It is important that directors understand the legal and regulatory environments in which their organisations operate and the ways in which they can be personally liable. A director does not typically personally supervise an organisation’s operations to ensure it is complying with all laws. However, a core part of the board’s role is oversight of both financial and non-financial risks including legal, regulatory and compliance risks. In this sense, a director should be aware of their organisation’s operations in the context of the legal and regulatory environments in which it operates.
The COVID-19 pandemic is presenting a number of rapidly changing developments in the legal and regulatory environments facing directors. Some of these developments are temporary and designed to help manage this crisis.
This document provides an overview of some of the key legal and regulatory director obligations that apply to company activities, but it is not exhaustive. For more specific COVID-19 practical guidance, refer to the Australian Institute of Company Directors' COVID-19 Resources and COVID-19 We answer your questions websites, which includes current guidance such as:
- How boards can ensure workplaces are COVID-safe
- Navigating workplace relations through COVID-19
- ASIC, APRA recalibration of priorities for COVID-19: welcome step, but more required
- Boards should hasten slowly with market disclosure on COVID-19
- ALRC updates key corporate crime proposals
- COVID-19: Force majeure risk and opportunity
The AICD Director Tool General duties of directors provides a general summary focused on the core duties that directors have under the Corporations Act 2001 (Cth). The relationship between a director and a company is fiduciary in nature, meaning that a director undertakes to act in the interests of the company and not in his or her own interests. The overriding duty of a fiduciary is the obligation of undivided loyalty. Core duties of a director include the duty to act with care and diligence; the duty to act in good faith in the best interests of the company and for a proper purpose; and the duty to not improperly use information or position.
Work health and safety
Under the model Workplace Health and Safety Act, applicable throughout most of Australia, directors have a duty of due diligence to ensure that their organisation complies with work health and safety obligations.
Notably, an organisation must ensure, as far as is reasonably practicable, the health and safety of:
- workers engaged, or caused to be engaged, by the person; and
- workers whose activities in carrying out work are influenced or directed by the person (while the workers are at work in the business or undertaking).
Serious breaches of the duty of due diligence could lead to significant penalties, including imprisonment.
The AICD Director Tool Work Health and Safety provides an overview of director duties with regard to work health and safety in their workplaces. In nearly all Australian jurisdictions there is a positive obligation on directors to exercise due diligence in relation to work health and safety, and good governance practice ensures that every board meeting has it as a topic on the agenda.
The Fair Work Act 2009 (Cth) has a wide range of provisions governing employment conditions and practices (including in relation to pay and work hours, leave, benefits, flexible work arrangements, non-discrimination and unfair treatment).
In large companies, the board is likely to perform only a general supervisory role in ensuring proper policies and procedures are in place. In small to medium organisations, however, it is quite possible that directors may be involved in specific negotiations and work practices.
Fines can be imposed when an organisation contravenes the relevant requirements. The Fair Work Act 2009 (Cth) provides that a person who is “involved” in a contravention of a provision is taken to have contravened the provision. Directors in small organisations may be more involved in managing employees’ entitlements and work conditions and, accordingly, potentially more likely to satisfy the test of being “involved”.
Prior to the COVID-19 pandemic, there was significant attention on the issue of wage underpayment and the board’s role of oversight.
Most recently, on 8 April 2020 the Government’s JobKeeper scheme was passed into law and provides eligible employers a wage subsidy and additional flexibility for leave arrangements to retain staff throughout the COVID-19 pandemic. The scheme also makes a number of amendments to the Fair Work Act 2009 that create additional flexibility for staff management.
Federal, state and territory laws prohibit discrimination on a wide range of grounds. Harassment on any of these grounds is also a form of discrimination. In many cases, the employer is vicariously liable for the unlawful discrimination of its employees unless the employer can show that it has taken “all reasonable steps” to prevent the unlawful conduct. An employee (including a director) who discriminates can be individually liable for that conduct.
Directors need to be aware of the wide range of unlawful discriminatory practices and oversee the implementation of appropriate procedures to mitigate against the risk of such practices occurring. This will involve overseeing risk analysis, implementation of policies and training and ongoing monitoring of compliance.
Environmental law is mainly state and territory-based, although there are federal laws, especially in relation to matters of national environmental significance: for example, the Environment Protection and Biodiversity Conservation Act 1999 (Cth). In the states and territories, there is usually one main environmental law along with more specialised ones concentrating on particular areas (such as contaminated land, waste, noise and air).
In many cases, environmental laws make directors personally liable for breaches by their organisations where the director has not taken reasonable steps to prevent the offence. Other features common to many of these laws include wide coverage (noise, air, water, land, waste, hazardous materials) and heavy penalties for both organisations and directors.
Broadly, the laws require organisations conducting activities in a state or territory to:
- obtain any relevant licence or government approval;
- comply with legal requirements; and
- if unlawful or serious environmental harm occurs, notify the relevant regulatory authority.
It is a common defence in all the environmental protection laws where a director can show that he or she exercised “due diligence” or “took all reasonable steps to ensure the corporation complied with” those laws. “Due diligence” can usually be shown if the organisation has an adequate environment management system in place.
Directors will be liable where they knew or were reckless or negligent regarding an environmental law contravention, were in a position to influence the conduct of the company, and failed to take all reasonable steps to prevent the contravention. This could result in imprisonment, fine or a civil penalty.
Competition law is about promoting and protecting competition in markets, largely by prohibiting anti-competitive behaviour.
The most obvious and strictly prohibited anti-competitive conduct is cartel conduct. A cartel is an agreement between a group of businesses to act together rather than compete against each other. Cartel conduct includes price-fixing, sharing markets, rigging bids, controlling output or limiting the amount of goods and services available to buyers.
Cartel conduct draws particularly heavy penalties for individuals (up to 10 years' imprisonment, penalties for each criminal cartel offence and/or pecuniary penalties for each civil contravention) and corporations (civil contraventions and/or criminal offences).
It is crucial that directors understand their organisation’s obligations under anti-competitive conduct provisions because they potentially affect almost every business and carry significant penalties for contraventions and potential criminal sanctions. High profile cases such as the Visy case (ACCC v Visy Industries Holdings Pty Ltd (No 3)  FCA 1617) illustrate the potential for significant financial penalties against directors.
While competition law benefits consumers indirectly, consumer law addresses behaviour that directly harms consumers, such as:
- misleading or deceptive conduct; and
- unfair contracts.
The Australian Consumer Law (which is set out in Schedule 2 of the Competition and Consumer Act 2010) commenced operation in 2011. It applies throughout Australia and can lead to severe penalties against directors who are knowingly involved in a breach of the law. The wide coverage of the prohibition against false or misleading representations means that it should be the focus of all organisations in marketing and selling their goods or services.
A court may, on application by the regulator, make an order disqualifying a person from managing corporations if the court considers that the disqualification is appropriate and the court is satisfied that the person has contravened, attempted to contravene or been involved in a contravention of certain provisions of the Australian Consumer Law. As an example, the Federal Court, in ACCC v Halkalia Pty Ltd (No 2) (2012) FCA 535, imposed a disqualification of 15 years on a director of a company which engaged in conduct constituting an “egregious” series of contraventions of Australian consumer protection laws.
Privacy, cybersecurity and online business
Virtually every business now conducts marketing and transactions through online means and there are three major areas of online business that can lead to liability for directors.
First, all organisations must ensure that their website is kept up to date with accurate information including in relation to prices and the nature of goods or services. Websites can be, and should be, updated contemporaneously with changes in prices. Processes should be in place to keep an organisation's website up-to-date and avoid the risk of breaching the consumer protection laws, and directors should seek the necessary assurances from management in this regard.
Second is the issue of spamming. Marketing by sending digital advertising and information is very common and useful. However, the Federal Spam Act 2003 provides that a person must not send, or cause to be sent, a commercial electronic message that has an Australian link unless the person receiving it has consented to receiving the message. There have been a number of cases where directors have been fined very heavily for breaches of this prohibition. For example, in Australian Communications and Media Authority v Clarity1 Pty Ltd (2006) FCA 1399, the Federal Court awarded a pecuniary penalty of $4.5 million against the company and $1 million against its managing director for contravening the Spam Act 2003.
Third, the Do Not Call Register, set up under the Federal Do Not Call Register Act 2006, is regulated by the Australian Communications and Media Authority. In Australian Communications and Media Authority v FHT Travel Pty Ltd (2011) FCA 550, a company and its sole director were found to have breached the Do Not Call Register Act 2006 in relation to thousands of marketing calls which had been made to people who had placed their names/numbers on the register. The court ordered the company to pay a fine of $120,000 and indicated that an appropriate penalty for the sole director would be in the range of $10,000-$20,000 (although ultimately the court did not impose such a penalty given the director was in bankruptcy and it was undesirable for public policy reasons to impose a substantial debt).
The COVID-19 pandemic has delivered a sharp and radical increase in the use of online methods to conduct business, and company directors must keep themselves informed and fully understand their legal obligations in other relevant areas such as working from home, communication platforms, electronic transactions, data collection from customers, privacy, cyber security, data protection, intellectual property and social media.
The risk of customers’ confidential information being disclosed online has gained particular prominence.
Considerable adverse publicity can result in these cases, as well as legal sanctions. The challenge presented by increasing use of the internet in commercial and other activities has raised the privacy stakes and cybersecurity to a new level. Properly implementing security will be a key component of risk management processes overseen by boards.
The AICD Director Tool Data and privacy governance provides general guidance for directors on their responsibility for ensuring the appropriate level of governance for their organisation’s data and stakeholder privacy.
International operations – legal regimes, bribery and anti-corruption
Directors working in international environments need to be mindful that different legal regimes may apply to that operating in Australia. Although it is management’s role to manage the differences, directors need to have a general understanding if they are going to avoid assuming that what applies in the home country applies to all.
Notably, Australian law prohibits bribery and corruption, and organisations that have a presence in other countries, such as the United States or the United Kingdom, can be liable under the laws of those countries if they engage in bribery.
The penalties for bribing a foreign official are substantial, the impacts can be much more pervasive and could include:
- breach of director’s duty;
- in the case of a listed entity, potential for continuous disclosure obligations;
- potential contractual disclosure (for example, under an agency agreement);
- reputational impact;
- tax liability; and
- impact on employees and the organisation’s employment brand.
Notably, in December 2019, the Crimes Legislation Amendment (Combatting Corporate Crime) Bill 2019 was re-introduced to the Senate by the Federal Government, aimed at addressing the challenges associated with investigating and prosecuting corporations for foreign bribery offences.
The reform proposes amendments to the Criminal Code Act 1995 (Cth) to strengthen the existing foreign bribery offence, as well as introduce a new failure to prevent foreign bribery offence and a deferred prosecution agreement scheme for body corporates.
If passed, the legislation will apply to Australian bodies corporate across a broad range of sectors, including listed and private companies, government entities and not-for-profits (including both incorporated associations and companies limited by guarantee).
Taxation and superannuation
Where a corporation commits a taxation offence, a person who takes part in the management of the corporation is considered to have committed the offence and is punishable accordingly (Taxation Administration Act 1953, s 8Y). An example of such an offence is failing to furnish a return or other information.
Further, directors of an organisation that fails to pay a PAYG withholding amount on or before the due date and/or does not pay superannuation guarantee amounts can become personally liable for a penalty equal to the unpaid amount.
When an amount remains outstanding, the Australian Taxation Office may issue a director penalty notice. Within 21 days of service of a director penalty notice, the director must ensure the organisation:
- pays the outstanding amount;
- comes under voluntary administration; or
- has a liquidator appointed.
In certain circumstances, directors may also be personally liable for a company’s GST liabilities (as well as luxury car tax (LCT) and wine equalisation tax (WET), both jointly administered with GST). The ATO has indicated that the GST, LCT and WET estimate provisions will only be applied in limited circumstances including where there are reasonable grounds to believe that the taxpayer, or related entities, are involved in phoenix behaviour, or assets are being dissipated with the intention to defeat creditors or other action is being taken to defeat creditors (which may be a precursor to phoenixing).
It is a defence to prove that, because of illness or some other good reason, it would have been unreasonable to expect the director to take part, and the director did not take part in, the management of the organisation at the relevant time.
It is also a defence for a director to prove they took reasonable steps to ensure compliance with the PAYG obligations, or that there were no such steps that could have been taken. In determining what are reasonable steps in this context, the ATO will have regard to when, and for how long, the person was a director and took part in the management of the company, and other relevant circumstances.
Every state and territory has a number of taxes, such as payroll tax or land tax, that an organisation may have to pay. In every state and territory, there is a Taxation Administration Act that allows for the recovery of monies from directors if taxation obligations are not met by a corporation or makes directors liable for breaches by their corporations.
Recent changes to Australia’s whistleblowing laws significantly strengthened the protections available to people who blow the whistle on corporate and financial misconduct. 1
The changes have important implications for directors as defined “eligible recipients” of protected disclosures at law. Significant personal liability can arise if a director fails to treat a disclosure protected under law in accordance with the strict confidentiality and anti-victimisation requirements imposed.
A protected whistleblower is entitled to two main protections under the legislation:
- Confidentiality: their identity, or information that is likely to lead to their identification, cannot be disclosed by any person in connection with their disclosure without their consent (unless some limited exceptions apply); and
- Victimisation: a person may not cause any detriment to them, or threaten to do so, because of a belief or suspicion that they made, may have made, proposed to make or could make a disclosure that would qualify for protection.
It is critical directors recognise when a protected disclosure is made to them, so they comply with their legal obligations (including to maintain the confidentiality of a whistleblower).
ASX Listing Rules and continuous disclosure requirements
For listed companies, obligations apply under the ASX Listing Rules, including continuous disclosure obligations. The duty of continuous disclosure requires that once a company becomes aware of information concerning it that a reasonable person would expect to have a material impact on the value of the company’s securities, the company must immediately disclose to the market that information unless an exception applies.
Liability for directors may arise for continuous disclosure breaches under the Corporations Act 2001 (Cth) and directors should understand the operation of the ASX Listing Rules as they apply to their role and organisation.
Specific industries or professions
There are state and territory laws also regulating many professions and industries, which may hold directors liable for breaches by their corporations – ranging from, for example, commercial fishing to educational providers to financial services to mining.
1 S Linwood, 2019, New ASIC guidance on whistleblower policies, 9 December, The Boardroom Report, Vol 17, Issue 12, Australian Institute of Company Directors, Click here, (accessed 10 May 2020).
The Australian Institute of Company Directors is committed to strengthening society through world-class governance. We aim to be the independent and trusted voice of governance, building the capability of a community of leaders for the benefit of society. Our membership includes directors and senior leaders from business, government and the not-for-profit sectors.
For more information: 1300 739 119
This document is part of a Director Tool series prepared by the Australian Institute of Company Directors. This series has been designed to provide general background information and as a starting point for undertaking a board-related activity. It is not designed to replace a detailed review of the subject matter. The material in this document does not constitute legal, accounting or other professional advice. While reasonable care has been taken in its preparation, the Australian Institute of Company Directors does not make any express or implied representations or warranties as to the completeness, currency, reliability or accuracy of the material in this document. This document should not be used or relied upon as a substitute for professional advice or as a basis for formulating business decisions. To the extent permitted by law, the Australian Institute of Company Directors excludes all liability for any loss or damage arising out of the use of the material in this document. Any links to third-party websites are provided for convenience only and do not represent endorsement, sponsorship or approval of those third parties, or any products and/or services offered by third parties, or any comment on the accuracy or currency of the information included in third party websites. The opinions of those quoted do not necessarily represent the view of the Australian Institute of Company Directors.
© 2020 Australian Institute of Company Directors
Already a member?
Login to view this content