Australian Securities and Investments Commission v Telstra Super Pty Ltd [2026] FCA 527

This case was not about one unhappy customer. ASIC sued Telstra Super over the way it handled a large body of member complaints over time. Telstra Super was the trustee of the Telstra Superannuation Scheme and held an Australian financial services licence. Because it dealt with retail clients, it had to maintain a dispute resolution system that included an internal dispute resolution procedure complying with ASIC-approved standards and requirements, as well as membership of AFCA.

From 5 October 2021, those standards and requirements were set through ASIC’s Internal Dispute Resolution Instrument 2020/98. The instrument incorporated enforceable parts of Regulatory Guide 271. Telstra Super’s own complaints policy and business rules substantially replicated those standards. That mattered because the case was not really about whether Telstra Super had a policy on paper. The real question was whether it followed that procedure in practice when handling member complaints.

ASIC alleged that across 323 complaints received between 22 October 2021 and 13 January 2023, Telstra Super committed 204 breaches of its IDR procedure across 125 complaints. The allegations included late IDR responses, use of exceptions that ASIC said were unavailable, delay notifications that did not properly explain the reasons for delay, and some IDR responses that omitted AFCA rights information and AFCA contact details. ASIC also said the problems were linked to inadequate resourcing and amounted to a broader failure to provide financial services efficiently, honestly and fairly.

Telstra Super admitted some failures, denied others, and challenged whether ASIC’s instrument validly imposed a legal obligation to comply with the IDR procedure itself. That made the case important beyond the individual complaints. It tested whether complaint handling failures under the IDR framework could amount to contraventions of the Corporations Act.

The timing in this case helps explain the dispute. ASIC’s IDR instrument applied to complaints received on or after 5 October 2021. Telstra Super’s relevant complaints were received between 22 October 2021 and 13 January 2023. ASIC alleged non-compliance during a period running from 7 December 2021 to 23 May 2023. The liability hearing took place across several dates in April and June 2025, and judgment was delivered on 30 April 2026.

The Court’s orders made on 30 April 2026 did not finally set out every operative consequence. Instead, the parties were directed to seek to agree orders giving effect to the reasons, and to agree on a statement of facts relating to the individual complaints that were the subject of the agreed and established contraventions, by 29 May 2026. That means the reasons are clear on the main liability findings, but the final form of orders needed further work after judgment.

The case involved two connected layers of dispute.

First, there was a legal validity issue. Section 912A(1)(g) of the Corporations Act requires a financial services licensee dealing with retail clients to have a dispute resolution system that includes an internal dispute resolution procedure complying with ASIC-approved standards and requirements. ASIC had used its declaration-making power under section 926A(2)(c) to modify the operation of Part 7.6 so that section 912A(1)(g) operated as if it also required a licensee to comply with its internal dispute resolution procedure. Telstra Super challenged that modification. So the Court had to decide whether ASIC had validly exercised that power.

Secondly, if the instrument was valid, the Court had to decide whether Telstra Super had actually failed to comply with its IDR procedure. That required the Court to work through the enforceable parts of RG 271 and Telstra Super’s own business rules. The Court had to consider what counted as a complaint, when an IDR response had to be given, whether the five business day exception applied to some matters, whether the no reasonable opportunity exception was available for delayed complaints, and whether the content of IDR responses and delay notifications met the mandatory requirements.

ASIC also advanced broader allegations. It said Telstra Super had failed to adequately resource its IDR process, contrary to the requirement that the process be resourced so it operates fairly, effectively and efficiently. It also said the overall conduct breached section 912A(1)(a), which requires a licensee to do all things necessary to ensure the financial services covered by the licence are provided efficiently, honestly and fairly.

The Court found for ASIC on the threshold validity issue. It held that the IDR instrument validly altered section 912A(1)(g) so that financial services licensees were required to comply with their internal dispute resolution procedure. That is the key legal point in the case. It means the obligation was not limited to having a compliant procedure on paper.

On the facts, the Court also found Telstra Super had failed to comply with its IDR procedure in a number of respects. The reasons state that the Court found in favour of ASIC on Issues 1 and 2. The Court was not satisfied that the five business day exception applied to 18 of the relevant complaints. It also found that, for 52 complaints, it was not open to Telstra Super to rely on the no reasonable opportunity exception. In relation to 83 complaints, Telstra Super did not comply with the requirement to give an IDR delay notification that informed complainants about the reasons for the delay.

The Court also found that Telstra Super did not comply with the content requirements for applicable IDR responses where it omitted information about the member’s right to take the complaint to AFCA and AFCA’s contact details. But this is where the distinction between findings becomes important. The Court said that failure to comply with those content requirements was not a separate contravention in the way ASIC alleged. So there was a failure to meet the content requirement, but not a separate contravention on that basis as pleaded.

ASIC did not succeed on everything. The Court was not satisfied that ASIC established the alleged contraventions concerning the resourcing obligation. It also found that Telstra Super had contravened sections 912A(1)(g) and 912A(5A), but not section 912A(1)(a). In other words, the Court accepted the complaint handling contraventions tied to the IDR procedure, but did not accept the broader efficiently, honestly and fairly case.

The orders made on the day of judgment directed the parties to seek to agree orders giving effect to the reasons and to agree a statement of facts relating to the individual complaints that were the subject of the agreed and established contraventions. So while the liability findings are clear, the final form of consequential orders was left for later agreement or further application.

The reasons show that complaint handling cases are often won or lost on documents, workflow evidence and file records. Telstra Super’s internal complaints policy and business rules were central because they substantially replicated the ASIC-approved standards and requirements. There was no real dispute that those documents, read together, complied with the approved standards. The issue was whether Telstra Super followed them.

The Court referred to requirements in those documents that reflected RG 271, including maintaining a complaints register, documenting and retaining all contact, conversations and actions with a complainant, including AFCA rights and AFCA contact details in an IDR response, providing an IDR response within the prescribed maximum timeframe, and resourcing the IDR process so it operates fairly, effectively and efficiently.

The complaint files for the 125 complaints were also important. ASIC alleged that some complaints were not answered within 45 days, that some delay notifications were sent after the deadline had already expired, and that some delay notifications used generic wording such as saying the investigation was ongoing without properly informing the complainant about the reasons for the delay. The Court accepted ASIC's case on the 83 complaints where the delay notifications did not adequately state the reasons for delay.

The exceptions also mattered. Under RG 271, a superannuation trustee generally had to provide an IDR response within 45 calendar days. There were two relevant exceptions argued in this case. One was the no reasonable opportunity exception, which required both qualifying circumstances and a timely IDR delay notification containing specified information. The other was the five business day exception, which could apply where the complaint was closed by the end of the fifth business day because it had been resolved to the complainant’s satisfaction or the firm had given an explanation or apology when no further action could reasonably be taken. The Court rejected reliance on those exceptions in a number of identified complaints.

For businesses, the lesson is that complaint handling compliance is evidence-heavy. Your policy, templates, complaint register, timestamps, file notes, and the actual wording used in customer communications all matter. If your records do not show why an exception applied or what work was done, it becomes much harder to defend the process later.

If you are an AFS licensee, this case should be read as a compliance systems decision as much as a legal one. The Court confirmed that the obligation can extend beyond maintaining an IDR procedure to complying with it. That means complaint handling needs to be treated as a controlled legal process, not just a customer service function.

Start with intake and classification. Make sure your business can identify what counts as a complaint under the applicable framework and can log it correctly. Then map the applicable response timeframe. In this case, the relevant maximum timeframe for superannuation complaints was 45 calendar days, subject to limited exceptions. Your systems should calculate deadlines automatically and escalate matters before the deadline expires.

Next, review exception pathways carefully. The case shows that exceptions are not broad operational escape hatches. If you rely on a delay exception, you need to be able to show the qualifying circumstances existed and that the required delay notification was given before the deadline expired. If you rely on a short-form closure pathway, your records should show why the complaint was in fact resolved to the complainant’s satisfaction or why no further action could reasonably be taken.

Template control is also critical. IDR responses and delay notifications should be checked against the mandatory content requirements. Generic wording may not be enough, especially where the rules require reasons for delay and information about AFCA rights and contact details. A legally compliant template is only useful if staff use the correct version every time.

Finally, test the process in practice. File audits, exception reviews, and spot checks on complaint registers can reveal whether the business is actually meeting the standard. The Court did not accept ASIC’s resourcing case here, but that should not be read as a free pass on staffing or training. If your team cannot meet deadlines or produce compliant communications consistently, the operational weakness may still create contravention risk.

Even if your business is not regulated under the financial services IDR framework, the case still offers a useful governance lesson. Courts and regulators often distinguish between having a policy and following it. A business may think it is compliant because it has a manual, workflow, script or template. But if staff miss deadlines, use exceptions loosely, or send incomplete notices, the policy can become evidence of what the business failed to do.

That broader lesson applies to privacy response plans, refund procedures, hardship processes, whistleblower systems, AML programs and other regulated internal processes. If the law requires you to maintain a system or procedure, you should assume a regulator will look at whether the system actually operated as intended. The more your internal documents promise, the more important it is that your records show those steps were followed.

This page is based on the Federal Court judgment in Australian Securities and Investments Commission v Telstra Super Pty Ltd [2026] FCA 527, delivered by Neskovcin J on 30 April 2026. The reasons identify the parties, the statutory framework, the hearing dates, the allegations, and the Court’s findings on validity and liability.

The Court’s orders directed the parties to seek to agree consequential orders and a statement of facts by 29 May 2026. This page therefore focuses on the liability findings in the reasons and should be read with that procedural context in mind. It is general information, not legal advice.