Above Board: Board Advisory and Governance Update

Articles Written by Jonathan Cheyne (Partner), Justin Harris (Partner), John Keeves (Partner), Professor Pamela Hanrahan (Consultant)
corporate building

Quick summary

Our quarterly update covers these recent developments in the governance space:

  • The Government has kicked off a review into whether pandemic-era changes to the continuous disclosure laws, introducing a fault element for civil liability, should be retained.
  • A new report that explores the impact of strategic human rights litigation on corporate behaviour shows what we might expect from ESG litigation in 2024.
  • The Australian Human Rights Commission’s new powers to enforce the positive Respect@Work duties against employers commence in December 2023.
  • For companies that use standard form contracts, directors and senior management should be taking active steps to understand the potential application of new penalties for breach of the unfair terms law.
  • A useful decision of the Western Australian Supreme Court in November confirmed a company’s obligation to hand over shareholders’ email addresses in complying with its obligation to provide a copy of the members’ register.
  • The Governance Institute of Australia’s recent report on data governance in Australia shows there is still significant work for boards to do. Important developments in cyber security, including proposed privacy law changes, are discussed in our Digital Bytes update.
  • We begin our series of articles reflecting on what boards and senior management can learn from past governance failures.

Robust and effective governance is the key to every successful and resilient business. Our specialist Board Advisory and Governance team works closely with company and fund boards and senior management in understanding stakeholder expectations and meeting contemporary governance standards.


Post-implementation review of liability for continuous disclosure begins

During the COVID-19 pandemic, the former Government amended the Corporations Act 2001 (Cth) to limit the circumstances under which listed entities and their officers could be sued for incomplete or inaccurate market disclosures. The amendments aimed to restrict civil and civil penalty liability to situations involving intentional, reckless or negligent disclosure failures. The 2021 amending legislation required a post-implementation review; this is being undertaken by Dr Kevin Lewis, former ASX Chief Compliance Officer.

The reforms were controversial; some shareholders and others thought the quality and timeliness of market disclosure would suffer. Dr Lewis’ review is seeking to understand the impact of the amendments and whether they ought to be made permanent. Its report is due early in 2024.

We think the amendments should be retained, and that they clearly signal to disclosing entities and their directors the need to take care to avoid disclosure breaches.


Report on the impact of strategic human rights litigation on corporate behaviour released

The Australian Human Rights Institute published a new report, ‘The Impact of Human Rights Litigation on Corporate Behaviour’, in November. The report aims to be the first focused consideration of the impact of strategic litigation on corporate behaviour, drawing on global examples over several decades. The analytic framework underscores that remedying harm in individual instances of human rights abuses is just one objective – raising awareness, endeavouring to change corporate culture, and trying to influence laws and policies are equally important objectives.

While the examples discussed in the report are from overseas, they resonate with our experience here on a range of strategic ESG litigation, including on cultural heritage aspects of major projects.

We think strategic human rights litigation is likely to increase in Australia over this decade. Boards who understand the litigants’ objectives and priorities will be better placed to manage those claims.


New enforcement arrangements for Respect@Work commence

The landmark Respect@Work changes, legislated in 2022, impose positive duties on employers to take reasonable and proportionate measures to eliminate, as far as possible, unlawful sex discrimination, sexual harassment, hostile workplace environments, and acts of victimisation against complainants.

From December 2023, compliance can be enforced by the Australian Human Rights Commission through compliance notices and undertakings.

Sexual harassment is a workplace health and safety issue. Under WHS laws, officers – including company directors – must exercise due diligence to ensure the entity carrying on the business meets its WHS duties. Safe Work Australia’s ‘Preventing workplace sexual harassment guide’ provides useful guidance on directors’ personal obligations.


Directors’ oversight duties and the new unfair contract terms legislation

Legislation imposing significant penalties on entities whose standard form contracts include unfair terms commenced in November. Corporations that breach the law can be penalised up to the greatest of $50 million, three times the value “reasonably attributable” to the benefit obtained from the conduct, or 30 per cent of adjusted turnover. The penalties apply to standard form contracts made or renewed with consumers or small businesses from 9 November 2023.

The definition of “small business” has been significantly expanded, and for now includes someone who employs 100 people or less (increased from 20) or any business with an annual turnover of less than $10 million. There are traps here for those who think that, because their business is not “retail”, the laws do not apply. Cleaning up unfair contract terms has been identified as a key enforcement priority for ASIC (in the financial sector) and the ACCC (for the rest of the economy); this may extend to terms that are ubiquitous or considered industry standard.

We think that, as part of their duty of care to the company, directors should actively engage with “mission critical” corporate compliance issues that expose the corporation to the foreseeable risk of harm in the form of significant penalties or other damage, including reputational damage. Directors and officers should take be taking reasonable steps now to satisfy themselves that the management team has reviewed the business to identify affected contracts and make adjustments where needed.


Access to members' email addresses

A recent case in Western Australia has clarified a company’s obligation to hand over members’ email addresses when they appear in the register.

Companies increasingly communicate with members electronically – this was significantly simplified by changes to the Corporations Act made earlier in the year and explained in this ASIC Guidance. As a result, most now hold members’ email addresses.

In AVZ Minerals Ltd v Fat Tail Holdings [2023] WASC 403, Fat Tail requested a copy of AVZ’s members’ register under Corporations Act s 173 to communicate with other members ahead of a contested board election. AVZ argued that it was only required to provide physical addresses, but the argument failed. The reasons why are explained in our Insight piece by Partner Justin Harris.

Communicating directly with shareholders electronically lowers costs and reduces delay for activist investors and those agitating for change, as we saw with the recent Endeavour Group annual general meeting. We think this will lead, over time, to more corporate contests being played out on the floor of the general meeting.


Data governance

The Governance Institute of Australia, working with Macquarie University’s DataX Research Centre, recently surveyed 345 CEOs/C-suite executives, non-executive directors, and senior governance and risk professionals on data governance. The findings, released in November, included that majority of respondents surveyed were not positive about how their organisation manages and protects important data, with 57 per cent describing it as average and 4 per cent as poor.

With data loss or data misuse increasingly in the news, and the pace of regulatory change accelerating rapidly, directors and officers need to stay informed. In JWS’s summer edition of Digital Bytes, our Cyber, Privacy and Data team takes you through key developments:

  • the Australian Government’s response to the Privacy Act Review Report;
  • Queensland’s updated privacy laws, applicable to Queensland government bodies;
  • ASIC’s latest cyber pulse survey showing companies are typically underprepared;
  • the Government’s commitment to introducing ransomware and ransom payment reporting laws, and to establishing a Cyber Incident Review Board;
  • the doubling of the number of “systems of national significance” declared under the Security of Critical Infrastructure (SoCI) laws, and the Government’s commitment to regulating telecommunications as a type of critical infrastructure under the SoCI Act;
  • the Australian Signals Directorate’s latest report summarising cyber threats in 2022-23, and the Five Eyes’ adoption of five Principles of Secure Innovation;
  • progress on Australia’s digital ID scheme;  
  • the Australian Communications and Media Authority’s continued enforcement focus on compliance with the Spam Act, with the $500,000 fine issued against Ticketek for sending commercial electronic messages without consent, and to individuals who had unsubscribed;
  • recent Optus litigation concerning legal professional privilege when handling a data breach; and
  • recent StarTrack litigation against its consumables portal supplier, which continued offering the portal to StarTrack’s customers after the contract ended.

Lessons learned

In the first of a series of articles that will examine what boards and senior management can learn from past governance failures, this introductory article by Partner Jonathan Cheyne explores what failure means in an organisational context and the implications this has for those seeking to build more resilient governance systems.

Important Disclaimer: The material contained in this article is comment of a general nature only and is not and nor is it intended to be advice on any specific professional matter. In that the effectiveness or accuracy of any professional advice depends upon the particular circumstances of each case, neither the firm nor any individual author accepts any responsibility whatsoever for any acts or omissions resulting from reliance upon the content of any articles. Before acting on the basis of any material contained in this publication, we recommend that you consult your professional adviser. Liability limited by a scheme approved under Professional Standards Legislation (Australia-wide except in Tasmania).

Related insights Read more insight

Digital Bytes – cyber, privacy & data update

Welcome to Digital Bytes, our latest quarterly update on current developments in cyber, privacy and data governance.

Update to AICD Not-for-Profit Governance Principles

As the Australian Institute of Company Directors (AICD) notes in its recently released Not-for-Profit Governance Principles (Third Edition) (Principles), there are approximately 600,000 not-for...