Managing an AFSL: Compliance, liability and risk.

Compliance obligations are broader than strict legal requirements and incorporate standards of integrity and ethical behaviour.
— Laker, Broadbent & Samuel "Final Report of the Prudential Inquiry into the Commonwealth Bank of Australia, APRA 1 May 2081, p7

At a recent Responsible Manager Workshop, participants engaged in a lively debate about compliance and the respective responsibilities and liabilities of Responsible Managers, Directors and Management.

While they were advised to get their own legal advice, the demarcation seems clear.

Responsible Managers

Basically, unless the Responsible Manager is a director, there is no specific liability (civil or criminal) imposed by the Corporations Act 2001. While civil and criminal liabilities under the Corporations Act 2001 are imposed on the licensee, they are not generally imposed on employees acting within the scope of their authority.

However, while Responsible Managers may have no personal liability in most circumstances, this may not be the case where they are found to have aided or abetted in the commission of an offence or contravention.


For ASIC it would be better if we could ban those in management as well, where there have been specific failures.
— Peter Kell, ASIC, 1 April 2014

In certain circumstances, ASIC may apply for orders to disqualify managers of financial services businesses from managing corporations or from carrying on a financial services business.

If the Manager is a director or other officer of a financial services licensee (eg Secretary), and depending on their role and responsibilities, ASIC may be able to take action under s180 if they have breached their duties and failed to take steps to ensure that the licensee, or its representatives, comply with financial services laws.

A practical difficulty is that an objective assessment of the Manager’s responsibilities and the specific circumstances need to be made in order to determine whether they exercised the degree of care and diligence required by the law. An even more problematic element is that a breach of section 180 is not a grounds for banning that person from providing financial services.

ASIC would prefer an administrative power to address this issue. However, despite Treasury’s submission and APRA’s Banking Executive Accountability Regime, this power does not exist.


a reasonable person who delegated some compliance steps to another person would, in most circumstances, also be expected to monitor and supervise the person to whom the compliance steps were delegated, and the actions taken by them. An officer who simply delegated compliance to another person and then ceased to have any involvement in supervising or monitoring compliance is likely to breach the duty in s 601FD(1)(f) of the Corporations Act. Each case would, however, have to be considered on its own facts.
— Trilogy Funds Management Limited v Sullivan (No 2) [2015] FCA 1452 (18 December 2015)

Directors are, or at least can be, legally exposed where compliance systems are demonstrably inadequate or where the Director has failed to take reasonable steps to address a foreseeable harm. So, neither ignorance nor reliance are effective defences for negligent or reckless directors.

In fact, the law allows for the banning of directors in these circumstances and the failure to take steps would remove their capacity to rely on defences to personal liability for corporate failures.


Compliance is not, and perhaps never has been, concerned with, or limited to, adherence with formal processes. It’s not a ‘tick box’ procedure but a strategic management discipline. There is a substantive element to ‘compliance’ that the Courts and Regulators articulate as “culture”, “ethics” or “social responsibility”.

A question for you to ponder is how Responsible Managers, Managers and Directors should respond to this extension of responsibilities and what consequences should result from their failure to do so.

We’d be interested in your thoughts.