Above Board: Board Advisory and Governance Update – Spring 2025

ASX has introduced significant reforms to its waiver disclosure regime, effective from September 2025, aimed at improving market transparency and consistency. These changes respond to investor concerns about inadequate disclosure in high-profile cases, such as the waiver granted to James Hardie Industries under Listing Rule 7.1.

Historically, ASX published waiver details bi-monthly, often weeks after approval, and inconsistently applied disclosure conditions. Under the new framework, all waivers will carry a standardised disclosure condition requiring listed entities to publicly disclose the nature, effect and rationale for the waiver within one business day of receipt via the market announcements platform. This condition applies to all waivers from September 2025 and may be applied to waivers from 11 August 2025 on a case-by-case basis.

Recognising the sensitivity of incomplete or confidential transactions, ASX allows deferred disclosure in such cases, but mandates that the waiver be disclosed no later than the announcement of the underlying transaction. Regardless of timing, all waivers will continue to be published in ASX’s waiver register.

From 11 August 2025, waiver applications must include a draft market announcement outlining the waiver’s nature and purpose. If granted, this announcement must be released promptly unless confidentiality provisions apply.

To comply, listed entities should prepare draft announcements with all waiver applications and seek in-principle advice for sensitive proposals to manage timing and confidentiality.

Read our detailed note on the changes in our article, ‘Updated ASX wavier disclosure requirements: what listed entities need to know’. 

The Full Federal Court made final orders in the Zonia and Baron shareholder class actions against the Commonwealth Bank of Australia. The orders formalised a declaration that CBA contravened the continuous disclosure regime by failing to disclose information on 24 April 2017 about past failures to comply with its obligations under anti-money laundering laws. The information came to light in August 2017 when AUSTRAC announced civil penalty proceedings against CBA.

The orders give effect to the Full Court’s decision in Zonia Holdings Pty Ltd v Commonwealth Bank of Australia Ltd [2025] FCAFC, handed down in May. The Court upheld the primary judge’s decision to dismiss the shareholders’ claims based on alleged inflation of CBA’s share price during the period 24 April 2017 to 3 August 2017. 

Have a look at our earlier notes explaining the first instance decision in the Zonia litigation in ‘Disclosing regulatory investigations: failed CBA shareholder class actions point the way’ and our broader comment in ‘Do you need to disclose an ACCC investigation to comply with your continuous disclosure obligations?’. 

The current expanded whistleblower regime was introduced (into Part 9.4AAA of the Corporations Act) in 2019 – but, until recently, had not resulted in an enforcement outcome. This changed on 26 August 2025 when the Federal Court handed down a $7.5 million penalty (plus $1 million costs order) in the matter of ASIC v TerraCom Ltd.

The case arose as a result of a former employee (Mr Williams) raising concerns around coal quality reporting practices by TerraCom. In response, TerraCom made two ASX releases and published an open letter to its shareholders in the AFR and the Australian naming Mr Williams, suggesting that the allegations were false, and stating that it was having the conduct of its employees investigated. In May 2025 TerraCom agreed with ASIC (in a statement of agreed facts) that the public statements it had made had caused detriment to Mr Williams in the form of hurt, humiliation, distress and embarrassment by representing him as someone willing to make unfounded accusations for personal gain in circumstances where an independent investigation had, at least partially, supported his allegations.

The $7.5 million penalty was 30 per cent of the statutory maximum and was reduced to reflect (inter alia) TerraCom’s admission of wrongdoing and steps since 2021 to undertake mandatory training (relevant to the question of whether TerraCom had a ‘corporate culture conducive to compliance’) – but was still considered large enough to have the necessary ‘sting’ and not be an amount likely to be viewed as a cost of doing business. ASIC had earlier instituted civil penalty proceedings against TerraCom’s managing director and a number of other officers (alleging that those persons failed to take reasonable steps to ensure that statements made to the ASX were not false or misleading) – but those proceedings were ultimately unsuccessful. 

ASIC’s very wide regulatory remit is on display again in its corporate plan covering the period from 2025 to 2029. The plan is guided by five strategic priorities, which are to improve consumer outcomes, strengthen market disclosure and professional conduct, support better retirement outcomes and member services, strengthen operational digital and data resilience and safety, and drive integrity and transparency across markets. 

The second priority – strengthening market disclosure – nominates financial reporting, climate reporting, auditors and director conduct as areas of particular focus. ASIC says it will ‘review the policies that companies have in place to manage conflicts of interest by directors and officers … and report on good and poor practices observed’. It is also planning a review benchmarking the whistleblower programs of a selection of companies and their compliance with the whistleblower protection provisions in the Corporations Act.

The plan also references ASIC’s enduring enforcement priorities, which are to address: 

• misconduct damaging market integrity, including insider trading, continuous disclosure breaches and market manipulation;  
• misconduct impacting Aboriginal and Torres Strait Islander peoples;  
• misconduct involving a high risk of significant consumer harm, particularly conduct targeting financially vulnerable consumers;  
• systemic compliance failures by large financial institutions resulting in widespread consumer harm;  
• new or emerging conduct risks within the financial system; and
• governance and directors’ duties failures.

Two other important parts to the plan reflect key commitments made by the outgoing Chair of ASIC, Joe Longo. One deals with ASIC’s efforts towards ‘simpler and better regulation’ and the other with its operational capabilities, including stabilising and uplifting the business registers. The failure of the Modern Business Registers program, which was abandoned by the Commonwealth in 2023, was not of ASIC’s making but fixing the outdated infrastructure has now become urgent. Its RegistryConnect program will address the technology and processes for registering companies and business names, applying for licenses and maintaining and searching for registry information. 

ASIC’s Regulatory Simplification Report (REP 813) outlines the regulator’s ongoing efforts to reduce complexity in regulatory guidance and administrative processes, by making changes to its operations and within its regulatory administration. The work includes:  

• improving access to regulatory information, by testing industry-specific ‘roadmaps’ to help users navigate relevant regulations, restructuring guidance materials and enhancing its website for better usability and feedback.
• reducing complexity in regulatory instruments, by applying best-practice drafting principles and working to consolidate and simplify legislative instruments, starting with investment platform and financial reporting instruments.
• making it easier to interact with ASIC, including by accepting email lodgements for more of its paper-based form and accepting electronic signatures on all its forms from 1 October 2025 and progressing the RegistryConnect program to modernise registry systems and data quality.
• pursuing options for simplification through law reform, by proposing changes to Government that include revising the reportable situations regime and simplifying substantial holding notice forms.

The report invites feedback on further simplification opportunities, with submissions due by 15 October. Encouragingly, the ASIC Chair has also publicly recommended the reestablishment of an expert corporate law advisory body, like the former Corporations and Markets Advisory Committee. In this he joins with peak governance bodies including the AICD, the Governance Institute of Australia and the Business Law Section of the Law Council of Australia.

The second part of the Productivity Commission’s report on creating a more dynamic and resilient economy deals with regulation and its impact on business dynamism, highlighting the significant increase in both economic and social regulation over the past two decades. This regulatory expansion has coincided with a decline in Australia’s international rankings for regulatory efficiency.

The Commission identified three systemic challenges that contribute to poor regulatory outcomes. First, governments tend to be risk-averse, often prioritising the avoidance of visible failure over enabling innovation. Second, the costs of regulation are typically borne by businesses, not policymakers, leading to an underappreciation of their impact. Third, there is a tendency toward tunnel vision, where regulations are designed to achieve narrow policy goals without considering broader economic consequences.

To address these issues, the Commission recommends a suite of reforms aimed at improving regulatory quality and accountability. These include stronger Cabinet oversight, the appointment of an independent commissioner to oversee impact assessments and embedding regulatory stewardship within the public service. It also calls for more rigorous parliamentary scrutiny and regular external reviews to identify and reduce cumulative regulatory burdens.

While the recommendations are helpful, meaningful improvement will be challenging. Political and public expectations often drive complex regulation, and businesses that have built compliance systems to meet existing laws may resist change. You can read Pamela Hanrahan’s take on the proposals in the September 2025 issue of Company Director magazine.

The Productivity Commission received more than 120 responses to its paper and expects to publish its recommendations in December 2025. 

Charities with complex structures create additional governance risks, transparency challenges and potential for compliance failures. Complex structures typically involve multiple legal entities –charitable and non-charitable, for-profit and not-for-profit – operating under shared governance or resource arrangements. These may span different jurisdictions and include varied legal forms such as trusts, companies limited by guarantee and incorporated associations. 

The ACNC has identified such structures as a regulatory priority, noting that complexity can obscure accountability and increase the likelihood of misconduct or mismanagement. It has published new guidance in the form of Governance Principles for Complex Structures, recommending that charities operating within complex structures implement tailored governance frameworks that clearly define roles, responsibilities and reporting lines across entities. Risks include inadequate oversight, unclear delegation and insufficient transparency in related party transactions. The ACNC emphasises that each entity must meet its own regulatory obligations, including compliance with the Governance Standards and, where applicable, the External Conduct Standards.

To mitigate risks, the ACNC recommends that charities: 

• establish robust governance and compliance systems;
• maintain clear documentation and financial records;
• manage conflicts of interest transparently; and
• seek professional advice when navigating legal and structural complexities. 

These practices are essential to uphold public trust and ensure that charitable resources are used effectively and ethically.