A recent decision of the Federal Court of Australia involving an industry superannuation fund (the Fund) has been a timely reminder of the importance of financial services licensees having, and appropriately implementing, robust and compliant internal policies and procedures. The decision confirming that a failure to satisfy these obligations, may result in criticism and in some instances, action by the regulator. While this case relates to an internal dispute resolution (IDR) procedure, there are certainly broader lessons to be learned.

Facts:

Briefly, the Australian Securities & Investments Commission (ASIC) alleged that during the period between December 2021 and May 2023 (the Period), the Fund failed (in many regards) to comply with its own IDR procedure when handling complaints by its members. It was alleged that these failings also resulted in contraventions of the Corporations Act 2001 (Cth).

In the proceedings, ASIC alleged that on numerous occasions during the Period, the Fund failed to provide an IDR response within the prescribed 45-day period, nor did they have an exemption for doing so. ASIC also alleged that the Fund had failed to comply with the content requirements such as not specifying the reason for the delay and the Fund members right to complain to AFCA (with AFCA's details). ASIC further alleged that the Fund had failed to resource its IDR process, all of which resulted in the Fund not operating fairly, effectively and efficiently (noting the frequency, nature and extent of the failures).

Findings:

While the intent is not to go through each individual complaint and the associated outcome, the Federal Court ultimately found that the Fund failed to comply with their own policies on numerous occasions. The key criticisms received included:

• Marking a complaint as resolved, before it had in fact been resolved;
• Confusion about the mechanism for marking a complaint as resolved;
• Not being clear on when the circumstances allowed for an extension in providing the IDR response and instead issuing ‘delayed notifications' as a matter of course;
• Not giving the complainant the required information about their right to complain to AFCA, along with AFCA's details; and
• Difficulties in dealing with regulatory issues and investigative notices from ASIC, which the Fund would be expected as a regulated superannuation entity.

Learnings:

While a variety of legal points were addressed by the Federal Court, for present purposes and noting the work we do for our clients, broad key learnings we have identified are as follows:

• Internal policies must be clear, robust and compliant in all regards with the applicable legislative and regulatory frameworks.
• Internal policies are not a ‘tick and flick' exercise to satisfy external optics. They must contain substance and go the heart of what the policy is seeking to achieve.
• Simply having internal policies which address key areas is insufficient if they are not being implemented. ‘Performative' compliance will not satisfy a court that all reasonable steps have been taken to implement appropriate frameworks.
• Compliance with internal policies must be embedded in the operations of the business and must become part of the usual course.
• Policies need to include clear guidance about what outcomes the officers' implementing those policies are trying to achieve. They need to understand what ‘true compliance' looks like and how this is achieved operationally.
• Ongoing governance and monitoring are critical functions within a financial services provider and having robust and compliant internal policies is a fundamental way of giving boards and executives comfort that the appropriate structures are in place.
• That while there is no hard and fast rule about how much resourcing is required to support various functions implementing policies, reasonable steps should be taken to ensure that such processes operate fairly, effectively and efficiently.

How can we help:

At MM Legal+, we provide practical, specialist legal support for regulated organisations navigating complex compliance environments. We assist with the full compliance lifecycle — from drafting and reviewing internal policies to ensure they are substantive, current and regulatory-aligned, through to developing detailed process maps that translate each policy obligation into clear operational workflows with defined ownership, timeframes and checkpoints.

The goal is to ensure your policies are not only well-drafted, but genuinely embedded in how your business operates. With MM Legal+, you gain clarity, consistency and trusted legal support that grows with your business.