Chapter 2


Views on the bill

2.1        Stakeholder comments focused on two different aspects of the bill. Some submissions presented views on the underlying governance issues of CPA Australia and organisations with related corporate structures. Other submissions were concerned with the practical implication of the provisions of the bill and the potential unintended consequences that may result from the bill being implemented as drafted.

Broad concerns about corporate governance

2.2        Broad concerns about the governance of professional bodies were raised by a number of stakeholders. In particular, a lack of transparency in executive decision making and member involvement in governance were cited as important issues requiring attention.

2.3        CPA Australia's corporate governance shortcomings were prominent given its importance in the development of the bill. Mr Brett Stevenson, a CPA Australia member, submitted that:

Major issues and concerns have arisen over the last decade within my organisation which until early this year have been kept 'hidden' from the wider membership. These issues strike at some fundamental tenets and issues for us as a professional organisation and have a significant impact on the members and their rights.

The issues have been so significant that recently the CEO was sacked, seven of the 12 directors have resigned including the chairman, an Independent Review is currently being conducted into the organisation, and ASIC [Australian Securities and Investments Commission] is currently investigating various matters at CPA Australia. My, and other members, contention is that these issues have arisen because the board and senior management at CPA have held power with an effective gerrymandering of the corporate governance process.[1]

2.4        At the hearing on 2 August, Mr Stevenson elaborated on his concerns about the actions of CPA Australia's leadership group:

They have moved an AGM to Singapore. They have used standards to misreport and mislead. They have had minimum disclosure on remuneration. They have deliberately oppressed members to be able to share these concerns with each other by dismantling parts of the website. They have basically misreported on many major issues.[2]

2.5        Mr Stevenson outlined the difficulties he encountered in attempting to communicate with CPA Australia members about these corporate governance concerns:

While this is all going on we have been unable to communicate these matters with the members. We forced CPA to provide us with the members register (costing us $2300) so we could communicate with them however the email addresses of members were not provided because they are not required by law to be kept in the members register even though it is the primary means of communication with members. Thus our only mode of communication was via traditional mail which would have cost us in the vicinity of $180,000 to send a simple letter of explanation of our concerns.[3]

2.6        As a result, Mr Stevenson contended that member engagement and participation in the corporate governance of CPA Australia had been stymied by concerned members not being able to digitally or electronically communicate with other members.[4]

2.7        Mr Gerald Jaworski, a member of Chartered Accountants Australia New Zealand (CAANZ), considered that his experiences with the leadership group of that organisation were similar to those outlined by Mr Stevenson with CPA Australia:

My chief concern is that CAANZ leadership has adopted the CPA practice of ignoring legitimate and significant issues raised by members. Instead of upholding values of transparency and full disclosure, members experience misleading communications, stonewalling and denial. A culture of belligerence seems to prevail from the board down to senior management.[5]

2.8        Mr Jaworksi also noted the difficulties that he has encountered in communicating with fellow members:

The few fellow CAs who share knowledge of the current situation find it disturbing. However, without the availability of the email facility under the proposed new measure, it is practically not feasible to share such concerns with all fellow CAs who would be interested.[6]

2.9        Another member of CAANZ, Mr Con Abbott, raised concerns about corporate governance more broadly, particularly for professional bodies whereby members do not directly elect the board of directors—for example, CPA Australia, CAANZ and the Institute of Public Accountants.[7]

2.10      While beyond the scope of this bill inquiry, Mr Abbott suggested that the committee:

...consider directing its inquiries to evaluate the governance of the nation's peak professional bodies, with a particular focus on the accountability of directors to their memberships.[8]

Committee view

2.11      The committee acknowledges the concerns raised by members in relation to the corporate governance of professional organisations, particularly where the actions of boards of directors and executive management are not able to be held to account by members. In addition, the committee notes the limited role that members often have in being able to directly influence the election of boards of directors, and the affect this may have on transparency, accountability and good governance more broadly.

2.12      Given the relatively few submissions received on this issue, it is unclear how widely held are these concerns. As such, the committee is reluctant to recommend a broader inquiry into the issues surrounding corporate governance of professional organisations at this time. That said, if further concerns about the corporate governance of more professional organisations emerge, a more comprehensive investigation may be warranted.

Support to modernise communications methods

2.13      Beyond concerns about corporate governance, submitters were generally in agreement that the Corporations Act was developed prior to the widespread use of digital technologies, and, as a result, does not reflect the changes in the way the community engages in digital communications technologies and content.

2.14      Some submitters supported the general intent of the bill to modernise communication methods for stakeholder communication. For example, the Australian Shareholders' Association (ASA):

...are broadly supportive of the introduction of a requirement that a member's email address is included as information that must be contained in the register of members...[9]

2.15      Similarly, CPA Australia were:

...broadly supportive of the proposals for modernisation of the [Corporations] Act...[10]

2.16      However, both the ASA and CPA Australia believed the bill as drafted was not the best way forward. At the hearing on 2 August, CPA Australia contended that:

All in all, striking the right balance between privacy considerations, member rights and wider public policy can be fraught and is more complex than immediately apparent in a very brief amendment to section 169(1).[11]

2.17      Other stakeholders were supportive of changes to make communications under the Corporations Act more technology neutral, and advocated for a holistic approach towards implementation. CAANZ commented that:

Rather than a piecemeal approach to changing aspects of the Act, consideration should be given to a review to ensure the entire act is technology neutral.[12]

2.18      This sentiment was echoed by the Australian Institute of Company Directors:

It is our strong view that inadequacies in the Corporations Act relating to the use of technology must be addressed in a comprehensive and holistic way, in order to avoid undesirable inconsistencies within the law and unintended consequences... A holistic approach to technology neutrality would reduce complexity and confusion.[13]

2.19       Computershare also advocated for technological neutrality as:

...ongoing technological innovation means that mandating the specific form of electronic communication would likely result in near-to-mid-term obsolescence.[14]

2.20      Treasury undertook a consultation process regarding technology neutrality in distributing meeting notices and material under the Corporations Act in mid-2016. The submissions and outcomes of this consultation process have yet to be publicly released.[15]

Committee view

2.21      The committee appreciates that the Corporations Act was originally drafted at a time when electronic communication methods were not highly developed. Indeed, the committee is mindful that it is not known what form of technology is likely to be dominant in the future. For this reason, the committee supports the notion of technological neutrality in communication methods and continues to advocate for its incorporation into the Corporations Act. Given the work that Treasury has already done consulting on this issue, the committee encourages Treasury to continue this work with a view to proposing a holistic approach to modernise communication methods throughout the Corporations Act.

Views on the bill as drafted

2.22      Although the substantive provision in the bill is only five words in total, stakeholders expressed various perspectives on the practical implications of the bill and potential unintended consequences.

2.23      Support for the bill as drafted was provided by the three individual members of professional organisations that put in submissions.[16] Indeed, Mr Brett Stevenson and Mr Gerald Jaworski also offered some practical suggestions to overcome potential issues with the proposal as drafted.[17]

2.24      In addition, Registry Direct provided the following reasons to support the inclusion of email addresses to the members register:

  • they provide a means to greatly reduce the cost of communicating with security holders;
  • they provide a means to greatly reduce the environmental impact of printing and posting communications to security holders;
  • they provide a mechanism to audit what communications have been sent to security holders (and, consequently, reduce the likelihood of abuse); and
  • they are likely to lead to more informed and engaged security holders (as the reduced costs are likely to result in more communications being sent to security holders).[18]         

2.25      That said, other stakeholders questioned the validity of the assumptions underlying the rationale of the bill. For example, a number of submissions disputed the claim that most communications occur by email. Computershare, a global market leader in transfer agency and share registration, stated that:

Computershare administers approximately 11 million securityholder accounts in Australia, and despite many of our issuer clients expending considerable effort to increase their capacity to communicate with security holders electronically, we hold valid email addresses for approximately 50 per cent of those accounts.[19]

2.26      Similarly, the Governance Institute of Australia provided five examples of different company types whereby the proportion of email addresses recorded by companies is around or less than 50 per cent.[20] AMP noted that despite concerted efforts over ten years to increase shareholder engagement via electronic means they hold email details for only 34 per cent of shareholders.[21]  

2.27      The Governance Institute of Australia highlighted the wide ranging implications of the proposed change:

Due to the way the amendment is drafted, the proposed change impacts all companies covered by the Corporations Act, whether they be public companies limited by guarantee (which captures membership organisations, charities, sporting associations and registered clubs for example), propriety companies and public companies (both listed and unlisted).

The proposed change would also impact millions of Australians holding shares directly in listed and unlisted companies.[22]

2.28      Similarly, the Australian Institute of Company Directors observed that:

...changes to the Corporations Act have the potential to create significant practical and compliance impacts on Australian companies of all sizes. The intersection of company and governance obligations in the Act make careful consideration of the flow-on effect of any change vital, including related provisions, offences and practical business and compliance impacts on organisations.[23]

2.29      Stakeholders also noted that many shareholders or members of a corporation may not have an email address, or may not wish to provide an email address for the purposes of a register of members.[24] The Australian Shareholders Association commented that:

...there are members who have an email address but would prefer not to provide it to companies because they do not wish to receive too many electronic communications or electronic communications at all (and this preference should be respected).[25]

2.30      While acknowledging that companies and registries may already have email addresses for communications, the Governance Institute of Australia argued that:

The email address details are stored by the registry against the shareholder's holding and do not form part of the statutory shareholder register under section 169. While shareholders may be happy for the registry to administer their holding by using the email address provided for that purpose, they may not be happy for their personal email address to be added to a public register. If required by law to have an email address on the register they may choose to use a different email address for that purpose.[26]

Mandatory requirement to maintain a register of members

2.31      As noted in chapter 1, sections 168 and 169 of the Corporations Act provide that a company or registered scheme must set up and maintain a register of members, and the register must contain the member's name, address and date of inclusion. Failure to maintain a register in accordance with section 169 is a strict liability offence and directors could be liable as an accessory under section 79 for a company's offence.[27]

2.32      The Governance Institute of Australia considered that the bill, as currently drafted, would significantly impact all companies:

The effect of the proposed change will be to create a mandatory requirement for the register of all companies to contain the email addresses of its members. The proposed amendment is also in absolute terms—i.e. there is no carve outs or exceptions and no transitional arrangements.[28]

2.33      A number of submitters noted that many of the companies affected by the proposed change would be in breach of section 169 as soon as it was implemented and may be unlikely to ever be compliant because of the difficulty in obtaining and maintaining a register of email addresses.[29] 

2.34      Some stakeholders also raised concerns about the practical difficulties of requirements to maintain an email address on a register. For example, AMP noted that it experiences a bounce back rate of around 2 per cent due to email addresses no longer being valid or mail boxes being full and rejecting emails.[30] It was also noted that email addresses often change when people change internet providers or jobs.

2.35      If it were a mandatory requirement on companies to maintain email addresses on the register, they may be held accountable when email communications are not transmitted, potentially leading to significant costs in attempting to remedy a situation where they are not at fault.[31]

2.36      In response to concerns about the strict liability issue, Mr Jaworski suggested that the requirement for mandatory email addresses could be amended to ensure that it only operated where an email address had been provided to the organisation.[32]

2.37      In a similar vein, Herbert Smith Freehills considered that the inclusion of an email address should be optional:

If the section is amended to require the inclusion of email addresses in the register, that requirement should be subject to the member first having been asked whether they would prefer all communications to be sent to them electronically and to be notified that their email address will be publically available on the register.[33]

2.38      The vexed question of who would be responsible for maintaining a register of members was also raised by stakeholders. Registry Direct contended that security holders should be required to supply an email address, rather than security issuers to collect them:

We believe the onus should be on security holders to supply their email address and update any changes and not the issuer to collect them. The onus on the issuers should merely be to record what information is supplied and updated. This is because only the security holder knows their email address.[34]

2.39      The Australian Institute of Company Directors provided a summary of the implications arising from the mandatory requirement to maintain a register:

The bill impacts across all company types and sizes, and the strict liability offence for failure to comply makes it particularly important that practical compliance and the legal impacts of the proposed change are well thought through.[35]

Privacy and cyber security concerns

2.40      Several stakeholders were concerned about the privacy implications of registers once a copy had been received. CPA Australia highlighted that:

There are no provisions in the [Corporations] Act that address how long a copy of the register may be retained, whether a member has any rights to ask their details not be provided (opt-out), continued use of the copy of the register and when the copy of the register should be destroyed and how.[36]

2.41      The Governance Institute of Australia outlined its privacy concerns:

We note that the provisions of section 14 of the Privacy Act (1988) which requires that personal information be store securely to prevent its loss or misuse is at odds with placing a person's name and email address on  register which can be inspected by anyone who makes are request.[37]

2.42      CPA Australia went on to question the obligations on those who access the register of members:

...as it currently stands, an entity is required by force of law to disclose personal information of its members, but...the recipient of that information is under no obligation to either protect the security of the personal information disclosed to it, or to securely destroy that personal information once the purpose for which it has been obtained has been fulfilled.

2.43      Mr Brett Stevenson rebuked the arguments about privacy:

...most of these concerns expressed in submissions can be just as easily applied to the current legislated members register with members address details. The addition of an email address merely provides a more relevant mode of communication rather than adding to privacy issues.[38]

2.44      While noting the protections and safeguards under section 177 of the Corporations Act, the Governance Institute of Australia raised concerns about the potential for malicious cyber-attacks to result from the improper use of email address information on a register of members:

A cyber attack against a company's register could take place before the relevant company had time to respond or warn its members, causing reputational damage to the company concerned and enormous disruption to its day to day operations. Another consequence of spam, phishing or cyber attack is that it often renders the recipient's email address unusable as the provider shuts down the account, causing considerable inconvenience to those affected.[39] 

2.45      AMP also raised concerns about cyber security:

It is unclear what a company's obligations and liabilities are in these circumstances and what, if any, additional steps should be taken by companies to mitigate against these risks. We believe that a thorough examination of these matters is warranted before any changes are made to the law as contemplated by the Bill.[40]

2.46      Indeed, the Australian Institute of Company Directors cited concerns about the misuse of information from register of members being shared or sold to third parties with little chance of detection prior to a breach.[41]

2.47      To better balance privacy expectations with respect to access to member information, some stakeholders supported the exploration of alternative mechanisms for facilitating member communications. For example, the use of third party distribution bodies may allow for communication through the member register but reduce the risk of information from the register being misused.[42]

2.48      The Australian Institute of Company Directors elaborated of what a framework for a third party distribution mechanism would likely include:

  • guidance on the types of distribution entities that would be appropriate (these might be agreed between the parties, set by the company or defined in regulatory guidance by ASIC);
  • guidance on the circumstances where a third party distribution model might be used (this could be at the election of the company on a case by case basis);
  • the applicant bearing the cost of the third party distribution (as per the status quo, where applicants would currently bear the cost of contacting members using the register details);
  • a requirement for all members to be contacted even where they have not provided electronic addresses, to avoid disenfranchising members who opt for hard copy communication (as per the concerns flagged by the Australian Shareholders’ Association);
  • the company being the decision-making body on whether the application is for a proper purpose, and retaining the right to request an extension of time for review from ASIC (as per section 173(3) of the Corporations Act)—that is, no ‘filter’ rights for the third party distribution body. This could be supported by greater guidance in the regulations or from ASIC on proper or improper purposes to assist companies in assessing requests; and
  • the third party distribution body being a logistics provider only.[43]

2.49      The Australian Institute of Company Directors considered that:

...this model would provide company members with a greater degree of comfort in the use of their personal information on Registers and should not be overly complex to establish.[44]

Committee view

2.50      While the committee acknowledges the intent of the bill to promote easier and faster member communication, it is adamant that the numerous and varied unintended consequences raised by stakeholders have the potential to result in significant and costly burdens on all types of corporate structures.

2.51      The committee notes that the bill in its current form does not contain provisions for members that do not or are not willing to provide an email address for a register of members, and, as such, the proposed measure would place an undue burden on companies and issuers beyond what is considered reasonable. While the optional provision of an email address and transition provisions may assist companies in this regard, these proposals do not form part of the bill as drafted.

2.52      In addition, privacy concerns and cyber security threats are ever present and the points raised by stakeholders should be thoroughly considered as part of a larger consideration of modernising communication methods under the Corporations Act.

Recommendation 1

2.53      The committee recommends that the Senate do not pass the bill.

Senator Jane Hume
Chair

Navigation: Previous Page | Contents | Next Page