Beyond the Fine: City Beach

6 March 2026

Mads Kjaer, Managing Director

The Federal Court’s decision in Australian Competition and Consumer Commission v Fewstone Pty Ltd (Penalty) [2025] FCA 1636 (trading as City Beach) (‘ACCC v City Beach’), is another clear signal that consumer law enforcement in Australia is no longer confined to technical legal disputes. It is increasingly being treated by regulators and courts as a governance and risk management issue, with direct implications for boards, executives and senior leaders responsible for organisational oversight.

Although the liability findings against City Beach had already been previously established, the penalty phase of the proceeding is where the Court’s broader expectations become most visible. Penalty judgments are not simply about punishment, they are about deterrence, market signalling, and reinforcing standards of corporate behaviour. In this case, the Court’s reasoning reflects a continued emphasis on the need for penalties that are meaningful enough to influence behaviour, not only for the contravening business but across the market. This approach aligns closely with the ACCC’s publicly stated enforcement priorities and its focus on achieving outcomes that drive cultural and governance change, rather than narrow compliance fixes.

For Havn Consultancy clients, the significance of this decision lies less in the specific facts of the contraventions and more in what the case reveals about how consumer law risk is assessed at an organisational level. Courts are increasingly prepared to look beyond individual acts or omissions and consider whether contraventions point to systemic weaknesses in governance, oversight, and internal controls. Where misleading conduct, inadequate disclosures or unfair practices occur, the underlying question is often whether the organisation had the right structures, accountability mechanisms, and escalation pathways in place to prevent those outcomes from arising in the first place.

This decision reinforces that consumer law compliance cannot be treated as a purely operational or legal function. Boards are expected to understand the organisation’s exposure to consumer law risk in the same way they understand financial, cyber, or workplace health and safety risk. This includes having visibility over how products and services are marketed, how representations are approved, how complaints and incidents are tracked, and how emerging regulatory issues are reported and addressed.

Another important governance lesson from this case is the Court’s continued focus on deterrence. Penalties under the Australian Consumer Law are not calibrated solely by reference to the harm suffered by consumers. They are also shaped by the need to send a clear message that non‑compliance carries serious consequences. For boards and executives, this underscores the risk of viewing penalties as a manageable financial exposure rather than a governance failure. In practice, the reputational impact, regulatory scrutiny, and ongoing compliance costs that follow an ACCC enforcement action often outweigh the immediate financial penalty.

The decision also highlights the importance of post‑incident conduct from a governance perspective. How an organisation responds once issues are identified, can influence how regulators frame proceedings and how courts approach penalty outcomes. From a risk management standpoint, this reinforces the value of having preestablished response frameworks, clear decision‑making authority, and board endorsed escalation protocols before a regulator comes knocking.

For many organisations, the underlying risk exposed by cases like City Beach is not a lack of intention to comply, but a gap between policy and practice. Compliance frameworks may exist on paper, but without sufficient resourcing, ownership, and cultural reinforcement, they fail to operate effectively. The Federal Court’s reasoning in penalty decisions increasingly reflects an expectation that organisations actively test, review, and evolve their compliance arrangements as their business models, markets, and regulatory environments change. Static frameworks are unlikely to be sufficient.

For Havn Consultancy clients, this case serves as a timely reminder that consumer law risk should be integrated into broader governance, risk, and compliance systems, rather than treated as a standalone legal issue. Boards should be asking whether consumer law risks are clearly articulated within risk registers, whether management reporting provides meaningful insight into emerging issues, and whether accountability for compliance outcomes is clearly assigned at an executive level. Where those questions cannot be answered confidently, enforcement risk is already elevated.

At Havn Consultancy, we see decisions like this as part of a broader regulatory landscape in which expectations of governance maturity are steadily rising. Regulators and courts are no longer satisfied with reactive compliance. They expect evidence of proactive oversight, informed decision‑making, and continuous improvement. Organisations that invest early in strengthening governance structures and compliance capability are far better placed to manage enforcement risk and maintain trust with regulators, customers and stakeholders alike.

This article is general information only and does not constitute legal advice.