As highlighted in our November 2021 article New Requirement for Directors to Register for a Director Identification Number, company directors are required by law to apply for a director identification number.

A director ID is a unique identifier that directors apply for once and keep forever. ASIC suggests that the implementation of the director ID system will help prevent the use of false or fraudulent director identities.  All directors of companies, registered Australian bodies, registered foreign companies or Aboriginal and Torres Strait Islander corporations will need director ID’s.

Unfortunately, on 28 October 2022 ASIC published an Alert warning that scammers are pretending to be ASIC, and are approaching Registry customers via email.

The recent Federal Court of Australia decision in Australia Securities and Investments Commission v Westpac Banking Corporation (Omnibus) [2022] SCA 515, in which Westpac was penalised an amount in excess of $113M, was informative in respect of the way that the Court will proceed in assessing the conduct of financial service providers.

This article is not intended to traverse all the matters considered in that case, but will instead discuss the way the Federal Court approaches issues of unconscionability in the provision of financial services and products, in light of the principles in section 12CC of the Australian Securities and Investments Commissions Act 2001.

It has happened: a company that failed to implement proper cyber security measures in Australia has been taken to court by the regulators, with the company ordered to pay costs of $750,000.

In the matter of the Australian Securities and Investments Commission v RI Advice Group Pty Ltd [2022] FCA 496, the Court found that a financial services provider had breached its licence obligations, and failed to act efficiently or fairly by not having in place adequate risk management systems to cater for risks arising in relation to cyber security.

The Federal Court of Australia’s recent judgment in the matter of Energy Resources of Australia Limited [2022] FCA 176 demonstrates the risks to resigning company directors when they, or the company, fail to notify ASIC of their resignation in a timely manner – as well as the consequent time, effort and costs needed to rectify these failures.

The decision is also a reminder that retiring directors wishing to avoid personal responsibility for a company’s conduct need to notify ASIC promptly and effectively.

Readers may recall a short article that was published in our Corporate and Commercial newsletter on Cyber Security which drew attention to the steps that can be taken in order to assist in the prevention of cyber-attacks (please click here to read this article). Further to that article, ASIC has recently published a report on cyber resilience which is intended to help regulated organisations improve their ability to prepare and respond to cyber-attacks.