by Meridian | Jun 12, 2018 | Governance and Compliance
On 2 May 2018, the Australian Securities Exchange (‘ASX’) Corporate Governance Council (‘the Council’) released the consultation draft of the fourth edition of its Corporate Governance Principles and Recommendations (‘the Principles and Recommendations’).
The Principles and Recommendations were first introduced in 2003 with a second edition being published in 2007 and a third edition in 2014. The Principles and Recommendations set out best practice corporate governance principles for ASX listed entities and cover key areas of investor interest such as board structure and risk management.
As governance practices adopted by an entity depend on several factors such as size, complexity and culture, the Principles and Recommendations are not mandatory and are implemented on an “if not, why not” basis. That is, if a listed entity decides to not adopt a recommendation, it must explain why not in its corporate governance statement included in its annual report under ASX Listing Rule 4.10.3.
In the fourth edition of the Principles and Recommendations, the primary change to the Principles is the re-drafting of Principle 3 from ‘Act ethically and responsibly: a listed entity should act ethically and responsibly’ to ‘Instil the desired culture: a listed entity should instil and continually reinforce a culture across the organisation of acting lawfully, ethically and in a socially responsible manner’. The proposed change to Principle 3 recognises that a listed entity has a social licence to operate and in order to maintain this licence needs to act lawfully, ethically and in a socially responsible manner. The re-drafting of Principle 3 seeks to address recent governance issues that have arisen from poor conduct or culture in listed entities.
The fourth edition of the Principles and Recommendations also proposes to expand the number of Recommendations from 29 to 38 with additional Recommendations being added to Principles 2, 3, 4, 5, 6 and 8.
It is estimated by the Council that the final version of the fourth edition will be released in early 2019 and will take effect for an entity’s first full financial year commencing on or after 1 July 2019.
The closing date for public submissions on the fourth edition of the Principles and Recommendations is Friday 27 July 2018.
For further details refer to the consultation paper at https://www.asx.com.au/documents/asx-compliance/consultation-paper-cgc-4th-edition.pdf
Need help?
If you would like more information or have any questions, please feel free to contact us to discuss further.
by Meridian | Mar 7, 2018 | Governance and Compliance
The Notifiable Data Breaches (‘NDB’) scheme established under the Privacy Amendment (Notifiable Data Breaches) Act 2017 came into effect on 22 February 2018. The NDB scheme requires organisations to notify the Australian Information Commissioner and affected individuals when an eligible data breach has occurred.
Who must comply?
The NDB scheme applies to any organisation that has responsibilities under the Privacy Act 1988, including Australian government agencies and all businesses and not-for-profit organisations with an annual turnover of $3m or more. The NDB scheme also applies to certain other businesses such as private sector health service providers, educational and child care institutions and those that buy or sell personal information including credit reporting bodies.
What is considered an eligible data breach?
The NDB scheme applies only to eligible data breaches. The government considers a data breach to be eligible if there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity that is likely to result in serious harm to the individual affected.
Although ‘serious harm’ is not defined in the Privacy Act 1988, in the context of a data breach it is taken to include physical, psychological, emotional, financial or reputational harm. Directors of organisations will need to perform an objective assessment to determine if a data breach is likely to result in serious harm.
What must be reported and how?
When there are reasonable grounds to believe that an eligible data breach has occurred, an organisation is obligated to notify the Australian Information Commissioner and affected individuals of the breach as soon as practicable. The notification of the breach must include a description of the data breach, the kinds of information concerned and recommended steps for the affected individual to take in order to protect themselves.
How to protect your organisation?
The NDB scheme shifts more of the onus of overseeing cybersecurity to directors of the organisation. It is important for directors to understand the potential risk areas and have a breach management plan in place regarding data security as they can be held liable if it is shown their organisation has been willfully negligent about securing data.
The Australian Information Commissioner can seek civil penalties for not adhering to the legislation of up to $340,000 for individuals and $1.7 million for corporates, as well as the payment of compensation for damages or other remedies.
Directors need to review their organisations to identify what data they hold and where it may be at risk. It is then important that the organisation develop a data protection plan to manage the risk areas identified and confirm that all personnel understand the importance of data security and how to ensure it is protected. Organisations also need to develop systems to identify and respond to any breaches in a timely and appropriate fashion that will ensure compliance with the NDB scheme.
Click here for further information on the NBD scheme.
Need help?
If you would like more information or have any questions, please feel free to contact us to discuss further.
by Kelly Moore | Feb 2, 2018 | Governance and Compliance
The timely preparation of succinct and accurate meeting minutes is one of the main duties of a company secretary. The minutes provide a continuing, permanent official record of the business transacted at every meeting. The Corporations Act (section 251A(1)) legislates that a company must keep minute books in which all proceedings and resolutions of meetings are recorded within one month of holding the meeting.
The Corporations Act (section 251A(2)) also requires that all minutes be signed within a reasonable time after the meeting. As the officer who must sign the minutes, the chair must ensure that they are satisfied that the minutes provide a correct record of proceedings at the meeting.
It is worth noting that there is no requirement for the signed minutes to be the version that is recorded in the minute book within one month. This is important for bodies that do not meet monthly as, in practice, the minutes of the previous meeting will often be approved and signed at the next meeting held.
Although the Corporations Act legislates that timely minutes must be recorded and signed, it does not stipulate the types of minutes that need to be recorded – that is, pure minutes of resolutions or minutes of narration. It is the responsibility of the directors to decide their preferred style of minutes and to work with the company secretary to ensure their requirements are being met. Directors must carefully consider the style of their meeting minutes, as the signed minutes serve as legal evidence acceptable in court proceedings of what occurred at the meeting unless the contrary is proved.
Minutes for the most part, record no more than the occurrence of the meeting, essential details of proceedings and the important decisions made. It is however appropriate corporate practice for minutes of meetings to strike a suitable balance between pure minutes of resolutions and minutes of narration.
Below are key items for consideration when determining the type meeting minutes most suited for your organisation:
- It is important that any declarations of interests made by directors are reflected in the minutes including how these interests were managed;
- That where important business decisions have been made, particularly those that require business judgement, the minutes adequately record the processes followed in coming to the decision;
- That where a resolution is passed, the minutes reflect the exact wording of the resolution including any conditions to the resolution and any director’s dissent or abstention from that resolution;
- That the minutes reflect any advice from management in addition to board papers as well as any advice sought from independent parties. Minutes should also note where additional information or advice has been requested by directors before a final decision can be made;
- That the minutes note when other documents are tabled at the meeting that did not form part of the board papers originally circulated for timely director review; and
- That the minutes include a separate action items list indicating what is to be done, by whom and by when.
Need help?
If you require any assistance in determining the most suitable style of minutes for your organisation or have any questions, please feel free to contact us to discuss further.
