This is a service specifically targeted at the needs of busy non-executive directors (NEDs).  We aim to give you a ‘heads up’ on the things that matter for NEDs in the week ahead – all in two minutes or less.

In this edition, we discuss APRA’s push for multi-factor authentication as an effective data protection measure, IOSCO’s consultation paper on crypto and digital asset regulation, and the Commonwealth Department of the Attorney General’s report considering the efficacy of modern slavery laws.  We consider the Takeovers Panel’s reasons for declining to conduct proceedings in relation to the affairs of Healius Limited and the Panel’s decision to decline to make a declaration of unacceptable circumstances in relation to the affairs of A S P Aluminium Holdings Pty Ltd.

In Risk Radar, we discuss the PwC tax scandal and the Commonwealth Government’s subsequent response which may involve a crackdown on unethical behaviour.


APRA clarifies expectations on the use of multi-factor authentication to protect data.  On 26 May 2023, the Australian Prudential Regulation Authority (APRA) published a letter emphasising the importance of using multi-factor authentication (MFA) as it is “one of the most effective controls” to prevent unauthorised access to sensitive data.  In the letter, APRA noted gaps in the implementation of MFA amongst APRA-regulated entities, including where remote access to information is given to third-party staff without MFA or where MFA is implemented on an opt-in basis.  APRA noted that it plans to review Prudential Standard CPS 234 Information Security “in due course” to clarify expectations and provide additional guidance to APRA-regulated entities concerning information security controls.  Where relevant, directors should consider whether and how their company utilises MFA to protect sensitive data.  See APRA letter.

IOSCO releases draft recommendations regarding crypto and digital asset regulation.  On 23 May 2023, the International Organisation of Securities Commissions (IOSCO) released a consultation paper outlining policy recommendations for crypto and digital asset markets (Consultation Paper).  The recommendations cover six policy areas, including (a) market manipulation, insider trading and fraud, (b) operational and technology risk and custody and (c) client asset protection.  IOSCO aims to finalise the recommendations set out in the Consultation Paper by the end of 2023, after which it expects jurisdictions (including Australia) to ensure domestic regulatory frameworks “comply with the standards”.  Feedback on the Consultation Paper is due to IOSCO by 31 July 2023.  See IOSCO media release and Consultation Paper.

Report recommends toughening Australia’s modern slavery framework.  On 25 May 2023, the Commonwealth Department of the Attorney General published a report based on a statutory review of the Modern Slavery Act 2018 (Cth) (Act), making 30 recommendations for change on the third anniversary of its commencement (Report).  The Report was drafted following consultation with participants and stakeholders, seeking input on the efficacy of the Act.  The submissions indicated that investors are paying closer attention to the quality of reporting of investment targets and that overall, there has been a major cultural shift and strengthening commitment to combat modern slavery.  However, the submissions also suggested that modern slavery reporting is not being taken as serious as expected and often represents a “box-ticking exercise”.  The Report recommends (among other things) publishing supplementary sector-specific guidance and administrative improvements to improve the reporting process.  See Report.


Takeovers Panel publishes reasons for declining to conduct proceedings on an application by Healius in relation to its affairs.  On 24 May 2023, the Takeovers Panel (Panel) published its reasons for declining to conduct proceedings on an application by Healius Limited (Healius) in relation to its own affairs.  The application concerned an off-market takeover bid by Australian Clinical Labs Limited (ACL) for Healius, which Healius alleged was unacceptable on the basis that ACL’s bidder’s statement was misleading and inadequate and that certain conditions of the bid (relating to asset acquisitions and disposals and bonus or incentive payments) were unusually extensive and restrictive.  The Panel considered that a replacement bidder’s statement (which was subsequently issued by ACL) sufficiently dealt with the issues raised in Healius’ application and for that reason, declined to conduct proceedings.  See Healius Limited [2023] ATP 6.  Gilbert + Tobin advised ACL in this matter.

Takeovers Panel declines to make a declaration of unacceptable circumstances in relation to the affairs of ASP.  On 26 May 2023, the Panel declined to make a declaration of unacceptable circumstances in response to an application from Villefranche Investments Pty Ltd as trustee of the Gates Family Trust (Villefranche) in relation to the affairs of A S P Holdings Pty Ltd (ASP) (see previous edition of Boardroom Brief).  The Panel considered that the alleged contraventions of Chapter 6 of the Corporations Act 2001 (Cth) would be more appropriately dealt with by the courts as they raised questions of law and contested facts.  Further, the Panel considered the availability of other forums (including the courts) would better ventilate Villefranche’s claims and that it would also be difficult for the Panel to fully investigate the allegations.  See Takeovers Panel media release.


Commonwealth Government response to PwC tax controversy.  PricewaterhouseCoopers (PwC) Australia continues to be the focus of media attention following revelations confidential Commonwealth tax proposals may have been provided to clients.  The Government has signalled its intention to pursue further action to clamp down on unethical behaviour and strengthen the Tax Practitioners Board.  The Greens, meanwhile, are pushing for a ban on government contracts with PwC Australia, noting the $220 million in contracts the firm has with the Department of Defence.  See news article.  Directors of both Government corporate entities and corporates or firms that provide services to Government, need to be cognisant of the additional and specific risks that can arise from coming into contact with “cabinet in confidence” material.  Government attaches a high premium to confidentiality in its dealings with the private sector, as this is necessary to preserve the integrity of public decision-making while achieving the efficiency and quality standards that the private sector can offer. 

Expertise Area