Public Censure of CDL Investments New Zealand Limited

IN NZ MARKETS DISCIPLINARY TRIBUNAL NZMDT 5/2023


UNDER NZ Markets Disciplinary Tribunal Rules


IN THE MATTER OF breach of NZX Listing Rules 2.13.2(b) and
3.8.1(b) and (d)


BETWEEN NZX LIMITED
Acting by and through NZX Regulation
Limited (NZ RegCo)


AND CDL INVESTMENTS NEW ZEALAND LIMITED
(CDI)

___________________________________________________________

DETERMINATION OF NZ MARKETS DISCIPLINARY TRIBUNAL
3 NOVEMBER 2023
____________________________________________________








Rachel Batters
Executive Counsel
NZ Markets Disciplinary Tribunal
Email: rachel.batters@nzmdt.com

2


1. This is a decision of a division of the NZ Markets Disciplinary Tribunal (the
Tribunal) comprising Rachel Dunne (Division Chair), Charles Bolt and Darren
Manning. 

2. Capitalised terms that are not defined in this decision have the meanings given
to them in the NZX Listing Rules (the Rules) or the Tribunal Rules as the case
may be.

3. In this decision, references to Rule 2.13.2(b) include predecessor Rule 3.6.2(b)
and references to Rules 3.8.1(b) and (d) include predecessor Rules 10.4.5 (i) and
(k), as applicable.

Procedural background

4. On 5 October 2023, NZ RegCo filed a statement of case (SOC) alleging CDI
breached Rules 2.13.2(b), 3.8.1(b) and (d).

5. On 12 October 2023, Bell Gully, acting on behalf of CDI, requested a time
extension until 5:30pm on 27 October 2023 to submit CDI’s statement of
response (SOR). The extension was requested to ensure sufficient time (a) to
consider the further allegations of breach made by NZ RegCo in the SOC; and (b)
for CDI’s Board to review and comment on the SOR.

6. On 13 October 2023, the Tribunal granted the requested extension noting that
CDI’s request for an addition 5 Business Days was reasonable, particularly given
the further allegations of breach made by NZ RegCo in the SOC.

7. On 18 October 2023, CDI filed its SOR admitting it breached Rules 2.13.2(b),
3.8.1(b) and (d).

8. On 24 October 2023, NZ RegCo filed a rejoinder.

Factual background
9. CDI is Listed on the NZX Main Board and is an Issuer of Quoted Equity Securities.
CDI is subject to the Rules.

10. On 18 May 2023, NZ RegCo received a complaint regarding CDI’s annual reports
for the 2021 and 2022 financial years. The complaint alleged that for these two
periods, CDI failed to report that its Audit Committee did not comply with
recommendation 3.1 of the NZX Corporate Governance Code (the Code), as
required under Rule 3.8.1(b)
1
.

11. During its investigation into the complaint, NZ RegCo reviewed CDI’s annual
reports for the 2015 financial year onwards and identified alleged breaches of the
Rules in relation to:

a. the number of members on CDI’s Audit Committee – for a time, the
Audit Committee had only two members; and

b. not including in its annual reports (i) the information required when CDI
had not followed a Code recommendation; and (ii) an evaluation on
CDI’s performance against its diversity policy.




1
Annexure 17 of the SOC – email from NZ RegCo to CDI of 24 May 2023.

3

12. NZ RegCo received an identical complaint in respect of Millennium & Copthorne
Hotels New Zealand Limited (MCK). MCK is also Listed on the NZX Main Board
and is an Issuer of Quoted Equity Securities. CDI is a Subsidiary of MCK (MCK
owns 65.99% of the shares in CDI)
2
. CDI and MCK had/have some common
Directors and share a company secretary function. NZ RegCo identified similar
alleged breaches of the Rules by MCK, which it has separately referred to the
Tribunal.

Audit Committee composition

13. Under Rule 2.13.1
3
, CDI must have an Audit Committee. Rule 2.13.2
4
requires
the Audit Committee to:

a. be comprised solely of Directors of the Issuer;

b. have at least three members;

c. have a majority of Independent Directors; and

d. have at least one member with an accounting or financial background.

14. CDI’s annual reports for the years ended 31 December 2015, 2016, and 2017
state that its Audit Committee comprised three members – Independent
Directors Roy Austin (Chair) and John Henderson, and CDI’s then Managing
Director, B.K. Chiu.

15. CDI’s annual reports for the years ended 31 December 2018 and 2019
5
state
that its Audit Committee comprised only two members – Independent Directors
Mr Austin (Chair) and Mr Henderson.

16. CDI advised NZ RegCo that it was decided after its 1 February 2018 Audit
Committee meeting that Mr Chiu should step down from the Audit Committee
because he was an Executive Director. CDI was aware of the consultation on
revisions proposed to the Code in 2017 and wanted to go beyond the
requirements by having an Audit Committee comprised solely of Independent
Directors.

17. CDI adopted a revised Audit Committee Terms of Reference at its 8 February
2019 Audit Committee meeting which required the Audit Committee to consist of
“Independent Non-Executive Directors”. The Terms of Reference also specified
that membership of the Audit Committee “shall not be less than two directors”
6
.

18. CDI advised NZ RegCo that in 2020, the Secretary to the Audit Committee
realised that CDI’s Audit Committee did not comply with the Rule requirement to
have a minimum of three members. This led to the ‘re-appointment’ of Mr Chiu
to the Audit Committee on 27 July 2020. The minutes of CDI’s 27 July 2020
Audit Committee meeting state “...it was noted that the NZX Listing Rules
required three directors to be on the Committee and the Committee therefore
RESOLVED to increase its membership to three with the inclusion of Mr.
Chiu”
7
.

2
Paragraph 5 of the SOC.
3
And predecessor Rule 3.6.1 (2017 Rules).
4
And predecessor Rule 3.6.2 (2017 Rules).
5
Page 3 of the CDI 2019 annual report, which lists the Board of Directors, records “Member of
the Audit Committee” under Mr Chiu’s name. This appears to be an error as page 6 of the CDI
2019 annual report records the members of the Audit Committee as Mr Roy and Mr Henderson.
6
Annexure 18 of the SOC –CDI Audit Committee meeting minutes for 8 February 2019.
7
Annexure 18 of the SOC – CDI Audit Committee meeting minutes for on 27 July 2020.

4


19. CDI advised NZ RegCo that its decision to re-appoint Mr Chiu to the Audit
Committee was based on the following:

a. Due to its Board composition (six Directors, three of whom were
considered to be Independent Directors) and the Code recommendation
that the Chair of the Audit Committee is not the Chair of the Board, CDI
considered it had the following choices to fill the third position:

i. appoint one of the Directors associated with the majority
shareholder;

ii. appoint the Board Chair, but not as the Chair of the Audit
Committee; or

iii. appoint the Managing Director (Mr Chiu).

b. Although the first two options would result in the Audit Committee
complying with the Code recommendation, the Board considered it
preferable (i) not to have any members of the Audit Committee who
were associated with the majority shareholders; and (ii) for the Board
Chair not to be on the Audit Committee. It was therefore decided that
Mr Chiu should fill the third position.

20. CDI’s 2020 annual report records the Audit Committee as comprising Mr Austin
(Chair), Mr Henderson and Mr Chiu, but states that the Audit Committee was
“comprised solely of Independent Directors”. This was untrue given Mr Chiu was
CDI’s Managing Director
8
.

21. CDI’s 2021 annual report records the Audit Committee as comprising Desleigh
Jameson (Chair) an Independent Director
9
, Mr Henderson and Mr Chiu. The
annual report is silent on the independence composition of the Audit Committee.

22. CDI’s 2022 annual report records the Audit Committee as comprising Ms
Jameson (Chair), Mr Henderson and Jason Adams
10
. The annual report is silent
on the independence composition of the Audit Committee.

Audit Committee breach

23. NZ RegCo submits that CDI breached Rule 2.13.2(b) by having only two members
on its Audit Committee from February 2018 - when Mr Chiu ceased to be a
member - until 27 July 2020 - when Mr Chiu re-joined the committee.

24. CDI admits the breach of Rule 2.13.2(b) (Audit Committee breach).




8
CDI 2020 annual report, page 5.
9
According to CDI’s 2021 annual report, Ms Jameson was appointed 1 May 2021 and became
Audit Committee Chair, following Mr Austin’s retirement as a Director.
10
According to CDI’s 2022 annual report, Mr Chiu retired as Managing Director on 1 July 2022.
Mr Adams was appointed as a Director of CDI on 1 June 2022 and became Managing Director on
2 July 2022. He was appointed to the Audit Committee on 4 August 2022. The Tribunal notes
that there appears to be a gap of approximately one month between Mr Chiu’s retirement and Mr
Adam’s appointment to the Audit Committee based on these statements in the annual report.
Accordingly, it appears CDI had only two members on its Audit Committee for a brief period in
2022, although this was not raised by NZ RegCo in the SOC.

5

Annual Report disclosure
25. The Code sets out NZX’s expectations in relation to corporate governance
practices (in addition to those prescribed by the Rules). Issuers are encouraged
to adopt the Code, but the Rules do not require it. The 2017 Rules and Code
introduced the concept of ‘comply or explain’. This approach recognises that an
Issuer’s Board is best placed to determine the corporate governance practices
most appropriate for its circumstances. This flexibility, however, is subject to the
requirement that investors and the market receive sufficient information about
an Issuer’s governance arrangements to inform their decision making.

26. Under Rule 3.8.1(b), where an Issuer has not followed a Code recommendation
for any part of the relevant financial year, it must state:

a. which recommendation/s were not followed;

b. the period over which this occurred;

c. the reasons for not following the recommendation/s;

d. what, if any, alternative governance practice was adopted in lieu of the
recommendation; and

e. that the alternative governance practice has been approved by the
Board.

27. Where an Issuer has adopted a diversity policy, Rule 3.8.1(d) requires an Issuer
to include in its annual report an evaluation from the Board on its performance
with respect to its diversity policy.

Reporting against Code recommendations

28. NZ RegCo alleges that CDI breached Rule 3.8.1(b) by not disclosing the required
information in its annual reports when a Code recommendation had not been
followed, as outlined below:

Code recommendation 2.8 “A majority of the board should be independent
directors”
11
.

a. CDI’s annual reports for the years ended 31 December 2019, 2020, 2021
and 2022 did not disclose all the information required under Rule
3.8.1(b) given CDI had not followed Code recommendation 2.8 – CDI
had three Independent Directors on its six-member Board.

Code recommendation 3.1 “An issuer’s audit committee should operate under a
written charter. Membership on the audit committee should be majority
independent and comprise solely of non-executive directors of the issuer. The
chair of the audit committee should not be the chair of the board”
12
.

b. CDI’s annual reports for the years ended 31 December 2017
13
, 2018,
2020, 2021 and 2022 did not disclose all the information required under

11
This recommendation came into force in the 2019 Code.
12
This recommendation came into force in the 2017 Code and was worded identically in the 2019
Code.
13
While CDI’s annual report for 2017 stated that “As Mr Chiu is MCK’s Managing Director, MCK
does not comply with the requirement under the NZX Code which states that the Audit
Committee should comprise solely of non-executive directors of the company” [the references
here to MCK should be to CDI], it did not include all the information required under Rule 3.8.1(b).

6
Rule 3.8.1(b) given CDI had not followed Code recommendation 3.1 –
CDI had an executive Director on its Audit Committee.

Code recommendation 4.2 “An issuer should make its code of ethics, board and
committee charters and the policies recommended in the NZX Code, together
with any other key governance documents, available on its website.
14


Code recommendation 8.1 “An issuer should have a website where investors and
interested stakeholders can access financial and operational information and key
corporate governance information about the issuer”.
15


c. CDI’s annual reports for the years ended 31 December 2017 to 2022 did
not disclose all the information required under 3.8.1(b) given CDI had
not followed Code recommendations 4.2 or 8.1. CDI did not publish on
its website all of the information required.

NZ RegCo based this allegation on the information currently available on
CDI’s website. NZ RegCo submits that the Tribunal may therefore infer
that CDI had not previously published all of the information required
under these recommendations.

NZ RegCo submits that CDI has not published the complete information
Code recommendation 8.1 states should be made available on an
Issuer’s website. The Tribunal notes that, unlike Code recommendation
4.2, Code recommendation 8.1 does not itself specify what documents
must be available on an Issuer’s website, that is contained in the
commentary. The recommendation is simply that an Issuer has a
website where financial, operational and corporate governance
information can be accessed.

Code recommendation 5.3 “An issuer should disclose the remuneration
arrangements in place for the CEO in its annual report. This should include
disclosure of the base salary, short term incentives and long term incentives and
the performance criteria used to determine performance based payments”.
16


d. NZ RegCo submits that CDI’s annual reports for 2017 to 2022 did not
disclose all the information required under 3.8.1(b) given its annual
reports did not provide a break-down of all of the information specified in
Code recommendation 5.3 in respect of the CEO’s remuneration.

Reporting against its Diversity Policy
29. CDI adopted a diversity policy in 2018 (Diversity Policy). NZ RegCo alleges that
none of CDI’s annual reports from 2018 to 2022 contain an evaluation by its
Board on CDI’s progress with respect to its Diversity Policy, as required under
Rule 3.8.1(d).

Annual Report breaches

30. CDI admits that it did not adequately disclose or explain its non-compliance with
Code recommendations 2.8, 3.1, 4.2, 5.3 and 8.1 in its annual reports for some
or all of the 2017 to 2022 financial years, in breach of Rule 3.8.1(b). CDI also
admits that it did not include an evaluation by its Board on its performance with
respect to its Diversity Policy in its annual reports for the 2018 to 2022 financial
years, in breach of Rule 3.8.1(d) (together, the Annual Report breaches).


14
2017 Code (n 12).
15
2017 Code (n 12).
16
2017 Code (n 12).

7
31. The Tribunal notes that although NZ RegCo did not produce evidence to support
its allegation that information had not been published on CDI’s website over the
period 2017 to 2022, CDI has nevertheless admitted this breach.

Tribunal approach to penalty

32. The Tribunal must consider the appropriate penalty for the Audit Committee
breach and the Annual Report breaches.

33. Under the Tribunal Rules, the Tribunal can impose a fine of up to $500,000 for a
breach of the Rules
17
. Section 9 of the Tribunal Procedures (the Procedures)
provide guidance to the Tribunal on assessing the appropriate financial penalty
for a breach of the Rules. The Tribunal’s recent determination in NZMDT 1/2023
NZX Limited v Hallenstein Glasson Holdings Limited (the HLG decision) outlines
the Tribunal’s approach to the Procedures.

34. As noted in the HLG decision, the Procedures are not determinative. The
Tribunal will ultimately exercise its discretion to determine the appropriate
penalty when considering the overall circumstances of the matter.

35. The Procedures set out a two-step process for the Tribunal to follow:

Step 1 – identify a starting point penalty by assessing the factors relevant to the
breach and the impact or potential impact of the breach; and

Step 2 – adjust that starting point penalty to reflect all the aggravating and
mitigating factors relevant to the respondent.

Step 1: Factors relating to the breach

36. The Procedures set out three starting point penalty bands, within which the
Tribunal will identify a starting point penalty:

Penalty Band Range of Financial Penalty
Penalty Band 1 – Minor Breaches $0 to $40,000
Penalty Band 2 – Moderate Breaches $30,000 to $250,000
Penalty Band 3 – Serious Breaches $200,000 to $500,000

37. Procedure 9.2.1 states that the appropriate penalty band for a breach of the
Rules will be determined based on an overall assessment of the seriousness of
the breach in each case.

38. Procedure 9.2.2 sets out factors which fall within each penalty band which the
Tribunal may consider when assessing the most appropriate penalty band and
the starting point penalty within that band
18
. These factors all relate to the
obligation breached and the impact or potential impact of the breach. As noted
in Procedure 9.2.2, it is unlikely that all the factors within one penalty band will
be present in a particular matter. In most cases, a matter will likely have a
combination of factors from two or more penalty bands. It is also possible for a
matter to fall within a penalty band where only one factor exists. Accordingly,

17
Tribunal Rules 9.1.2(e) and 9.2.2(f).
18
See Appendix 1 for a copy of the table of factors which fall within each penalty range.

8
the Tribunal will use its discretion to weigh up all the factors present to ensure
that they are appropriately balanced.

Step 2: Factors relating to the respondent

39. Once the Tribunal has determined the appropriate penalty band and the starting
point penalty, it must then determine the final penalty by adjusting the starting
point penalty to reflect all the aggravating and mitigating factors relevant to the
respondent (Procedure 9.2.3).

40. Procedures 9.2.5 and 9.2.6 set out a non-exhaustive list of factors which are
likely to lower or increase (or reduce the ability to lower) the starting point
penalty
19
. Procedure 9.1.1 notes that the ultimate financial penalty for the
breach may fall outside of (above or below) the starting point penalty band
initially identified by the Tribunal.

NZ RegCo and CDI submissions on penalty
41. In summary, NZ RegCo submits that the appropriate penalty band for CDI’s
breaches is Penalty Band 2 and that the appropriate starting point penalty is
$70,000. In making this assessment, NZ RegCo also considered two “mitigating
factors” (i) CDI had identified and rectified its breach of Rule 2.13.2(b); and (ii)
both Audit Committee members were Independent Directors, mitigating the
potential for harm.

42. NZ RegCo submits that the mitigating factors in this case (CDI’s admission of
breach and full compliance with NZ RegCo’s investigation) outweigh the
aggravating factors in this case (CDI’s “negligent and inattentive” approach to
the reporting requirements under the Rules and Code). NZ RegCo submits that
when the aggravating and mitigating factors are balanced alongside CDI’s
overall conduct, a final penalty of $50,000 is appropriate.

43. In summary, CDI submits that a starting point penalty of $50,000, being at the
lower end of Penalty Band 2, is appropriate. CDI considers that the Audit
Committee breach should be assessed as a moderate, not serious, compliance
breach given its Audit Committee had at least a majority of Independent
Directors at all times and that while its Audit Committee had only two members
during the period it was in breach, they were both Independent Directors. CDI
submits that the Annual Report breaches were minor compliance breaches,
which should not increase the penalty in any significant way.

44. CDI submits that a 50% discount is appropriate in the circumstances of its
overall conduct and given the mitigating factors, to arrive at an overall financial
penalty of $25,000. CDI also submits that the total penalties to be imposed on
both CDI and MCK should be considered given they are related companies, share
key personnel and legal functions, and the breaches were essentially the same.
On the basis of totality, CDI submits that a further discount of 20% is
appropriate, taking the overall financial penalty to $20,000 for CDI.

The Tribunal’s assessment

45. As noted in the HLG decision, the scheme set out in the Procedures provides a
framework for assessing penalties by drawing the Tribunal’s attention to some,
but not all, factors relevant to penalty setting. The Tribunal will not apply these
factors in a rigid manner, instead using its discretion to determine the
appropriate starting point penalty and ultimate penalty based on the
circumstances of each matter.

19
See Appendix 2 for a copy of the non-exhaustive list of factors which are likely to lower or
increase the starting point penalty.

9



Step 1: Tribunal assessment of the starting point penalty

Penalty Band factors

46. The Tribunal has considered the applicable penalty band factors relevant to CDI’s
breaches and outlines its assessment of these below.

Applicable Penalty Band 1 factors

a) Not caused any loss;

47. NZ RegCo has presented no evidence that CDI’s breaches caused actual loss.

b) No/minor impact on investors and the market;

48. NZ RegCo has not identified any direct impact arising from the Audit Committee
breach. NZ RegCo submits, however, that the Annual Report breaches had a
“minor implicit impact on investors”, who were not clearly informed that CDI had
not followed Code recommendations, nor did CDI explain its performance against
its Diversity Policy.

49. CDI submits that there is no evidence that its Audit Committee, when comprising
only two Independent Directors, was deficient in any respect given those
members continued to provide an unbiased and robust audit process that was
independent from management. CDI considers it unlikely that investors were
prejudiced in any meaningful, or even minor, way by the Annual Report
breaches. CDI submits that the omission of the information required in its
annual reports was of “negligible impact” for investors.

50. There appears to have been no actual impact on investors or the market as a
result of CDI’s Audit Committee having two members, who were both
Independent Directors, as opposed to three members. This is supported by the
historic breach going unnoticed until a complaint was made to NZ RegCo on
another matter.

51. It is difficult to assess what, if any, actual impact CDI’s disclosure omissions had
on investors or the market. The ‘comply or explain’ regime is based on ensuring
that investors receive sufficient information about an Issuer’s governance
arrangements, which they can use to inform their decision making. In the
absence of this information, investors will have likely assumed that CDI was
complying with the Code. CDI’s 2020 annual report incorrectly stated that its
Audit Committee was comprised “solely of Independent Directors”. Given that
CDI has not fully met its disclosure obligations over six successive reporting
periods, it would also have been difficult for investors to gauge CDI’s progress on
governance matters or to compare CDI’s governance practices with those of
other Issuers. The Tribunal also notes that NZ RegCo’s investigation was
initiated by a complaint that CDI had failed to explain in its 2021 and 2022
annual reports that its Audit Committee did not comply with Code
recommendation 3.1. In these circumstances, the Tribunal considers that the
Annual Report breaches had, at the least, a minor impact on investors and the
market.

10
c) No financial benefit or commercial advantage;

52. NZ RegCo has not identified any financial benefit to CDI from the Audit
Committee breach
20
, but suggests that CDI “obtained a minor benefit” from the
Annual Report breaches because it did not prepare the required information.

53. CDI submits that there was no financial benefit or commercial advantage to CDI
as a result of the breaches. CDI disputes that it received a minor benefit by not
preparing the required annual report information. CDI notes that, at best, its
employees spent less time drafting and reviewing the annual report corporate
governance disclosures. CDI submits that this cannot sensibly amount to a
financial benefit which elevates CDI’s penalty.

54. No evidence has been presented that the Audit Committee breach resulted in a
financial benefit or commercial advantage to CDI. The Tribunal considers that
any benefit to CDI arising as a result of the Annual Report breaches was
negligible.

Applicable Penalty Band 2 factors

d) Moderate compliance breach

55. NZ RegCo considers that, taken together, the breaches were serious compliance
breaches. NZ RegCo notes that breaches relating to Audit Committee
composition are particularly serious given the important role of an Audit
Committee in holding an Issuer accountable and providing robust oversight. NZ
RegCo submits that, while the Annual Report breaches may be considered less
serious in isolation, these breaches are still relevant to CDI’s overall conduct.

56. CDI submits that the Audit Committee breach was a moderate, not serious,
compliance breach given its Audit Committee remained independent at all times.
CDI removed its Managing Director in a good faith attempt to over-comply with
the Code recommendation that a majority of Audit Committee members be
Independent Directors. CDI submits that the Annual Report breaches should be
considered as minor compliance breaches, adding only a limited uplift to the
overall penalty.

57. The Tribunal notes that whether a breach is a minor, moderate or serious
compliance breach is an assessment of the seriousness of the compliance failure.
In recent decisions, the Tribunal has found a breach of the requirement to have
a majority of Independent Directors on an Issuer’s Audit Committee to be a
serious compliance breach
21
. The Tribunal considers that the requirement for an
Audit Committee to have a majority of Independent Directors is an important
shareholder safeguard, which supports an unbiased and robust audit process,
and ensures sufficient separation from an Issuer’s management.

58. Having at least three members is an important component to ensuring a robust
Audit Committee, in conjunction with the requirements that all members are
Directors, there is a majority of Independent Directors and at least one member
has an accounting or financial background. In this case, both Audit Committee
members were Independent Directors, ensuring there was sufficient separation
from management, and at least one member had an accounting background
22
,
ensuring the Audit Committee had the required expertise. In the Tribunal’s
view, these facts reduce the seriousness of the Audit Committee breach.

20
As an executive Director, Mr Chiu did not receive remuneration for his Audit Committee
membership.
21
The HLG decision and NZMDT 2/2023 NZX Limited v 2 Cheap Cars Group Limited (the 2CC
decision).
22
Mr Austin is noted as being a Chartered Accountant in CDI’s annual reports.

11
Accordingly, the Tribunal considers that the Audit Committee breach in this case
was a moderate compliance breach.

59. The Tribunal considers that an isolated failure by an Issuer to report against a
Code recommendation would likely constitute a minor compliance breach. In
this case, however, CDI failed to report against a number of Code
recommendations over six successive reporting periods. Having decided to
adopt a Diversity Policy in 2018 (which is to be commended), CDI then failed to
report on its performance against that policy for each year it has been in place.
The Tribunal considers that these circumstances elevate the Annual Report
breaches to a moderate compliance breach.

e) Potential to cause a moderate impact on investors and the market;

60. NZ RegCo submits that CDI’s breaches had the potential to cause a moderate
impact on investors and/or the market. Rule 2.13.2(b) addresses the risk that
an Audit Committee will provide an insufficient check on management or fail to
identify risks by requiring at least three members who can provide views and
expertise. NZ RegCo notes that while the potential for harm was reduced
because both members of the Audit Committee were Independent Directors, the
risk that relevant matters would be inadvertently missed increased when the
number of members was reduced from three to two. NZ RegCo submits that the
Annual Report breaches had the potential to be detrimental to investors’
interests by depriving them of the information required to be in CDI’s annual
reports, which may have influenced investor decision-making.

61. CDI accepts that the Audit Committee breach could have the potential to cause a
moderate impact on investors and/or the market, because generally three,
rather than two, members may provide a more robust check on management.
CDI notes, however, that the potential for any moderate impact was significantly
reduced because its Audit Committee had remained comprised solely of
Independent Directors. CDI submits that the Annual Report breaches were
unlikely to have a material adverse impact on investors in the context of the
otherwise full information provided in CDI’s annual reports.

62. As noted in the HLG decision, the key to whether there is potential harm is to
look at the nature of the harm that the relevant Rule is seeking to prevent and
to assess the potential for that harm to occur at the time of the breach.

63. The Rules requirement that an Audit Committee have at least three members is
intended to ensure there are sufficient different perspectives to perform an Audit
Committee’s responsibilities. The potential harm here is that CDI’s Audit
Committee was less robust because it had two members, not three. During the
period CDI was in breach, both members of the Audit Committee were
Independent Directors (and therefore not associated with CDI’s majority
shareholder or its management) and at least one member had an accounting
background. While not alleviating CDI from its obligation under the Rules, in the
Tribunal’s view this combination of factors lessened the potential impact of the
Audit Committee breach on investors and the market. The Tribunal considers
that the Audit Committee breach had the potential to cause a moderate impact
on investors and the market.

64. The annual report disclosure requirements are intended to ensure that investors,
and the market, receive sufficient information about an Issuer’s governance
practices where they differ from the Code recommendations and to assess an
Issuer’s performance against its Diversity Policy (where it has chosen to adopt
one). This information is important in ensuring that investors, and the market,
can make informed investment decisions and can engage with Boards on
corporate governance matters. The potential harm here is that investors and
the market were not adequately informed. It may be possible to piece some of

12
the information together, as CDI seems to suggest, based on what is included in
CDI’s annual reports (for example, three of the six Directors are identified as
Independent Directors, so an inference can be made that CDI did not comply
with Code recommendation 2.8). However, the requirements ensure that (a)
the information is clearly identifiable and comparable; (b) explanations for non-
compliance are provided; and (c) investors can track an Issuer’s progress over
time. Given the absence of the required information over six successive
reporting periods and an incorrect statement in its 2020 annual report, the
Tribunal considers that there was a moderate potential for harm arising from the
Annual Report breaches.

Applicable Penalty Band 3 factors

f) Breaches continued for an extended period of time;

65. CDI’s breaches continued for an extended period of time – the Audit Committee
breach continued for around 2½ years and the Annual Report breaches occurred
over six successive reporting periods - the 2017 to 2022 financial years.

66. The time taken to remedy a breach is also a relevant factor under Procedure
9.2.1(c). Once CDI identified the Audit Committee breach, it promptly appointed
a third member. CDI submits that this is an applicable Penalty Band 1 factor
(Penalty Band 1 factors include that “The breach was promptly addressed”). The
Tribunal disagrees. While CDI addressed the breach once identified, the breach
itself continued for around 2½ years. At best, CDI’s ‘self-identification’ stopped
the breach continuing even longer.

Starting point penalty

67. After weighing up the factors outlined above, the Tribunal considers that the
breaches fall within Penalty Band 2. While the breaches occurred over an
extended period, this factor was counter-balanced by the breaches not having
caused any discernible loss, a minor impact on investors and the market, and no
financial benefit or commercial advantage to CDI. The Tribunal considers that
given it assessed the breaches as moderate compliance breaches, which had the
potential to cause a moderate impact on investors and the market, Penalty Band
2 is appropriate.

68. As noted above, the Tribunal considers that the Audit Committee breach was a
moderate compliance breach with its seriousness having been reduced by both
Audit Committee members being Independent Directors given the Tribunal
places more weight on the importance of the requirement for an Audit
Committee to be comprised of a majority of Independent Directors than the
requirement for at least three members. In this regard, CDI’s breach is
distinguishable from the breaches considered in the HLG decision and 2CC
decision. The Tribunal assessed a starting point penalty of $150,000 for HLG’s
breach (a four-year breach of the requirement to have a majority of
Independent Directors on its Audit Committee) and $30,000 for 2CC’s breach
(an eight-week breach of the requirements to have at least two Independent
Directors on its Board and a majority of Independent Directors on its Audit
Committee). In both previous decisions, the Tribunal considered the breaches to
be a serious compliance breach given the importance of the Independent
Director requirements as a shareholder safeguard, although the seriousness of
2CC’s breach was lessened because the Director in question did not have a
Disqualifying Relationship, had a limited contractual role in a minor Subsidiary
and the breach lasted eight weeks. In the circumstances of this matter, the
Tribunal considers that the starting point penalty for the Audit Committee breach
should be significantly below HLG, but higher than 2CC.

13


69. The Tribunal considers that the Annual Report breaches should contribute more
than a “limited uplift” in penalty. While the Code recommendations are not
mandatory, the requirement to explain non-compliance is. CDI failed to fully
comply with its disclosure requirements over six successive reporting periods.
The ‘comply or explain’ regime has been in place since 2017. While there may
have been initial tolerance to non-compliance while the regime was imbedded,
and the Code underwent further refinement, Issuers should be fully aware by
now of the reporting requirements. Accordingly, the Tribunal finds the omissions
in CDI’s most recent annual reports for 2021 and 2022 more concerning than
the omissions in its earlier annual reports.

70. The Tribunal considers that the appropriate starting point penalty for CDI’s
breaches is $80,000 ($55,000 for the Audit Committee breach and $25,000 for
the Annual Report breaches).

Step 2: Tribunal assessment of factors relating to CDI

71. To determine the final level of penalty, the Tribunal must adjust the starting
point penalty to reflect the relevant aggravating and mitigating factors.

Aggravating factors

(1) Breaches were careless;

72. NZ RegCo submits that the fact the Annual Report breaches occurred over
several reporting periods indicates a “negligent and inattentive” approach to the
governance and reporting requirements in the Rules and Code.

73. CDI submits that the Audit Committee breach resulted from a single error of
judgement. CDI made a good faith and “ultimately over-zealous” attempt to
ensure its Audit Committee comprised only Independent Directors, in order to
over-comply with the anticipated recommendations in the Code. CDI says the
change to a two-member Audit Committee was well-motivated, but overlooked
the requirement in the Rules for three members. CDI submits that the Annual
Report breaches resulted from an oversight that CDI did not comply with certain
Code recommendations which therefore meant an explanation was required in its
annual reports.

74. The Tribunal acknowledges that CDI had good intentions with respect to the
composition of its Audit Committee, but nonetheless overlooked a key Rules
requirement to have at least three members.

75. CDI also overlooked its disclosure requirements under Rules 3.8.1(b) and (d)
over multiple reporting periods. This oversight is more difficult to understand
given that the introduction of the ‘comply or explain’ regime was well-signalled,
as noted by NZ RegCo, and CDI had monitored the consultation undertaken in
respect of the 2017 Code. While corporate governance practices are evolving,
with the Code having gone through further refinement in 2019 and consultation
being undertaken again recently, the ‘comply or explain’ obligation has remained
a central feature since 2017.

76. The Tribunal considers that while CDI’s breaches appear unintentional, the
combined level of oversight indicates a carelessness with regard to Rules
compliance.

14
(2) Recurring breach;

77. The Annual Report breaches occurred over six successive reporting periods. CDI
had numerous opportunities to identify its disclosure omissions had sufficient
compliance checks been made on its annual report each year. CDI’s annual
report for 2020 also included an inaccurate statement.

78. As noted in the HLG decision, compliance checks on the information included in
an Issuer’s annual report should be thorough and robust each year, particularly
given that changes may have occurred since the last annual report was prepared.

79. The Tribunal notes that CDI advised NZ RegCo during its investigation that going
forward it would address the information deficiencies in its annual reports.

Mitigating factors

(1) Early admission of breach;

80. CDI admitted the breaches at the earliest opportunity. This includes the
breaches raised during NZ RegCo’s investigation and the breaches subsequently
raised by NZ RegCo in the SOC.

81. CDI did not self-report the Audit Committee breach (having identified and
remedied the breach in 2020). While an Issuer is not required to self-report a
breach under the Rules, if CDI had done so, it would likely have been a
significant mitigating factor. If not for the complaint, CDI’s Audit Committee
breach may have never come to NZ RegCo’s attention.

(2) Full cooperation with investigation;

82. NZ RegCo submits that CDI fully complied with its investigation by answering
questions openly and robustly and by providing supporting documentation (in the
form of its Audit Committee meeting minutes).

Factor not considered mitigating

83. In relation to the breach of Rule 3.8.1(d), CDI submits that it is relevant when
assessing this breach that CDI had a maximum of four full time equivalent
employees. NZ RegCo notes that the Rules apply to all Issuers, regardless of
size, and that having decided to adopt a diversity policy, CDI was required to
report on its performance against the policy.

84. CDI is to be commended for adopting a diversity policy. Having made that
choice, CDI must comply with the requirement in Rule 3.8.1(d) to include in its
annual report an evaluation on its performance against that policy. Having only
four full time equivalent employees does not alleviate CDI from this obligation.
Each of CDI’s annual reports since 2018 have noted that a periodic review of its
Diversity Policy will be undertaken, but at no point has a performance evaluation
been reported.

Totality of penalty

85. CDI submits that, given CDI and MCK are related companies and that the
breaches stem from the same error by the shared legal and compliance function,
it is appropriate for the Tribunal to exercise its discretion and assess, in totality,
whether the combined penalty imposed on CDI and MCK remains proportionate
to the seriousness of the breach. CDI suggests that a further discount of 20% be
applied to each of the final penalties imposed on CDI and MCK in recognition of
their “relatedness”.

15


86. NZ RegCo does not consider it possible, given the scheme of the Rules and
Procedures, for a Respondent to advance additional factors after the assessment
of aggravating and mitigating factors at step 2 of the penalty setting process.
NZ RegCo submits that CDI’s ‘totality’ approach can only fit into the scheme of
the Rules and Procedures if considered as a mitigating factor under step 2. NZ
RegCo submits, however, that CDI’s totality submission should not be accepted
as a mitigating factor because a key feature of the Rules is that each Issuer is
individually bound by its contractual relationship with NZX to comply with the
Rules. Allowing a ‘group discount’ would weaken the regulatory framework and
adversely affect market confidence.

General comments
87. The Tribunal’s power to impose penalties for a breach of the Rules is set out in
Tribunal Rule 9.2.2 – under Tribunal Rule 9.2.2(f), the Tribunal may impose a
fine of up to $500,000. Tribunal Rule 9.5.1 sets out a number of factors that the
Division may consider when assessing the extent of the penalty to be imposed.
These factors include the Procedures and “any other mitigating factors that
Division considers appropriate”
23
.

88. As noted in the HLG decision, the Procedures provide a guide to determining the
appropriate financial penalty which may be imposed by the Tribunal. The
Procedures confine and structure the Tribunal’s discretion, but do not eliminate
it. Procedure 9.1.2 notes that the Procedures are not determinative, and the
Tribunal will ultimately use its discretion in determining any penalty.

Application of totality not appropriate in these circumstances

89. The Tribunal may consider the principal of totality when assessing penalty where
appropriate. The Tribunal has previously had regard to totality when assessing
settlements agreed for two separate breaches committed by the same Issuer and
referred concurrently to the Tribunal by NZ RegCo
24
.

90. As acknowledged by CDI, CDI and MCK are separate Issuers, each responsible
for compliance with the Rules. Shared functions may have led to both Issuers
making the same breaches, but that does not mean that the penalty to be
imposed on each Issuer should be considered in aggregate and a discount
applied. As noted by NZ RegCo, with regard to regulatory outcomes there is no
concept of shared ‘group’ responsibility or consequence for related Issuers.

91. In these circumstances, it is not appropriate to consider the penalty to be
imposed on CDI and MCK in aggregate and apply the discount sought by CDI.

Penalty

92. The Tribunal considers that the mitigating factors outlined above - CDI’s early
admission of the breaches and full cooperation with NZ RegCo’s investigation -
out-weigh the aggravating factors – CDI’s oversight of the Rule requirements and
the recurring Annual Report breaches. The Tribunal considers that having regard
to these factors, a discount from the starting point penalty of $80,000 is
appropriate. The Tribunal imposes an ultimate penalty of $50,000 ($35,000 for
the Audit Committee breach and $15,000 for the Annual Report breaches).




23
Tribunal Rule 9.5.1(g).
24
NZMDT 1/2021 NZX Limited v NZME Limited and NZMDT 2/2021 NZX Limited v NZME Limited.

16
Deterrence

93. Under Procedure 9.1.4, the Tribunal may consider what amount of financial
penalty could deter future breaches by the respondent or other Issuers of the
same or a similar obligation. The Tribunal is satisfied that the penalty of $50,000
in this case will act as a sufficient deterrent.

94. The Tribunal again encourages NZ RegCo to remind Issuers of their Audit
Committee obligations under the Rules, this being the fourth breach of the Audit
Committee requirements considered by the Tribunal this year. There seems to
be confusion between the Audit Committee requirements under the Rules (which
are mandatory) and the recommendations in the Code.

95. The Tribunal is mindful that this is the first penalty, along with the penalty for
MCK, imposed for a breach of the Rules and Code ‘comply or explain’ regime.
The Tribunal has identified the portion of the penalty attributable to the Annual
Report breaches ($15,000) to indicate that such disclosure breaches are not
negligible. An isolated failure by an Issuer to report against a Code
recommendation would likely constitute a minor breach. In this case, however,
CDI failed to report against (a) a number of Code recommendations over six
successive reporting periods; and (b) its Diversity Policy for each year it has
been in place. The Tribunal encourages NZ RegCo to remind Issuers that robust
compliance checks need to be made on the annual report each year to ensure
their disclosure obligations are met.

Public censure
96. Procedure 9.3 provides guidance on when the Tribunal may be likely to exercise
its power under the Tribunal Rules to publicly censure a respondent.

97. NZ RegCo submits that none of the grounds favouring non-publication have been
demonstrated in this case and that a public censure of CDI is appropriate
because the breaches fall within Penalty Band 2, there is educative value in
naming CDI and signalling to the market NZ RegCo’s expectations in respect of
the governance and reporting requirements.

98. While CDI accepts none of the grounds in Procedure 9.3.3 clearly apply, the
Tribunal may exercise its discretion not to publicly censure CDI given it considers
that the Audit Committee breach falls at the lower end of Penalty Band 2. CDI
submits that a private censure is appropriate because:

a. the breaches did not impact the public or damage public confidence;

b. the breaches had limited potential to cause harm;

c. CDI did not show a disregard for the Rules, rather CDI made a good faith
attempt to have its Audit Committee comprised solely of Independent
Directors;

d. CDI self-identified, and promptly remediated, its breach of Rule
2.13.2(b); and

e. CDI admitted the breaches at the earliest opportunity and fully co-
operated with NZ RegCo.

99. The Tribunal has considered the guidance set out in Tribunal Procedure 9.3,
including that the name of a respondent is likely to be published when:

a. the impact of the breach has caused the public to be harmed and/or has
damaged public confidence in the sector or the breach had the potential

17
to cause harm to the public or the potential to damage public confidence
in the sector; and/or

b. the respondent has been involved in repeated breaches and shown
disregard for the Rules; and/or

c. the respondent committed a breach that falls within Penalty Band 2 or
Penalty Band 3.

100. Having regard to the guidance set out in Tribunal Procedure 9.3, the Tribunal
considers it is appropriate to publicly censure CDI:

a. both the Audit Committee breach and Annual Report breaches had the
potential to damage confidence in the market;

b. the Annual Report breaches occurred over multiple reporting periods;
and

c. the breaches fall within Penalty Band 2.

101. The Tribunal notes that its public censure of CDI will be released together with a
copy of this determination.

Costs

102. NZ RegCo submits that CDI should pay the costs incurred by NZX and the
Tribunal in relation to this matter. CDI noted that it was prepared to meet the
Tribunal and NZX’s costs in connection with this matter.

103. Generally, where a respondent is found to have breached the Rules the Tribunal
will award the actual costs of NZX and the Tribunal against that party. Given the
circumstances of this case, the Tribunal considers it appropriate to order CDI to
pay the costs of NZX and the Tribunal in considering this matter.

Orders
104. The Tribunal orders that CDI:

a. be publicly censured in the form of the announcement attached to this
determination (which will include a full copy of this determination);

b. pay $50,000 to the NZX Discipline Fund;

c. pay the costs and expenses incurred by the Tribunal in considering this
matter; and

d. pay the costs and expenses incurred by NZX in considering this matter.


DATED 3 NOVEMBER 2023

Rachel Dunne, Division Chair, NZ Markets Disciplinary Tribunal

18
Appendix 1
Penalty Band Factors
Penalty Band 1 Minor
Breaches
• The breach is a minor administrative, operational
and/or compliance breach.
• The breach has not caused any loss.
• The breach has not had an impact on or has only
had a minor impact on investors, clients, and/or the
market.
• The breach was promptly addressed.
• The breach did not result in a financial benefit
and/or commercial advantage to the Respondent.
Penalty Band 2 Moderate
Breaches
• The breach is a moderate administrative,
operational and/or compliance breach.
• The breach has caused a moderate impact on
investors, clients, and/ or the market.
• The breach had the potential to cause a moderate
impact on investors, clients, and/or the market.
• The breach occurred for a short period of time.
• The breach resulted in a minor to moderate financial
benefit and/or commercial advantage to the
Respondent.
Penalty Band 3 Serious
Breaches
• The breach is a serious administrative, operational
and/or compliance breach.
• The breach has caused significant impact on
investors, clients and/ or the market.
• The breach had the potential to cause significant
impact on investors, clients and/or the market.
• The breach continued for an extended period of
time.
• The breach continued to occur once discovered.
• The breach resulted in a significant financial benefit
and/or commercial advantage to the Respondent.
• The Respondent committed the breach to obtain a
financial benefit and/or a commercial advantage.

19
Appendix 2
9.2.5

The following non-exhaustive factors relating to the Respondent may be considered
by the Tribunal as factors that are likely to lower the starting point penalty:
(a) The Respondent admitted the breach at an early stage, and/or self-reported
the breach;

(b) The Respondent cooperated fully and openly with NZX or CHO (as the case may
be) with any investigation surrounding the breach and provided all material
facts;

(c) The Respondent has implemented or has undertaken to implement or enhance
processes, systems, or procedures to prevent similar future breaches;

(d) The breach occurred even though effective compliance / administrative /
operational processes were in place;

(e) The Respondent provided prompt redress for any harm caused as a result of
the breach;

(f) The breach is a one-off event and does not form part of a pattern of behaviour
or conduct;

(g) The Respondent has a good compliance history;

(h) where applicable, the Respondent obtained independent legal, accounting or
professional advice that the conduct did not constitute a breach and reasonably
relied upon that independent advice; and

(i) the starting point penalty having an adverse effect on the ongoing commercial
viability of the Respondent.

9.2.6

The following non-exhaustive factors relating to the Respondent may be considered
by the Tribunal as factors that are likely to increase the starting point penalty or
reduce the ability to lower it:
(a) The breach was caused intentionally by the Respondent, or through the
Respondent’s recklessness;

(b) The Respondent hindered NZX or CHO (as the case may be) with any
investigation surrounding the breach and did not provide all material facts;

(c) The Respondent should reasonably have been aware that the breach could
occur and did not implement or undertake to implement or enhance processes,
systems or procedures to prevent similar future breaches;

(d) The Respondent was aware that its compliance / administrative / operational
processes were not adequate or ineffective and failed to rectify them;

(e) The Respondent failed or delayed in providing redress for any harm caused as a
result of the breach;

(f) The breach is a recurring breach, or forms part of a pattern of behaviour or
conduct;

(g) The Respondent has a poor compliance history; and

(h) Where applicable, the Respondent either failed to seek independent legal,
accounting or professional advice or acted contrary to legal, accounting or
professional advice obtained that the conduct did constitute a breach.

---

16 November 2023

PUBLIC CENSURE OF CDL INVESTMENTS NEW ZEALAND LIMITED BY THE NZ
MARKETS DISCIPLINARY TRIBUNAL FOR BREACHES OF
NZX LISTING RULE 2.13.2(b) AND RULES 3.8.1(b) AND (d)
In a determination of the NZ Markets Disciplinary Tribunal (the Tribunal) dated
3 November 2023, the Tribunal found that CDL Investments New Zealand Limited
(CDI) breached NZX Listing Rules 2.13.2(b) and 3.8.1(b) and (d).

Under Rule 2.13.2(b), an Audit Committee must have at least three members. From
February 2018 until 27 July 2020, CDI’s Audit Committee had only two members, both
of whom were Independent Directors. CDI’s Managing Director had been the third
member but was removed in February 2018 in a good faith attempt to have an Audit
Committee comprised solely of Independent Directors. While well-intentioned, CDI
overlooked the requirement in the Rules that the Audit Committee have at least three
members. CDI identified and rectified the breach by reappointing its Managing
Director to the Audit Committee on 27 July 2020. The Tribunal noted that having at
least three members is an important component to ensuring a robust Audit Committee.
While a breach of this nature has the potential to impact investors and the market, the
seriousness of CDI’s breach was reduced because the Audit Committee’s two members
were Independent Directors.

The NZX Corporate Governance Code sets out NZX’s expectations in relation to
corporate governance practices (in addition to those prescribed by the Rules). Issuers
are encouraged to adopt the Code, but the Rules do not require it. This approach
recognises that an Issuer’s Board is best placed to determine the corporate governance
practices most appropriate for its circumstances. This flexibility is subject to the Rules’
requirement that investors and the market receive sufficient information about an
Issuer’s governance arrangements to inform their decision making. CDI did not fully
disclose and explain its non-compliance with Code recommendations 2.8, 3.1, 4.2, 5.3
and 8.1 in its annual reports for the 2017 to 2022 financial years in breach of Rule
3.8.1(b) and did not include an evaluation by its Board on its performance with respect
to its diversity policy in its annual reports for the 2018 to 2022 financial years in
breach of Rule 3.8.1(d). Given the number of omissions over multiple reporting
periods, the Tribunal considered that CDI’s annual report breaches were a moderate
compliance breach which had the potential to impact investors and the market.

CDI admitted the breaches at the earliest opportunity and co-operated fully with NZ
RegCo’s investigation. The Tribunal acknowledged that CDI had good intentions with
respect to the composition of its Audit Committee, but nonetheless overlooked a key
Rules requirement to have at least three members. CDI also overlooked its disclosure
requirements under Rules 3.8.1(b) and (d) over multiple reporting periods.

The Tribunal ordered CDI to pay a financial penalty of $50,000 ($35,000 for its Audit
Committee breach and $15,000 for its annual report breaches), pay the costs of NZX
and the Tribunal, and be publicly censured in the form of this announcement.

The determination of the Tribunal in this matter is attached to this announcement.