2024 Aged Care Risk and Insurance Outlook: severe penalties proposed for directors under new federal laws for negligence

This article has been co-produced by Lockton, Kinny Legal and Mirus

The new draft (opens a new window) revised Aged Care Quality Standards were released by The Department of Health and Aged Care in December 2023.

Board members along with other responsible person(s) of aged care providers may soon face significant penalties including possible imprisonment and large fines under the proposed new laws in a major overhaul of the Aged Care Act 1997 (Cth) (‘Aged Care Act’) as part of the strengthened Aged Care Quality Standards. The most serious criminal penalties may include up to five years in prison. These significant changes are intended to make the duty of care to older Australians of the highest priority and prevent deaths and serious injury/illness.

Lockton anticipates that under the reforms, directors and executives of boards will continue to face increasingly significant liability for proper governance of aged care providers and will need to consider a number of measures in order to be properly protected. This includes consideration of insurance and legal risk mitigation which is the focus of this article.

Questions Lockton clients are asking about the legal and insurance implications of the proposed changes:

1. What defines a ‘responsible person’ of a registered provider under the new Act for the purpose of these penalties?

The Draft Exposure Bill for the New Aged Care Act defines a 'responsible person´ of a registered provider under Section 11. A person is considered to be a ‘responsible person’ of a registered provider if they are responsible for executive decisions, have authority or responsibility (or significant influence over) planning, directing or controlling activities.

When a registered provider delivers or proposes to deliver funded aged care services, the definition includes any person who is a registered nurse who has responsibility for the overall management of nursing services along with anyone who is responsible for the day-to-day operations of the registered provider.

2. Are these types of fines/penalties insurable?

Aged care providers are constantly at risk of breaching a variety of acts of legislation, particularly in the current environment. Whether it is due to the directors’ individual actions, the behaviour of employees or organisational failure in meeting compliance obligations, the large civil penalties and the threat of litigation presents real financial risk to providers. Although boards and executives do their best to minimise the risks, they are not immune to incurring fines for breaches of legislation.

From an insurance perspective, a director’s governance risk is mainly addressed by D&O Insurance, designed to protect the personal assets of directors and officers of a private or public provider for claims arising from alleged wrongful acts committed by directors and officers in their capacity as governors of the organisation. Some Management Liability and D&O insurance policies can provide cover for legal costs and fines due to breaches of laws. However, it is worth checking to see how much cover is in place and also if there are special exclusions related to pollution or environmental damage that a specialist Statutory Liability policy would seek to cover.

Organisations can purchase Statutory Liability insurance either as part of its Management Liability policy, or on a standalone basis alongside its D&O insurances. Statutory Liability cover is a specialist type of insurance that is designed to help protect organisations from legal expenses if they were to breach an act of legislation. In addition to compensating the insured for the fine, these policies can help cover any reasonable legal and investigative fees that will also be likely to apply.

Statutory Liability policies generally will not provide cover for taxes or workers’ compensation premium imposed by way of penalty, superannuation liability, or penalties that are uninsurable at law. Other typical examples of exclusions in a Statutory Liability policy include, gross negligence or recklessness, deliberate or intentional acts.

Insurers are not legally allowed to provide cover for Work Health & Safety breaches in New South Wales, Western Australia and Victoria under an insurance policy. Other states and territories will likely follow suit with similar amendments to their WHS laws. However, it is worth noting that the prohibition of insurance cover is only for the fines and/or penalties themselves. Cover is still available for costs of defending an investigation or prosecution.

3. Does a director need their own individual Statutory Liability cover or will the organisation’s insurance respond?

If the organisation purchases Statutory Liability cover, this will apply to both individual directors and officers, as well as the organisation itself. The breadth of who needs access to the cover will need to be defined with your insurance professional, particularly if board members are volunteers, or where the organisation is constituted under an act other than the Corporations Act, so that it applies appropriately.

4. Do these changes mean board members go to jail for any breach by the provider, if this Bill becomes the new Act?

No. First, while your board and the organisation should seek to fully comply with all provisions, board members only risk jail time if:

a. they as individuals commit a “serious failure” to conduct due diligence to ensure the provider complies with section 120; and
b. that serious failure results in the death of, or severe injury to, or illness of, a care recipient. 

Under section 120, a provider must ensure, as far as is “reasonably practicable”, that its conduct does not adversely affect the health and safety of care recipients while delivering their aged care services. Section 121 gives a non-exhaustive list of due diligence activities board members (and other responsible persons) must perform.

Second, a board member can be convicted or found guilty of an offence under section 121 regardless of whether the provider has been convicted or found guilty of an offence under section 120. This means there are circumstances where a board member could be convicted and go to jail for breach of their obligations even if the provider is determined to not have breached its obligations in all the circumstances.

5. Does this mean if I commit any due diligence errors, I go to jail?

No. This risk only arises if the error has caused or contributed to a care recipient’s death, serious injury or illness and the error is serious enough to amount to a “serious failure”. The error may be a single act or failure to act, or a systemic pattern of poor conduct.

A board member can also avoid jail time if they have a reasonable excuse for committing the offence. The board member is responsible for proving this is the case to certain evidentiary standards. A lawyer can advise on the prospects of a board member proving this and prepare evidence in support of raising this defence.

Where to from here?

Prudent board members should perform a self-audit of their current risk exposure and what actions can be taken now to reduce risk in case these provisions form part of the new Act. When assessing your personal risk exposure and what risk management steps to take in response, consider your answers to the following questions:

  • What resourcing, culture, systems, data visibility, and other changes could be made now to improve the organisation’s ability to meet its requirements and obligations under the new legislation, particularly if the new Act is expected to be enacted by 1 July 2024?

  • What is my organisation’s understanding of the proposed legislation? Do we have a plan for the transition to the new regulatory model?

  • Do we have a current business continuity plan in place that aligns with legislative changes? Have we developed a risk management action plan based on our self-assessment? Does our governing board have a sufficient skills mix? What evidence do we have to support this?

  • Are our systems, policies and procedures robust and fit for purpose? Have they been reviewed to align with legislative changes? Will they stand up to external scrutiny?

  • What data do we report on? Is it relevant? What value does it bring? How does it mitigate organisational, personal and consumer risk? What do I need to understand about my own personal liability as a director or officer, and what aspect of that liability can be indemnified by the organisation to which I am a director or officer? Am I confident that I have the skills, experience, resources and capacity to meet my own personal obligations under section 121 throughout my tenure as a director or officer of an aged care provider?

  • Do I know what my organisation’s insurances provide cover for particularly with respect to my liabilities as a director or officer of an aged care provider? What is covered? What is excluded?

  • Are our insurers introducing any amendments to cover as a result of the changes to legislation? What is their position for the organisation’s upcoming insurance renewal?

Penalties and fines for breaching a variety of laws can be severe. It is important that you have policies and procedures in place to ensure that the provider, contractors, volunteers and employees comply with all relevant legislation.

An oversight by an employee or a contractor resulting in a serious near miss or death, is likely to trigger an investigation or inquiry and potentially legal action by a regulator. If you are facing a death investigation and potential imprisonment, you want to make sure you have the right insurance in place, to pay for legal fees to represent you both during the investigation and any trial. As the time between the investigation and final legal decision is likely to be years, legal fees can quickly add up.

Obviously, your risks will be dependent on your business, which state you operate in, and which aspect of care delivery, as not all laws will be relevant to you. It is worth talking to a professional insurance advisor about Statutory Liability insurance to ensure you and your management have the best cover.

Consultation on the draft bill (opens a new window) closes on Friday 16, February 2024.

For more information

If you need assistance on how to navigate the legal or insurance landscape facing you as a director or officer of an aged care provider, contact (opens a new window) our aged care specialists in the Lockton Health & Community Services team.


Lyle Steffensen is the Industry Strategy & Innovation Manager at Lockton Australia. Lyle is highly regarded for her leadership and advocacy in risk management and strategy solutions for the aged and disability care sector.

Jessica Kinny is the Solicitor Director of Kinny Legal. Jessica is recognised as a leading expert in aged care and health law, and Kinny Legal is repeatedly ranked as one of Australia’s best in aged care and health law.

Katie Airey is the Senior Manager of Quality, Risk & Compliance at Mirus Australia. Katie is well regarded as a subject matter expert within the aged care sector, known for her expertise in implementing effective quality, risk, and compliance measures.

Lockton clients can access exclusive partner offers from Kinny Legal designed to help them manage risks, respond to legal reforms and take advantage of key growth opportunities.

Contact us (opens a new window) for more information.

The contents of this publication are provided for general information only. This publication does not constitute legal advice. Lockton arranges the insurance and is not the insurer. While the content contributors have taken reasonable care in compiling the information presented, we do not warrant that the information is correct. It is not intended to be interpreted as advice on which you should rely and may not necessarily be suitable for you. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content in this publication. The user should recognise that the furnishing of this publication is not a substitute for their own due diligence and should place no reliance on this publication contained herein which would result in the creation of any duty or liability by any of the contributors or their organisation to the user.