Business Insight

Directors' and officers' duties through the lens of reasonable steps obligations

By Jonathan Perkinson, Miriam Kleiner, Elizabeth K Hristoforidis Mousamas and Kat Conner

06 February 2025

Share Share
building texture
Share

    What you need to know

    • On 10 February 2025, the Federal Court is expected to commence hearing ASIC's civil penalty proceedings brought in December 2022 against 11 current and former directors and officers of The Star Entertainment Group Limited (Star) for alleged breaches of their duties under section 180 of the Corporations Act 2001 Cwlth.
    • The case highlights the critical importance of directors' and officers' duties in governing foreseeable risks. ASIC alleges that accountable Board directors and executives failed to give sufficient focus to money laundering risks inherent in the operation of a gaming institution. ASIC also alleges that Board members did not take steps to make further enquiries of management about those critical risks.
    • The case may further clarify the duties of directors and officers to take reasonable steps to identify and respond to business activities that gave rise to increased risk of non-compliance with certain laws and regulations.
    • These proceedings are particularly relevant given the implementation of the Financial Accountability Regime (FAR), which requires banks, super funds and insurers to take reasonable steps to conduct their businesses with honesty and integrity and with due skill, care and diligence.
    • The move by legislators to more broadly impose positive 'reasonable steps' obligations on organisations and individuals in areas as narrow as financial product design and distribution and as broad as cyber security, scams and privacy mean that a framework for reasonable steps across organisations becomes critical to meeting obligations in line with regulatory expectations.
    • Given governance and directors' duties as an enduring enforcement priority of regulators like ASIC, a reasonable steps approach should be adopted in any organisation to assist directors and officers in demonstrating that certain directors' and officers' duties have been fulfilled and that fit-for-purpose governance arrangements are in place.

    What you need to do

    • Organisations should consider the maturity of their governance frameworks. Are you confident in the framework's design to identify risks, and take reasonable steps to respond promptly and decisively when they are realised?
    • Design and implement, or review, refresh and implement a principles-based reasonable steps framework that is robust, aligned across the organisation and different regulatory obligations and regularly updated.

    Our take

    What constitutes 'reasonable steps' taken by both organisations and individuals necessarily turns on circumstances, and is malleable.

    The Financial Accountability Regime Act 2023 (Cth) indicates that what constitutes 'reasonable steps' on matters involving accountability obligations includes:

    • having appropriate governance, control and risk management
    • having safeguards against inappropriate delegations of responsibility
    • having appropriate procedures for identifying and remediating problems that arise or may arise, and
    • taking appropriate action in response to non-compliance, or suspected non-compliance.

    ASIC's proceedings against 11 current and former Star directors and officers make clear its expectation of those individuals to bring an inquiring mind to business operations, and to take steps to understand particular risks faced by the business and mitigate them, provided that the risks are reasonably foreseeable and irrespective of whether they are financial or non-financial in nature.

    In response to the implementation of the FAR, prudentially-regulated financial institutions have developed or revised reasonable steps frameworks to enable each institution and their accountable persons to meet their FAR obligations consistently and reliably.

    Reasonable steps frameworks developed for the purposes of the FAR can sensibly be implemented by entities in all sectors to ensure sound governance and defensible management of regulatory obligations.

    A defensible reasonable steps framework will include two foundational elements.

    1. An adaptive approach to maintaining reasonable steps obligations

    Organisations require a fulsome approach to establish and maintain reasonable steps obligations.

    Illustrative reasonable steps approach

    The key to establishing a sound reasonable steps framework lies in involving appropriate subject matter expertise and the overlay of an organisational, risk and compliance context. This will enable a clear and complete linkage from the relevant obligations and risks to application of the obligations across the organisation's operations. When properly implemented, this approach results in a defensible 'reasonable steps' framework – being the approach the organisation will take to monitor and manage its risks.

    It is also important that the reasonable steps framework is properly maintained. This lies in establishing event, performance- and time-based triggers to review whether the framework is meeting its objectives and keeping pace with regulatory and stakeholder expectations, as well as industry practice.

    ASIC proceedings thematically identify examples where triggers ought to have caused an organisation to take further steps to respond to a shift in risk. These themes should be built into reasonable steps frameworks during the framework review process.

    2. A fit-for-purpose, principles-based reasonable steps framework

    A fit-for-purpose, principles-based reasonable steps framework will feature layers that establish governance arrangements, linkages to individual responsibilities and accountabilities, and the particulars of the organisation's approach to managing risks and obligations.

    Illustrative reasonable steps framework architecture

    The approach adopted to meet reasonable steps-based regulatory obligations needs to be adaptable by design. Judgment and discretion suited to individual circumstances need to be applied to ensure the framework remains efficient as it evolves in line with regulatory changes.

    Conclusion

    There is an observable lift in the expectations of directors and officers as accountable people to take steps to identify and mitigate risks facing their organisation.

    Coupled with more positive 'reasonable steps' obligations across a range of legal regimes, a fit-for-purpose, principles-based reasonable steps framework is a very helpful tool to assist organisations and individuals to reliably manage risks. Such a framework will also assist organisations and individuals to defensively demonstrate how they have fulfilled their obligations and duties if facing heightened regulatory scrutiny and enforcement action.

    Authors: Jonathan Perkinson, Elizabeth Hristoforidis, Kat Conner and Miriam Kleiner.


    This publication is a joint publication from Ashurst Australia and Ashurst Risk Advisory Pty Ltd, which are part of the Ashurst Group.

    The Ashurst Group comprises Ashurst LLP, Ashurst Australia and their respective affiliates (including independent local partnerships, companies or other entities) which are authorised to use the name "Ashurst" or describe themselves as being affiliated with Ashurst. Some members of the Ashurst Group are limited liability entities.

    The services provided by Ashurst Risk Advisory Pty Ltd do not constitute legal services or legal advice, and are not provided by Australian legal practitioners in that capacity. The laws and regulations which govern the provision of legal services in the relevant jurisdiction do not apply to the provision of non-legal services.

    For more information about the Ashurst Group, which Ashurst Group entity operates in a particular country and the services offered, please visit www.ashurst.com

    This material is current as at 5 February 2025 but does not take into account any developments to the law after that date. It is not intended to be a comprehensive review of all developments in the law and in practice, or to cover all aspects of those referred to, and does not constitute legal advice. The information provided is general in nature, and does not take into account and is not intended to apply to any specific issues or circumstances. Readers should take independent legal advice. No part of this publication may be reproduced by any process without prior written permission from Ashurst. While we use reasonable skill and care in the preparation of this material, we accept no liability for use of and reliance upon it by any person.

    The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
    Readers should take legal advice before applying it to specific issues or transactions.

    Key Contacts