ASIC lays out directors' duties

Corporate watchdog Australian Securities & Investments Commission (ASIC) has reiterated directors' duties to support an economic environment that delivers for all Australians.

In a speech to the Australian Institute of Company Directors' (AICD) Australian Governance Summit on March 02, ASIC Chair Joe Longo discussed the following:

• ASIC's role in enforcing compliance with directors' duties;
• Some practical aspects of directors' duties and ASIC's expectations of directors;
• Some insights on ASIC's recent actions to explain its approach; and
• Two areas of non-financial risk demonstrating the changing landscape that boards and directors grapple with: cyber resilience and greenwashing or sustainability-related disclosures.

ASIC – what are directors' duties?

In his speech, Longo noted that directors are required to exercise due care and diligence in discharging their duties.

“The law requires, and ASIC expects, that the key role played by the CEO be performed honestly, competently, and diligently,” Longo said.

“This applies to senior officers leading, for example, the legal and compliance, finance, and the company secretariat functions, among others.

“Once the board has asked the questions and challenged management based on what is reasonably knowable to the board at material times, then it can be immediately seen how significant the board's reliance on management is.”

Longo noted four main areas on which directors must focus when discharging their duties:

• They must ensure they are across the work their company does;
• They must act honestly and have integrity, taking responsibility for their role in the actions of the company;
• They must review information and reporting systems and plan for and consider the consequences and risks of all options in the table; and
• They have a fundamental duty to build a culture of compliance and transparency.

Addressing cyber risk in Australia

In his speech, Longo emphasised the significance of addressing cyber risks, noting the impacts of major cyberattacks against Optus and Medibank.

“These attacks exposed the personal data of millions of current and former customers of these companies. And last month, we saw an attack on ION, a global technology vendor that provides software to derivatives clearing participants, including a number in Australia. Customers disrupted included some of the world's biggest banks, brokerages, and hedge funds,” he said.

“Recent events should make it clear that cyber preparedness is squarely a board-level issue. How the board ensures sufficient oversight of threats, vulnerabilities and mitigating controls will set the tone for the cyber resilience of an organisation.”

According to ASIC, the issues boards need to consider when addressing cyber risk are the following:

• Is cyber risk included in your organisational risk management framework?
• What is your response and recovery plan, and has it been tested?
• Is it clear how you would communicate with your customers, regulators, and the market when things go wrong?

Addressing greenwashing and sustainability-related disclosure

Longo emphasised the significance of implementing reliable disclosure practices to maintain a well-functioning market.

“Consumers and investors should be able to make informed decisions with trust and confidence. Our consumer survey I mentioned earlier asked Australian consumers about their experience of identifying a company's ESG credentials,” he said. “Only 23% of the 1,000 consumers surveyed said they found this information easy to find.

“The findings also suggested that consumers really do take ESG credentials into account when making investment choices: 73% of those who invested in shares in the last 12 months said they have declined to invest in something because of the company's poor environmental record.”

ASIC is taking enforcement action where it sees disclosures falling short and misleading sustainability claims made by its regulated entities. It also expanded its enforcement focus for 2023.