ASIC’s final enforcement action from the 2018 Financial Services Royal Commission puts a spotlight on directors’ responsibility for corporate compliance failures in complex regulatory settings.
The Federal Court’s recent decision in favour of the former managing director of the Freedom Insurance group marks the end of an era. It concludes, with a whimper, the last of the civil penalty actions brought by the Australian Securities and Investments Commission (ASIC) based on case studies from the 2018 Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry.
The Freedom Insurance case study looked at the group’s sales practices in relation to life insurance — specifically funeral, accidental death and accidental injury cover. Freedom sold cover directly to consumers by telephone through its call centre under what is known in the industry as a “no-advice” model. The Royal Commission heard that people working in the call centre — paid on commission and offered prizes based on sales volumes — were highly incentivised to maximise sales of those products.
This included to vulnerable clients. In affecting evidence given at the Royal Commission, a witness talked about the experience of his son, who has Down syndrome, being sold an insurance policy by Freedom. The Commission heard recordings of the sales calls and subsequent calls by the witness and his son attempting to cancel the policy. Freedom conceded to the Commissioner that the sales agent’s actions were inappropriate, and he should have known the witness’ son was incapable of understanding what was occurring during the call. It agreed the sales agent who sold the policy had engaged in “deeply troubling conduct”.
As part of its response to the Royal Commission, Freedom notified ASIC that it had breached parts of the law, including the statutory prohibition on paying “conflicted remuneration” in connection with the provision of financial product advice. The business did not survive the reputational damage it suffered at the Royal Commission and ceased operating in 2019.
Who’s to blame?
In 2021, ASIC commenced proceedings against Keith Cohen, Freedom’s former managing director, and quality assurance manager, Robert Oayda. The proceedings focused on incentive programs that offered trips to Bali and a Vespa scooter to successful sales agents. ASIC alleged that Cohen and Oayda were both “involved in a contravention” by Freedom of the conflicted remuneration laws. It also alleged that Cohen breached his statutory duty of care as an officer in failing to prevent it breaching, or being likely to breach, that law.
ASIC’s involvement case against both defendants failed. Justice Scott Goodman was not satisfied ASIC had established a contravention by Freedom of the conflicted remuneration rules. For technical reasons, this would have required ASIC to prove affirmatively either that Freedom’s sales agents had provided financial product advice (as defined in the Corporations Act) or that they had not. As a consequence, the allegation Cohen and Oayda were involved in a contravention fell away.
That left the negligence case against Cohen. It is well established that corporate officers have a duty to take reasonable care to protect their company against the adverse consequences of breaching the law. ASIC has run several such cases over the years and they do not depend on establishing the fact of a corporate breach. But each turns on its facts, and ASIC failed here, too.
Duty of care
Cohen owed the Freedom companies a duty, under section 180 of the Corporations Act, to exercise his powers and discharge his duties with the degree of care and diligence a reasonable person would exercise if they were a director or officer of a company in the circumstances of Freedom. The question is what a person with those responsibilities, in that type of company, would reasonably have done to guard against a foreseeable risk of harm to the company.
Justice Goodman looked closely at the distribution of responsibilities across the management team at Freedom. At the time, it included a highly skilled lawyer as head of legal and product development, and an experienced head of risk and compliance. Their qualifications and respective responsibilities were described in company documents, including the prospectus that the company had issued for its initial public offering and stock exchange listing in 2016. These led Justice Goodman to conclude “day-to-day responsibility for Freedom’s compliance did not rest with Mr Cohen”.
It was accepted a reasonable director or officer in Cohen’s position would have known that, as a financial services licensee, Freedom was obliged under the Corporations Act in relation to its financial services. It was also accepted a person in his position would have appreciated the real and foreseeable possibility that contraventions of those obligations may have come to ASIC’s attention, ASIC may have taken regulatory action, and Freedom could have been exposed to litigation, reputational damage or both.
ASIC argued Cohen had (or ought reasonably to have had) knowledge or awareness of the company’s obligations under the Act, including the prohibition of conflicted remuneration. Cohen admitted he had a high-level knowledge or awareness of those matters, but argued that as he was not a legal practitioner, he could not be expected to have a detailed knowledge or awareness of them.
His Honour accepted Cohen’s responsibilities didn’t require him to have a detailed knowledge of the legislative provisions, saying the conflicted remuneration provisions “are not readily understood. There is a considerable degree of complexity”. Directors must take reasonable steps to guard against foreseeable risks. Justice Goodman found that given Freedom had employed a highly experienced lawyer with a speciality in this area, who did not think the conflicted remuneration provisions applied, then “the proper conclusion is that such reasonable risk was not foreseeable to a person in Mr Cohen’s position”.
The final outcome of ASIC’s case might seem unsatisfactory. However, it is consistent with the established principle that the duty of care does not make directors — even managing directors — guarantors of a company’s compliance with complex regulatory obligations.
This article first appeared as 'Duty bound' in the December 2025/January 2026 Issue of Company Director Magazine.
Latest news
Already a member?
Login to view this content