Above Board: Board Advisory and Governance Update – Autumn 2024

Articles Written by Jonathan Cheyne (Partner), Justin Harris (Partner), John Keeves (Partner), Damian Reichel (Partner), Professor Pamela Hanrahan (Consultant)

Quick summary

The autumn edition of our Above Board quarterly update covers these recent developments in the governance space:

  • The Closing Loopholes No.2 amendments to the Fair Work Act 2009 (Cth), which passed in February, broadened the concept of a ‘serious contravention’ of key employment laws and increased the maximum penalties for medium and large businesses five-fold.
  • Amendments to the foreign bribery laws will make companies liable for bribery committed by employees and agents if they cannot affirmatively demonstrate ‘adequate procedures’ to prevent it.
  • The ASX Corporate Governance Council has released a consultation draft of the proposed fifth edition of the Corporate Governance Principles and Recommendations for public comment.
  • The Government is continuing to work on the new climate-related financial disclosure laws. But with key issues still to be resolved, it may be that the start date for the new regime will be pushed back into 2025.
  • Home Affairs is consulting on legislation to support its 2023-2030 Cyber Security Strategy, including mandatory reporting of ransomware attacks, and measures to encourage more open dialogue with the Australian Signals Directorate and the National Cyber Coordinator during a cyber incident.
  • The Australian Law Reform Commission’s damning findings into the state of Australia’s corporation and financial services law, which it describes as a ‘tangled mess’ and no longer fit for purpose, were tabled in Parliament in January.
  • The recent Federal Court decision in the long-running Worley class action sheds light on when a company lacks reasonable grounds for its forecasts.
  • ASX has adjusted its approach to listed entities that seek to change option terms, including for the exercise of performance rights.

Robust and effective governance is the key to every successful and resilient business. Our specialist Board Advisory and Governance team works closely with boards and senior management of listed and unlisted companies and investment funds in understanding stakeholder expectations and meeting contemporary governance standards.

Closing Loopholes legislation redefines ‘serious contraventions’ and increases penalties

The Closing Loopholes No 2 legislation, which passed in February, made important changes to the workplace laws. Our take on the legislation is available in this Insight article by our Employment team. The Fair Work Ombudsman has published a useful summary of the changes and a timeline for their implementation.

For boards, it is important to recognise that the legislation amends the civil penalties regime in the Fair Work Act 2009 (Cth). The FWA includes many civil remedy provisions under which the prescribed penalty for a breach increases 10-fold if a contravention is classed as a ‘serious contravention’. Previously, a contravention was treated as serious only if the conduct (such as underpayment) was engaged in knowingly and systematically.

Now, a contravention will be treated as serious if the defendant behaved knowingly or recklessly. A corporation knowingly contravenes the law if it ‘expressly, tacitly or impliedly authorised the contravention’. A company or person is reckless if they are ‘aware of a substantial risk that the contravention would occur; and having regard to the circumstances known to the person, it is unjustifiable to take the risk’.

So, what constitutes a serious contravention of the FWA has changed to include conduct engaged in either knowingly or recklessly, and it is no longer necessary to prove a breach was done knowingly and systematically for the higher penalties to apply.

The legislation also very significantly increased the maximum civil penalties for serious contraventions by medium and large businesses to $4,695,000, from $939,000. This change came into effect on 27 February 2024.

Failure to prevent foreign bribery is now an offence

Changes to Commonwealth crimes legislation dealing with foreign bribery, which passed the Senate on 29 February, create a new offence for corporations of ‘failing to prevent’ the payment of bribes to foreign officials by their employees and agents. This brings the Australian law into closer alignment with foreign corrupt practices laws in the UK and USA, and goes part of the way to combatting longstanding international criticisms of Australia’s weak enforcement record in this area.

The new offence makes a corporation liable for failing to prevent foreign bribery by an ‘associate’ for the profit or gain of the corporation. Associate is broadly defined. However, it creates a defence that is available if the corporation proves that it ‘had in place adequate procedures designed to prevent’ the offending. The corporation has the legal burden of proving the existence and adequacy of those procedures. 

If it cannot, the penalties are significant. A corporation that cannot establish the affirmative defence commits a crime and faces a maximum fine of the highest of 100,000 penalty units (currently $31,300,000), three times the benefit obtained or, if that cannot be ascertained, then 10 per cent of annual turnover.

The use of failure to prevent laws was explored by the Australian Law Reform Commission in its inquiry into corporate criminal responsibility in 2019. Corporations whose associates deal with foreign officials need to be aware of the risk and take active steps to address it, as past cases involving Reserve Bank subsidiary Securency and engineering firm SKM clearly demonstrate.

We expect that boards will be looking for assurance on the coverage and adequacy of prevention measures.  

ASX Corporate Governance Council releases draft CGPR

The ASX Corporate Governance Council (ASX CGC) has released a consultation draft of the fifth edition of its Corporate Governance Principles and Recommendations. The differences from the current edition, adopted in 2019, are fairly modest – the document is still structured as a cascade of principles, recommendations and commentary against which listed entities report on an ‘if not, why not’ basis. The eight core principles have been retained, albeit with some proposed changes of expression. The consultation draft contains 33 general recommendations, down from 35, and removes some recommendations that significantly overlapped with existing laws.

Boards will be particularly interested in the changes to the commentary to Recommendation 1.1, which deals with board charters. This is a window on where the members of ASX CGC landed on the role of the board of a listed entity. For example, the drafting has changed on purpose, values, culture, and the relevance of stakeholder interests. The new drafting includes that the board should set the strategic objectives and “oversee implementation of these strategic objectives to build sustainable value for security holders of the entity. This includes having regard to the interests of the entity’s key stakeholders as appropriate.”

We think the proposed changes go some way to improving the clarity and contemporary relevance of the CGPR, although it is a pity the opportunity to undertake a more comprehensive review (directed at sharpening the focus and allowing more modern governance models) was missed.

Treasury continues to work on mandatory climate-related financial disclosure

Over January, the Treasury consulted on draft legislation to mandate climate-related financial disclosure by medium and large listed and unlisted entities. The new regime will require entities caught by it to include a ‘sustainability report’ in their annual report, alongside the financial report and directors’ report. For now, the sustainability report will deal with climate-related risks and opportunities, but there is scope for the Minister to expand it later to include other environmental disclosure (for example, disclosure based on the proposed TNFD framework for nature-related impacts in ecosystems, biodiversity and water).

Separately, the AASB has been consulting on Sustainability Standards that will form the basis of the climate-related disclosure. While the draft Standards are based on IFRS S1 and S2 finalised last year, there are differences. The required disclosure is different from existing TCFD reporting, and is subject to a different liability regime.

A recent study by Chartered Accountants ANZ, the University of Melbourne and the University of Queensland found that more than one-third of reporting companies globally now include climate-related risks in the notes to their financial statements. The European Sustainability Reporting Standards were adopted in July 2023 and the US SEC published its final rules for climate-related disclosure on 6 March 2024. The CRFD legislation is the next step in that process for Australian reporting entities.

These links take you to our Q&A on the exposure draft legislation and our observations about the difficult policy issues still to be resolved, including the form of the required directors’ declarations about the disclosure, the assurance gap, and the (very) limited immunity from private litigation that may be available in 2024-7 for some forward-looking statements.

The Treasurer remains committed to introducing the legislation in the Autumn session, but a start date for Group 1 entities of 1 July 2024 is looking increasingly shaky.

Home Affairs consults on cyber incident reporting

The Department of Home Affairs is consulting widely on the design principles for legislation to implement its 2023-2030 Australian Cybe​r Security Strategy. The current thinking is to legislate in nine areas. The proposed measures are:

  • New cyber security legislation
    • Secure-by-design standards for Internet of Things devices
    • Ransomware reporting
    • Limited use obligation for information provided to the Australian Signals Directorate (ASD) and the National Cyber Security Coordinator (Cyber Coordinator)
    • Establishing a Cyber Incident Review Board
  • Changes to the Security of Critical Infrastructure (SOCI) legislation
    • Data storage systems and business critical data
    • Consequence management powers
    • Simplifying protected information provisions
    • Review and remedy powers
    • Consolidation of telecommunications security requirements under the SOCI Act.

The mandatory ransomware reporting obligation and the ‘limited use’ provision for information voluntarily shared with the ASD and the Cyber Coordinator are both being designed with a view to encouraging entities facing a cyber incident to share information quickly. This is intended to allow ASD and the Cyber Coordinator to help in the entity’s response and to build the broader threat picture. However, handing over information – including information potentially covered by legal professional privilege – in these circumstances can create legal risks for corporations and their boards unless ‘limited sharing’ measures are also included. We are keeping a close eye on the consultation.

Our Autumn edition of Digital Bytes takes you through this and other recent developments in cyber, privacy and data, including the updates to the Government’s cyber security Essential Eight Maturity Model.

ALRC findings on the state of Australia’s corporations and financial services laws tabled in Parliament

The Hayne Royal Commission’s findings about the causes of misconduct in the banking, superannuation and financial service industry in 2019 included that the poor state of the legislation governing the sector contributed to the problem. In response, the then Government tasked the Australian Law Reform Commission (ALRC) with reviewing the legislation to see whether it could be improved ‘within existing policy settings’.

The findings of the ALRC’s three-and-a-half year inquiry were tabled in Parliament in January. The ALRC President Justice Mordy Bromberg said at the time that the laws are ‘a confusing maze and need to be overhauled’. His Honour concluded that the reforms proposed by the ALRC ‘will make these laws easier to understand and navigate, drive down the costs associated with complying with the law, and make it easier for consumers to understand and enforce their rights’. Perhaps, but we are yet to be convinced they go far enough.

The ALRC’s 58 recommendations remain with the Government for consideration. We think the business and legal communities have a common interest in improving the quality of business regulation – within and beyond the financial sector – and that the findings of the ALRC require a broader discussion of the processes by which new business regulation comes into existence.

Federal Court discusses when a corporation ‘knows’ it lacks reasonable grounds for a forecast

Corporations that publish forecasts must have (and be able to demonstrate) a reasonable basis for them. The recent decision in the long-running Worley class action, which arose out of forecasts released by the ASX listed company to the market in 2013, raises interesting questions about when a corporation ‘knows’ that the numbers behind those forecasts are shaky.

Our article, 'Crowley v Worley – is a company liable for not disclosing information it doesn't know?', discusses the legal issues raised by the case, and where it might take us.

ASX clarifies its position on changes to milestones under performance rights

ASX has clarified its approach where listed entities seek to alter the terms on which performance rights can be exercised. Specifically, ASX considers a performance right to be an option for these purposes – and any relaxation of a performance hurdle (or exercise of a discretion to waive a performance hurdle) will be prohibited without a waiver.  This article, 'Performance not optional – ASX guidance on waiving performance right hurdles', explains the ASX’s position in further detail.

Important Disclaimer: The material contained in this article is comment of a general nature only and is not and nor is it intended to be advice on any specific professional matter. In that the effectiveness or accuracy of any professional advice depends upon the particular circumstances of each case, neither the firm nor any individual author accepts any responsibility whatsoever for any acts or omissions resulting from reliance upon the content of any articles. Before acting on the basis of any material contained in this publication, we recommend that you consult your professional adviser. Liability limited by a scheme approved under Professional Standards Legislation (Australia-wide except in Tasmania).

Related insights Read more insight

Takeovers Panel orders The Market Limited to appoint two independent directors

Usually who serves on the board of a listed company is a matter for the company itself and others, including the courts, only rarely intervene. That’s why the Takeovers Panel’s order requiring...

When is a final decision not final? Key learnings from the ASIC v iSignthis saga

The recent decision of the Federal Court in relation to proceedings brought by ASIC against iSignthis Limited and its former Managing Director and CEO, Mr Nickolas Karantzis highlights that a...

Digital Bytes – cyber, privacy & data update

Welcome to Digital Bytes, our latest quarterly update on current developments in cyber, privacy and data governance.