Disclosing regulatory investigations: failed CBA shareholder class actions point the way

Articles Written by Professor Pamela Hanrahan (Consultant), John Keeves (Partner), Dominic Surace (Associate)
Arrows on a blue background

In two recent class actions by shareholders against Commonwealth Bank of Australia Limited, the Federal Court was asked whether, and if so when, CBA should have disclosed that its non-compliance with anti-money laundering (AML) laws was being investigated by regulators. While the shareholders’ claims failed, the case provides some useful guidance on when listed entities might need to disclosure regulatory investigations to the market.

In Zonia Holdings Pty Ltd v Commonwealth Bank of Australia Limited (No 5) [2024] FCA 477, Justice David Yates dismissed both sets of shareholders’ claims that CBA had contravened the continuous disclosure laws between 2014 and 2017 by failing to disclose information relevant to CBA’s AML compliance. This included information about the possibility of enforcement proceedings by the Australian Transaction Report and Analysis Centre (AUSTRAC).

When AUSTRAC decision to commence an enforcement action against CBA became public in August 2017, the CBA share price fell by 5.4 percent. The AUSTRAC action settled in 2018 with CBA agreeing to a then-record $700 million civil penalty. By way of comparison, CBA’s net profit after tax for 2018 was $9.2 billion.

The CBA shareholders argued that four categories of information – concerning CBA’s late submission of 53,506 threshold transaction reports (TTRs), failure to monitor 778,370 accounts, failure to carry out a risk assessment on its intelligent deposit machines, and potential penalties for AML breaches – should have been disclosed to the market. But Justice Yates held that CBA was not obliged to disclose the information in the form it was pleaded.

The decision gives some useful guidance on when a listed entity is treated as being ‘aware’ of information about potential compliance breaches and their consequences, and how precise the information it discloses to the market needs to be.

When an entity is “aware” of information

The continuous disclosure obligation in ASX Listing Rule 3.1 is triggered once a listed entity “is or becomes aware” of information requiring disclosure. ASX Listing Rule 19.12 provides that an ASX-listed entity is “aware” of information if an officer of that entity “has, or ought reasonably to have, come into possession of the information in the course of the performance of their duties as an officer of that entity.”

In clarifying whether an officer is “aware” of relevant information, Justice Yates confirmed that the correct inquiry is whether an officer actually knew of the information at the relevant time or had “constructive” awareness of it – that is, that the officer ought reasonably to have known it.

This is tricky because “information” includes facts, circumstances and opinions. Where officers have known facts in their possession, and should have formed an opinion by reason of those facts but did not, the entity is constructively aware of the opinion. However, his Honour clarified that the concept does not extend to an awareness of unknown facts that are merely capable of discovery through a process of further investigation to ascertain their existence. Nor does it extend to facts that are capable of discovery only with the benefit of hindsight.

When information is precise enough for disclosure

The information that the shareholders unsuccessfully argued should have been disclosed by CBA was found by Justice Yates to be “incomplete, vague, and imprecise”. Therefore the disclosures for which the shareholders argued would not have met the disclosure standards in ASX Guidance Note 8, and in the absence of critical contextual information would probably have been misleading.

His Honour emphasised the principles in Guidance Note 8 that any announcement must be “accurate, complete and not misleading” and “must be couched in language that is appropriate for release to the market”. It must not be expressed in “vague or imprecise terms” which “do not allow investors to assess the value of the information for the purposes of making an investment decision”.  

What does this mean for ASX-listed entities?

So, what can ASX-listed entities take from the CBA case? Does it provide useful guidance on what to disclose, and when, about compliance failures and regulatory investigations?

In relation to timing, this case confirms that a listed entity will not be taken to be aware of a fact that, only in hindsight, would have been discoverable had its officers conducted particular investigations at the relevant time. Instead, it is only the facts that are known, or ought to have been known, by an officer at the relevant time that must, if “material”, be immediately disclosed to ASX by a listed entity.

Further, in relation to content, this case reinforces the importance of carefully considering ASX Listing Rules and, importantly, ASX Guidance Note 8, before making disclosures to ASX. More specifically, listed entities must ensure their disclosures are not incomplete or lacking in context, as these will be considered to be misleading to the market. In relation to proposed disclosures regarding internal regulatory compliance issues, listed entities must ensure that the proposed disclosure does not paint a “misleading picture” of the particular issue.

In the CBA case, Justice Yates found that the information about late TTRs for which the plaintiffs argued was misleading and not appropriate for disclosure as, among other things, it exaggerated the error causing CBA’s failure to disclose. Describing the late TTRs as arising from a “systems error” (when it was a “single coding error”), and failing to specify that the late TTRs only accounted for between 1.08 per cent and 2.3 per cent of the total TTRs submitted to AUSTRAC by CBA during the relevant period, would have stripped the disclosure of meaningful context. However, if it were the case that the coding error actually prevented CBA from submitting most or all of the TTRs, as opposed to only the relatively small proportion of late TTRs, to AUSTRAC for the relevant period, then it is arguable that this error would have been more appropriately described as a “systems error” that warranted disclosure to ASX.

In relation to proposed disclosures regarding investigations by and dealings with regulators, listed entities must ensure their disclosures comprise “concrete” information and convey a real likelihood, as opposed to the mere possibility, of financial consequences for investors.

In the CBA case, Justice Yates drew a distinction between the announcement of the AUSTRAC enforcement proceedings, which was appropriate for disclosure to ASX as a result of being the “clearest possible statement” that enforcement action had been commenced, and pecuniary penalties were being sought, by AUSTRAC, and information about potential penalties in the abstract, which was not appropriate for disclosure to ASX as a result of its “high level, contingent and inconclusive language” regarding the possibility of CBA facing enforcement action and the possibility of AUSTRAC seeking a pecuniary penalty.

Important Disclaimer: The material contained in this article is comment of a general nature only and is not and nor is it intended to be advice on any specific professional matter. In that the effectiveness or accuracy of any professional advice depends upon the particular circumstances of each case, neither the firm nor any individual author accepts any responsibility whatsoever for any acts or omissions resulting from reliance upon the content of any articles. Before acting on the basis of any material contained in this publication, we recommend that you consult your professional adviser. Liability limited by a scheme approved under Professional Standards Legislation (Australia-wide except in Tasmania).

Related insights Read more insight

Takeovers Panel orders The Market Limited to appoint two independent directors

Usually who serves on the board of a listed company is a matter for the company itself and others, including the courts, only rarely intervene. That’s why the Takeovers Panel’s order requiring...

When is a final decision not final? Key learnings from the ASIC v iSignthis saga

The recent decision of the Federal Court in relation to proceedings brought by ASIC against iSignthis Limited and its former Managing Director and CEO, Mr Nickolas Karantzis highlights that a...

Digital Bytes – cyber, privacy & data update

Welcome to Digital Bytes, our latest quarterly update on current developments in cyber, privacy and data governance.