This is a service specifically targeted at the needs of busy non-executive directors (NEDs).  We aim to give you a ‘heads up’ on the things that matter for NEDs in the week ahead - all in two minutes or less.

In this edition, we look at the independent review of amendments to Australia’s continuous disclosure laws introduced in 2021, and the release of the final recommendations of the Taskforce on Nature-related Financial Disclosures (TNFD).  We also discuss proceedings commenced by the Australia Securities and Investments Commission (ASIC) against the provider of the Kraken crypto exchange for alleged design and distribution failures, as well as the decision of the Federal Court in ASIC v Wilson (No 3) in relation to alleged breaches of continuous disclosure obligations.

In Risk Radar, we discuss the warning given by ASIC Chair Joe Longo for companies to take third-party cyber risks seriously.

REGULATION 

Treasury appoints independent reviewer of continuous disclosure laws.  On 19 September 2023, the Treasury announced that Dr Kevin Lewis, former chief compliance officer at the Australian Securities Exchange (ASX), had been appointed to conduct an independent review of amendments to Australia’s continuous disclosure laws.  The relevant amendments were introduced by the Treasury Laws Amendment (2021 Measures No 1) Act 2021 (Cth) (Amending Act), and made companies and their officers only liable for civil penalty proceedings in respect of continuous disclosure obligations where they have acted with “knowledge, recklessness or negligence” (see previous edition of Boardroom Brief ).  In his review, Dr Lewis will have regard to: (a) whether the amendments introduced by the Amending Act are working in support of an efficient, effective, and well-informed market; (b) the effect of the amendments on the quality and nature of disclosures made by listed companies; (c) continuous disclosure regimes in overseas jurisdictions; and (d) whether the amendments have given rise to any barriers that might prevent enforcement of, or compliance with, continuous disclosure obligations.  The review will be open to public consultation and is due to be completed by 14 February 2024.  See Treasury media release .

Taskforce on Nature-related Financial Disclosures releases final recommendations.  On 18 September 2023, the TNFD published its final recommendations for nature-related risk management and disclosure.  The TNFD’s recommendations are aimed at providing companies and financial institutions of all sizes with a risk management and disclosure framework to identify, assess, manage and, where appropriate, disclose nature-related issues.  It includes 14 recommended disclosures covering four key areas: governance, strategy, risk & impact management, and metrics & targets.  The TNFD’s recommendations build on the recommendations of the Task Force on Climate-related Financial Disclosures, and have been designed to enable companies to integrate climate and nature-related reporting.  Elizabeth Mrema, Co-chair of the TNFD, stated that “[s]caling up action to restore the resilience of nature is now a global policy and regulatory priority, and it is business-critical, posing significant long-term financial impact if not acted upon ”.  Directors should consider their company’s exposure to nature-related financial risks, and whether it is appropriate for the TNFD’s recommendations to be incorporated into their company’s reporting practices.  See TNFD recommendations and media release .

LEGAL

ASIC commences proceedings against provider of Kraken crypto exchange.   On 21 September 2023, ASIC announced that it commenced proceedings in the Federal Court of Australia against Bit Trade Pty Ltd (Bit Trade), the provider of the Kraken crypto exchange, for alleged failures to comply with the design and distribution obligations in the Corporations Act 2001 (Cth).  The design and distribution obligations require firms to design financial products that meet the needs of consumers, and to distribute those products in a targeted manner.  ASIC alleges that Bit Trade failed to adhere to these obligations by failing to make a target market determination for the margin trading product it offers Australian customers on the Kraken exchange.  ASIC claims that the relevant margin trading product functions as a credit facility since it allows customers to access credit for buying and selling crypto assets on the Kraken exchange.  ASIC Deputy Chair, Sarah Court, emphasised that “[t]hese proceedings should send a message to the crypto community that products will continue to be scrutinised by ASIC to ensure they comply with regulatory obligations in order to protect consumers ”.  As discussed in a previous edition of Boardroom Brief , reducing harm to consumers associated with product design and distribution is one of ASIC’s key priorities for 2023-27.  See ASIC media release .

ASIC fails to establish that former managing director breached directors’ duties.  On 28 August 2023, the Federal Court published Jackson J’s reasons for his decision in ASIC v Wilson (No 3) [2023] FCA 1009, in which his Honour rejected claims by ASIC that Mr Frank Wilson, the former managing director of Quintis Limited (Quintis), breached his duties as a director.  ASIC alleged that Mr Wilson breached his obligations of care and diligence under section 180(1) of the Corporations Act by failing to tell the board of directors of Quintis that certain material agreements were to be terminated, and subsequently, that they had been terminated, with effect from 1 January 2017.  ASIC further alleged that Mr Wilson failed to ensure that Quintis did not mislead the market about the termination of the agreements.  Quintis disclosed the termination of these agreements to the ASX on 10 May 2017, following which its share price fell approximately 72.4%.  Ultimately, Jackson J considered that ASIC failed to establish that Mr Wilson knew of the termination of the agreements in December 2016, and therefore failed to establish the alleged breach of directors’ duties and the alleged failure to ensure that Quintis did not mislead the market.  Further, while ASIC did not allege that Quintis had breached its continuous disclosure obligations, Jackson J considered that there was a serious risk that these obligations would have been breached given that various ASX announcements released by Quintus “created a belief and expectation on the part of investors that the [material agreements] were important to Quintis's long term prospects ”.  While ASIC was ultimately unsuccessful, the case serves as an important reminder to NEDs of the importance of robust internal communication and continuous disclosure procedures.  See ASIC v Wilson (No 3) [2023] FCA 1009 and ASIC media release .

RISK RADAR

ASIC Chair warns companies to take third-party cyber risks seriously.  On 18 September 2023, during an address at the Australian Financial Review Cyber Summit, ASIC Chair Mr Joe Longo warned organisations to actively evaluate and manage third-party cyber risks.  Mr Longo expressed that cyber security and cyber resilience must be top priorities for all boards, and explained that ASIC expects boards to exercise oversight of cyber security risk throughout the organisation’s supply chains.  Contracting with a third-party cyber security supplier is not sufficient to discharge directors’ duties, and it may expose a company to further risk in itself.  Boards must take an active approach and engage in both planning and testing of their cyber security and cyber resilience measures.  Mr Longo further warned that a failure to give sufficient priority to cyber security and cyber resilience “creates a foreseeable risk of harm to the company and thereby exposes the directors to potential enforcement action by ASIC based on the directors not acting with reasonable care and diligence ”.  As discussed in a previous edition of Boardroom Brief , cyber and operational resilience is one of ASIC’s six core strategic projects for 2023-27.  Directors are urged to give cyber security and cyber resilience due care and attention to minimise the risk of harm associated with cyber breaches and/or enforcement action by ASIC.  See ASIC media release .