Continuous disclosure for listed companies – key points from recent developments

ASX-listed entities need to be vigilant and adaptable in response to recent developments 7 min read

With increasing scrutiny on disclosures and a dynamic regulatory environment, the continuous disclosure obligations imposed on ASX-listed entities in Australia are evolving. Entities need to continue to be vigilant and adaptable to effectively navigate this changing landscape.

The potential civil and criminal liability associated with non-compliance further underscores the need for proactive action, especially in relation to cyber and climate-related matters. We recommend that ASX-listed entities not only proactively review, but also enhance, their governance processes where necessary.

In this Insight, we explain recent developments regarding continuous disclosure, and how ASX-listed entities can equip themselves to navigate this shifting landscape effectively.

Key takeaways

• There are several potential changes to continuous disclosure laws and regulations in the pipeline, occurring at a time when disclosure concerning key issues like cyber incidents and climate-related matters is itself in a state of flux.
• Inadvertent breaches of continuous disclosure laws may be back on the table for ASIC enforcement – but not for shareholder class actions.
• As a result of these developments, listed entities should consider their policies and procedures regarding the way information flows through their organisations and, ultimately, to their shareholders and the broader market.

Recent developments regarding continuous disclosure

ASX-listed entities' continuous disclosure obligations are set out in the Corporations Act 2001 (Cth) and the ASX Listing Rules. Listing Rule 3.1 requires listed entities immediately¹ to notify the ASX of any information that a reasonable person would expect to have a material effect on the price or value of its securities once it becomes aware of that information (subject to certain exceptions, including where the information is insufficiently certain, or generated for internal management purposes).

A company failing to comply with these disclosure requirements is an offence, and can lead to civil or criminal liability for it and its officers. This includes, but is not limited to, shareholder class actions and ASIC infringement notices, as well as the company potentially having its trading suspended or it ultimately being delisted by the ASX.

There are a number of potential changes to this continuous disclosure regime in the pipeline.

Changes recommended by the Lewis Report

In 2021, the Corporations Act was amended to increase the standard of proof required to pursue an entity for a breach of its continuous disclosure obligations. This introduced a heightened standard – that the entity or its people needed to have acted 'knowingly, recklessly or negligently' (ie that there be a fault element) in order to be found to have breached the law (the 2021 Reforms). These changes were initially introduced in May 2020, early in the onset of the COVID-19 pandemic, to encourage listed entities to continue to disclose information, and provide guidance to the market in the context of pandemic-related uncertainty. The changes were then made permanent in August 2021, with the Federal Government stating that they were intended to more closely align Australia's disclosure position with that of the UK and US, and mitigate increased class action risk.

Federal Treasury recently reviewed the 2021 Reforms (as required by the legislative amendments that introduced them) and, in a report tabled to Parliament in early May (the Lewis Report), recommended that they be partly reversed.

Treasury proposes that the 'fault element' be:

• retained in civil compensation proceedings (including shareholder class actions); and
• dropped from ASIC civil penalty cases (eg where ASIC pursues a company for a fine).

Treasury reported that the 2021 Reforms 'have had, and are likely to continue to have, a negative impact' on ASIC enforcement of continuous disclosure but 'little (if any) impact' on meritorious continuous disclosure class actions, subject to a caveat that the two-year review period (since the 2021 Reforms were enacted) has not been long enough for it to draw meaningful conclusions. However, when the reforms were made permanent in August 2021, Treasury did note that it had identified 'an increase in the number of material announcements to the market' as a result of the initial temporary changes from May 2020.

There is no guarantee if, or when, the Government will accept Treasury's recommendations to partly reverse the 2021 Reforms, but there is good reason to expect they will be seriously considered. Particularly in light of the criticism from the current Government (in opposition at the time the laws were implemented) that the changes favoured 'big business'. There is no guidance available as to when to expect the Government's response to the Lewis Report, but we expect that if it does intend to act on the recommendations, it will need to pass legislation to amend the Corporations Act.

If Treasury's proposal is implemented by lawmakers, the practical outcome may be that good faith inadvertent breaches of continuous disclosure law may once again be caught by ASIC civil penalty cases involving breaches of continuous disclosure laws – although without substantively increasing the risk of shareholder class actions (unless the 'fault' element is not retained in civil compensation proceedings, contrary to the Report's recommendation). In short, in our view, there will be less room for making mistakes, and a higher risk of unintentional or good faith breaches of the continuous disclosure obligation being penalised.

Potential changes to ASX guidance in implementing the Fifth Edition

The Fifth Edition of the ASX Corporate Governance Principles and Recommendations remains under consultation which includes a number of changes to the ASX Corporate Governance Council's guidance on continuous disclosure (see our update on key steps to prepare for the fifth edition of the ASX Corporate Governance Principles and Recommendations).

The proposed changes between the Fourth and Fifth Editions regarding continuous disclosure are generally minor and go to practical matters – eg emphasising that omissions can also amount to a breach of a company's continuous disclosure obligations and that fulsome verification of statements released to the market is important – and do not go to the application of the underlying Listing Rules or law.

However, if Recommendation 5.1 of the Fifth Edition is implemented in its current proposed form, it will strip out the previous explicit guidance on the content of a company's continuous disclosure policy. This guidance in the Fourth Edition is repeated and referenced in ASX's current Guidance Note 8 (GN 8). If the guidance is removed in the Fifth Edition, we expect that GN 8 will need to be updated too, to address the discrepancy. Regardless of how this inconsistency is resolved, and whether or not new or amended guidance is introduced, it is likely to result in companies needing to review their continuous disclosure policies and practices, and take steps (substantive or otherwise) to ensure compliance.

Interaction between climate reporting and continuous disclosure obligations

Entities are beginning preparations for Australia's new mandatory climate-related financial disclosure regime, with the first cohort of reporting entities to start reporting for annual reporting periods commencing on or after 1 January 2025. The new climate reporting regime will substantially expand the nature and increase the quantity of climate-related financial information that must be sourced, verified, approved and disclosed by reporting entities – in an environment where shareholders, regulators and other stakeholders are increasingly scrutinising such disclosures.

Listed entities will need to be mindful of the interaction between their climate reporting obligations and continuous disclosure obligations. For example, if a climate-related risk is disclosed in an entity's annual sustainability report, and there is then a material change in the likelihood of that climate-related risk eventuating and that information could have a material effect on the price or value of the entity's securities, it will need to consider its continuous disclosure obligations and whether it needs to update the market regarding its earlier sustainability report disclosure.

In practical terms, companies will need to have appropriate policies, procedures and infrastructure in place to capture and disclose climate-related risks and opportunities effectively and consistently, and to monitor any changes as to the accuracy or reasonable basis for those disclosures. ASIC has made clear that it expects companies to put in place systems, processes and governance practices to meet the new climate reporting requirements.

New guidance on disclosures relating to cyber incidents

Cyber risk is an increasing and significant risk for listed entities, with price and reputational consequences likely (but not always) arising from major cyber incidents. In May, the ASX updated GN 8 to introduce worked examples to help illustrate when, in the context of a cyber incident, relevant information would, or would not, be expected to be disclosed to the ASX. This follows several prominent cyber incidents that affected ASX listed entities, including Medibank currently defending the first Australian shareholder class action proceedings to challenge the adequacy of a company’s cyber risk disclosures. As we highlighted in a separate, detailed update on these developments, we expect that determining whether a cyber incident has a 'material effect' and, therefore, warrants disclosure will continue to evolve, and require the evaluation of a broad range of both qualitative and quantitative factors.

Listed companies need to be vigilant in relation to their cyber incident disclosure obligations, with an increasing body of guidance (and heighted expectations) around such disclosure.

This vigilance includes timely and accurate reporting of material data breaches, as failure to do so can result in penalties and meaningful damage to a company’s reputation. This reporting may also be necessary early on in the incident – in particular, the ASX has indicated that these disclosure obligations can arise even where investigations are ongoing, if the materiality threshold has been reached.

Next steps

In taking stock of the recent developments in continuous disclosure regulation and preparing for what is to come, we recommend that listed entities:

• proactively review and enhance governance policies, to ensure that they are compliant with changing laws, and that they remain appropriate for the company, and are understood by and embedded in the broader business;
• ensure future climate disclosures in their sustainability reports are consistent with disclosures made elsewhere, and consider the interaction between those disclosures and their continuous disclosure obligations;
• review their cyber incident response documentation, to assess any internal trigger points for ASX disclosure, against the new worked example in GN 8; and
• ensure internal processes to monitor and escalate issues are equipped to capture all relevant information that may be disclosable, especially where information is qualitative or hasn't previously been disclosable.