This is a service specifically targeted at the needs of busy non-executive Directors. We aim to give you a ‘heads up’ on the things that matter for NEDs in the week ahead – all in two minutes or less.

In this edition, we discuss the new framework published by ASIC aimed at improving positive financial outcomes for First Nations people, proposed changes to the treatment of franking credits in off-market share buy backs, and ASIC’s enforcement focus areas for 2023. We also turn to the Federal Court’s seminal decision in handing down the largest ever penalty for breaches of continuous disclosure obligations.

In Risk Radar, we look at the adequacy of disclosure in relation to cyber-attacks.


ASIC publishes Indigenous Financial Services Framework (Framework).  Following several phases of consultation between 2019 to 2022 with First Nations peoples, financial service industry representatives and various Government departments, ASIC has developed the Framework to help deliver positive financial outcomes for First Nations peoples. The Framework is designed to guide ASIC’s engagement with First Nations consumers by identifying long-term objectives, which require continual collaboration between ASIC and its stakeholders. The Framework expects to reduce the impact of harm and misconduct on individuals and communities, provide accessible and appropriate financial products and services, increase holistic service provision and delivery, and to establish positive and culturally appropriate experiences when engaging with the financial services industry and other service providers. In addition to the Framework, ASIC published its Stretch Reconciliation Action Plan 2023 – 2026 (RAP). The Framework and the RAP are intended to promote ASIC’s priority of supporting positive financial outcomes for First Nations consumers and communicating expectations to industry participants on best practice engagement with First Nations consumers and investors. See ASIC Media Release and ASIC's Stretch Reconciliation Action Plan

Where to next for off-market share buy-backs? On 16 February 2023, the Federal Government introduced Schedule 4 of the Treasury Laws Amendment (2023) Measures No. 1 Bill 2023, which proposes changes to treatment of off-market share buy-backs conducted by listed public companies for franking credit purposes, with a consequential impact on the way capital gains tax implications are calculated. Historically, off-market buy-backs of shares of listed public companies have occurred at a discount to their trading values, which the Australian Taxation Office has restricted to a discount of 14%. Under the proposed changes, the rationale for the discounted buy-back price will be removed, raising the question as to why listed companies would choose to undertake an off-market buy-back at all. It anticipated that companies will no longer have a clear preference to implement an off-market share buy-back as a means of capital management, as the removal of franking credit benefits results in no fundamental tax difference between an on-market and an off-market buy-back for a listed public company. For more information on the proposed changes, see G + T Knowledge article published 9 February 2023.

ASIC to expand enforcement focus areas in 2023. On 15 February 2023, ASIC warned businesses ‘it will be targeting greenwashing, predatory lending and misleading insurance pricing promises this year, as part of a continuing focus on protecting consumers from financial harm’. Additionally, ASIC has published a regulatory developments timetable, which is aimed at increasing industry transparency on when to anticipate ASIC drafts, guidance and new legislative instruments. See ASIC Media Release.


Federal Court hands down the largest ever penalty for breaching continuous disclosure laws. GetSwift Limited (formerly ASX:GSW) (GetSwift) (in liquidation), a logistics software start up, has been ordered to pay a $15m penalty for contravening its continuous disclosure obligations under section 674 of the Corporations Act 2001 (Cth) (Act). In February 2019, ASIC commenced civil proceedings against Getswift, and its former director, CEO and executive chairman, Mr Hunter and two former directors, Mr Macdonald and Mr Eagle. In November 2021, the Court found that GetSwift made numerous misleading statements in its announcements on the ASX and breached its continuous disclosure obligations on 22 separate occasions. The directors were found to have knowingly misled the market, as well as being aware of Getswift’s continuous disclosure breaches. The Federal Court described Getswift as a company that ‘became a market darling because it adopted an unlawful public-relations-driven approach to corporate disclosure instigated and driven by those wielding power within the company’. Justice Lee found Mr Macdonald was focussed on making money and had ‘little understanding or regard for his legal obligations as a director’. Previously, the maximum penalty per contravention of section 674 comprised a maximum fine of $1 million for a company and $200,000 for an individual. However, higher penalties of up to $10.5 million for a company and $1.05 million for an individual were introduced in March 2019. Under the new regime, Mr Hunter was ordered to pay a penalty of $2 million and disqualified from managing corporations for 15 years and Mr Macdonald was ordered to pay a penalty of $1 million and disqualified for 12 years. ASIC notes the penalties to Mr Hunter and Mr McDonald are two of the highest penalties against directors for corporate misconduct. See ASIC Media Release.


Prepare to disclose all cyber-attacks. Research attributed to Professor Alex Frino of the University of Wollongong indicates that over the past decade, only 11 out of 36 cyber-attacks against ASX-listed companies were reported to investors. See Australian Financial Review article. However, the average drop in market value of 5% in the aftermath of a 'successful’ cyber-attack, may indicate that significant cyber breaches are material events that ought to be disclosed. ASX’s Chief Compliance Officer, Mr Daniel Moran, has indicated that listed entities should deploy brief trading halts to avoid false or misleading reporting, and must then disclose knowledge of cyber-attacks as soon as possible. ASIC, too, has warned of potential regulatory action in the case of breaches of continuous disclosure obligations in the event of cyber-attacks. Cyber risks have already been elevated in the consciousness of most boardrooms, but for listed companies, it is also critical to remember the regulatory overlay and the potential for direct financial loss from cyber-attacks to be exacerbated by financial penalties for non-disclosure or, in extreme cases, class action litigation.

Expertise Area