Make no mistake, the regulatory environment for business is only getting tougher, with constant new legislation and multiple active regulators incentivised by recent Commissions.
We’ve put together the top five items that business owners, managers and directors should have on their to do list to get across in 2020.
1. Director liability and regulatory compliance
As any director and business owner will tell you, in the current regulatory environment, director liability is front of mind.
With the Australian Securities and Investment Commission (ASIC) publicly announcing its new ‘Why not litigate?’ approach fresh off the back of the Royal Commission into Banking and Finance, we expect this to be the regulator to watch in 2020.
There is more legislative reform for directors and boards to be across than ever before, such as:
- increased penalties for corporate misconduct
- Australian Law Reform Commission (ALRC) review of corporate criminal liability regime
- revised ASX Corporate Governance Principles
- New Safe Harbour Laws
- increasing environmental, social and governance activism, including recent emphasis on the duty of directors to address climate risks.
Directors who are not familiar with these topics should take time to undertake further training so as to avoid prosecution. These new laws will no doubt be firmly enforced.
Also, read our article on Director Deeds of Indemnity which explains why we say it’s the one document all directors should have for their protection (spoiler alert: D&O insurance is not enough).
2. The business ‘pre-nup’
Whatever stage of business you’re at – from start up, to fast growing SME, family-owned or big company – and whether you’re looking to enter, exit, sell, bring in an investor, friend, business partner or family member, you should make sure your ‘business pre-nup’ is in order.
Whether this is a shareholder agreement, partnership agreement or otherwise will vary depending on your business structure.
There’s a long list of questions and detail that should be considered and documented by a specialist corporate lawyer before you decide to share part of your business with a third party.
Some key issues include:
- Do you really need to give them a ‘piece of the pie’? There are other incentive mechanisms and potential joint venture contract arrangements you could consider.
- But if so, how big should their share of the business be?
- Will their shares have the same rights as yours (e.g. voting rights, dividends)?
- How do you get rid of them if things don’t work out – and at what price?
- Can they get rid of you?
- Can they hold up a sale if you find a buyer or can you “drag” them along with you?
- What’s the deadlock mechanism when you can’t agree?
- Have you got a restraint or non-compete to protect you (and your business) if your business partner leaves?
It is advisable to have your existing shareholders (or other) agreement reviewed if you are bringing in an investor or business partner. Your current arrangement may suddenly be ill-fitting to your new circumstances (e.g. where percentages and majorities may have changed, decision-making and other rights may need to be checked and amended).
Importantly, this is often the key document your legal advisors rely on when business partner relationships break down, look to exit or a contentious dispute between owners arises.
3. Business contracts
When was the last time you had your key business contracts reviewed and updated? This is the most important document in your business to get right as it’s what ensures your customers pay, and limits your liability and risk to the maximum extent permitted by law.
Plus, legislation and regulatory compliance obligations are constantly changing. This should be reflected in your commercial contracts to ensure they are enforceable and not going to bring the adverse attention of regulators.
In 2019, the Australian Competition and Consumer Commission (ACCC) was highly active in prosecuting anti-competitive arrangements, breaches of unfair contract laws, and taking legal action to protect consumers for breaches of Australian Consumer Law.
From 1 January 2020, it is mandatory for all public companies, large proprietary companies and proprietary companies that are trustees of registrable superannuation entities, to have a compliant whistleblower policy. Failure to have and make available a whistleblower policy is a strict liability offence.
Beyond the financial and regulatory implications, it will of course be interesting to see how (and whether) whistleblower policies are implemented by businesses in practice. Particularly with regard to fostering a positive, whistleblower culture as part of good governance and corporate culture overhauls.
Care will also need to be taken by businesses to ensure that policies are strictly complied with and protections afforded where applicable, but conversely not misused or misunderstood, including by employees who may attempt to rely on such policies in circumstances which do not fall within the scope of the whistleblower legislation.
5. Buzzwords: cyber security, consumer data right, notifiable data breach, digital platform inquiry
Cyber security and data privacy continue to be hot topics in 2020 with the ACCC having commenced proceedings against Google, and ASIC emphasising information security as a regulatory priority.
The ACCC has also made recommendations affecting all businesses in their Final Report on the Digital Platforms Inquiry. The 23 ACCC recommendations affect competition, consumer, media, copyright and privacy regulation in Australia. It includes recommendations to introduce higher penalties for breach of the Privacy Act in line with penalties for breaches of the Australian Consumer Law, as well as additional funding, greater powers for regulators, higher levels of scrutiny and more stringent reporting requirements for digital platforms.
The Consumer Data Right (CDR), beginning solely in the banking sector in February 2020, is also set to revolutionise the way small businesses and consumers use data. It is anticipated that the transparency of the CDR will encourage competition between businesses and service providers, as it will create data portability and allow consumers to compare and easily switch between products and services.
Notifiable data breaches, and the flow on effects of mandatory notification to the regulator, continues to be a major issue for businesses, with malicious hacking, online scams and breaches caused by human error or employee misbehaviour becoming standard occurrences in an increasingly online business economy.
With 2020 slated as the year for strengthening privacy laws and the Office of the Australian Information Commissioner (OAIC) cracking down on organisations who are the subject of data breaches and sloppy data privacy practices, make sure you check out our top five legal tips for a cyber resilient business and download our free Cyber Security Checklist.