What happened
In the period leading up to the Global Financial Crisis, Storm Financial Limited operated a standardised investment advice model that was applied to the majority of its clients. The model was developed and tightly controlled by its only directors and shareholders, Mr Emmanuel Cassimatis and Mrs Julie Cassimatis. Prospective clients were required to attend an education workshop that emphasised the benefits of embracing debt, using home equity and margin loans to invest in index funds based on the ASX 300. Centralised cash-flow modelling and Statements of Advice (SOAs) were prepared from templates, with limited tailoring. Almost 90 per cent of clients were advised to adopt "double gearing": borrowing against the family home, obtaining a margin loan, investing the proceeds in index funds, establishing a cash reserve to service interest, and paying Storm's fees from the borrowings. Further "step" investments were automatically generated when markets moved by 10 per cent or more.
ASIC's case focused on a class of particularly vulnerable clients: those over 50, retired or planning for retirement, with little or limited income, few assets (generally the family home, limited superannuation and savings), and little or no prospect of rebuilding their financial position after significant loss. Detailed evidence was led in respect of nine "Part E" investors and a schedule of others. The court ultimately found that Storm had contravened ss 945A(1)(b) and 945A(1)(c) (and consequently s 912A(1)(c)) in relation to 11 relevant investors (six instances if couples are treated jointly). For these clients the advice was not appropriate: the family home was inappropriately included in the investment portfolio, clients were misclassified as "balanced" rather than conservative investors, insufficient consideration was given to alternative strategies, objectives were not quantified, sensitivity analysis was inadequate, and capacity to fund borrowing costs independently of investment returns was not assessed. The SOAs were long (often over 100 pages) and contained standardised language that downplayed risk while the education workshops actively encouraged debt.
Mr and Mrs Cassimatis were not alleged to have met or personally advised any of the relevant investors. Rather, ASIC's case was that they exercised their powers as directors to create and maintain a system that made it almost inevitable that the Storm model would be applied to this vulnerable class. They had near-absolute control over every aspect of the business: the Executive Committee, cash-flow parameters, SOA templates, education workshops, training of advisers, and even the generation of bulk "step" advice. No steps were taken to exclude or modify the model for clients in the pleaded class. After the GFC many of these clients suffered devastating losses, with homes mortgaged, retirement deferred and, in some cases, reliance on charity. Storm itself collapsed into administration in 2009.
The proceeding was brought under the civil penalty regime. ASIC sought declarations, pecuniary penalties, disqualification orders and restraining orders. By consent, the trial was limited to liability. Mr and Mrs Cassimatis defended on several bases: that s 180(1) could not be contravened by sole shareholders of a solvent company acting with their informed consent; that actual corporate breaches were a necessary "stepping stone" and had not been proved; that no breaches of s 945A or s 1041E had occurred; that contraventions were not reasonably foreseeable; and that they should be relieved under s 1317S. They called no witnesses other than an expert (Professor Valentine) who gave joint evidence with ASIC's expert (Mr McMaster). The court preferred Mr McMaster's evidence on the key issues of appropriateness and reasonableness.
Why the court decided this way
Edelman J's reasoning proceeded in three broad stages: the legal principles governing directors' duties under s 180(1); proof of Storm's contraventions; and application of those principles to Mr and Mrs Cassimatis' conduct.
On the legal principles, the court rejected the submission that s 180(1) has no application where the directors are the sole shareholders of a solvent company. The text of s 180(1) contains no such limitation. Its history, beginning with the introduction of statutory duties in 1958 that imposed both private and public consequences, is inconsistent with the submission. The contention was also unprincipled: it would allow directors intentionally to cause corporate breaches of the Corporations Act with impunity so long as the company remained solvent and the shareholders (themselves) consented. Ratification by shareholders cannot cure a breach of statutory duty, and the same logic precludes prior authorisation that would deprive the duty of content. The court cited Kinsela v Russell Kinsela Pty Ltd (In Liq) (1986) 4 NSWLR 722 and Angas Law Services Pty Ltd (in liquidation) v Carabelas [2005] HCA 23; (2005) 226 CLR 507 but distinguished them on the basis that they concerned equitable duties in an insolvency context rather than the statutory public wrong in s 180(1).
The court accepted that an actual breach by the corporation can be a "stepping stone" to director liability under s 180(1) (citing Keane CJ in Australian Securities and Investments Commission v Fortescue Metals Group Ltd [2011] FCAFC 19; (2011) 190 FCR 364), but emphasised that it is neither necessary nor sufficient. A director who unreasonably creates a situation in which a serious breach is extremely likely may contravene s 180(1) even if, by good fortune, no breach eventuates. Conversely, an actual corporate breach does not automatically mean the directors have failed to exercise reasonable care and diligence; s 180(1) is not a duty of strict liability to "ensure" compliance. The content of the duty is objective, assessed by reference to a reasonable person in the corporation's circumstances occupying the office held by the director and having the same responsibilities (Vrisakis v Australian Securities Commission (1993) 9 WAR 395 applied). Foreseeable risk of harm to any of the company's interests (including reputational and regulatory interests) must be balanced against potential benefits and the burden of alleviating action. The company's interests are not limited to those of its shareholders; they include compliance with the law.
Applying these principles, the court found that Storm had contravened s 945A(1)(b) and (c) in respect of the relevant investors. The subject matter of the advice included not only the index funds but the means of financing them (home loans and margin loans). Storm did not give reasonable consideration to, or conduct reasonable investigation of, that subject matter: alternatives were not considered, objectives were not quantified, sensitivity analysis was inadequate (no negative growth scenarios were modelled), and capacity to fund borrowing costs independently of investment returns was not assessed. The advice was not appropriate: the family home was wrongly treated as an investable asset in the portfolio, clients were misclassified as "balanced" rather than conservative, and high-risk double gearing was unsuitable for persons in the pleaded circumstances. These contraventions also breached s 912A(1)(c). No criminal offence under s 945A was proved because the fault element of intention or recklessness was not established. Section 1041E was not contravened because the pleaded statements were neither false in a material particular nor materially misleading.
Mr and Mrs Cassimatis' liability under s 180(1) followed directly. A reasonable director with their responsibilities in Storm's circumstances would have realised that the application of the model to the pleaded class was likely to involve inappropriate advice. Their responsibilities were extensive: they designed the model, controlled the cash-flow parameters, approved SOA templates, trained advisers, ran education workshops that encouraged debt, and asserted control over almost every operational aspect. They created an environment in which it was almost inevitable that the model would be applied to vulnerable clients. The foreseeable consequences included civil penalties, suspension or cancellation of Storm's Australian Financial Services Licence, banning orders, and civil claims by investors—threatening Storm's very existence. The burden of alleviating action was low: simple directions to the cash-flow and SOA teams, or guidelines for advisers, could have prevented the model being applied to this class. No such steps were taken. The conduct was a single continuing course of conduct, resulting in one contravention each.
On the s 1317S defence, the court accepted that Mr and Mrs Cassimatis acted honestly and in good faith. They had obtained reviews from compliance consultants, engaged with ASIC, appointed non-executive directors, and maintained insurance and complaint systems. However, having regard to all the circumstances—including their degree of control, the scale of their responsibilities, the likelihood of the contraventions, and the catastrophic potential consequences for Storm—they ought not fairly to be excused. The court emphasised that rigorous enforcement of directors' duties is essential, particularly for those who occupy the most senior offices and exercise the greatest control.
Before and after state of the law
Prior to this judgment the law on directors' duties under s 180(1) was well developed but contained uncertainties at the margins. Vrisakis v Australian Securities Commission (1993) 9 WAR 395 had established that the duty requires balancing foreseeable risk of harm to the company's interests against potential benefits. Australian Securities and Investments Commission v Maxwell [2006] NSWSC 1052; (2006) 59 ACSR 373 had applied that test in the context of corporate contraventions, observing that s 180(1) is not a back-door form of accessory liability. Cases such as Kinsela v Russell Kinsela Pty Ltd (In Liq) (1986) 4 NSWLR 722 and Angas Law Services Pty Ltd (in liquidation) v Carabelas [2005] HCA 23; (2005) 226 CLR 507 had discussed the extent to which shareholder consent could affect directors' duties, but primarily in equitable and insolvency contexts. The precise scope of the public character of s 180(1), and whether an actual corporate breach was a necessary stepping stone, had not been authoritatively resolved. The interaction between s 180(1) and the civil penalty regime, including the availability of relief under s 1317S, had been considered but the omission of the word "reasonably" from the predecessor provision in 1981 had not been fully explored in the context of sole-shareholder directors of solvent companies.
This judgment clarified several points. It confirmed that s 180(1) has both public and private character and is not owed solely to the corporation. It rejected any blanket immunity for sole-shareholder directors of solvent companies, holding that shareholder consent cannot authorise or deprive the statutory duty of content. It accepted the stepping-stone approach as permissible but not mandatory, expressing doubt whether actual breach is required where conduct is extremely likely to cause serious contravention. It emphasised that the company's interests include compliance with the law and that the duty is not one of strict liability to "ensure" compliance. On s 945A, it held that the subject matter of advice includes financing mechanisms and that advice to vulnerable retirees using double gearing is likely to be inappropriate. On relief under s 1317S, it confirmed that honesty is necessary but not sufficient; the seriousness of the contravention, the director's level of control and the consequences for the company are central to whether the person "ought fairly to be excused".
The decision therefore tightens the accountability of directors who occupy positions of significant control, particularly where systems they create are likely to produce corporate breaches with serious consequences. It does not overturn prior authority but places clearer limits on the ability of directors to rely on shareholder consent or the absence of explicit warnings from regulators.
Key passages with plain-English translation
Paragraph [2]: "Mr and Mrs Cassimatis submitted that this case is unique in Australian corporate history. As far as I am aware, it is unique in its combination of three factors. First, the allegations of breach against the directors rely upon a single provision of the Corporations Act 2001 (Cth). That provision is s 180(1)... Secondly, the directors' breaches of care and diligence are alleged to have occurred while Storm was a solvent company and while Mr and Mrs Cassimatis, as directors, were also the only shareholders. Thirdly, there is no dispute that Mr and Mrs Cassimatis managed Storm in good faith and in accordance with the informed wishes of all the shareholders (themselves)."
Plain-English translation: The directors argued that the case was unprecedented because it involved only the care-and-diligence duty, the company was solvent, they owned it entirely, and they had run it with the shareholders' (their own) informed consent. The judge used this to frame the core legal question.
Paragraph [5]: "I have serious doubt whether an actual breach by a corporation is a necessary requirement for breach of s 180(1) by an officer. For instance, suppose a director unreasonably (within the terms of s 180(1)) and intentionally commits acts which are extremely likely to involve a serious breach of the Corporations Act perhaps even threatening the very existence of the corporation. As I explain later in these reasons, it might be seriously doubted whether the director could escape liability simply because, by some good fortune, no actual breach eventuates."
Plain-English translation: The judge doubted that directors can avoid liability under the care-and-diligence duty simply because the company luckily avoids breaking the law. If the director's actions make a serious breach very likely, that may be enough even without an actual breach.
Paragraph [449]: "A contravention of s 180(1) might involve both a public and a private wrong."
Plain-English translation: Breaking the care-and-diligence duty is not just a private matter between the director and the company; it also has a public dimension that regulators can enforce.
Paragraph [496]: "The submission that s 180(1) does not apply where the directors are the sole shareholders of a solvent company is inconsistent with the text of s 180(1)... inconsistent with the history and context of s 180(1)... unprincipled... not supported by authority."
Plain-English translation: The directors' main argument—that they could not breach the duty because they owned the solvent company and the shareholders consented—was rejected as contrary to the law's words, its history, basic legal principles, and previous cases.
Paragraph [679]: "The reasonable foreseeability and likelihood of contraventions of the Corporations Act... Storm's insurers, law firms and the Financial Planning Association... The ASIC reviews and correspondence... The non-executive directors... The IPO advisers... Borrowing to invest a popular strategy and the unrepresentative nature of investors."
Plain-English translation: The judge examined all the evidence the directors relied on to say that breaches were not foreseeable (reviews by insurers, lawyers, the planning association, ASIC, non-executive directors and IPO advisers, and the fact that many other clients were not vulnerable). He concluded that a reasonable director in their position with their knowledge would still have realised that the model was likely to produce inappropriate advice to the vulnerable class.
Paragraph [814]: "Although I conclude that Mr and Mrs Cassimatis breached their duties as directors, their breaches involved only one contravention each... Although they acted honestly... they ought not fairly to be excused."
Plain-English translation: The directors broke the law only once each, not once for every client. They were honest, but given how much control they had, how serious the likely breaches were, and how much damage they could do to the company, they should not be let off the hook.
What fact patterns trigger this precedent
This judgment is triggered when directors with significant control over a company's systems and operations exercise (or fail to exercise) their powers in a way that creates a real likelihood of corporate contraventions with serious consequences for the company. The key factual elements are:
-
Directors occupy offices carrying extensive responsibilities (design of business model, control of advice processes, training, compliance oversight).
-
The company operates in a regulated environment (here, financial services) where breaches can threaten its licence, attract penalties, banning orders or civil claims.
-
A system or model is created that is likely to produce non-compliant outcomes for a identifiable class of customers (here, retired or near-retired clients with limited income, few assets and little prospect of recovery).
-
No, or insufficient, reasonable steps are taken to prevent the system applying to that class (no guidelines, exclusions, additional review processes or modifications).
-
The directors know, or a reasonable director in their position would know, of the class and the likelihood of inappropriate outcomes (here, through their intimate involvement in workshops, cash-flow parameters, SOA templates and client demographic).
-
The potential harm to the company's interests (reputational, regulatory, financial) is significant.
The precedent does not require proof that every client in the class receives inappropriate advice, nor that the directors personally met the clients. A single continuing course of conduct that creates the risky environment can constitute one contravention. Shareholder consent (even unanimous) is irrelevant if the conduct involves breach of statutory duty. The judgment applies with particular force where the directors are also the only shareholders of a solvent company, because the public character of s 180(1) cannot be waived.
Fact patterns outside the precedent include situations where the risk of breach is remote, the directors have taken reasonable alleviating steps proportionate to the risk, or the directors do not have the responsibilities or knowledge that Mr and Mrs Cassimatis possessed. Mere negligence without the additional element of creating or permitting a system likely to cause serious corporate breaches with catastrophic consequences for the company will not necessarily trigger liability.
How later courts have treated it
Because this is the primary judgment under consideration, "later" treatment must be understood as the judgment's own treatment of the authorities it cites and the principles it articulates for future application. The court carefully positioned its reasoning within existing doctrine rather than breaking new ground.
Vrisakis v Australian Securities Commission (1993) 9 WAR 395 was applied at [480] for the balancing test of foreseeable risk of harm against potential benefits. The court adopted Ipp J's formulation but emphasised that "harm" includes harm to all the company's interests, including compliance with the law and reputation, not merely financial loss. This extends the Vrisakis principle to regulatory compliance risks.
Australian Securities and Investments Commission v Maxwell [2006] NSWSC 1052; (2006) 59 ACSR 373 was cited at [533] with approval for the propositions that s 180(1) is not a general obligation to ensure legal compliance and cannot be used as a back-door form of accessory liability. The court agreed that an actual corporate breach is not automatically a breach by the director, but distinguished Maxwell on the facts: here the directors' creation of the system itself was the breach, not merely failure to prevent isolated contraventions.
Kinsela v Russell Kinsela Pty Ltd (In Liq) (1986) 4 NSWLR 722 and Angas Law Services Pty Ltd (in liquidation) v Carabelas [2005] HCA 23; (2005) 226 CLR 507 were cited at [507] but distinguished. The court accepted that shareholder consent can affect the practical content of duties in solvent companies where the company's interests align with those of the shareholders, but held that statutory duties with a public character cannot be authorised or ratified. This narrows the scope of Kinsela and Carabelas in the s 180(1) context.
Australian Securities and Investments Commission v Fortescue Metals Group Ltd [2011] FCAFC 19; (2011) 190 FCR 364 was cited at [4] for the "stepping stone" terminology. The court accepted the concept as useful but expressly doubted whether an actual corporate breach is always required. This introduces a note of caution for future courts considering the necessity of the stepping-stone approach.
The judgment's treatment of s 1317S draws on Australian Securities and Investments Commission v Vines [2005] NSWSC 1349; (2005) 65 NSWLR 281 and Kenna & Brown Pty Ltd v Kenna [1999] NSWSC 533; (1999) 32 ACSR 430. Honesty is necessary but not sufficient; the seriousness of the contravention, the director's level of control and the consequences for the company are central. The omission of "reasonably" from the predecessor provision is treated as deliberate, but reasonableness remains relevant to the broader "fairly excused" inquiry.
Overall, later courts are likely to treat the decision as authoritative on the application of s 180(1) to controlling directors of solvent companies, the breadth of the company's interests, and the limits of the stepping-stone approach. The detailed analysis of s 945A is likely to be followed in future financial advice cases involving vulnerable clients and standardised models.
Still-open questions
The judgment expressly leaves several matters unresolved. First, whether an actual breach by the corporation is a necessary precondition for director liability under s 180(1). The judge stated at [5] that he had "serious doubt" whether it is required, giving the example of a director who unreasonably and intentionally commits acts extremely likely to cause a serious breach even if, by good fortune, no breach eventuates. Because the parties conducted the case on the basis that actual breach was required, the point was not decided.
Second, the precise character of the public duty in s 180(1). The court noted at [469] that there is a large body of authority treating the duty as owed only to the company even when enforced by ASIC or when public sanctions are sought. However, textual and contextual indications (ss 179(1) and 1324) might support ASIC's submission that the public duty is independent and requires consideration of a general norm of conduct not limited to the company's interests. The point was not resolved because the case concerned the directors' duty to manage Storm and Storm's interests were not narrowly limited to those of its shareholders.
Third, the exact boundaries of the class of vulnerable clients for whom the Storm model is inappropriate. The court emphasised at [32] and [18] that there is "no magic" in ASIC's precise five characteristics. It accepted that the fundamentals were retired or near-retired investors with limited means, but left open whether the class includes, for example, a 45-year-old with the same characteristics due to injury. Future cases will need to apply the appropriateness test in s 945A(1)(c) to analogous but not identical fact patterns.
Fourth, the interaction between s 180(1) and equitable duties in circumstances where shareholder consent is given. The court distinguished Kinsela and Carabelas but did not purport to exhaustively define when shareholder acquiescence might affect the practical content of the statutory duty.
Finally, the precise standard of fault required for criminal liability under s 945A(1)(b) and (c) was not conclusively determined, although the court inclined to the view that intention is required for s 945A(1)(b) because the elements are physical elements of conduct (omission to give reasonable consideration or conduct reasonable investigation). Because ASIC did not prove intention or recklessness, the criminal case failed, but the point remains open for future prosecutions.
These open questions mean that while the judgment provides strong guidance for controlling directors in regulated industries, further litigation will be required to resolve the precise limits of the stepping-stone approach, the independent content (if any) of the public duty, and the application of the principles to borderline classes of client.