DDO case note: ASIC v American Express

ASIC v American Express Australia Limited [2024] FCA 784 was decided on 19 July 2024.

What was this case about?

This was a case that dealt with the obligation of a product issuer under DDO to stop distribution of a product and to inform distributors that they must not distribute the product, when a review trigger has occurred or there is an event or circumstance which suggests that the TMD for the product is no longer appropriate.

American Express Australia Limited (Amex) sold 2 co-branded credit cards through David Jones, the DJs Amex card and the DJs Amex Platinum Card. The cards were mainly sold through an in-store application process, which was usually done by the customer filling in a digital tablet-based application.

Customers could be instantly approved, conditionally approved or declined. When there was a conditional approval, Amex would review the application and follow up with the customer to get more information. If the customer did not provide this information within 45 days, the application was cancelled. In the interim, the conditionally approved customers got a fixed line of credit to spend in store at David Jones on the day of conditional approval.

Before DDO commenced, Amex developed its TMDs for the 2 card products. The target market for both cards was consumers looking to make purchases on credit with a card that earns benefits (membership rewards, Qantas points, David Jones benefits and – for the Platinum card – travel benefits).

The TMD for the Amex card (but not the Platinum card) listed abnormal cancellation rates as one of the review triggers. “Cancellation” referred to when a card application was made but the application lapsed, was withdrawn or cancelled before Amex made its final decision.

In early 2022 the monthly cancellation rates were in the range of 42% to 60%.

Amex and David Jones were aware of high rates of cancellation of the cards. They convened a working group to look into this.

Customers got a point-of-sale discount of 10 to 30% when they applied for a card at point of sale and were instantly approved or conditionally approved. Data showed that some customers may only have been applying for a card to get the price discount. It seems that others didn’t realise they were applying for a credit card with an annual fee.

The evidence indicated that while the product owners at Amex were given some basic guidance on DDO, there was no detail given on when a particular review trigger under the TMD occurred or what was meant by “abnormal cancellation rates”. It was left up to the product owners to use their own judgement, but they weren’t instructed on who was responsible for making the call.

Knowing that the TMD was no longer appropriate

The judge found that these high rates of cancelled applications reasonably suggested that the TMDs for both products were no longer appropriate.

The question of liability in this case concerned 2 subsections of the Corporations Act that deal with what a product issuer is required to do when the TMD may no longer be appropriate. These are sections 994C(4) and 994C(5).

994C(4) is a civil penalty provision and requires the issuer to stop distributing a product when the conditions are met. These conditions include a knowledge requirement that the person “knows, or ought reasonably to know” that a review trigger for the TMD has occurred or that an event or circumstance has occurred that would reasonably suggest that the TMD is no longer appropriate.

994C(5) is a criminal penalty provision and requires the issuer to take reasonable steps to ensure that other regulated persons are informed that they should stop distributing the product when the conditions are met. There is also a knowledge requirement here, but it is only that the issuer knows (that is actually knows) of the situation – there is no “ought reasonably to know” (that is, constructive knowledge).

This was a case where the defendant agreed with ASIC and there was a joint statement of agreed facts and admissions made to the court in which Amex admitted to breaching both of these provisions.

However the judge decided not to accept this. He found that there had been a breach of s 994C(4) because Amex ought to have known, but Amex did not have actual knowledge of the relevant factors and so it was not in breach of section 994C(5).

In other words, Amex ought reasonably to have known that what was happening with the high cancellation rates was something that would reasonably suggest that the TMDs were no longer appropriate.

The proposed penalty amount had also been agreed between ASIC and Amex but the judge was still required to consider whether it was appropriate. In the end he agreed with the proposed penalty of $8 million for the breach of section 994C(4).

Action steps taken to improve compliance

In assessing the penalty, the judge took into account the action which had been taken by Amex to update its DDO program. These included:

• a dedicated DDO Review Trigger Policy with processes for enhanced monitoring of relevant data points, clear escalation protocols and decision ownership for identifying review triggers and conducting a review of the TMD, identifying key stakeholders and decision makers;

• a dedicated monthly DDO Forum attended by product owners and other key stakeholders to review product metrics and distribution channels and to consider potential review triggers;

• a dedicated Complaints Forum, which includes consideration of complaints categories and products for DDO compliance;

• reviewing and updating TMDs; and

• new company-wide DDO training and targeted product owner training.

These initiatives by Amex are ones that you might want to consider for your business when reviewing your own DDO compliance measures.