ESG Regulatory Compliance: ASIC, APRA, ACCC and Australian Governance Obligations

ESG governance is subject to oversight by multiple Australian regulators. ASIC oversees listed companies and financial services disclosure obligations. APRA supervises prudential compliance for banks, insurers, and superannuation funds. ACCC addresses consumer protection and competition. Understanding regulatory expectations is essential to managing ESG governance and compliance risk.

This article explores key Australian regulators’ ESG roles and obligations. For Corporations Act detail, see our article on ESG and the Corporations Act. For specific compliance areas, see articles on whistleblower protections, privacy governance, and other compliance topics.

ASIC: Australian Securities and Investments Commission

ASIC Role and ESG Oversight

ASIC regulates financial services, including listed companies. ASIC has signalled increased focus on ESG governance:

• Disclosure obligations: Listed companies must disclose material ESG risks (Listing Rules, Corporations Act)
• Director duties: ASIC investigates director conduct regarding ESG governance failures
• Misleading disclosure: ASIC takes enforcement action against misleading ESG claims or inadequate risk disclosure
• Remuneration governance: ASIC monitors remuneration frameworks and linkage to ESG targets

ASIC Enforcement Trends

ASIC has taken enforcement action in:

• Climate risk disclosure inadequacy (companies failing to disclose material climate risks)
• Misleading ESG claims (companies making unsupported sustainability claims)
• Governance failures (inadequate ESG risk management systems)
• Remuneration disclosure (inadequate disclosure of ESG remuneration linkage)

AASB S1 Compliance

ASIC enforces AASB S1 compliance for in-scope entities from January 2025, requiring governance disclosure regarding sustainability-related financial risks.

APRA: Australian Prudential Regulation Authority

APRA Prudential Standards

APRA supervises banks, insurers, and superannuation funds, requiring integration of climate risk (and increasingly other ESG risks) into risk management:

• Climate risk expectations: Financial institutions must assess climate risks, integrate into risk frameworks, disclose governance and risk management
• Culture and conduct: APRA expects strong governance of culture and conduct, preventing misconduct
• Operational risk: Cyber risk, supply chain disruption, and other operational risks must be managed
• Capital adequacy: Capital requirements reflect climate risks and other material risks

APRA Enforcement and Scrutiny

APRA has taken enforcement action against financial institutions with:

• Inadequate climate risk governance
• Insufficient climate risk disclosure
• Conduct governance failures
• Inadequate operational risk management

Financial institutions face close regulatory scrutiny of ESG governance.

ACCC: Australian Competition and Consumer Commission

Greenwashing and Consumer Protection

ACCC has enforcement powers against misleading or deceptive ESG claims. ACCC focus areas include:

• Greenwashing: Companies making misleading environmental claims without substantiation
• Unsubstantiated claims: Sustainability claims lacking evidence or testing
• Hidden qualifications: Material qualifications not adequately disclosed
• Consumer impact: Misleading claims affecting consumer purchasing decisions

Competition Considerations

ACCC also considers ESG in competition and consumer matters, including:

• Anti-competitive conduct affecting ESG transition (e.g., incumbent energy companies limiting renewable competition)
• Supply chain impacts on competition and consumer welfare
• Market concentration effects on ESG accountability

Other Australian Regulators

Clean Energy Regulator

The Clean Energy Regulator oversees:

• Renewable energy target compliance
• Emissions Trading Scheme (soon)
• Environmental governance for energy companies

ATO: Australian Taxation Office

The ATO’s Tax Transparency Code encourages disclosure of tax governance. ATO also monitors aggressive tax positions that may indicate broader governance issues.

OAIC: Office of the Australian Information Commissioner

OAIC enforces Privacy Act compliance including data breach notification and privacy governance requirements. (See our article on privacy governance.)

AIMA: Australian Information Security Authority

AIMA (part of ASD) provides cybersecurity guidance (Essential Eight, cyber maturity models) and enforces SOCI Act breach reporting requirements for critical infrastructure.

Regulatory Coordination and Expectations

Consistent Governance Expectations

While regulators have different focuses, they share consistent expectations:

• Board oversight: Board must actively oversee material ESG risks
• Risk management: ESG risks must be integrated into enterprise risk management
• Transparency: Material ESG information must be disclosed to stakeholders
• Accountability: Management must be accountable for ESG governance and performance
• Remediation: Governance failures must be investigated and remediated

Enforcement Trends

Across regulators, enforcement trends include:

• Increased scrutiny of ESG governance (director and officer conduct)
• Enforcement against misleading ESG claims (ACCC greenwashing focus)
• Requirements for financial institutions to integrate climate risk governance
• Mandatory disclosure requirements (AASB S1 for in-scope entities)
• Whistleblower protection enforcement (Corporations Act)

Managing Multi-Regulator Compliance

Compliance Framework

Organisations subject to multiple regulators should:

• Map regulatory obligations from each regulator
• Identify overlaps and conflicts
• Develop integrated governance framework addressing all obligations
• Avoid duplicative compliance efforts through integration
• Assign clear accountability for compliance with each regulator

Disclosure Consistency

Organisations should ensure disclosure consistency across regulatory filings:

• ESG risks disclosed to ASX and ASIC should be consistent
• Climate disclosures in APRA reporting should align with investor disclosures
• Tax governance disclosure (ATO) should reflect overall governance approach
• Inconsistencies create regulatory risk and stakeholder confusion

Key Takeaways

Multiple Australian regulators oversee ESG governance. ASIC requires disclosure and oversees Corporations Act compliance, including AASB S1 from January 2025. APRA requires prudential supervision of climate and operational risks for financial institutions. ACCC addresses greenwashing and consumer protection. Other regulators oversee specific aspects (Clean Energy Regulator, OAIC, AIMA). Organisations should understand obligations from each relevant regulator and develop integrated governance frameworks ensuring compliance with all requirements.

Frequently Asked Questions

Which regulator has primary authority over ESG governance?

Multiple regulators have authority over different aspects of ESG governance. ASIC oversees listed companies and Corporations Act compliance. APRA supervises financial institutions. ACCC addresses consumer protection and competition. Understanding each regulator’s role is essential.

What are the penalties for ESG governance breaches?

Penalties vary by breach type and regulator. Civil penalties can reach millions of dollars. Directors face personal liability. Criminal penalties may apply for serious offences. Reputational damage is also significant.

Does AASB S1 apply to all Australian companies?

No. AASB S1 applies to large proprietary companies, listed companies, and financial sector entities meeting size thresholds. Smaller companies are not mandatorily subject, but investor and stakeholder expectations for ESG governance are evolving.

How do organisations prepare for AASB S1 compliance?

Organisations should conduct readiness assessments, establish governance disclosure processes, implement assurance mechanisms, and prepare governance documentation required by AASB S1.

What ESG matters trigger ASIC or APRA investigation?

Governance failures affecting material risk management, misleading disclosure, remuneration governance issues, and director conduct matters trigger regulatory investigations.

How can organisations ensure they meet all regulator expectations?

Organisations should understand obligations from each relevant regulator, develop integrated governance frameworks, consult with regulators on interpretations, engage external advisors, and maintain regular compliance monitoring.