The implications of the Federal Court decision on Cassimatis v ASIC

Directors have a legal duty of care to avoid any risks that may foreseeably harm their organisation. Identifying those risks is a crucial issue, says Professor Pamela Hanrahan.

In late March, 13 months after the case was heard and more than a decade after the relevant conduct occurred, the full Federal Court handed down its decision in Cassimatis v Australian Securities and Investments Commission [2020] FCAFC 52.

By a majority of two to one, the Full Court upheld the 2016 decision of Justice James Edelman that Emmanuel and Julie Cassimatis breached their duty of care as directors of Storm Financial. Storm was a licensed financial advice firm based in Townsville that had rolled out a highly leveraged investment strategy to its clients in the years leading up to the global financial crisis (GFC). Storm contravened the financial services laws by recommending the strategy to clients for whom it was unsuitable. For many Storm clients, the strategy resulted in catastrophic losses when markets fell in December 2008.

The case is unusual because ASIC’s only claim was that the defendants had breached the duty of care in s 180(1) of the Corporations Act 2001. ASIC did not allege that Mr and Mrs Cassimatis personally had breached the financial services laws, that they were liable as accessories to Storm’s breach of those laws, or that they had failed to act in good faith in the interests of Storm. Before the GFC, Storm was solvent and the defendants were its only shareholders. The case therefore turned on whether the damage Storm — as a corporate entity — suffered because of its breach of the financial services laws was foreseeable and therefore that the directors had a duty to take reasonable care to avoid it.

Stepping stones

Justice Edelman’s 2016 decision was handed down just before he went to the High Court of Australia and attracted significant attention from directors and lawyers. It confirmed that under Australian law, statutory directors’ duties have a public character and can be contravened, even if the shareholders do not want to complain. It also tested ASIC’s enforcement approach — sometimes referred to as “stepping stones” — of bringing proceedings against directors whose negligence put their company at risk of suffering the consequences of breaching other laws.

All three appellate judges were satisfied that Storm had breached the financial services laws, and Justices Andrew Greenwood and Thomas Thawley (in separate judgements) agreed with Justice Edelman that Mr and Mrs Cassimatis had been negligent. But Justice Steven Rares did not, and his strongly worded dissent points to some of the inherent limitations of the stepping-stones case theory.

As Justice Greenwood observed, the statutory duty of care, “is normative and its burden is a matter of public concern, not just private rights. It is an expression of the parliament’s intention to establish an objective normative standard of the degree of care and diligence directors must attain or discharge in exercising a power conferred on them or in discharging a duty to be discharged by them”.

Justice Thawley noted that, “the interests of the company to which the duty is owed include the interests of the corporate entity itself, the shareholders and, at least where the financial position of the company is precarious, the creditors of the company”. Directors must exercise reasonable care to avoid foreseeable risk of harm to those interests.

Established authority makes clear that s 180 does not create in directors a duty to ensure their company always complies with the law. Nor can it be used to make directors liable as accessories to their company’s breach of applicable laws if those laws do not create that liability or the director’s state of mind does not meet the threshold requirements for establishing it. The use of the shorthand “stepping stones” should not obscure the fact that the elements of negligence must be made out — that is, ASIC must show that the director has failed to take appropriate action to prevent the company itself suffering a foreseeable harm. Deciding what is appropriate involves balancing the likelihood and magnitude of the harm against the cost and practicability of the measures needed to prevent it.

Duty of care

None of this is news. The real controversy is over how the duty of care applied to the behaviour of Mr and Mrs Cassimatis before the GFC emerged on the horizon. At first instance, Justice Edelman had concluded they fell short of the required standard of care “by exercising their powers in a way which caused or ‘permitted’ (by omission to prevent) inappropriate advice to be given”, when the “consequences of that inappropriate advice would be catastrophic for Storm (the entity to whom the directors owed their duties). It would have been simple to take precautionary measures to attempt to avoid the application of the Storm model to this class of persons”.

Justice Greenwood said that Storm’s breaches of the financial services laws were important, “not because the contraventions by Storm of those sections of the Act would give rise to a contravention by the directors of s 180(1) in the form of some sort of dystopian accessorial liability, but rather because the contraventions by Storm, deriving from the conduct of the appellants themselves, as described, contained within it a foreseeable risk of serious harm to Storm’s interests”. That harm would be, “a potential loss of its AFSL; a threat to Storm’s very existence; and suit by the vulnerable investors to address the consequences of the advice given to them and thus the contraventions by Storm”. Which, Justice Greenwood said, “reasonable directors, with the responsibilities of Mr and Mrs Cassimatis, standing in Storm’s circumstances, ought to have guarded against”.

Justice Rares disagreed, concluding that the harm (ASIC action against Storm) was not foreseeable in 2007–08 and therefore did not trigger the duty to avoid it in the way the majority decided. “While Mr and Mrs Cassimatis were responsible by their (unintended) negligence for Storm’s contraventions of [the financial services law], I am not satisfied that a reasonable director in their position in all of the circumstances came under a duty under s 180(1) to prevent the contraventions for the reason that the primary judge found: namely, that ‘the consequences of that inappropriate advice would be catastrophic for Storm’. I am not satisfied that he or she should have perceived a risk, or likelihood, of ASIC taking action to suspend or cancel Storm’s AFSL or the imposition of a banning order and then that he or she should have acted, for that reason, to prevent that action occurring.”

The legal principle is clear: directors have a duty to take reasonable care to avoid any foreseeable risk of harm to their company — including through reputational damage or regulatory action — that would result from it breaking the law. But the case will turn on what was foreseeable when the conduct occurred, and not afterwards, particularly when black swan events have intervened.