Are you planning to buy or sell a business this year? 2023 is home to a raft of regulatory changes that could materially affect your business sale or acquisition. Recent amendments to the unfair contracts terms regime (UCT Regime) and the Privacy Act 1988 (Cth) (Privacy Act) are exposing businesses to increased regulatory scrutiny and requiring entities to review and update their internal processes.
In this article, we discuss the key regulatory areas which are shifting and should be further considered by stakeholders when conducting legal due diligence on a target entity or business.
A five-fold increase in penalties and a strengthening of the legislation surrounding unfair contract terms raises a looming risk that buyers need to consider when approaching legal due diligence.
On and from 9 November 2023, a standard form contract will fall under the UCT Regime if one party employed fewer than 100 persons or had a turnover in the last income year of less than $10 million.
The changes will affect:
See our summary of the changes to the unfair contracts regime, including penalties.
Due diligence considerations
There is an increasing shift to review standard form contracts through the lens of the upcoming UCT Regime, and compliance reviews can be substantial if a business uses a wide range of standard form contracts.
For each contract that a buyer is hoping to renew after 9 November 2023, a buyer should consider:
Sellers should review their standard form contracts or terms and conditions to ensure they comply with the UCT Regime. Not only is this good as a matter of best practice, but a compliant set of standard form contracts will provide buyers with comfort that the business complies (and will continue to comply after 9 November 2023) with its obligations under the UCT Regime.
Buyer scrutiny on privacy and data security continues an upwards trajectory. Large-scale data breaches were rampant during 2022 and this threat is not showing any signs of slowing down in 2023.
In response to this concerning trend, the government has taken steps to discourage businesses from overlooking their data security obligations. The Privacy Act saw a refurbishment in late 2022 when maximum penalties were significantly increased and the OAIC was granted new investigatory and enforcement powers.
These changes substantially increase risk exposure to privacy and data security issues, particularly given that the OAIC is already making use of its new powers and has been proactively reviewing data handling practices. Loss of goodwill and customer retention, combined with substantial regulatory penalties, can be a significant risk for a buyer.
In addition to stringent technical due diligence on a target, a prudent buyer should:
The government is also considering the recommendations of the recent Privacy Act Review Report (read our summary here). Stakeholders should carefully watch this space, particularly in relation to a potential new right for individuals to take direct action in courts.
The above changes are only the tip of the iceberg for shifts in regulatory matters in the remainder of this year. Stakeholders will also need to consider changing views and increased regulatory action in relation to matters such as:
Our national M&A team has significant experience in undertaking legal due diligence investigations and advising buyers (and sellers) of potential risks. If you have any questions or need assistance, contact a member of our team below.
The information in this article is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, we do not guarantee that the information in this article is accurate at the date it is received or that it will continue to be accurate in the future.