This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight

What are the relevant statutes and which government authorities are responsible for investigating and enforcing them?

Legislative framework

In Australia, securities are primarily regulated by the Corporations Act 2001 (Cth) (the Corporations Act). Of note, Chapter 6D regulates fundraising through the issue or sale of securities, and Chapter 7 regulates the title and transfer of securities, financial markets and the provision of financial services (among other things). For example, there are prohibitions on market manipulation,[2] false trading and market rigging,[3] making of false or misleading statements,[4] dishonest conduct,[5] misleading or deceptive conduct[6] and insider trading.[7] Restrictions are also placed on short selling[8] and a disclosure regime is prescribed.[9]

The Australian Securities and Investment Commission (ASIC) is an independent statutory corporation set up under the Australian Securities and Investments Commission Act 2001 (Cth) (the ASIC Act). ASIC is responsible for the administration of the Corporations Act.[10] ASIC’s powers stem from both the ASIC Act and the Corporations Act, and include powers to make legislative instruments.[11] For example, the ASIC Market Integrity Rules (Securities Markets) 2017 (Cth) deal with the activities and conduct of trading on licensed financial markets, such as the Australian Stock Exchange (ASX). ASIC has also issued a suite of regulatory guidance explaining how it will exercise its powers and interpret the law.[12]

The ASX Listing Rules govern entities seeking to gain admission to, raise capital and quote securities on the ASX, as well as the issue of new securities and reorganisation of the existing capital structure of entities already listed on the ASX.[13]

Regulatory framework

ASIC is the key regulator responsible for investigating and enforcing possible breaches of the Corporations Act and corporate offences under the relevant legislation.[14] It regulates corporations, managed investment schemes, financial services industry participants, people engaged in consumer credit activities and authorised financial markets operating in Australia.

ASIC has broad information-gathering powers and can seek remedies through civil, criminal or administrative action where it considers that a person may have committed an offence under the Corporations Act.[15] While ASIC has an independent power to prosecute,[16] substantive criminal prosecutions are generally undertaken by the office of the Commonwealth Director of Public Prosecutions (CDPP).[17]

Other relevant regulators and government agencies include:

  • the ASX: the operator of Australia’s primary exchange of equities, derivatives and fixed interest securities, which is responsible for monitoring and enforcing compliance with the ASX Listing Rules and the ASX Operating Rules;
  • the Australian Takeovers Panel: a specialist peer review body, which is the primary forum for resolving disputes about a takeover bid until the bid period has ended;[18]
  • the Australian Competition and Consumer Commission (ACCC): a regulatory commission responsible for enforcing federal competition, fair trading and consumer protection laws;
  • the Australian Federal Police (AFP): the law enforcement agency usually responsible for commencing foreign bribery investigations and investigations into cybercrime offences; the AFP may refer potential enforcement matters to the CDPP;
  • the Australian Taxation Office: a statutory agency responsible for administering the Australian federal taxation system, superannuation legislation and other associated matters;
  • the Office of the Australian Information Commissioner: the independent national regulator for privacy and freedom of information, set up under the Australian Information Commissioner Act 2010 (Cth);
  • the Australian Cyber Security Centre (ACSC): an agency that coordinates Australia’s national cybersecurity response.[19] It refers enforcement matters to the AFP and the Australian Criminal Intelligence Commission;[20]
  • the Australian Transaction Reports and Analysis Centre (AUSTRAC): an agency that regulates and enforces Australia’s anti-money laundering and counter-terrorism financing legislation;[21] and
  • the Australian Prudential Regulation Authority (APRA): the independent statutory authority that supervises banking, insurance and superannuation institutions.


Investigative powers

There are three grounds on which ASIC may commence a formal investigation:

  • ASIC may investigate ‘where it has reason to suspect’ a contravention of the Corporations Act or the ASIC Act;[22]
  • the Federal Minister may direct ASIC to commence a formal investigation where the Minister considers it is in the public interest;[23] or
  • ASIC may investigate any matter related to a report lodged by a receiver or liquidator to determine whether or not to prosecute a person for an offence against the Corporations Act or the ASIC Act.[24]

During an investigation, ASIC may conduct compulsory private examinations and require assistance from a person where ASIC ‘on reasonable grounds, suspects or believes’ that person can give information relevant to the investigation.[25] ASIC may inspect ‘books’[26] required to be kept under the Corporations Act and compel the production of books relating to the affairs of a body corporate, registered scheme, financial product or financial service.[27] Where books are produced to ASIC, it may also require a person who produced or compiled those books to explain any matter to which the books relate.[28]

ASIC can also apply to a magistrate for search warrants where it reasonably suspects a contravention that would be an indictable offence under the Corporations Act or ASIC Act.[29] Search warrants issued at ASIC’s request are executed by the AFP, with ASIC officers assisting.

ASIC’s exercise of its investigative powers is not limited by the privilege against self-incrimination, but is subject to legal professional privilege.

Approach to enforcement

ASIC has published an information sheet explaining how it selects matters for investigation, the enforcement tools available to it, and how it interacts with people during investigations and enforcement actions.[30]

ASIC fulfils its enforcement responsibilities through surveillance activities, civil proceedings, administrative remedies and criminal prosecutions.

Surveillance activities

ASIC’s surveillance activities involve gathering and analysing information on a particular entity or entities to test and ensure compliance with the law. Surveillance can be undertaken on companies, partnerships, licensed or unlicensed entities and individuals, and on disclosure documents.[31] ASIC does not need to suspect a breach of the law to exercise these powers.[32]

What conduct is most commonly the subject of securities enforcement?

Continuous disclosure

Chapter 6CA of the Corporations Act obliges disclosing entities to disclose price-sensitive information on a continuous basis. ASIC has described the continuous disclosure regime as a cornerstone of maintaining the integrity and confidence of markets.[33] Allegations of continuous disclosure breaches are frequently the subject of shareholder class action proceedings,[34] ASIC proceedings[35] and ASIC-issued infringement notices.[36]

The maximum criminal penalty for a breach of the continuous disclosure regime is five years’ imprisonment.[37] The offence is also subject to the civil penalty regime outlined below. A failure to disclose in accordance with listing rules or to other disclosing entities is also subject to ASIC’s infringement notice regime.[38]

In its 2019–2020 Annual Report, ASIC listed the failure to disclose material negative information to the market (as well as opportunistic and misleading announcements) as a key enforcement priority.[39] Between 1 January and 30 June 2021, ASIC concluded 20 corporate governance enforcement matters.

However, there appears to have been a recent shift in regulatory focus. Continuous disclosure as a common trigger for shareholder class actions was a key topic of interest in the recent Parliamentary Joint Committee on Corporations and Financial Services inquiry into litigation funding and the regulation of the class action industry.[40] The Joint Committee considered that shareholder class actions were generally not in the public interest[41] and modifying the fault element would stem the flow of ‘opportunistic class actions’.[42]

In May 2020, the federal government, in response to the covid-19 pandemic and the risk posed by unmeritorious class actions, made temporary modifications to the operation of the continuous disclosure laws, which were ultimately made permanent in August 2021.[43] These modifications limit liability to circumstances where corporations and directors act with ‘knowledge, recklessness or negligence’ as to whether a disclosure would have a material effect on the price or value of an entity’s securities.[44] The change aligns Australia’s continuous disclosure regime with those of the United States and the United Kingdom.[45]

Notably, in its updated Corporate Plan 2021–2025, released in August 2021, ASIC did not identify continuous disclosure enforcement as a current regulatory focus. Its current strategic priorities relate to addressing inadequate disclosure in product disclosure statements,[46] influencing corporations to make nuanced and reliable climate risk disclosures and developing technologies to identify and assess poor market disclosures of listed companies.[47]

Market manipulation and insider trading

Market surveillance to identify insider trading and market manipulation is another strategic priority for ASIC.[48] This supervision extends beyond securities markets to include derivative and wholesale markets.

The maximum criminal penalty for dealing in relevant financial products and communicating price-sensitive information is 15 years’ imprisonment.[49] These offences are also subject to the civil penalty regime described below.

ASIC has specifically identified insider trading and market manipulation in short-term money markets, domestic and cross-currency swap and future markets as a key focus for action.[50] This strategic objective is reflected in the commencement of proceedings in the Federal Court of Australia by ASIC against a major Australian bank in May 2021 for alleged insider trading, unconscionable conduct and breaches of obligations as an Australian financial services licence holder. The proceedings concern the bank’s role in Australia’s largest interest rate swap transaction executed in one tranche. ASIC alleges that the bank knew, or believed, it would be selected to execute the interest rate swap when it traded in the interest rate derivatives market to affect the price of the swap transaction to the detriment of its clients. ASIC has stated that this action serves as an important reminder that insider trading prohibitions apply equally across financial markets.[51]

The regulatory focus on serious misconduct harming market confidence has also seen ASIC take steps to expand its capabilities to detect misconduct through the development of enhanced analytics tools for market scanning, to identify patterns indicating potential misconduct.[52]

ASIC’s immunity policy, which was announced in February 2021, also demonstrates its commitment to dealing with serious market misconduct.[53]

Foreign bribery

Historical enforcement of foreign bribery offences in Australia

In its periodic assessments of Australia’s implementation of the Organisation for Economic Co-operation and Development (OECD) Convention on Combating Bribery of Foreign Public Officials in International Business Transactions (the Convention), the OECD Working Group on Bribery in International Transactions (the Working Group) has typically found that Australia is lacking in its enforcement of foreign bribery offences.

In 2012, the Working Group was ‘seriously concerned’ that enforcement of foreign bribery offences was ‘extremely low’, with only one case out of 28 referrals over 13 years leading to prosecution.[54]

In its most recent follow-up report in 2019, the Working Group remained deeply concerned about the lack of ‘meaningful progress’ in Australia’s foreign bribery enforcement, with only two companies and six individuals being convicted of foreign bribery, across two matters, in 20 years.[55]

The future of foreign bribery enforcement in Australia

Various amendments have been made to the foreign bribery offences in the Criminal Code Act 1995 (Cth) (the Code) in response to recommendations of the Working Group. For example, in 2016, the false accounting offences were inserted.[56] However, there have been no successful prosecutions under the false accounting offences and various deficiencies in the foreign bribery offences remain, and this may explain Australia’s relatively low enforcement record.[57]

In December 2017, the Australian government introduced the Crimes Legislation Amendment (Combatting Corporate Crime) Bill 2017 (Cth) (the CLACCC Bill) to amend the foreign bribery offences legislation to remove unnecessary impediments to prosecution, and introduce a new corporate offence for failing to prevent foreign bribery and a deferred prosecution agreement scheme for foreign bribery offences, similar to the scheme successfully implemented in the United Kingdom. At the time of writing, the CLACCC Bill has not been passed.

Australia’s approach to future enforcement of foreign bribery offences largely depends on the passing of the CLACCC Bill, which is expected to result in an increase of successful foreign bribery prosecutions in the coming years.

Anti-money laundering

From December 2017 to February 2019, the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (the Royal Commission) conducted a review into the financial sector in Australia. The aftermath of the Royal Commission has seen increased investigatory and enforcement action by Australia’s financial intelligence agency, AUSTRAC, against three of Australia’s largest banks for non-compliance with anti-money laundering laws.[58]

In 2018, a major Australian bank was fined A$700 million for anti-money laundering and counter-terrorism financing (AML/CTF) programme failures and for failing to (1) report threshold transactions and make suspicious matter reports in time and (2) conduct ongoing customer due diligence.[59] In 2020, a second major bank was fined A$1.3 billion, the largest civil penalty in Australian history, which was intended to deter financial institutions from AML/CTF non-compliance.[60] The bank had admitted breaches relating to International Funds Transfer Instructions, correspondent banking due diligence, its AML/CTF programme and ongoing customer due diligence.[61] AUSTRAC is also currently conducting an investigation into ‘serious concerns’ about another major bank’s Designated Business Group compliance with the AML/CTF regime.[62]

In the gambling sector, in 2017, the Federal Court of Australia imposed a A$45 million penalty on a listed wagering company.[63] The Court held the company had, among other things, failed to maintain a sufficiently compliant AML/CTF programme[64] and failed to provide suspicious matter reports to AUSTRAC in relation to suspected match-fixing, credit betting and credit card fraud.[65]

AUSTRAC is currently investigating potential, serious non-compliance with the AML/CTF regime at casinos in major Australian cities.[66]

As a consequence of the large penalties awarded in these matters, AML enforcement risks are a significant focus for regulated entities in Australia and this trend is unlikely to abate.

AUSTRAC’s regulation of digital currencies

Since 3 April 2018, digital currency exchange (DCE) services have been regulated by AUSTRAC and subject to Australia’s AML/CTF regime.[67] DCE service providers are subject to registration requirements, which provides AUSTRAC with the power to suspend, cancel or refuse to issue or renew a registration.[68] However, the AML/CTF regime only applies to DCE services that involve an exchange between digital currencies and money (or gaming chips and tokens or betting instruments); it does not focus on the digital currencies themselves.

The Australian regulatory landscape is continuing to evolve, with AUSTRAC and ASIC publishing various guidance materials for entities involved in digital currency.[69]

Information sharing will likely lead to more enforcement action

A focus on information sharing between government agencies relevant to financial crime is likely to continue – including beyond Australia’s boundaries. This is reflected in AUSTRAC’s Corporate Plan where Nicole Rose PSM, AUSTRAC’s chief executive officer, stated:[70]

We are transforming our regulatory capability with a focus on enhancing our collaborative relationships with both government and industry stakeholders. Fintel Alliance[71] will continue to bridge this gap as we strive to increase the operational tempo. . . . By expanding our international footprint we are connecting with more partner agencies to better respond to money laundering, terrorism financing and other serious crime, through greater sharing of information and capabilities.

Emerging areas for enforcement activity

Financial Accountability Regime

The Financial Accountability Regime (FAR) is expected to be introduced to federal Parliament before the end of 2021. It will supersede the standards of conduct established by the Banking Executive Accountability Regime (BEAR), by strengthening and enhancing executive accountability laws and extending their reach to all APRA-regulated entities (including insurers and registerable superannuation entities).[72]

Since its enactment in 2018, there has been very limited formal enforcement action by APRA under BEAR. This reflects the relative infancy of the regime, as well as APRA’s predominantly supervisory approach to driving better prudential outcomes.[73] In contrast, the UK Financial Conduct Authority regularly imposes substantial fines, including on those found to have failed to act with due care, skill and diligence in their role under the Senior Managers and Certification Regime (SMCR). Given that BEAR is modelled on the SMCR, it provides an insight into potential future enforcement trends in Australia.

As recommended by the Royal Commission, ASIC will join APRA in administering FAR. This co-regulation model seeks to ensure that FAR is ‘enforced from both a prudential perspective and a conduct and consumer-outcomes based perspective’.[74] While details of the proposed division of labour between the two regulators are limited, the clear expectation is that ASIC and APRA will collaborate and coordinate in enforcement efforts.[75]


Cybersecurity enforcement is relatively immature in Australia, with the ACSC’s key areas of concern including protecting national critical infrastructure and essential services systems from cyberattacks and vulnerabilities in the 5G network and internet-of-things devices.[76] This may provide an indication as to future enforcement focus by the ACSC’s law enforcement partners.

ASIC’s focus on cyber-resilience

ASIC has a current focus on improving the cyber-resilience of Australia’s financial market operators, particularly given the cybersecurity challenges posed by covid-19. Its reported focus is on disrupting and deterring scams such as cyber misconduct and crypto-related scams.[77] ASIC has also developed a number of resources to assist organisations in improving their cyber-resilience, including good practice guidance and key questions for boards of directors.[78] A new ASIC working group will undertake these tasks and swift enforcement action will be taken, where appropriate, against wrongdoing.[79]

It is anticipated that ASIC’s interest in this area may trigger a rise in cybersecurity enforcement action in Australia, including against potential targets of cyberattacks. In August 2020, ASIC commenced Federal Court proceedings against a financial services business for failing to have adequate cybersecurity systems as required under the Corporations Act.[80]

Given the proliferation of data breaches, disclosure of significant data breaches under the continuous disclosure regime and regulator action for failing to do so is also expected to become more prominent.

What legal issues commonly arise in enforcement investigations?

A number of issues commonly arise in Australian enforcement investigations, including those that concern the breadth of information-gathering powers and when claims for legal professional privilege are invoked.

Information-gathering powers

Australian regulators have broad powers to compel the production of information and documents. ASIC has recently been the subject of widespread criticism due to its aggressive stance and significant legal and corporate costs to comply with burdensome regulatory investigations. Few limits exist to keep these powers in check, but recently there has been a willingness by some corporations to be the subject of an investigation to test the scope of ASIC’s powers.

In general, ASIC’s powers are limited only by the requirement to use them for a ‘proper purpose’ – meaning a purpose consistent with the exercise of the powers conferred – and that the item or document sought is within the ‘possession, custody or control’ of the recipient.[81]

In 2020, the Federal Court clarified that, unlike a subpoena or discovery in litigation, notices issued by ASIC cannot be objected to on the grounds that they lack sufficient clarity or are unreasonably broad (tantamount to a fishing expedition).[82]

The Court also clarified that documents to which the recipient had access, albeit outside its direct ‘possession, custody or control’ (such as documents held by its international subsidiaries or documents held by third parties on its behalf), must be produced to the regulator.[83]

Multi-regulator investigations

Over the past 18 to 24 months there has been a marked increase in cooperation between federal regulators, synchronising their investigations and, subject to statutory limitations,[84] coordinating the use of their information-gathering powers.

To facilitate this many of Australia’s largest corporate regulators have entered into information-sharing and cooperation agreements. For instance, subject to secrecy and confidentiality obligations, the memorandum of understanding between ASIC and the ACCC permits the establishment of a joint task force to conduct an investigation or litigation.[85] One peculiar consequence of this approach is that where an individual or entity has received immunity from prosecution from one regulator, the information provided for the immunity application could be shared with other regulators, prompting an entirely new investigation. Organisations need to be acutely aware of such agreements.

Legal professional privilege

In recent times, Australian regulators have increasingly sought to challenge the breadth and scope of claims for legal professional privilege, which have been relied upon to prevent production of documents.

In Australia, the law of legal professional privilege is governed by numerous overlapping federal and state statutes and the common law.[86] However, similar to other common law jurisdictions, a valid claim for legal professional privilege will often be established where there is a communication made for the dominant purpose of either seeking or providing legal advice (advice privilege) or preparing for actual or anticipated litigation (litigation privilege), provided that the communication is made in confidence and kept confidential. This ‘dominant purpose test’ is similar to that applied in other jurisdictions, including the United Kingdom, Singapore and Hong Kong. The High Court has stated that the term ‘dominant purpose’ in this context and in its ordinary meaning ‘indicates that purpose which was the ruling, prevailing, or most influential purpose’.[87]

However, there are circumstances where communications will not be protected by legal professional privilege, including communications made for illegal or improper purposes that facilitate the commission of a crime or fraud.[88]

In the context of regulatory enforcement, communications between a client and external (and frequently internal) lawyers will ordinarily be protected by legal professional privilege, despite the statutory powers afforded to regulatory bodies to demand the production of documents.[89] In Daniels Corporation International Pty Ltd v. ACCC,[90] the High Court held that the ACCC was not permitted to require the production of documents subject to legal professional privilege, noting that ‘legal professional privilege is a right that will not be taken to have been abolished by legislative provisions except by express language or clear and unmistakable implication’.[91]

While recent decisions of Australian courts have continued to emphasise the importance of the doctrine and prevent inroads in a regulatory investigation, lawyers and their clients must ensure that communications in enforcement investigations are kept confidential, to protect privilege and to limit challenges to such claims.[92]

Further, when parties are required to respond to a compulsory notice issued by ASIC, a claim for legal professional privilege must be identified in a privilege schedule, which includes details about each document, such as the names and positions of all authors and recipients.[93] The requirement to provide this information provides an opportunity for ASIC (and other regulators) to scrutinise and challenge claims for legal professional privilege.


Having regard to the success of various offshore equivalents, the ACCC and ASIC have both established their own immunity policies, which provide for immunity from civil liability and criminal proceedings in relation to serious misconduct in commercial or financial activities.

Under the ACCC’s Cartel Immunity and Cooperation Policy,[94] corporations and individuals may seek civil and criminal immunity for cartel conduct in contravention of the Competition and Consumer Act 2010 (Cth). However, the immunity policy is only available to the first eligible party to disclose the cartel conduct. By contrast, ASIC’s immunity policy[95] provides immunity only to individuals for alleged contraventions of the market misconduct provisions of the Corporations Act.[96] Both polices seek to encourage disclosure about serious commercial misconduct and assistance to regulators in discharging their regulatory functions, with the understanding that individuals will not be prosecuted or penalised for doing so.

Given that ASIC’s policy only came into effect at the beginning of 2021, its effectiveness in helping ASIC to identify and take enforcement action against complex markets and financial services contraventions is yet to be realised.[97] However, the ACCC’s policy, which has been in place for some years, has been utilised successfully in notable enforcement actions.

Nonetheless, in circumstances where immunity is not available, both ASIC and the ACCC also have cooperation policies, which prescribe the favourable consideration that may be given to an entity for cooperating with enforcement investigations, in subsequent court or administrative proceedings.


In past years, whistleblowing legislation failed to play a key role in Australian enforcement investigations, with deficiencies in the previous legislative protections failing to encourage individuals to come forward and report suspected wrongdoing and inhibiting the discovery of corporate misconduct.

To combat this, the private sector whistleblowing regime in Australia recently underwent major reform. From 1 January 2020, public listed companies, large proprietary companies and trustees of registrable superannuation entities incorporated under the Corporations Act were all required to have a compliant whistleblowing policy in place or risk being exposed to penalties.[98]

Under the Corporations Act, eligible persons afforded whistleblower protection are offered three main legal protections:

  • the whistleblower’s identity, or information that is likely to lead to their identity being revealed, is to be kept confidential unless authorised by law;[99]
  • the whistleblower will not be subject to any civil, criminal or administrative liability (including disciplinary action) for making a disclosure;[100] and
  • victimisation against a whistleblower is prohibited.[101]

As a result of the new regime, it is expected that the number of enforcement investigations in Australia prompted by whistleblower disclosures will increase considerably, particularly in the current period of economic uncertainty arising from the covid-19 pandemic.

What remedies and sanctions are available to government authorities?


Civil proceedings

ASIC can bring civil proceedings seeking a wide range of civil remedies, designed to punish individuals (civil financial penalties),[102] remedy breaches, protect investors and financial consumers,[103] protect assets or compel compliance with the law[104] and recover damages or property for persons who have suffered loss.[105] ASIC may also seek negotiated alternatives to remedies, such as enforceable undertakings,[106] and issue infringement notices for continuous disclosure obligations.[107]

Criminal prosecutions

While ASIC has the power to commence a prosecution for alleged offences against the Corporations Act or the ASIC Act,[108] in practice, the CDPP conducts all substantive prosecutions. Prosecutions can be commenced in the relevant courts of each state and territory.[109]

Recent changes in the regulatory landscape

Increased powers and penalties

In December 2017, the federal government’s ASIC Enforcement Review Taskforce published 50 recommendations following a review of ASIC’s enforcement regime and suitability of existing regulatory tools.[110] The recommendations included improvements to ASIC’s information-gathering powers, strengthening of licensing and banning powers, and increased penalties for corporate misconduct.

Since March 2019, serious offences have been punishable by up to 15 years in prison. Maximum civil penalties for individuals and companies have significantly increased and apply to a greater range of misconduct.[111] The maximum civil penalty for companies is currently the greater of A$11.1 million, three times the benefit obtained and detriment avoided or 10 per cent of annual turnover, capped at A$555 million.[112]

Legislative reforms have also expanded ASIC’s search warrant powers. Prior to early 2020, material seized and subsequently shared with ASIC could only be used by ASIC for investigating or prosecuting criminal offences.[113] Seized ‘evidential materials’[114] may now be made available to ASIC where there is a reasonable suspicion of an indictable offence, and ASIC may use the materials to perform its functions and duties, and exercise its powers, including preventing or investigating a relevant breach.[115] ASIC was also given broader access to intercepted material for the investigation and prosecution of complex criminal offences.[116]

New enforcement approach: why not litigate?

In the Royal Commission’s 2018 interim report Commissioner Hayne was critical of ASIC’s enforcement approach, noting ASIC’s starting point in response to misconduct was ‘How can this be resolved by agreement?’, which Commissioner Hayne considered should not be the starting point for a conduct regulator.[117] In the final report, delivered in February 2019, Commissioner Hayne recommended that ASIC take, as its starting point, the question of whether a court should determine the consequences of a contravention.[118] That is, when misconduct is identified, ASIC should ask ‘why not litigate?’.[119] Commissioner Hayne found that the use of negotiation and persuasion without enforcement ‘all too readily leads to the perception that compliance is voluntary’.[120]

In October 2018, ASIC adopted a ‘why not litigate?’ approach to enforcement, once satisfied that breaches of law are more likely than not to have occurred and pursuing the matter would be in the public interest.[121] This strategy aims ‘to deter future misconduct and address the community expectation that wrongdoing will be punished and publicly denounced through the courts’, but ‘does not mean that [ASIC] will take every matter to court’.[122] ASIC also established an Office of Enforcement and a single enforcement strategy to strengthen its enforcement culture and effectiveness.[123]

Since adopting the ‘why not litigate?’ enforcement strategy, there has been a significant increase in civil proceedings (64 per cent increase in 2020) and criminal proceedings (36 per cent increase) commenced by ASIC and there have been more briefs referred to the CDPP (27 per cent increase).[124] ASIC also recorded its two largest civil penalty outcomes in 2020.[125]

Anti-money laundering

Money laundering offences prohibiting dealings with proceeds of crime are found in Part 10.2 of the Code. The penalties are contingent on the amount of money or property involved.

The maximum criminal penalty for an intentional offence involving money or property valued over A$10 million is life imprisonment.[126] If the offence involves money or property with a value of A$100,000 or less, and it is reasonable to suspect that the money or property is proceeds of indictable crime and the offender cannot prove he or she did not have that reasonable suspicion, the penalty is two years’ imprisonment or 120 penalty units (currently A$26,640), or both.[127]

Money laundering offences can also be prosecuted under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) for transactions conducted to avoid reporting requirements relating to threshold transactions, where the maximum criminal penalty is five years’ imprisonment or 400 penalty units (currently A$88,800), or both.[128]

Foreign bribery

Australia became a signatory to the Convention in 1999 and in that year the Convention was implemented by provisions in Division 70 of the Code.

For an individual, the maximum penalty for bribing a foreign public official is 10 years’ imprisonment or a fine (currently up to A$2.22 million), or both.[129] For a corporate offender, the maximum fine is the greater of:[130]

  • 100,000 penalty units (currently A$22.2 million);
  • three times the value of the benefit gained from the conduct (if it can be ascertained); or
  • 10 per cent of annual turnover of the corporation and related bodies (if the value of the benefit gained from the conduct cannot be determined).

Additionally, any benefits obtained by foreign bribery can be forfeited to the Australian government under the Proceeds of Crime Act 2002 (Cth).[131]

False accounting

The false accounting offences in Part 10.9 of the Code (Accounting Records) came into force in March 2016. The offences are: intentional false dealing with accounting documents;[132] and reckless false dealing with accounting documents.[133]

These laws are broadly framed to capture false accounting connected with the conferring of illegitimate benefits to foreign public officials, but also false accounting practices connected with illegitimate benefits directed to public officials acting in the course of their duties, or to corporations.

The maximum penalties for a contravention are the same as for foreign bribery offences, but if the conduct occurred recklessly, the penalties are halved.


The Code contains a broad suite of ‘computer offences’,[134] which capture conduct regarding the unauthorised access, modification or impairment of data, with penalties varying depending upon the intention behind the prohibited conduct.

The maximum penalties for some computer offences are: two years’ imprisonment for unauthorised access to, or modification of, restricted data;[135] and 10 years’ imprisonment for unauthorised impairment of electronic communication.[136]


1 Abigail Gill, Felicity Healy, Craig Phillips, Anna Ross and Charles Scerri KC are partners at Corrs Chambers Westgarth. The authors would like to thank the following members of Corrs Chambers Westgarth for their contribution to this chapter: James Lucek-Rowley (special counsel), Henry Hall (senior associate), Wendy Green (senior associate), Timothy Bunker (senior associate), Andrew Hanna (senior associate), Lily Vadasz (associate), Gowrie Varma (associate), Emma Langlands (lawyer), Henry Kiellerup (lawyer), Žemyna Kuliukas (lawyer), Ellen Guilfoyle (law graduate), Kate Mani (law graduate) and Alice Maxwell (law graduate).

2 Corporations Act, Section 1041A.

3 Corporations Act, Sections 1041B and 1041C.

4 Corporations Act, Section 1041E.

5 Corporations Act, Section 1041G.

6 Corporations Act, Section 1041H.

7 Corporations Act, Section 1043A.

8 Corporations Act, Section 1020B.

9 See, e.g., Corporations Act, Sections 706 and 709.

10 Corporations Act, Section 5B.

11 See, e.g., Corporations Act, Section 798G.

12 These resources are available on the ASIC website;.

13 ASX Listing Rules, Chapters 1 (Admission), 2 (Quotation) and 7 (Changes in capital and new issues).

14 ASIC Act, Section 13.

15 See generally, ASIC Act, Part 3. Administrative actions are remedial actions ASIC may take without going to court. These remedies are contained within the Corporations Act and include remedies such as disqualification of a person from managing a corporation: Section 206F.

16 ASIC Act, Section 49(2).

17 The functions and powers of the CDPP are set out in the Director of Public Prosecutions Act 1983 (Cth), see Sections 6 and 9. The relationship between ASIC and the CDPP is governed by a memorandum of understanding dated 1 March 2006:;.

18 The Australian Takeovers Panel has the power to declare circumstances unacceptable in relation to a takeover of an Australian company or a listed management investment scheme and to review certain decisions of ASIC made during the life of a takeover.

19 ‘Cyber security’, Australian Signals Directorate (Web Page);.

20 Australian Cyber Security Centre, ACSC Annual Cyber Threat Report July 2019 to June 2020 (Report) 3; (ACSC Annual Cyber Threat Report).

21 AUSTRAC has assessed the overall money laundering and terrorism financing risk for the securities and derivatives sector as ‘medium’, with fraud, insider trading and market manipulation accounting for the vast majority of offences reported to AUSTRAC in the securities and derivatives sector: AUSTRAC, Australia’s Securities & Derivatives Sector – Money Laundering and Terrorism Financing Risk Assessment (July 2017);.

22 ASIC Act, Section 13(1)(a). This ground also extends to suspected contraventions of any other law of the Commonwealth or of an Australian state or territory where that suspected contravention concerns the management or affairs of a body corporate or managed investment scheme, or involves fraud or dishonesty and relates to a body corporate, managed investment scheme or financial products: Section 13(1)(b).

23 ASIC Act, Section 14(1).

24 ASIC Act, Section 15.

25 ASIC Act, Section 19.

26 ‘Books’ is defined broadly to include a register, financial reports or records, a document, banker’s books and any other record of information. ASIC Act, Section 5.

27 ASIC Act, Sections 30–33, see also Sections 28(d), 29.

28 ASIC Act, Section 37(9).

29 ASIC Act, Section 39D.

31 ASIC, ASIC’s compulsory information-gathering powers (Information Sheet 145);.

32 ASIC Act, Section 28(b), 29.

33 Evidence to Economics References Committee, Parliament of Australia, 10 June 2021, 47 (Chris Savundra, General Counsel, ASIC).

34 See, for example, TPT Patrol Pty Ltd as trustee for Amies Superannuation Fund v. Myer Holdings Limited [2019] FCA 1747; Parliamentary Joint Committee on Corporations and Financial Services, Litigation funding and the regulation of the class action industry (Report, December 2020), 30.

35 See, for example, Australian Securities and Investments Commission v. Big Star Energy Ltd (No 3) (2020) 389 ALR 17; Australian Securities and Investments Commission v. Vocation Ltd (In Liq) (2019) 371 ALR 155.

36 ASIC, Annual Report 2016-17 (Report, October 2017), 38.

37 Corporations Act, Sections 674 and 675.

38 Corporations Act, Sections 674(2) and 675(2).

39 ASIC, Annual Report 2019-20 (Report, October 2020), 42. In its 2020–2024 Corporate Plan, ASIC highlighted that it was committed to ensuring the resilience and stability of the financial system by continuing to monitor and enforce adherence to continuous disclosure requirements. It noted that it was monitoring false or misleading disclosure and taking regulatory action where appropriate: ASIC Corporate Plan 2020-24 (August 2020), 15.

40 Parliamentary Joint Committee on Corporations and Financial Services, Litigation funding and the regulation of the class action industry (Report, December 2020) at 17.122.

41 ibid., 17.116.

42 ibid., 17.130.

43 Treasury Laws Amendment (2021 Measures No. 1) Act 2021 (Cth), Schedule 2.

44 Corporations (Coronavirus Economic Response) Determination (No. 2) 2020.

45 The Hon Josh Frydenberg MP, ‘Permanent changes to Australia’s continuous disclosure laws’ (Media Release, 17 February 2021).

46 ASIC Corporate Plan 2021-25, 16 (‘Investment Managers’).

47 ASIC Corporate Plan 2021-25, 23.

48 ASIC Corporate Plan 2021-25, 19.

49 Corporations Act, Section 1043A.

50 ASIC Corporate Plan 2021-25, 19.

51 ASIC Media Release, ‘ASIC commences civil proceedings against Westpac for insider trading’, 5 May 2021.

52 ASIC Corporate Plan 2021-25, 19.

54 Organisation for Economic Co-operation and Development, ‘OECD seriously concerned by lack of foreign bribery convictions, but encouraged by recent efforts by the Australian Federal Police’ (Media Release, 25 October 2012);.

55 Organisation for Economic Co-operation and Development, Implementing the OECD Anti-Bribery Convention – Phase 4 Two-Year Follow-Up Report: Australia (Report, 2019) 4-5;.

56 Organisation for Economic Co-operation and Development, Phase 3 Report on Implementing the OECD Anti-Bribery Convention in Australia (Report, 2012), 49;; see Criminal Code Act 1995 (Cth), division 490, introduced by Crimes Legislation Amendment (Proceeds of Crime and Other Measures) Act 2016 (Cth).

57 Organisation for Economic Co-operation and Development, Implementing the OECD Anti-Bribery Convention – Phase 4 Report: Australia (Report, 2017), 32-3;.

58 For recommendations arising out of the Royal Commission see: Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Final Report, 1 February 2019) Volume 1, 20–42; Australian Law Reform Commission, Corporate Criminal Responsibility (Report No. 136, April 2020) 13–18. AUSTRAC court actions against banks include: Chief Executive Officer of the Australian Transaction Reports and Analysis Centre v. Westpac Banking Corporation (2020) 148 ACSR 247; Chief Executive Officer of the Australian Transaction Reports and Analysis Centre v. Commonwealth Bank of Australia Limited [2018] FCA 930.

59 Chief Executive Officer of the Australian Transaction Reports and Analysis Centre v. Commonwealth Bank of Australia Limited [2018] FCA 930, [1]-[2].

60 Chief Executive Officer of the Australian Transaction Reports and Analysis Centre v. Westpac Banking Corporation (2020) 148 ACSR 247, [10], [38], [41], [70].

61 Chief Executive Officer of the Australian Transaction Reports and Analysis Centre v. Westpac Banking Corporation (2020) 148 ACSR 247, [3]-[9].

62 National Australia Bank, ‘NAB advised of referral to AUSTRAC Enforcement Team’ (ASX Announcement, National Australia Bank, 7 June 2021).

63 Chief Executive Officer of Australian Transaction Reports and Analysis Centre v. TAB Limited (No 3) [2017] FCA 1296, [1].

64 Chief Executive Officer of Australian Transaction Reports and Analysis Centre v. TAB Limited (No 3) [2017] FCA 1296, [31]-[33].

65 Chief Executive Officer of Australian Transaction Reports and Analysis Centre v. TAB Limited (No 3) [2017] FCA 1296, [27]-[49]; AUSTRAC, ‘Record AUD$45 million civil penalty ordered against Tabcorp’ (Media Release, AUSTRAC, 16 March 2017).

66 Crown Resorts Limited, ‘Update in Relation to Regulatory Compliance Matters’ (ASX Announcement, Crown Resorts Limited, 7 June 2021); Sky City Entertainment Group, ‘AUSTRAC Enforcement Investigation’ (ASX/NZX Announcement, Skycity Entertainment Group, 7 June 2021).

67 Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2017 (Cth).

68 See Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), Part 6A; Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument (No. 1) 2007 (Cth), Chapter 76.

69 AUSTRAC, A guide to preparing and implementing an AML/CTF program for your digital currency exchange service business (Guide);; ‘Initial coin offerings and crypto-assets’, Australian Securities and Investments Commission (Web Page);.

71 A world first public-private partnership, Fintel Alliance brings together experts from a range of organisations involved in the fight against money laundering, terrorism financing and other serious crime.

72 Explanatory Memorandum, Financial Accountability Regime Bill 2021 (Cth) – Exposure Draft, 3-4 (FAR explanatory memorandum).

74 FAR explanatory memorandum, [1.114].

75 FAR explanatory memorandum, [1.114]-[1.120]; see also Australian Department of the Treasury, Joint administration of the Financial Accountability Regime between APRA and ASIC (Information Paper, 16 July 2021), 2;.

76 ‘Safeguarding Australia’s critical infrastructure from cyber attack’, Australian Cyber Security Centre (Web Page, 22 May 2020);; ‘Internet of Things devices’, Australian Cyber Security Centre (Web Page);; ACSC Annual Cyber Threat Report, 3.

77 ASIC Corporate Plan 2020-24, 10.

78 ‘Cyber resilience good practices’, Australian Securities and Investments Commission (Web Page);; ‘Key questions for an organisation’s board of directors’, Australian Securities and Investments Commission (Web Page);.

79 ASIC Corporate Plan 2020-24, 10.

80 Australian Securities and Investments Commission v. RI Advice Group Pty Ltd (Federal Court of Australia, VID556/2020, commenced 21 August 2020); see also Australian Securities and Investments Commission, ‘ASIC commences proceedings against RI Advice Group Pty Ltd for alleged failure to have adequate cyber security systems’ (Media Release, 21 August 2020);.

81 Australian Securities and Investments Commission v. Maxi EFX Global AU Pty Ltd [2020] FCA 1263, [103].

82 ibid., [99].

83 ibid., [117]-[119].

84 For example, maintaining privacy obligations in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth).

85 Memorandum of Understanding between the Australian Securities and Investments Commission and the Australian Competition and Consumer Commission (21 December 2004);.

86 Evidence Act 1995 (Cth), Partt 3.10; Evidence Act 2011 (ACT), Part 3.10; Evidence (National Uniform Legislation) Act 2011 (NT), Part 3.10; Evidence Act 1995 (NSW), Part 3.10; Evidence Act 2001 (Tas), Part 10; Evidence Act 2008 (Vic), Part 3.10.

87 Federal Commissioner of Taxation v.Spotless Services Ltd (1996) 186 CLR 404, 416.

88 Evidence Act 1995 (Cth), Section 125(1); Evidence Act 2011 (ACT), Section 125(1); Evidence Act 1995 (NSW), Section 125(1); Evidence (National Uniform Legislation) Act 2011 (NT), Section 125(1); Evidence Act 2001 (Tas), Section 125(1); Evidence Act 2008 (Vic), Section 125(1); See, e.g., Conlon v. Lensworth Interstate Pty Ltd [1970] VR 293.

89 The Daniels Corporation International Pty Ltd v. Australian Competition and Consumer Commission (2002) 213 CLR 543.

90 ibid.

91 ibid., 576.

92 Australian Securities and Investments Commission v. RI Advice Group Pty Ltd [2020] FCA 1277.

93 ASIC, Claims of legal professional privilege (Information Sheet 165);.

94 Australian Competition and Consumer Commission, ACCC immunity and cooperation policy for cartel conduct — a policy document (October 2019);.

96 Corporations Act, Part 7.10.

97 ASIC, 21-030MR ASIC launches immunity policy for market misconduct offences (Media Release, 24 February 2021);.

98 Corporations Act, Sections 1317AAB and 1317AI.

99 Corporations Act, Section 1317AAE. 

100 Corporations Act, Section 1317AB.

101 Corporations Act, Section 1317AC.

102 Corporations Act, Part 9.4B.

103 See, e.g., Corporations Act, Sections 1324B (corrective disclosure orders) and 1325A (remedial orders).

104 See, e.g., Corporations Act, Sections 1323 (asset freezing, receivership and related remedies) and 1324 (statutory injunctions and related orders).

105 See, e.g., Corporations Act, Section 1325 (restitutionary orders) and 1043L(6) (insider trading orders); ASIC Act, Section 50 (representative public interest actions).

106 ASIC Act, Sections 93A-93AA.

107 Corporations Act, Part 9.4AA.

108 ASIC Act, Section 49(1)-(2).

109 Corporations Act, Section 1338B.

110 Australian Government, ASIC Enforcement Review Taskforce Report (December 2017).

111 Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Act 2019 (Cth).

112 Corporations Act, Section 1317G(3)-(4).

113 Explanatory Memorandum, Financial Sector Reform (Hayne Royal Commission Response – Stronger Regulators (2019 Measures) Bill 2019 (Cth), 2.37.

114 ‘Evidential materials’ is defined for the purposes of Section 39D(1) of the ASIC Act to mean ‘a thing relevant to an indictable offence, including such a thing in electronic form’: ASIC Act, Section 39F.

115 Corporations Act, Section 39D; Crimes Act 1914 (Cth), Section 3ZQU.

116 Financial Sector Reform (Hayne Royal Commission Response—Stronger Regulators (2019 Measures)) Act 2020 (Cth), Schedule 2; see also ‘Investigative powers’ above.

117 Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Interim Report, 28 September 2018) Volume 1, 277.

118 Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Final Report, 1 February 2019) (Royal Commission Final Report) Volume 1, 446 (Recommendation 6.2).

119 Royal Commission Final Report Volume 1, 427.

120 ibid., 424–5.

121 ASIC Commissioner Sean Hughes, ‘ASIC’s approach to enforcement after the Royal Commission’ (Speech, Banking in the Spotlight: 36th Annual Conference of the Banking and Financial Services Law Association, 30 August 2019).

122 ibid.

123 ibid.

124 ASIC, ‘ASIC Enforcement Update July to December 2020’ (Report 688, April 2021), 6.

125 ibid., 3.

126 Criminal Code Act 1995 (Cth), Section 400.2B(1).

127 Criminal Code Act 1995 (Cth), Section 400.9(1A).

128 Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), Section 142.

129 Criminal Code Act 1995 (Cth), Section 70.2.

130 Criminal Code Act 1995 (Cth), Section 70.2.

131 Proceeds of Crime Act 2002 (Cth), Part 2.2.

132 Criminal Code Act 1995 (Cth), Section 490.1.

133 Criminal Code Act 1995 (Cth), Section 490.2.

134 Criminal Code Act 1995 (Cth), Part 10.7.

135 Criminal Code Act 1995 (Cth), Section 478.1(1).

136 Criminal Code Act 1995 (Cth), Section 477.3(1).

Unlock unlimited access to all Global Investigations Review content