Companies listed on the ASX must immediately inform the ASX if they become aware of information that a reasonable person would expect to have a material effect on the price or value of the company's shares. There are some safe-harbours, including where information is confidential and is a matter of supposition or insufficiently definite to warrant disclosure, or is generated for internal management purposes (ASX Listing Rules 3.1 and 3.1A, and Corporations Act s674).

Allegations of serious misconduct can potentially be information that is required to be disclosed to the ASX well before the issues are resolved by the courts. There have been a number of class actions against listed companies alleging that information about foreign bribery and compliance with anti-money laundering laws should have been disclosed to the ASX earlier than they were.

Companies that hold an Australian Financial Services Licence must report to ASIC any significant breach of their obligations as a financial services licensee (as set out in section 912A of the Corporations Act). The breach must be notified to ASIC within 10 days of when the company became aware of the breach and its significance (section 912D of the Corporations Act).

There are many ways in which serious misconduct like bribery and corruption can contravene the obligations of a financial services licensee and not all are obvious. For example, there may have been false or misleading representations made, company books and records may have been falsified, or services covered by the licence may not have been provided efficiently, honestly and fairly. Each of these things may give rise to a breach reporting obligation. There are very substantial penalties for every day that a breach report is delayed.

There are similar breach reporting obligations under other statutory licenses and permits. Each has its own requirements and scope.

In NSW, section 316(1) of the Crimes Act 1900 (NSW) makes it an offence for a person who fails, without reasonable excuse, to bring to the attention of the police the following information which they 'know or believe':

• that a serious indictable offence may have been committed; and

• that they have information that might be of material assistance in securing the apprehension, prosecution or conviction of the offender.

In NSW this replaces the previous common law offence of 'misprision of felony' (the only other jurisdiction in which misprision of felony has been expressly abolished is South Australia).

Misprision of felony is a similar offence and consists of knowing that a felony has been committed and failing to disclose that knowledge to those responsible for the preservation of the peace within a reasonable time, and having had a reasonable opportunity to do so.

A 'serious indictable offence' under the Crimes Act is one punishable by imprisonment for life or for a term of five years or more. In practice that means any offence such as bribery or serious fraud would be caught. If an investigation makes findings which tend towards a position that such conduct is (or may be) made out, then the requirement to notify law enforcement may be triggered.

The law regarding corporate attribution of knowledge (ie whether and when the company has the relevant knowledge of the conduct, as distinct from an individual employed by the company) is complex and should be carefully considered with the company's legal advisers.

Even in circumstances where a company considers it may not have a strict legal obligation to report the conduct, it should consider carefully whether it is appropriate to voluntarily self-report the conduct to authorities. See section 4.8.

It is increasingly common for commercial partners to require undertakings about compliance with laws, particularly anti-bribery and corruption laws, anti-money-laundering laws and sanctions laws, either in relevant contracts or in separate certificate or undertaking.

You may need to put in place procedures to ensure than any contracts entered into or certificates/undertakings given are accurate, and that any obligations to notify commercial partners under existing contracts or certificates are considered.

Company insurance, including Directors & Officers insurance, may cover some investigation costs and claims made in relation to the issue you are investigating. You will need to check your insurance policies to know if any costs or claims are covered.

If you have relevant insurance, it can be prudent to notify the insurers of the facts and circumstances that may give rise to a claim. Insurance contracts will typically exclude liability for claims that could or should have been notified in a previous insurance period. However, if you give the insurer notice in writing of facts and circumstances that might give rise to a claim as soon as reasonably practicable after becoming aware of those facts (and before the policy expires), the insurer cannot later deny liability just because the claim is made after the expiry of the insurance policy (section 40 of the Insurance Contracts Act 1984 (Cth)).

If the misconduct involves potential cartel conduct (price fixing; restricting outputs in the production and supply chain; allocating customers, suppliers or territories; or bid-rigging), there is a strong incentive to self-report to the ACCC promptly. The first party to self-report a cartel has the potential to gain immunity from civil or criminal liability for the cartel (including immunity for employees, officers or directors), provided they subsequently cooperate and assist the ACCC in gathering evidence and satisfy other conditions. Other parties to the cartel conduct which subsequently self-report and satisfy the cooperation obligations may qualify for leniency, as determined by the court. Before approaching the ACCC to self-report potential cartel conduct, you should obtain expert competition law advice.