ASIC flags climate reporting as top regulatory priority
Disclosures and representations about climate-related targets by companies will be a critical focus as the government rolls out mandatory reporting, ASIC warns.
With ASIC set to administer the government’s proposed mandatory climate-related disclosure regime when it comes into effect, the regulator said this is an area it will be closely watching over the next few years.
In a speech last week, ASIC commissioner Alan Kirkland said protecting market integrity throughout Australia’s transformation to net zero will be critical.
He noted that around 90 per cent of global GDP is now covered by a net zero target at around mid-century and that locally, companies covering 80 per cent of the market capitalisation of the ASX200 have set climate-related targets.
“ASIC will administer the government’s proposed mandatory climate-related disclosure regime when it comes into effect. As with any new regime, we will take a pragmatic approach to its supervision and enforcement – and will develop guidance to help entities meet their obligations,” Kirkland said.
“Once fully implemented, it is anticipated the regime may apply to more than 6,000 entities. To allow time for the necessary preparations, it will be phased in over a number of years.”
Kirkland said the corporate regulator would like industry to begin thinking about what it needs to do today to meet those obligations, and to start preparing now.
“This means considering and putting into place the necessary systems, processes and governance practices. It also means thinking about the data you will require – and how you will record it,” he said.
Kirkland said while the direct reporting requirements are intended to apply only to large businesses and financial institutions, ASIC is aware that some small and medium-sized businesses may need to engage with climate reporting considerations as a supplier to these large companies.
“On this point, we have recently published some information for SMEs on our website,” he said.
As organisations prepare for the upcoming reporting obligations, Kirkland said that ASIC will continue to closely monitor greenwashing.
“ASIC has been active under longstanding financial consumer protection laws in addressing greenwashing, particularly in relation to superannuation and investment products,” he said.
“We won our first greenwashing civil penalty action, against Vanguard Investments, and have two other civil penalty proceedings underway in the Federal Court. We have also achieved more than 60 corrective disclosure outcomes, issued 17 infringement notices and have a number of further inquiries and investigations underway.”
Kirkland said the regulator’s work in this area was grounded in the prohibition of misleading or deceptive representations, which has been a feature of Australian consumer protection law for 50 years.
“I make that point because it signals an important feature of ASIC’s approach to enforcement in areas of emerging harm: while we welcome and support law reform where it can improve market integrity and consumer protection, we won’t wait for law reform where we see misconduct that breaches existing requirements,” he said.
ASIC will also be closely monitoring cyber security issues and the importance of businesses “upping their game”, said Kirkland.
“Preventing and responding to cyber-attacks, hacks and data leaks – as with scams and other forms of digitally enabled misconduct – requires the public and private sectors to work together,” he said.
“When it comes to cyber resilience, we are not just thinking about what firms can do to prevent an attack – but how they prepare for, manage and respond to one when it happens.”
ASIC, as part of the Council of Financial Regulators (CFR), recently carried out a series of simulated cyber attacks with large organisations across the financial services and markets sectors.
“These exercises exposed critical vulnerabilities. Perhaps most worrying though was the concerning level of inadequacy in password management – which is surely one of the most fundamental cyber defences,” said Kirkland.
“So, while it is fair to describe cyber-attacks as an ever-growing threat, there are some very simple steps businesses should be taking, which as these recent exercises show, many aren’t.”
