A thorough review of the regulatory environment impacting business should be a central component of the federal government’s economic reform agenda.
Since the beginning of this year the government has been consulting on three significant pieces of legislation impacting business. The review of the Privacy Act, the proposed introduction of mandatory climate reporting and the National Cyber Security Strategy all have major implications for the way businesses are able to operate in an increasingly complex environment.
Individually each of these reforms contain measures that can benefit stakeholders and the economy if designed carefully. However, given the reviews are all being conducted independently, I question whether anyone is considering the cumulative effect of the regulations and their potential impact on businesses across the whole economy.
The Corporations Act alone has 3900 pages and that’s before you consider the multitude of other pieces of legislation and regulation that businesses have to comply with. Each new regulation from our parliaments, or indeed enforcement action by regulators, rightly shifts the behaviour in boardrooms.
But we must remain vigilant to ensure the accumulating regulatory burden does not lead to overly conservative decision-making and lost opportunities at both management and board levels.
Regulatory burden doesn’t just impact the top end of town. Small businesses, charities and sports clubs can also be burdened, forcing them to divert resources and money away from their core business to deal with compliance work. The increased cost of complying with well-intentioned but piecemeal new regulations is cited as part of the reason for the recent closure of various aged care facilities.
Regulation is necessary to help ensure businesses behave appropriately and appreciate their critical role in society and the potential impact over and above shareholders. And well-designed regulation can be a force for good. That’s why the AICD strongly supported the introduction of a positive duty on employers to eliminate sexual harassment in the workplace. We agreed that the current legal framework unduly placed a burden on individuals, and that employers needed to take more proactive and preventive action. However, regulation that is ill conceived or heavy handed can backfire and ultimately impact on productivity and growth.
The regulatory environment has never been more complex or demanding, with an increasing array of stakeholder interests and expanded non-financial as well as financial risks for directors and senior executives to manage.
Take the proposed mandatory climate reporting standards. The shift to mandatory reporting is a critical step in combating climate change and time is of the essence. The AICD fully supports the government’s goals in this area, which will assist Australia’s transition to net zero.
Critical to enabling this to happen though will be appropriate liability settings. It’s necessary to create an environment where directors can facilitate comprehensive, quality and comparable disclosures without undue fear of litigation risks or being held to an unreasonable standard.
Australia’s disclosure regulations were designed for financial disclosures, not climate. The scenarios, forward statements and assumptions inherent in climate disclosures would create undue litigation risks.
At the same time, directors do not shy away from accountability for what is put out to the market. Directors want and need clarity, but they don’t have a crystal ball. I hope that industry and government can reach an outcome that achieves our common objective of better quality and consistent climate reporting.
Similarly, the AICD supports the Privacy Act review as an important opportunity to modernise the Act to ensure it reflects a digital economy where individuals and businesses are engaging and providing personal information in innovative ways.
However, we urge the government to consider the recommendations holistically with other potential reforms in adjacent policy areas, including the development of the 2023-2030 Cyber Security Strategy. A co-ordinated approach across portfolios must be taken to ensure policy settings and reforms are consistent and do not unnecessarily add to the existing complexity of cyber, privacy and data retention obligations. The financial services royal commission highlighted the poor consumer outcomes that can flow from dense, complicated regulatory structures.
The government must appropriately balance strengthening how Australians’ personal information is collected, stored and protected, without unduly stifling the innovative use of data or imposing a counter-productive regulatory burden.
It has not been demonstrated that the policy benefits of a number of the proposals will outweigh the costs to entities, and a clear evidence base must be presented for such a major reform.
That’s why the AICD has opposed the removal of the small business exemption. Many of the proposals are disproportionate or regressive in nature, meaning compliance costs will be far higher for SMEs and not-for-profits relative to large businesses. A proportionate application of the Privacy Act obligations to small businesses would be a far more appropriate and effective regulatory response than subjecting small business and not-for-profits to every element of the Act.
The challenge for governments and regulators isn’t an easy one. How do you reward and encourage good directors to take commercial risks, build companies and grow the workforce, while at the same time making sure that regulation adequately protects the community, especially the most vulnerable? Additional layers of regulatory obligations being the go-to solution on complex issues are not the answer.
Mark Rigotti is the managing director and CEO of Australian Institute of Company Directors.
This article appeared first in The Australian on 17 April 2023
Already a member?
Login to view this content