This is a service specifically targeted at the needs of busy non-executive directors (NEDs).  We aim to give you a ‘heads up’ on the things that matter for NEDs in the week ahead – all in two minutes or less.

In this edition, we discuss the Markets Disciplinary Panel’s imposition of its largest ever penalty, the maximum penalties for failure to comply with continuous disclosure infringement notices, changes in foreign investment fees, and the Taskforce on Nature-related Financial Disclosures’s impending recommendations on nature-related risk management and disclosure.  We also examine the Takeovers Panel application in relation to the affairs of Benjamin Hornigold Limited.

In Risk Radar, we discuss common cyber security weaknesses highlighted by a recent APRA study.

GOVERNANCE + REGULATION

Openmarkets Australia receive largest ever penalty imposed by Markets Disciplinary Panel.  On 6 July 2023, Openmarkets Australia Ltd (Openmarkets), a brokering service, received a $4.5 million penalty from ASIC’s Markets Disciplinary Panel (MDP).  The Australian Securities and Investments Commission (ASIC) commenced an investigation into Openmarkets when routine surveillance identified suspicious trading by one of their clients.  The client had placed simultaneous bid and ask orders in the same security and at the same price on over 2,000 occasions.  The MDP was scathing of Openmarkets’ poor history and lack of controls to identify suspicious trading.  The MDP also found that Openmarkets failed to report suspicious trading to ASIC and that senior staff members had warned clients of the surveillance system alerts they triggered instead of escalating the matter.  In addition to the fine, Openmarkets’ former head of trading has been banned from providing financial services for three years.  This outcome from the MDP “sends a clear message to market participants that breaches of market integrity rules will result in substantial penalties that should not be seen as a cost of doing business”.  See MDP decision.

ASIC significantly increases penalties for failure to comply with continuous disclosure infringement notices.  On 5 July 2023, ASIC reissued Regulatory Guide 73 (RG 73) to reflect an increase in the maximum pecuniary penalty for failure to comply with infringement notices issued in relation to continuous disclosure obligations.  Infringement notices are a means by which ASIC can respond to alleged breaches by disclosing entities of the continuous disclosure obligations in Ch 6CA of the Corporations Act 2001 (Cth) (Corporations Act).  Previously, ASIC would not seek a penalty greater than $1 million. However, under the updated RG 73, the maximum pecuniary penalty for individuals is the greater of 5,000 penalty units ($1,565,000) and three times the benefit derived and detriment avoided.  For bodies corporate, the updated maximum penalty is the larger of 50,000 penalty units ($15,650,000), three times the benefit derived and detriment avoided, and 10% of annual turnover for the 12-month period preceding the contravention (up to a maximum of 2.5 million penalty units ($782,500,000).  See the reissued ASIC RG 73 which incorporates the 5 July 2023 amendments.

Treasury announces foreign investment fee changes.  On 28 June 2023, the Treasury announced fee indexation changes which came into effect on 1 July 2023.  These changes focus on the foreign investment notification and application process under the Foreign Acquisitions and Takeovers Act 1975 (Cth).  The fees are indexed each financial year from the averages of the CPI.  Treasury has released an updated Guidance Note 10: Fees on Foreign Investment Applications which details the fee structures and requirements of various transactions (among other things).  Directors should be mindful of the updated fee requirements and guidance when dealing with foreign investment proposals.

TNFD announces launch date for recommendations on nature-related risk management and disclosure.  The Taskforce on Nature-related Financial Disclosures (TNFD) has announced that its recommendations on nature-related risk management and disclosure will be launched on 18 September 2023.  The TNFD is a global initiative which aims to develop risk management and disclosure frameworks to help corporate entities to assess, manage and report their impacts on nature.  The TNFD has released several iterations of its beta framework as a means of engaging the private sector in consultation and co-design.  The beta framework provides specific guidance based on the industry (currently agriculture and food, mining and metals, and energy and financial institutions) and biome (including rivers and streams and tropical forests) in which an entity operates.  See TNFD draft framework.  See also TNFD launch announcement.

LEGAL

Takeovers Panel receives an application in relation to the affairs of Benjamin Hornigold Limited.  On 10 July 2023, the Takeovers Panel (Panel) received an application from Dawney & Co Ltd (Dawney) in relation to the affairs of Benjamin Hornigold Limited (BHD).  Dawney holds 12.04% of BHD shares and alleges, among other things, that three of BHD’s directors (Directors) are undisclosed associates of BHD by virtue of numerous acquisitions of BHD shares to increase their collective voting power in BHD and that this accumulation of voting power (collectively, 32.57%) has not been disclosed, in contravention of sections 671B(1) and 606 of the Corporations Act.  Dawney also allege that an association exists as the Directors recommended shareholders vote against a proposed resolution to consider BHD be placed in voluntary liquidation at a general meeting requisitioned by Dawney.  Dawney is seeking final orders that related entities of the Directors be required to make a takeover bid with respect to BHD, Directors provide substantial holder notices and all BHD shares acquired in contravention of the Corporations Act be vested in ASIC for sale.  See Takeovers Panel media release.

RISK RADAR

APRA study highlights common cyber security weaknesses.  A recent study by the Australian Prudential Regulation Authority (APRA) on cyber resilience in financial services identified control gaps in the cyber security practices of APRA-regulated entities.  Key findings from the study reveal common weaknesses, including incomplete identification and classification of critical information assets, limited assessment of third-party information security capability, inadequate execution of control testing programs, and lack of regular review and testing of incident response plans.  Wherever relevant, NEDs should ensure that management prioritises addressing the gaps identified in the study, including by establishing clear policies for asset identification and classification, conducting thorough assessments of third-party security controls, implementing robust control testing programs, and maintaining regularly tested incident response plans.  By addressing these weaknesses, entities can enhance their cyber resilience and APRA-regulated entities can ensure they meet the obligations outlined in prudential standard CPS 234 Information Security.  See APRA insight article.