New year

From 1 January 2020, public companies, large proprietary companies and corporate trustees of APRA-regulated superannuation entities needed to have a whistleblower policy in place. (See here for background on the reforms to the Corporations Act that strengthen whistleblower protections). ASIC has granted relief from the requirement to have a policy to public companies that are NFPs or charities and have yearly consolidated revenue of less than $1 million.

ASIC has also released new guidance for companies on whistleblower policies – see Regulatory Guide 270 - Whistleblower policies.

More generally, companies will be looking to the substance of their internal policies and procedures to ensure compliance with the substantive whistleblowing protections under the Corporations Act, which still apply to organisations exempted from the requirement to have a formal policy in place. 

Royal commission reports

The Royal Commission into Aged Care Quality and Safety will issue its final report on 12 November 2020. Governance is expected to be a focus of the final report, which will set a framework for a complete overhaul of the aged care system — from system philosophy and design to interactions with health and disability services, to workforce, funding and regulation.

In mid-November last year, the Aged Care Royal Commission sat in Hobart. For the first time, the focus was governance in aged care, the links between governance and outcomes and how the commission may look to improve governance.

The Interim Report released last year in 2019, entitled Neglect, sets out the extent of the failure of Australia’s aged care services and called for an overhaul of the design, objectives, regulation and funding of aged care in Australia. Directors should note that the governance discussion is still at an early stage and that directors and boards may be the focus of future hearings. Read more on the Interim Report and the AICD view of the effect on NFP governance.

Meanwhile, the Disability Royal Commission is to issue an interim report no later than 30 October 2020 and a final report no later than 29 April 2022. Hearings began in Townsville in November last year and the inquiry sat in Melbourne in December, where the issue of neglect and abuse in group homes was examined.

A total of 177 submissions have been received by the Royal Commission into Violence, Abuse, Neglect and Exploitation of People with Disability.

APRA targets boards on cyber security

APRA-regulated entities have until 1 July 2020 to ensure their arrangements with third party service providers comply with stricter cyber-security requirements issued last year under Prudential Standard CPS234. The standard requires regulated firms to develop adequate cyber-security systems, clearly identify who in the firm is responsible for cyber security, and to notify APRA of all "material information security incidents".

Overall, APRA is revising its approach to supervision of governance, culture, remuneration and accountability. It has indicated that this will involve strengthening the prudential framework; sharpening its supervisory focus and sharing its insights.

Some key activities APRA has flagged include updates to Prudential Standard CPS 510 (Governance) (with areas for review to include the effectiveness of board obligations in relation to risk culture, the relative emphasis on financial and non-financial risks, and the need to strengthen requirements in relation to compliance and audit functions) and conducting deep dive and thematic reviews in areas such as risk culture and drivers of effective governance practices.

The AICD also expects APRA’s new Prudential Standard on remuneration CPS 511 (Remuneration) to be released in the first half of this year. APRA is working with ASIC and Treasury to design, implement and jointly administer an expanded accountability regime (modelled on the Banking Executive Accountability Regime) for regulated entities.

Government inquiry into audit to report by March

The Parliamentary Joint Committee (PJC) on Corporations and Financial Services is to report on the findings of the inquiry into Regulation of Auditing in Australia by 1 March 2020. The big four accounting firms are expected to come under scrutiny over alleged conflicts of interest between their consulting and auditing work, particularly for major banks. The committee said in a 2019 report that it had “ongoing concerns” about company audit quality and wanted a “serious review” of audit. The inquiry findings are likely to impact board audit committees, with ASIC also flagging that it will focus on audit quality as part of its Corporate Governance Taskforce. Read the AICD submission here.

ASIC report on variable remuneration

ASIC is expected to release the second report of its Corporate Governance Taskforce this year, to focus on board oversight of variable remuneration – a vexed issue, especially in financial services. ASIC’s report is set to comment on practices at listed entities both within and outside financial services.

This follows the Taskforce’s report on director and officer oversight of non-financial risk last year. This year, ASIC will continue its supervision activities for the remainder of FY20 and continue to engage in more intensive supervision to improve corporate culture and conduct (including through its Close and Continuing Monitoring program aimed at large financial firms, and the Corporate Governance Taskforce).

We will also continue to see an increase in court-based enforcement underpinned by ASIC’s new “why not litigate” approach. Enforcement will target cases of high deterrence value and those involving egregious harm or misconduct (especially towards vulnerable consumers), and will likely seek to utilise new powers and penalties focused on corporate and individual accountability. ASIC has also flagged expanded oversight of financial markets, including on-site reviews of culture and conduct risk programs, corporate governance and compliance arrangements.

Work Health Safety

Work health and safety will continue to be a focus for governments and boards alike. The findings of the Boland review into the model work health safety laws are currently the subject to a regulation impact statement process undertaken by Safe Work Australia. The recommendations flowing out of the review include that:

  • access to insurance for payment of WHS fines (but not legal costs) be prohibited; and
  • a new offence of industrial manslaughter be introduced where the outcome of gross negligence by duty holders is the death of a person.

Notwithstanding the recommendations, and the fact that COAG has yet to consider them, in recent months, WHS reforms, including new industrial manslaughter offences, have been proposed or legislated in NSW, Victoria, WA and the Northern Territory.

The Australian Council of Superannuation Investors has also recently called for mandatory market reporting of workplace fatalities by listed companies, following a recent report showing limited disclosures by the ASX 200. Of particular concern is the safety of contractors, with that category of worker being over-represented in workplace fatalities.

Modern Slavery reporting

Organisations which are covered by the Commonwealth legislation should begin to prepare for modern slavery reporting deadlines. Australia’s Modern Slavery Act 2018 (Cth), which took effect on 1 January 2019, requires organisations to provide a statement on modern slavery risks in their operations and supply chains, and to take steps to address these risks.

The Commonwealth Modern Slavery laws apply to Australian entities with annual consolidated revenue of $100 million or more. Statements must be submitted annually, with first statements due this year. If your organisation is required to comply, please refer to the AICD's practical tool designed to assist directors with their oversight role of modern slavery risk in their operations and supply chains. It also sets out timelines for reporting.

By way of update, the NSW Modern Slavery Act 2018 remains on hold pending the outcome of a parliamentary inquiry. Click here to access the AICD Director Tool on modern slavery risk oversight.

Foreign bribery shake-up

In December 2019, the Crimes Legislation Amendment (Combatting Corporate Crime) Bill 2019 (Cth) (2019 Bill) was introduced into the Senate by the federal government, which would see the introduction of a new failure to prevent offence for corporations, as well as the creation of a deferred prosecution agreement scheme.

The current bill has been referred to the Senate Legal and Constitutional Affairs Legislation Committee, with the committee set to report by 19 February 2020.

The government has also released draft guidance on steps that a corporation can take to prevent an associate from bribing foreign public officials, and is seeking submissions on this guidance by 28 February 2020.

The government previously went through a detailed consultation process on an earlier iteration of the bill, which resulted in it being debated, but never passed due to the 2019 federal election.

Director ID numbers back on the table

Company directors could soon be issued unique identification numbers to track them throughout their careers. In a bid to prevent illegal phoenixing activity, the new director identification numbers (DIN) will require all directors to confirm their identity to a unique identifier that will be kept permanently, even if they cease to be a director.

The Treasury Laws Amendment (Registries Modernisation and Other Measures - MBR) Bill 2019 was introduced into Federal Parliament late last year, after the previous version of the bill lapsed with the calling of the May federal election.

Assistant Treasurer Michael Sukkar says the DIN will be kept by a director forever and provide traceability of a director’s profile and relationships across companies and over time. “This will provide greater insights to regulators, businesses and individuals on the identity and affiliations of directors and prevent the use of fictitious identities,” he told Parliament.

“DINs are being appropriately progressed as part of the MBR program to ensure that they are integrated with other important registry information. This enables critical data to be linked on the platform, which is key to the success of the DIN.”

It is expected that the related issue of public accessibility to director personal information will be dealt with in phase two of the reforms where more detailed data and disclosure frameworks will be developed. More information is available on Director Identification Numbers here.