Efficiently, honestly and fairly – The significance of detection and remediation of incidents

We have written many articles on the ‘efficiently, honestly and fairly’ (EHF) obligation (see our latest article here regarding materiality). We are aware that, particularly in relation to the ‘efficiently’ limb, the industry is grappling with the scope of the obligation, including the role of materiality.

We have also written about the noticeable judicial trend for courts to view this obligation and other client-focussed obligations, such as the prohibition on misleading or deceptive conduct, through a prism of real life pragmatism (see here and here). For example, we have seen recent judgments where courts have commented that these types of obligations do not prescribe a standard of perfection (e.g. ASIC v NAB (2022) 164 ACSR 358 (ASIC v NAB)).

This theme becomes particularly significant in the context of the EHF obligation where the licensee is required to do all things necessary to ensure that relevant financial services are carried out efficiently, honestly and fairly. Contrast this obligation to ensure with other obligations under section 912A of the Corporations Act to only use reasonable steps (for example, the obligation of a licensee to take reasonable steps to ensure that its representatives comply with the financial services laws under section 912A(1)(ca)).

Given that the standard imposed for the EHF obligation is stated to be not one of perfection, efficiency in the context of carrying out a financial service should encompass considerations such as:

• how the incident occurred and whether it was preventable;
• what measures were in place to prevent the incident occurring, bringing into focus the licensee’s compliance measures (and the licensee’s concurrent licence obligation to maintain compliance measures that ensure, as far as is reasonably practicable, that the licensee complies with the provisions of the financial services laws);
• how was the incident identified; and
• when the incident was detected and how long before the investigation commenced.

An additional very important element is the measures the licensee took to rectify and remediate the consequences of the incident. The legitimacy of rectification has been recognised judicially in the case of ASIC v NAB, where Derrington J observed, “the existence or otherwise of a reasonably suitable remediation program for reimbursement can be relevant to whether a financial service has been provided in accordance with s 912A” (at [373]).

The significance of this factor is that the obligation of efficiency in the context of the EHF obligation should take into account all of the relevant conduct of the licensee, including the default, the response of the licensee generally and specifically, the efficacy of the remediation measures taken by the licensee.

These considerations can also be relevant to the fairness limb of the EHF obligation.

Some examples will serve to illustrate the point:

• in a case of overcharging fees which is caused by system error, a licensee may be less likely to breach the EHF obligation where the issue is quickly identified, and the licensee takes immediate steps to prevent further overcharging and remediate impacted customers; and
• on the other hand, a breach of the EHF obligation is more likely to occur if some lengthy timeframe has elapsed since the error occurred, or the licensee learns of the error but does not take steps, or is slow, to correct it.

In assessing the efficacy of rectification and remediation measures, the following factors will likely be relevant:

• the time taken to effect the rectification/remediation program;
• client-focussed results of the remediation, including whether all affected clients were captured in the remediation program;
• the extent to which any process/system changes specified were made; and
• the timeframe taken to commence and complete such rectification and remediation.

On one level, it might be thought that a licensee when faced with an efficiency incident gets “two bites of the cherry” insofar as it has an opportunity to mitigate the potential breach caused by an incident by “curing” that incident. However, whether the remediation can mitigate a breach depends on a range of factors, including the nature and severity of the incident, the resulting consumer harm, and the processes/systems the licensee had in place to comply with the EHF standard and prevent the incident.  

For example, a successful remediation is unlikely to cure an incident:

• which was reasonably foreseeable and there were no processes in place to prevent it occurring;
• which occurred a considerable time ago; or
• the ramifications of which are harmful, or otherwise serious or significant.

This reflects Downes J’s characterisation of the EHF obligation as a “forward-looking obligation to do all things necessary to ensure that the financial services covered by its licence were provided efficiently, honestly and fairly” (ASIC v CBA [2022] FCA 1411 at [156]). As noted above, a tardy remediation can also increase the risk of a breach of the EHF obligation.

Nevertheless, the bottom line is:

• if the incident is picked up reasonably quickly; and
• rectified reasonably quickly,

these factors will greatly assist a licensee in arguing that it has complied with the EHF obligation.