ARTICLE
9 July 2026

Federal Court Imposes $10.3 Million Penalty On Mercer Superannuation For Systemic Breach Reporting Failures

GC
Gilchrist Connell

Contributor

Gilchrist Connell, a top Australian insurance law firm with five offices, distinguishes itself through its innovative legal services approach. Their 'Listen – Engage – Solve' mantra ensures thorough understanding of client issues, effective stakeholder engagement, and timely, customized solutions at fair prices.
On 26 June 2026, the Federal Court of Australia delivered judgment in Australian Securities and Investments Commission v Mercer Superannuation (Australia) Limited [2026] FCA 832, ordering Mercer Superannuation (Australia) Limited (MSAL) to pay $10.3 million in penalties and $1.2 million in costs.
Australia Corporate/Commercial Law
Gilchrist Connell are most popular:
  • within About Mondaq, Food, Drugs, Healthcare and Life Sciences topic(s)
  • with Senior Company Executives, HR and Finance and Tax Executives
  • with readers working within the Accounting & Consultancy, Insurance and Healthcare industries

On 26 June 2026, the Federal Court of Australia delivered judgment in Australian Securities and Investments Commission v Mercer Superannuation (Australia) Limited [2026] FCA 832, ordering Mercer Superannuation (Australia) Limited (MSAL) to pay $10.3 million in penalties and $1.2 million in costs. The decision is the first judicial consideration of a financial services licensee’s failure to report “Reportable Investigations” under the Reportable Situations Regime of the Corporations Act 2001 (Cth) (Act), introduced after the Hayne Royal Commission, and is a clear warning that systems failures can carry substantial regulatory consequences.

What is the Reportable Situations Regime and why does it matter?

The Reportable Situations Regime commenced on 1 October 2021. The requirement to report ongoing investigations to ASIC was designed to promote prompt and thorough assessment of potential breaches by AFSL holders.

Under section 912DAA(1) of the Act, a licensee must report to ASIC within 30 days after it first knows, or is reckless as to whether, there are reasonable grounds to believe a reportable situation has arisen. Importantly, an investigation into whether a significant breach has occurred is itself reportable if it continues for more than 60 days1, even if no significant breach is ultimately found.

MSAL is the trustee of the Mercer Super Trust. Although its staff and systems were provided by its parent company, Mercer (Australia) Pty Ltd, MSAL remained solely responsible for its obligations as the AFSL holder.

ASIC Proceedings

ASIC brought proceedings against MSAL, relevantly asserting that:

  • MSAL’s systems for compliance with sections 912DAA(1) and 912DAA(7) of the Act were deficient during the period 1 October 2021 to 30 September 2024 and it had thereby contravened sections 912A(1)(a) and 912A(5A) of the Act by failing to do all things necessary to ensure the financial services covered by its AFSL were provided efficiently, honestly and fairly;
  • MSAL contravened sections 912DAA(1) and 912DAA(7) of the Act by failing to notify ASIC of a reportable situation within 30 days after it first knew that, or was reckless with respect to whether, there were reasonable grounds to believe that a reportable situation had arisen; and
  • MSAL contravened section 1308(5) of the Act by failing to take all reasonable steps to ensure that the reportable situation and other reports provided to ASIC were not materially false or misleading because of statements made in those documents.

By a statement of agreed facts and admissions filed on 21 May 2026, MSAL admitted to the breaches of the Act.

What did the Federal Court decide?

The Court made the declarations sought by ASIC, imposed penalties totalling $10.3 million and ordered that MSAL pay ASIC’s costs of $1.2 million. In the judgment, Justice Button identified three categories of contravening conduct between 1 October 2021 and 30 September 2024.

System Breach (sections 912A(1)(a) and 912A(5A) of the Act) — Penalty: $4,062,500

MSAL failed to maintain adequate systems to identify when investigations commenced, track their duration and report them to ASIC when required. Its GRC system did not record investigation commencement dates, its policies were inadequate, and for 13 months MSAL treated investigations as commencing only when reviewed by a formal panel, rather than when fact-finding began. Senior management was aware of the system deficiencies, and MSAL’s external auditors had raised open investigations with the Audit and Risk Committee that had exceeded the 30-day mark and had not been reported to ASIC.

The commencement of an investigation begins when steps are first taken to gather information to assess whether a significant breach has occurred, not when the matter is referred to a formal review panel or compliance committee. In some cases, this may pre-date the matter being entered into an organisation’s GRC system, although ASIC’s Regulatory Guide 78 notes that entry of a matter into a GRC system does not necessarily commence an investigation.

Whether an investigation has commenced will depend on the relevant facts, underscoring the need for consistent definitions, appropriate system capabilities which record the progress of investigations and training of both Line 1 and Line 2 staff.

Failure to Report Investigations — Penalty: $5,300,000

MSAL failed to report at least eight Reportable Investigations within time, resulting in 15 contraventions of the Reportable Situations provisions of the Act. Seven were never reported to ASIC at all. The investigations lasted between 93 and 434 days and related to potential member service failures regarding fees and insurance eligibility. Member service failures by superannuation funds remain a key ASIC enforcement priority.

Misleading statements to ASIC (section 1308(5)) — Penalty: $937,500

MSAL lodged update reports for one incident that materially misstated the number of affected members. One such update indicated that the number of impacted members was “not known”, despite the record in the GRC system identifying 231 impacted members. The Court accepted the misstatements were not deliberate but reflected a failure to take all reasonable steps to ensure the report was not misleading, including by not reconciling the update with the GRC records. The Court also noted that section 1308(5) applies not only to documents that are required to be lodged with ASIC, but also to those that are voluntarily submitted, as was the case with “investigation updates” lodged by MSAL.

What this means for insurers and AFSL holders

The decision has significant implications for the insurance industry. It confirms that systemic compliance failures can generate material penalty exposure and affect underwriting, claims handling and risk engineering for insurers of AFSL holders. The obligation to act “honestly, efficiently and fairly” applies not only to front-end customer-facing activities, but also to compliance obligations such as the Reportable Situations Regime.

Manual workarounds and informal tracking are unlikely to be adequate, particularly for larger licensees. AFSL holders need a clear and consistent definition of when an investigation has started, together with an auditable trail of each investigation’s progress and reportability status.

Financial Accountability Regime

The relevant conduct pre-dated the commencement of the Financial Accountability Regime for superannuation trustees. Had the events occurred after 15 March 2025, ASIC may have considered action against accountable persons responsible for the compliance function, or members of the Risk and Audit Committee who were on notice about unreported investigations.

Brokers

Action items

Brokers placing PI and D&O cover for AFSL holders should raise breach reporting systems in risk assessment discussions. Clients should be reminded that investigations, not only confirmed breaches, can be reportable and that the timeframes are strict. Brokers should also assess whether policy wordings respond to regulatory investigation costs and civil penalty exposures of this scale.

Risk implications

The decision indicates potential claims growth in PI as ASIC continues to pursue compliance failures related to Reportable Situations, following decisions such as Australian Securities and Investments Commission v United Super Pty Ltd [2025] FCA 1453 and Australian Securities and Investments Commission v Australia and New Zealand Banking Group Ltd (Treasury Bonds Case) [2025] FCA 1592.

Underwriters

Action items

Underwriters of PI, D&O and FI risks should review exposure to AFSL holders with similar compliance weaknesses. Proposal forms and underwriting questions should specifically test whether insureds can identify investigation commencement dates, track investigation duration and escalate Reportable Investigations within statutory timeframes. Pricing should reflect the potential for inadequate compliance systems to generate significant penalties.

Risk implications

Aggregation risk is central: systemic failures may produce multiple contraventions, claims and penalties from one root cause. Coverage issues may also arise concerning civil penalties, defence costs, remediation expenses and whether back-office compliance failures fall within the relevant insuring clauses.

Claims Managers

Action items

Claims managers should review existing notifications and open claims involving insureds that hold AFSLs for indicators of breach tracking and reporting system deficiencies. Reserves should be reassessed for open matters involving ASIC investigations into breach reporting compliance, having regard to the $10.3 million penalty imposed on MSAL.

Risk implications

Claims frequency may increase as ASIC continues to prioritise enforcement in this area. Claims severity should also be monitored closely: the penalty for the System Breach represented approximately half the statutory maximum.ASIC may well seek higher penalties in matters involving deliberate non-compliance or actual member harm. Coverage disputes may also arise concerning the insurability of civil penalties, defence costs associated with agreed penalty negotiations, and whether misstatements to regulators enliven fraud or dishonesty exclusions.

Risk Engineers

Action items

Risk engineers should update surveys for financial services entities to test compliance with the Reportable Situations Regime. Reviews should consider whether systems automatically identify and timestamp investigation commencement, track duration, generate time-critical alerts, define when an investigation begins, and require ASIC reports to be verified against contemporaneous records.

Risk implications

The case highlights the risk of systems supplemented by informal manual processes. It also shows that misunderstanding of compliance obligations by staff can persist for long periods, and that outsourcing arrangements do not shift ultimate responsibility away from the licensee.

Insured AFSL holders

Action items

AFSL holders should urgently test their breach reporting systems against the deficiencies identified by the Court, including whether they record investigation commencement dates, track duration, generate alerts before the 60-day threshold and document verification of ASIC reports. Staff must understand that an investigation begins when fact-finding starts, not when a matter reaches a formal committee. Insurance programs should also be reviewed for regulatory investigation and civil penalty exposure.

Risk implications

ASIC may pursue enforcement for systemic reporting failures even without deliberate misconduct or direct member harm. The $10 million exceeded MSAL’s annual profits in some years, demonstrating that regulatory reporting failures can produce exposures well beyond ordinary operating costs.

Footnote

1. At the time of the events that are the subject of this case, the investigation time frame was 30 days. This has been modified to 60 days by ASIC Corporations and Credit (Breach Reporting—Reportable Situations) Instrument 2024/620

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More