Australian Securities and Investments Commission v RAMS Financial Group Pty Ltd (Penalty)

This was a Federal Court penalty decision involving ASIC and RAMS Financial Group Pty Ltd. RAMS was, and remains, a wholly owned subsidiary of Westpac. It held an Australian credit licence and operated a franchise network under the RAMS brand. Through that network, franchisees used the RAMS business name to provide credit assistance to consumers in relation to RAMS-branded home loans, which were in fact home loans with Westpac.

The commercial setting matters. RAMS was not dealing with customers only through a central in-house team. It distributed credit assistance through a franchise model and appointed franchisees and their staff as authorised credit representatives. That meant the licensed entity's compliance exposure depended heavily on how well it designed, supervised and controlled a dispersed network of people dealing with consumers and receiving referrals.

The case reached the Court after RAMS admitted liability and agreed with ASIC on a proposed civil penalty. Even so, the Court made clear that it still had to decide whether contraventions were established on the agreed facts and whether the proposed orders should be made. The Court said its role was not to simply endorse an agreed outcome.

On the agreed facts described in the reasons, the conduct occurred during the period from 3 June 2019 to 30 April 2023. The Court said that on 84 occasions RAMS, through its franchise representatives, accepted referrals of consumers from third parties who were not licensed. The Court also referred to further occasions where referrals were accepted from third parties who were not accredited by RAMS under its own policies and procedures.

The reasons show that the case was not framed as a single rogue incident. The Court treated it as a broader failure of systems, controls and supervision in a franchise-based credit distribution model. The Court said RAMS had policies and procedures, but they were inadequate in several fundamental respects, including around conflicts of interest and privacy. It was also satisfied that RAMS failed to ensure certain franchise representatives complied with the Credit Act and RAMS policies concerning accredited referrers, conflicts, privacy, use of information technology systems and other behaviour.

The central legal question was whether the agreed facts established contraventions of important provisions of the National Consumer Credit Protection Act 2009 (Cth), and if so, whether the declarations and the jointly proposed penalty were appropriate. The Court's reasons explain that the Credit Act is designed to protect consumers by regulating the conduct of licensees and by requiring people who engage in credit activity to be licensed unless an exemption applies.

A major issue concerned s 31(1). In broad terms, that provision stops a licensee from engaging in a credit activity and, in the course of doing so, conducting business with another person who is also engaging in a credit activity without the required licence. The Court described this as an important part of the statutory scheme because it prevents licensees from undermining the licensing regime by using unlicensed people to do work that should only be done by licensed participants.

The reasons also discuss the limited referral exemption in the regulations. The Court noted that the regulations can permit an unlicensed referrer to provide a consumer's name and contact details and a short description of the purpose for which the consumer may want credit. That is important for business owners because it shows the law does not ban all referrals. The real issue is whether the referrer stayed within the narrow limits of a permitted referral or crossed into unlicensed credit activity.

The other major issues concerned the general conduct obligations in s 47(1). The Court set out the obligations to do all things necessary to ensure authorised credit activities are engaged in efficiently, honestly and fairly, to have adequate arrangements so clients are not disadvantaged by conflicts of interest, to comply with the credit legislation, and to take reasonable steps to ensure representatives comply with the credit legislation. The Court also noted that contravening s 47(1)(d) does not itself amount to a contravention of s 47(4), which mattered to the form of the final orders.

Shariff J held that the agreed facts established contraventions and that the agreed aggregate penalty of $20 million fell within the permissible range, with some exceptions in relation to the declarations sought. The Court ordered the parties to confer and provide short minutes of order to give effect to the reasons in respect of declarations of contravention required under s 166 of the Credit Act.

The Court then ordered RAMS to pay the Commonwealth an aggregate pecuniary penalty of $20 million within 30 days in respect of conduct found to have contravened ss 31(1), 47(1)(a), 47(1)(b), 47(1)(e) and 47(4). It also ordered RAMS to pay ASIC's costs as agreed or taxed. The wording of the orders matters. The $20 million was an aggregate figure for multiple contraventions. It was not framed as a single penalty for one isolated breach.

The reasons emphasise deterrence. The Court acknowledged that RAMS had cooperated with ASIC, disclosed the findings of its investigations, undertaken reviews and audits, and taken a conservative approach to consumer remediation. But the Court said those positive steps did not remove the need for a substantial penalty where the agreed facts showed serious failures.

The Court's description of root causes is especially important for businesses. It recorded that RAMS and Westpac's Board Risk Committee had acknowledged that the root causes included RAMS being conducted as an autonomous business with a unique risk profile arising from its franchise model, an immature risk culture, a deficient control environment and insufficient oversight of non-standard methods of business. That language shows the Court was looking beyond frontline conduct to governance, control design and supervision.

The Court also made suppression and non-publication orders for 10 years over certain identifying information, and temporary suppression pending completion of redactions to linked documents. Those orders covered names and locations of RAMS franchises, franchise principals and loan writers, names of unlicensed unaccredited referrers, customer personal information and some Westpac employee details. That affects how much of the factual narrative can be publicly told.

The reasons explain that the Court was working from agreed factual materials, including an updated statement of agreed facts and admissions on liability and an updated statement of agreed facts on relief. The Court said that because those materials were tendered, it was not required to determine factual questions on their merits in the ordinary way. Instead, it had to be satisfied that the agreed facts on their face provided a sufficient foundation for the declarations and orders sought.

That procedural point matters when reading the case. This was not a fully contested trial about every underlying event. It was a penalty hearing after admissions, with the Court carefully checking whether the agreed factual foundation justified the legal outcome. The Court also made an important clarification because there were separate class action proceedings involving RAMS and franchise terminations. It said the findings in this penalty case were based on the agreed facts before it and did not determine factual or legal issues as between RAMS and group members in those separate proceedings.

The reasons also show how the conduct came to light. RAMS and Westpac commenced multiple investigations into alleged misconduct within the RAMS franchise network. Some investigations began on RAMS' own initiative and others followed complaints. The investigations expanded over time. RAMS and Westpac substantiated some allegations and not others. RAMS then disclosed the findings to ASIC, after which ASIC conducted its own investigation.

For business owners, this part of the case is a reminder that internal investigations, complaints handling and escalation pathways are not just defensive tools after a problem emerges. They are part of the compliance architecture. If a business model depends on franchisees, representatives or introducers, the business needs a way to detect patterns, test whether policies are actually being followed, and respond before issues become systemic.

This case is most useful as a warning about distributed sales models. If your business holds a licence but relies on franchisees, authorised representatives, contractors or introducers to bring in customers, the legal risk does not sit only with the person who first spoke to the customer. The licence holder can face serious consequences if the network is designed or supervised poorly.

The first practical point is to understand the boundary between a limited referral and credit activity. The reasons note that the regulations can permit a narrow form of referral by an unlicensed person. But that does not give businesses a free pass to accept leads from anyone in any form. If an introducer is doing more than passing on basic contact details and a short description of the consumer's purpose, the business should ask whether that person is in substance suggesting a product, steering the consumer, assisting with an application or otherwise acting as an intermediary.

The second point is that internal rules must be operational, not merely written. The Court accepted that RAMS had policies and procedures, but found them inadequate in fundamental respects. Businesses should therefore test whether staff actually verify referrer status, whether approved-referrer lists are current, whether conflicts are identified and managed, whether privacy controls are followed, and whether system access is limited and monitored.

The third point is governance. The Court's reference to an immature risk culture, a deficient control environment and insufficient oversight of non-standard methods of business is a warning sign for any growing business. A model that works commercially can still be legally fragile if compliance has not kept pace with expansion, decentralisation or unusual sales channels.

The fourth point is that cooperation and remediation help, but they are not a substitute for prevention. RAMS' cooperation, reviews, audits and remediation were acknowledged by the Court, yet a very substantial penalty was still imposed. Businesses should not assume that fixing problems after they are discovered will eliminate enforcement risk.

There are two reading notes that are especially important. First, the catchwords refer to admitted contraventions of ss 31(1), 47(1)(a), 47(1)(b), 47(1)(d), 47(1)(e) and 47(4), but the final penalty order was expressed in respect of conduct found to have contravened ss 31(1), 47(1)(a), 47(1)(b), 47(1)(e) and 47(4). The reasons also note that contravening s 47(1)(d) does not itself constitute a contravention of s 47(4). That is why it is important not to overstate the final orders.

Second, the public narrative is necessarily incomplete because of suppression and non-publication orders and because some linked materials were to remain suppressed pending redaction. Readers should therefore treat this case as a detailed public guide to the Court's reasoning and orders, rather than a complete account of every factual episode inside the RAMS network.

For a business owner, the safest reading is straightforward. If your business receives referrals or distributes regulated services through a network, map the real conduct, not just the contract wording. Then check whether your licensing position, accreditation process, conflicts controls, privacy practices, supervision and governance are all aligned with that real conduct.