A shareholder class action against CBA shows that explaining compliance arrangements is not the same as guaranteeing them, but you do need to be careful.

    Shareholder class actions have been a feature of the corporate landscape for decades. Bad news, followed by a drop in a listed entity’s share price, leads to claims by aggrieved shareholders that the entity should have disclosed more or earlier.

    This pattern repeated in 2017 when AUSTRAC sought penalties against Commonwealth Bank of Australia Ltd (CBA) for breaches of the anti-money laundering (AML) laws. AUSTRAC’s case settled in 2018, with CBA agreeing to a record civil pecuniary penalty of $700m (AUSTRAC v CBA [2018] FCA 930). When news of this action became public, CBA shareholders and their lawyers began proceedings.

    In May, Justice David Yates dismissed their claims in Zonia Holdings Pty Ltd v CBA (No 5) [2024] FCA 477. Zonia is the fifth major shareholder class action based on alleged disclosure failures to go to decision at trial — and the fifth in which the shareholders’ damages claims have failed.

    Keeping the market informed

    The CBA shareholders’ case alleged three distinct failures by CBA to flag concerns about AML compliance between 2014 (when the problems began to emerge) and 2017. The first claim was based on CBA’s continuous disclosure obligations as an ASX listed entity. The shareholders said that specific information about the AML issue should have been released to the market earlier. The second concerned the disclosure not provided in the documentation for a $5b capital raising conducted by the bank in 2015.

    Listed entities and their advisers are closely reviewing the continuous disclosure aspects of Justice Yates’ decision. His comprehensive dismantling of the CBA shareholders’ case provides important legal guidance on what plaintiffs must prove when they claim to have suffered losses from trading in an uninformed market.

    This starts with showing that the listed entity should — and could — have provided the specific information for which they argued. The plaintis in Zonia fell at this first hurdle. And because similar disclosure principles applied to the requirements for the capital raising in 2015, the second claim also failed.

    Representations about risk and compliance

    The CBA shareholders’ third claim concerned what the bank had said publicly about its compliance systems. This aspect is relevant well beyond the listed sector, because it applies the general laws about misleading conduct to the information that companies share about their compliance policies.

    Many companies make their risk and compliance policies and frameworks available either publicly or internally. This reflects contemporary governance practice that encourages transparency and accountability. Stakeholders expect to see that the company has in place appropriate arrangements to manage financial and other risks, including operational, compliance and conduct risks. This goes to the “G” in ESG.

    CBA published details of its AML compliance policies along with formal annual compliance statements on its website. The gist of the shareholders’ case was that, in describing its AML compliance arrangements, CBA had represented that it, “had effective policies, procedures and systems for ensuring regulatory compliance, and that [its] systems had ensured, and would continue to ensure, appropriate monitoring and reporting of compliance activities”. These were referred to in Zonia as the Compliance Representations. The shareholders made a similar claim concerning representations they alleged CBA had made about its processes for ensuring compliance with the continuous disclosure laws.

    Statutory prohibitions on misleading conduct appear in various places in the law, including in the Corporations Act 2001 (Cth), Australian Securities and Investments Commission Act 2001 (Cth) and Australian Consumer Law. They are contravened whenever a person makes a representation that is misleading, regardless of their state of mind. The legal question is whether the impugned conduct, viewed as a whole, has a tendency to lead a person exposed to it into error. That involves looking at the whole context and circumstances to decide the meaning the representation would convey to a reasonable member of the class to which it was directed.

    In Zonia, his Honour rejected the shareholders’ argument that CBA made the Compliance Representations in the form they were pleaded. By using the words “effective” and “ensured” in making their case, the shareholders sought to argue that CBA had represented that its compliance systems would never fail, or at least that any failures would be limited to slight, trivial or “one-o” failures. They did not succeed.

    Justice Yates took into account CBA’s other public statements containing disclaimers about its operational risks and the compliance systems. But looking at CBA’s public communications overall, he found it did not, “make any representation to the effect of the Compliance Representations”. Investors would not have read the published policies as saying that no, or only minor, compliance failures would occur.

    His Honour accepted that “investors who commonly invest in securities would have an expectation that financial institutions will take sufficient measures, and undertake sufficient investment, to mitigate their operational risks, including those risks arising from their need to comply with the AML/CTF Act”.

    Justice Yates also accepted that, “such investors would understand that financial institutions are not free of risk in that regard”.

    Systems and outcomes

    Directors sit at the apex of governance and have a clear oversight responsibility for their company’s risk frameworks. The forensic unpacking of CBA’s anti-money laundering systems in the AUSTRAC proceedings and in Zonia show the myriad ways in which those frameworks can fail.

    Very few companies face compliance challenges at the same scale as CBA. But many listed, unlisted and not-for-profit entities routinely provide information about their risk-management frameworks (including in health and safety, whistleblower protection and cybersecurity) to different stakeholders.

    CBA was careful to ensure its stakeholders understood that having compliance systems is not the same as a guarantee of compliance. This did not protect CBA from the regulatory consequences of its AML systems’ failure, but in Zonia, it did protect against a claim that its shareholders had been misled as to that reality.

    Dr Pamela Hanrahan is an Emerita Professor of the University of NSW and a consultant at Johnson Winter Slattery.

    This article first appeared under the headline ‘Class Warfare’ in the July 2024 issue of Company Director magazine.

    Latest news

    This is of of your complimentary pieces of content

    This is exclusive content.

    You have reached your limit for guest contents. The content you are trying to access is exclusive for AICD members. Please become a member for unlimited access.