This is a service specifically targeted at the needs of busy non-executive directors (NEDs). We aim to give you a ‘heads-up’ on the things that matter for NEDs in the week ahead – all in two minutes or less.

In this edition, we discuss the introduction of the Treasury Laws Amendment (Mergers and Acquisitions Reform) Bill 2024 (Cth) to Federal Parliament, which proposes significant reforms to Australia’s merger laws, practical guidance released by the Australian Institute of Company Directors (AICD) regarding the application of a director’s statutory duty of care and diligence to a company’s compliance obligations, the $100 million penalty imposed on Qantas Airways Limited (ASX: QAN) (Qantas) for misleading consumers, and the reasons published by the Takeovers Panel for its decision not to conduct proceedings on an application in relation to the affairs of Energy Resources of Australia Limited (ASX: ERA) (ERA).

In this week’s Over the Horizon, we discuss the introduction of a suite of proposed legislation aimed at addressing gaps in Australia’s cybersecurity framework.

Regulation

Bill overhauling Australia’s merger control regime introduced to Federal Parliament

On 10 October 2024, the Treasury Laws Amendment (Mergers and Acquisitions Reform) Bill 2024 (Cth) was introduced to the House of Representatives. The Bill aims to introduce a new mandatory and suspensory notification administrative regime, which will be a significant departure from Australia’s current merger control regime which involves a voluntary informal clearance process and judicial enforcement. The Federal Treasurer, the Hon Dr Jim Chalmers MP, highlighted that the Bill “outlines the biggest reforms to Australia's merger settings in almost 50 years” and that the reforms are intended to increase scrutiny of mergers with the potential to cause serious economic harm, ‘high-risk’ mergers and acquisitions of greater than 20% interests in unlisted or private companies. Various monetary thresholds will apply. A recent G+T Knowledge article more comprehensively discusses the reforms proposed by the Bill and their practical implications for market participants.

AICD releases practice statement on directors’ duties and company compliance obligations

On 8 October 2024, the AICD released a practice statement on the application of a director’s duty of care and diligence to a company's legal and regulatory compliance obligations. The statement, which is informed by the views of barristers Mr Michael Hodge KC and Ms Sonia Tame, reminds directors that they must understand the fundamentals of the company’s business and also be aware of the key areas of applicable regulation to be able to discharge their statutory duties. While directors are not required to have detailed knowledge of all applicable regulation or eliminate all of the company’s compliance risks, they must critically assess the advice they seek to rely on with independent judgment, constructively challenge management, and remain alert to ‘red flags’ that require further enquiry. Issues which may necessitate further investigation include gaps in compliance reporting, frequent or increasing policy and protocol exceptions, lack of communication or information sharing across functional and business lines, or significant outsourcing of services with limited management oversight or control. To combat potential compliance issues, directors should ensure that they establish and maintain effective oversight and monitoring practices, such as receiving briefings from external experts on emerging risk areas, allocating responsibility for specific oversight functions to board committees, setting expectations for regular reporting, and implementing follow up action where recommended by independent experts.

Legal

$100 million penalty imposed on Qantas for misleading consumers

On 8 October 2024, the Federal Court of Australia ordered Qantas to pay a penalty of $100 million for misleading consumers by offering and selling tickets for flights it had already decided to cancel, and by failing to promptly tell existing ticketholders of its decision. This penalty is in addition to the $20 million that Qantas undertook to pay to eligible consumers affected by the impugned conduct. The penalty was imposed after Qantas admitted that it had breached the Australian Consumer Law. Australian Competition and Consumer Commission Chair, Ms Gina Cass-Gottlieb, noted that the penalty is substantial, and “sets a strong signal to all businesses, big or small, that they will face serious consequences if they mislead their customers”.

Takeovers Panel publishes reasons for declining to conduct proceedings in relation to the affairs of Energy Resources of Australia Limited

On 10 October 2024, the Panel published the reasons for its decision that there was no reasonable prospect that it would make a declaration of unacceptable circumstances on an application in relation to the affairs of ERA. As discussed in a previous edition of Boardroom Brief, Zentree Investments Limited and Packer & Co Ltd (together, the Applicants) objected to ERA’s proposed capital raise to fund ERA’s rehabilitation of a mine area up until 2027 (Raise), which the Applicants submitted would result in Rio Tinto Limited (Rio) increasing its voting power above the compulsory acquisition threshold of 90%. The Panel was satisfied that ERA’s Independent Board Committee (IBC), which was responsible for ERA’s decisions regarding the Raise, was appropriately set up and managed to minimise conflicts of interest. The Panel also found that the IBC’s decisions regarding the price and amount of the Raise, which was an 87.7% discount to ERA’s 5-day VWAP that had the potential for a material control effect, were based on “rational corporate logic”, accepting the IBC’s submissions that: (1) it had engaged in considerable negotiations with Rio over the terms of its commitment; (2) conducting a non-underwritten entitlement offer with no pre-commitments from ERA shareholders would be too risky; (3) it would be impractical to conduct separate smaller capital raisings without commitment from ERA’s shareholders. On 26 September 2024, the Panel announced that it that it had received an application from the Applicants seeking a review of the Panel’s decision. A review Panel has not yet been appointed, and the Panel has not decided whether to conduct proceedings.

Over the horizon

Australia’s landmark dedicated cybersecurity strategy now in action

On 9 October 2024, a suite of draft legislation aimed at addressing gaps in Australia’s cybersecurity framework was referred to the Parliamentary Joint Committee on Intelligence and Security for inquiry and report, including Australia’s inaugural and long-awaited standalone Cyber Security Bill 2024 (Cth). The Cyber Security Bill, along with the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill 2024 (Cth) and Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024 (Cth) are collectively aimed towards the implementation of seven initiatives under the 2023-2030 Australian Cyber Security Strategy. As discussed in a previous edition of Boardroom Brief, the Strategy sets out six ‘cyber shields’ and various initiatives to be implemented by 2030 in a bid to protect Australian citizens and businesses against cyber threats. The legislative package will, if passed: (1) mandate minimum cyber security standards for smart devices; (2) introduce mandatory ransomware reporting for certain businesses to report ransom payments; (3) introduce ‘limited use’ obligations for the National Cyber Security Coordinator and the Australian Signals Directorate; and (4) establish a Cyber Incident Review Board to ensure a well-coordinated national response to cyber threats. Federal Minister for Cyber Security, the Hon Tony Burke MP, acknowledged that these laws are “a long-overdue step for our country” which will help “achieve Australia’s vision of being a world leader in cyber security by 2030”. Submissions to the Parliamentary Joint Committee regarding the new laws are due by 25 October 2024.