth Integrity Commission — and its associated delays — has intensified in recent months, with high-profile investigations being conducted by the New South Wales and Victorian anti-corruption bodies.

First modern slavery reports

The first modern slavery statements mandated by the Modern Slavery Act 2018 (Cth) were due in March 2021. The Act requires entities with annual consolidated revenue of more than AUS$100 million to report on the risks of modern slavery in their operations and supply chains. All modern slavery statements are published on a public register administered by the Australian Border Force. The Act does not impose any penalties for non‑compliance, but the framework is set up to maximise transparency and ensure entities are publicly accountable to address modern slavery risks. The Act is due for its first review, commencing in January 2022. This review is likely to include consideration of whether the reporting threshold should be reduced to AUS$50 million. The equivalent New South Wales legislation, the Modern Slavery Act 2018 (NSW), had included more stringent reporting requirements and stronger enforcement mechanisms. However, the Modern Slavery Amendment Bill 2021 (NSW) makes a number of important changes to it, including removing the imposition of penalties for failing to prepare a modern slavery statement. It is expected to come into force in January 2022.

Australia’s first debarment regime

Australia does not currently have a nationally coordinated debarment regime. However, the state of Western Australia (WA) has introduced a debarment regime that came into effect on 1 January 2022. The regime is retroactive so it may affect contracts in place before that date.

Under the WA regime, the decision to debar a supplier is discretionary and made in the public interest. Debarred suppliers will be precluded from being awarded contracts (or extensions of existing contracts) for the supply of goods, services or works to a WA state agency. For breaches of certain serious criminal offences (e.g. fraud, bribery, money laundering), debarment can be ordered for a maximum of five years. For breaches of legislation considered less serious (e.g. in tax law), the maximum debarment is two years.

Importantly, debarment under the Western Australian regime can extend to conduct committed in foreign jurisdictions. The regime includes a provision that allows the decision-maker to exclude suppliers based on conduct in other jurisdictions provided the conduct is “of a kind” described in the regulations.

This is in combination with an “affiliate” debarment power that allows the state of Western Australia to preclude Australian subsidiaries of international corporations that have been found to have been engaged in debarment conduct in another jurisdiction from consideration for public contracts in Western Australia.

Internal investigations – key developments

ASIC has shown a greater willingness to challenge companies’ lack of cooperation and claims of legal professional privilege over documents that they have been compelled to produce.

This has resulted in courts upholding production notices issued by ASIC over large numbers of documents not only in a company’s physical possession, but also in its custody or under its de facto control in other locations. In Maxi EFX Global AU Pty Ltd v ASIC [2021] (FCAFC 59) the Court found that Maxi was required to produce documents to ASIC that were held by third party service providers in Belize, Cyprus and Israel. 

In line with its “lighter and more impactful” approach, ASIC has urged companies to recognise and acknowledge wrongdoing early so that its investigations can be brought to a close effectively and efficiently. In practice, this may mean that companies should consider engaging with regulators at an earlier juncture.

ASIC has also had notable successes in challenging privilege claims, including in ASIC v RI Advice Group Pty Ltd [2020] FCA 1277 in respect of a document which had been already disclosed to a third party. The Court found that the document was not privileged because there was no direct evidence that its dominant purpose was to provide legal advice. This allowed for the inference that there were multiple purposes to the document. In any event, if the document had been privileged, the privilege had been waived as it had already been provided to a third party without any stipulations on privilege being retained.

The decision highlights the importance of retaining contemporaneous evidence of the purpose for the creation of a document, and taking great care not to waive privilege if providing it to a third party, including an investigating authority.

Sectors targeted by law reforms or enforcement action

The financial sector continues to be a focus for enforcement action, with insurance, superannuation, stock market, auditor, and credit misconduct representing key enforcement priorities for ASIC. This year ASIC commenced proceedings against a “big four” Australian bank for insider trading, unconscionable conduct, and breaches of its Australian financial services licensee obligations, which is only the third insider trading case brought against a company in Australia.

The gaming sector continues to receive significant regulatory scrutiny. This includes investigations being launched by the Australian Transaction Reports and Analysis Centre into the compliance of three of Australia’s largest gaming operators with the AML/CTF regime following numerous state-based inquiries and Royal Commissions. 

The ACCC is likely to continue to prioritise cases concerning cartel conduct and anti-competitive conduct, without targeting any particular sectors, and refer serious cases to the CDPP. This is notwithstanding the fact that its record of referring cases to the CDPP has been mixed:

  • The CDPP’s prosecution of a global shipping company (which pleaded guilty) for criminal cartel conduct led to a conviction in February 2021, and a fine of AUD24 million.
  • The CDPP was unsuccessful in prosecuting a healthcare company in Australia’s first criminal cartel case (for bid rigging and price fixing) to proceed to trial by jury, with the company, its chief executive officer and former employees being acquitted by the jury in June 2021.
  • The CDPP withdrew criminal cartel charges against the Construction, Forestry, Maritime, Mining and Energy Union due to challenges posed by the extended passage of time since the alleged conduct occurred. This case was one of the first times that competition laws were applied to industrial relations negotiations, and it is expected this will have precedential value.
  • The CDPP’s first criminal cartel case in respect of the financial services industry continues to face challenges, with the CDPP being ordered in November 2021 to revise its indictment for the third time, and withdrawing charges against several defendants. The case is set down for a trial by jury in 2022.

We expect to see further ACCC enforcement action.

Cross-border coordinated enforcement activity

We regularly assist companies based outside Australia in responding to production requests from Australian regulators investigating corporate contraventions and AML/CTF breaches, including in the cryptocurrency sector. A new law (the Telecommunications Legislation Amendment (International Production Orders) Act 2021) aimed at allowing investigating agencies to access data directly from foreign communications service providers will add to cross-border information flows. The law is an early part of a network of bilateral agreements, starting with the US CLOUD Act, and the UK Crime (Overseas Production Orders) Act 2019, aimed at easing access by investigating authorities to communications data overseas.

We have also seen ASIC coordinating investigations with foreign agencies, including the Federal Bureau of Investigation in relation to an investigation into a cryptocurrency, which resulted in serious charges being brought against its Australian promoter in November 2020 after its collapse.

The ACCC is also focused on cross-border investigations, with the Multilateral Assistance and Cooperation Framework for Competition Authorities coming into effect in September 2020. This agreement is between the ACCC and the equivalent bodies in the United States, United Kingdom, Canada, and New Zealand, and aims to increase cooperation between these agencies in the exercise of their surveillance and enforcement activities.

Financial crime issue predictions for 2022

Australia’s active regulatory landscape means that companies operating in all sectors, and particularly those sectors identified as priorities above, should prioritise compliance and work quickly to address any areas of potential non-compliance that they identify. Companies should ensure that their policies and procedures, including their AML/CTF programme, whistleblower policies, and modern slavery statements, remain up to date and foster a culture of compliance across the organisation. 

This article is part of the Allen & Overy Cross-border White collar Crime and Investigations Review. Please visit the review homepage for our overviews and insights in other jurisdictions. 


Download the Cross-Border White Collar Crime and Investigations Review

People working in office

The 'Cross-Border White Collar Crime and Investigations Review' analyses the latest developments and trends, and highlights the most significant among the current and emerging issues that white collar crime and investigations in-house counsel should prioritise in the year ahead.

With thanks to former A&O senior associate, Jessica Ji, for her assistance in preparing this article.