Crisis management

Key developments – 2022

2022 saw an increase in the number of corporate crises playing out publicly in Australia. A perfect storm of active regulators, entrepreneurial class action promoters, focus by investigative journalists, the political will for commissions of inquiry and a burgeoning ESG agenda mean that corporations have never faced more scrutiny, on so many fronts.

Generally a corporate crisis begins with an initial 'trigger event', such as a cybersecurity incident or material disclosure. That trigger event quickly escalates into a myriad of issues and potential exposure points with regulators, class action promoters, and commissions of inquiry. It is critical that a corporate crisis is not treated as a series of individual exposures. Instead, they require breadth and depth of expertise across the various exposures and a consistent approach where the left hand and the right are working together.

In 2022, we have seen a number of emerging trends with how these events are unfolding in the Australian corporate landscape. These include:

  • Early involvement by regulators and class action litigants: a marked increase in regulators and class action promoters inserting themselves into the crisis at an early point. These parties were less inclined to 'wait and see' how the crisis unfolded and instead initiated investigations or announced actions soon after the crisis was revealed.
  • Overlapping and parallel investigations: an emerging trend of multiple regulators pursuing a company for similar or overlapping conduct at the same time. Previously, regulators were less inclined to intervene where another enforcement agency was seen to be already 'on the case'. It is now not uncommon to see companies concurrently face a public inquiry and multiple regulatory investigations/enforcement proceedings. We also saw an increase in cooperation between regulators, most commonly through information sharing.
  • Increased focus on ESG: global ESG themes including climate change, human rights and corporate criminal responsibility are increasingly shaping the legal and regulatory outlook for governments, major corporates and financial institutions. Increased levels of shareholder, employee and consumer activism, regulatory scrutiny and class actions increase the risk of a corporate crisis arising from ESG-related matters. Please refer to the ESG section of this report for further details of the key regulatory and enforcement developments in the ESG space.
  • 'New kids on the block': while ASIC and the ACCC remain the core regulatory enforcement agencies of corporate Australia, we have continued to see additional regulators becoming more involved in corporate crises. Subject-matter-specific regulators (such as AUSTRAC or the OAIC) have become increasingly active in pursuing companies in highly publicised investigations and enforcement actions. In addition, further industry-specific regulators have been developed and/or had their enforcement powers extended (such as the Victorian, NSW and Queensland Casino Control Commissions, and the Federal Government's proposed law reforms to establish a Federal Environmental Protection Agency responsible for enforcing compliance with the Environment Protection and Biodiversity Conservation Act 1999). Despite their size, these 'lesser known' regulators can have wide powers to levy civil penalties and otherwise materially impact day-to-day operations of the corporation.

Likely developments – 2023

We expect to continue to see increased levels of enforcement and higher level of scrutiny generally from a greater number of stakeholders. Towards the end of 2022, ESG and data breaches loomed as the largest potential 'crisis-makers' for corporate Australia, and it is likely they will shape the regulatory landscape for 2023. This may take the form of increased shareholder activism and class action risk, and regulatory investigations, compliance assessments and, if necessary, enforcement.

Key stakeholders in this area

Depending on the nature of the crisis, the key regulators will typically be ASIC, the ACCC, the ATO and AUSTRAC. Depending on the applicable regulatory framework, companies should also be ready for scrutiny from APRA, industry-specific regulators, state revenue offices and the OAIC.

A particular feature of corporate crises is that they are not limited to enforcement action by regulators. Therefore, it is important to keep in mind the political appetite for commissions of inquiry, shifts in community expectations and trends in the class action landscape.

 

Key sectors of focus

We anticipate that the financial services sector will continue to be a key focus, alongside those entities that retain sensitive personal data (including telecommunications and media companies, insurance companies and providers of health services) and the wide range of entities whose operations intersect with the advancement of topical environmental and social issues.