INSIGHT

ASIC increases scrutiny of financial reporting obligations for large proprietary companies

By Chelsey Drake, Tom Hall
ASIC Boards & NEDS Corporate Governance

If you identify a gap, act swiftly 5 min read

Large proprietary companies have strict statutory financial reporting obligations. Failure to comply—even inadvertently—exposes both companies and their officers to significant penalties. 

The Australian Securities and Investments Commission (ASIC) has identified financial reporting misconduct, including failure to lodge financial reports, as an enforcement priority for 2026. Consequently, there has been a sharp uptick in surveillance and, in some circumstances, a serious step-change in the penalties imposed for non-compliance. 
 
As many companies embark on a new financial year, the message is clear—financial reporting obligations are not just an administrative formality. 
 
In this Insight, we examine ASIC's recent enforcement focus and consider the issues and practical steps companies can take where they encounter non-compliance. 

Key takeaways 

  • With ASIC making enforcement of financial reporting obligations a stated priority for 2026, it is actively monitoring the market, and the quantum and frequency of enforcement action has escalated markedly.
  • Infringement notices are ASIC's enforcement tool of choice; however, an infringement notice attaches only to the most recent breach, as they must be issued within 12 months of a contravention. The attached penalties have amounted to hundreds of thousands of dollars per entity—significantly higher than penalties in the past.
  • Companies that discover non-compliance should act quickly, and carefully weigh their options. Infringement notices involve dialogue with ASIC, and we think it is likely to view voluntary disclosure and genuine remediation favourably.

Background

For many years, failure to lodge financial reports has not—absent some other kind of misfeasance—resulted in much regulatory scrutiny. Action was infrequent, penalties were modest, and many companies—particularly those operating as subsidiaries within larger groups—operated under the understandable but mistaken assumption that group-level reporting covered their individual obligations.

Times have changed and failure to lodge financial reports, even where the failure is inadvertent and the result of a misunderstanding of financial reporting requirements, is now attracting major regulatory attention and action. 

ASIC has stated that it will continue to monitor and address lodgement failures, including taking regulatory action for ongoing non-compliance.

 

What are the financial reporting obligations for large companies?

Under Part 2M.3 of the Corporations Act, large proprietary companies must prepare and lodge audited financial statements with ASIC and give them to members following the conclusion of each financial year.

More specifically, three separate obligations arise:

  • Preparation: Section 292 obliges a large proprietary company to prepare a financial report (containing the content described in s295) and a directors' report for each financial year.
  • Distribution to members: Sections 314 and 315 require those reports, together with auditor's reports, to be given to members by the earlier of 21 days before the next annual general meeting or four months after the end of the relevant financial year.
  • Lodgement with ASIC: Section 319 requires companies to lodge the financial report and directors' report with ASIC within four months of the end of the relevant financial year.

A company is a large proprietary company for the purposes of s45A(3) of the Corporations Act if it and the entities it controls together satisfy at least two of three thresholds: revenue, assets and number of employees.

While it is a black-and-white assessment of whether the indicia is satisfied, there are several factors that can complicate or obfuscate the outcome. These include when entities transition from small to large during a reporting period; entities not factoring in the entities they control; entities wrongly relying on group-level reporting relief instruments (or assuming they are in place); and foreign-controlled entities being subject to different requirements. There are also large entities that simply do not get their reports filed in time.

What are the penalties?

The Corporations Act imposes multiple layers of liability, and penalties apply per contravention—meaning a company that has failed to lodge for multiple years faces potential exposure across each of those years. These make for sober reading in the context of what might otherwise be characterised as an administrative breach.

  • Company-level criminal liability: If a company fails to lodge a financial report with ASIC within four months of the end of a financial year, it commits a strict liability criminal offence. The test for contravention does not require the failure to have been knowing, deliberate, reckless or negligent. The current maximum penalty is $396,000 per contravention.
  • Liability for directors: Under s344, directors who fail to take all reasonable steps to secure compliance with s319 also commit an offence, which becomes a criminal offence where there is an element of dishonesty. Maximum penalties include fines of up to $1.485 million, or three times any benefit gained or detriment avoided, as well as potential imprisonment of up to 15 years and disqualification.
  • Liability for company secretaries: Where a company fails to comply with s319, the company's secretary automatically commits a civil penalty contravention under s188. A defence is available where the secretary can demonstrate that they took reasonable steps to ensure compliance. The maximum penalty is the greater of $1.65 million or three times the benefit gained or detriment avoided, and ASIC may also seek disqualification.

These penalties apply per contravention, and so could—in an enforcement scenario—be levied for each financial year of non-compliance. The value of a single penalty unit will also be subject to indexation on 1 July 2026, so these figures will soon increase.

Section 1322(4) offers a mechanism for relief from liability for past contraventions, including by practically extending the time for lodgement of financial reports, and providing relief from civil liability for the company and its directors and officers, but it requires a court application, the outcome of which would be far from certain.

 

ASIC's recent regulatory focus

The trajectory of enforcement activity tells a striking story.

Before ASIC's focus in this area, enforcement action relating to failure to lodge financial reports tended to focus on particular entities alleged not to have complied over a number of years, often coupled with other non-compliance such as failure to hold an AGM. Penalties were considerably below the statutory maximums —the largest fine issued in 2022 was $40,000 for failure to lodge four financial reports.

The landscape has changed materially. In 2025, an ASIC investigation found poor compliance by grandfathered companies1 where more than half of entities it had investigated had not lodged financial reports on time, and nor had auditors made notifications of lodgement breaches.

ASIC subsequently launched a broader surveillance exercise focused on non-lodgement by large proprietary companies, examining a range of data sources to identify companies with significant revenue, assets or large numbers of employees that had not lodged financial reports. Of the 217 companies ASIC engaged with, it alleges that 70%—151 companies—were non-compliant for failing to lodge a financial report for one or more of the FY23 and/or FY24 years.

Enforcement has followed. In December 2024, ASIC issued infringement notices to 12 large proprietary companies for allegedly failing to lodge their FY24 audited financial reports on time, with notices of at least $187,800 issued in each instance—totalling more than $2.2 million across the 12 entities. Since then, the regulator has continued to ramp up the pressure, actively following up entities where it spots a gap, and imposing record fines on several private corporate groups and instituting court proceedings against at least one public group.

So, ASIC's position is clear: there is heightened regulatory scrutiny regarding non-compliance with financial reporting obligations, and the quantum of penalties being levied is increasing.

Several enforcement patterns are worth noting. Even when historical non-compliance dating back multiple years is uncovered, ASIC has tended to issue infringement notices limited to the most recent instance of non-compliance, rather than instigate proceedings—an approach that may be procedurally more straightforward, and proportionate to the alleged misconduct.

While penalties are higher than in the past, they are still substantially less than the theoretical statutory maximum, and targeted to specific provisions rather than every individual breach that may have occurred—eg in the December 2024 enforcement action, ASIC issued notices for failure to lodge reports with it, but did not separately pursue entities for failure to give those reports to members (assuming the companies did not do so). It also did not pursue actions against individual directors and officers.

Beyond the financial penalties themselves, companies subject to ASIC infringement notices face a risk that may prove far more damaging in practice: the reputational consequences of public enforcement action. ASIC routinely publishes media releases announcing the issue of infringement notices, naming the entities involved and identifying the specific contraventions alleged. This publicity is not incidental; it is a deliberate element of the regulator's enforcement strategy. For many companies, the adverse publicity may attract greater scrutiny than the penalty itself.

What to do if you discover non-compliance

The discovery of a financial reporting gap—whether through internal review, a change in auditors, a group restructure or a reclassification of an entity's size—requires prompt and considered action. Several factors will shape the appropriate response.

  • Act quickly. The Corporations Act treats failure to lodge as a continuing offence, and a separate offence is generated for each day that the relevant reports remain outstanding. This means that the longer non-compliance continues, the greater the exposure.
  • Understand the auditor's position. A company's auditor is required under s311 of the Corporations Act to report suspected contraventions to ASIC. Where a company engages an auditor—whether to prepare historical reports or as part of broader group reporting—they will, in all likelihood, become aware of past non-compliance and be compelled to report it to ASIC. Auditors are on notice to lodge breach reports, given ASIC's pointed commentary about the absence of such filings when it undertook its initial surveillance in 2025.
  • Weigh your remediation options carefully. Companies facing historical non-compliance have a range of options—from prospective compliance only, to lodging reports for some or all of the historical period, to seeking court relief under s1322(4) of the Corporations Act. Each option carries different risk and cost profiles, and the right path will depend on the extent of the non-compliance, the resources available for remediation and the company's broader regulatory relationship with ASIC.
  • Don't overlook officers. Individual liability for company secretaries is automatic unless it can be established that the relevant officer took reasonable steps to ensure compliance. Directors will separately have contravened s344 as a result of the company's failure, regardless of whether the failure was dishonest.

In our experience, ASIC is likely to view voluntary disclosure and genuine remediation efforts favourably when determining its approach to enforcement action. Proactive engagement—rather than having the regulator learn of the non-compliance through its own surveillance or a mandatory auditor report—may be important in achieving a positive outcome, including how any non-compliance may be reported publicly.

The bottom line

Financial reporting obligations exist to ensure that creditors, members and the market have access to accurate and timely information about large private companies. ASIC's recent enforcement activity reflects a genuine commitment to enforcing those obligations—and a willingness to issue substantial penalties where companies fall short.

We know from ASIC's enforcement and surveillance activity that it is looking at the data it has available and determining where it thinks reports should have been filed—and following up with companies when it thinks something is amiss.

The practical lesson is straightforward: know which entities within your group are classified as large proprietary companies; confirm that any exemptions or instruments being relied upon are properly available; ensure reports are prepared, audited and lodged on time; and act swiftly if a gap is identified. In an environment where ASIC is actively scanning the market for non-compliance, hoping the problem goes away is not a strategy.

If you would like to discuss your company's financial reporting obligations or how to respond to a non-compliance situation, please contact a member of our team.

Footnotes

  1. That is, a large proprietary company that met specific criteria, including having been a large proprietary company since 1995 and having its financial statements audited for all financial years since 1995, and was exempt from publicly filing financial reports so long as they were prepared and audited. In 2022, the financial report lodgement exemption for grandfathered companies was removed and they became required to lodge their financial reports with ASIC.