On the 10th April 2024, the Federal Court of Australia released a judgement on the case - Australian Securities and Investments Commission vs Lanterne Fund Services Pty Ltd [2024] FCA 353.
It was declared that pursuant to s21 of the Federal Court of Australia Act 1976 (Cth) (FCA Act) and s1317E of the Corporations Act 2001 (Cth) during the period 13 March 2019 to 5 October 2021, Lanterne Funds Services Pty Ltd (Lanterne) breached its obligations to have adequate risk management systems, and thereby contravened ss912A(1)(h) and 912A(5A) of the Corporations Act.
In summary, Lanterne has breached the Corporations Act through the following:
(a) Failed to identify and assess the risks faced by its business, including the risks related to its corporate authorised representatives (CARs) and authorised representatives (ARs);
(b) Failed to document any identification or assessment of the risks faced by its business, including failing to have a risk management framework and basic risk management tools;
(c) Relied on initial due diligence of directors of potential CARs and pro forma monthly compliance self assessments by the CARs to monitor the CARs and Ars and identify risks associated with their conduct;
(d) Failed to have adequate compliance management systems having regard to the nature, scale and complexity of its business and instead relying on a compliance manual which was out of date, inapplicable to the business and omitted regulatory and compliance obligations of CARs, ARs and Lanterne;
(e) Failed to have sufficient employers or officers with appropriate risk management experience and failing to engage external consultants with risk management expertise;
(f) Failed to have any independent oversight or monitoring of its risk management systems; and
(g) Otherwise failing to have systems, processes and controls in place to manage or mitigate risks, including failing to have an incident management process.
Breach of obligation to do all things necessary to maintain competence to provide financial service covered by its financial service licence
Under s21 of the FCA Act and s1317E of the Corporations Act, it was noted that Lanterne had breached its obligations to all things necessary to maintain competence to provide the financial services covered by its financial services licence. This was through:
(a) Failed to have responsible managers with sufficient time effectively to conduct their roles;
(b) Failed to have a sufficient number of responsible managers with appropriate knowledge and skills across the financial services offered by Lanterne’s CARs and in the industries and businesses operated by Lanterne’s CARs; and
(c) Failed to have any processes for ensuring it had appropriately qualified managers.
Breach of obligation to ensure its representatives were adequately trained and competent to provide financial services covered by its financial service licence
Under s21 of the FCA Act and s1317E of the Corporations Act, it was noted that Lanterne had breached its obligation to ensure its representatives were adequately trained and competent to provide financial services covered by its financial service licence
(a) Failed to assess the skill and competency requirements of its ARs;
(b) Failed to provide or arrange any adequate training, professional development for its CARs and ARs; and
(c) Relied only on monthly self-assessment compliance reports completed by the CARs and ARs to satisfy itself that they had undertaken training, and not requested to see CARs’ or ARs’ training records.
Breach of obligation to take reasonable steps to ensure that its representatives complied with the financial services laws (contravening ss912A(1)(ca) and 912A(5A) of the Corporations Act
a) Failed to have a documented and rigorous due diligence and background check
process for prospective CARs and ARs, and failing to conduct ongoing checks to ensure ARs remained appropriate;
(b) Failed to provide clear and practical guidance to CARs and ARs about the nature, extent and discharge of their obligations under the financial services laws;
(c) Failed to have a systematic and documented audit process, and failing to conduct regular audits of the CARs and ARs;
(d) Failed to document the matters the subject of its informal discussions with the ARs;
(e) Relying on pro forma monthly compliance self-assessments by the CARs to monitor the CARs and ARs and identify risks associated with their conduct;
(f) Failed to record or follow up any exceptions noted in the compliance self assessments;
and
(g) Failed to conduct regular performance reviews of its employees, management or responsible manager.
Breach of obligation to have adequate resources (including technological and human resources) to provide the financial services covered by its service licence (contravened ss 912A(1)(d) and 912A(5A) of the Corporations Act
a) Failed to have adequately trained and skilled compliance and risk management personnel (particularly to undertake audits and reviews of CARs and ARs);
(b) Failed to have an adequate information technology capability and any human resources capability having regard to the nature and scale of Lanterne's business;
(c) Failed to have a human resources plan or process to establish and maintain the adequacy of Lanterne's human resources;
(d) Failed to have staff training, development plans or reviews;
(e) Failed to have plans for the temporary or permanent absence of its only operational responsible manager who also held the position of managing director;
(f) Failed to have a technology resourcing plan or an up-to-date disaster recovery plan, and relying on outdated back up processes;
(g) Failed to update its software to meet the needs of a business of its nature, scale and risk profile; and
(h) Relying on paper files and records and failing to use a suitable software system in its monitoring and supervision of CARs and ARs until September 2020.
The Court Orders that:
(a) Lanterne pay to the Commonwealth of Australia a pecuniary penalty of $1.25 million within 30 days of making this order
(b) Lanterne is required to:
(i) Engage an independent expert within 30 days of the order who will:
- Review Lanterne’s systems, processes and controls to determine adequacy
- Where any aspect is considered inadequate, make recommendations as to the steps to make adequate.
- Prepare a written report setting out the results of the review and deliver a copy of the report to the plaintiff and Lanterne (compliance report).
(ii) Within two months of the compliance report, establish a risk management and compliance program as well as implement any recommendations stemming from the compliance report.
(iii) Engage independent expert to within three months of the receipt of the compliance report, prepare a short written report in regards to the adequacy of the recommendations in the compliance report (implementation report).