
Quick summary
The winter edition of Above Board highlights recent developments in corporate governance, board practice, directors’ duties and corporate reporting. During this quarter:
- Star penalties: Justice Michael Lee imposed significant penalties on the former chief executive officer and former general counsel of The Star Entertainment Group Limited, having earlier found that the Australian Securities and Investments Commission (ASIC) did not make out its negligence case against Star’s non-executive directors.
- Listed entity governance: ASX Limited (ASX) announced that public consultation on revisions to the Corporate Governance Principles and Recommendations will commence later in July.
- Continuous disclosure and directors’ liability: ASIC’s actions against directors of Nuix Limited and airline Regional Express Holdings Limited concluded.
- ASIC registries and directors’ personal information: The Bill to update ASIC’s corporate registry powers and integrate the Director Identification Number regime passed, with implications for the publication of directors’ personal information.
- Financial reporting: The May Budget foreshadowed that the financial reporting threshold for large proprietary companies will be increased, with the change flowing through to sustainability reporting.
- Sustainability reporting: ASIC and AICD released useful feedback on the early lessons for mandatory climate-related reporting, based on the experience of the first wave of Group 1 entities.
- Corporate group cross-guarantees: The May Budget foreshadowed measures to simplify consolidated reporting for corporate groups by removing the need for deeds of cross guarantee.
- APRA governance standards: APRA released a further consultation draft of the prudential standard CPS 510 on governance for APRA regulated entities.
- Better regulation: The Productivity Commission progressed to the next stage of its work on better regulation, launching a new inquiry on barriers to opening, expanding and closing businesses.
- Cyber governance: The Australian Signals Directorate announced a consultation on the evolution of the “Essential Eight” cyber security framework into a broader “Essentials” series.
- Whistleblower reforms: Treasury commenced the statutory review of effectiveness of corporate and tax whistleblower protections introduced in 2019, coinciding with a debate over whistleblower protection and the regulation of large consulting firms in the wake of events at KPMG.
Significant penalties imposed in ASIC’s case against the CEO and general counsel of Star
In March of this year and as reported in our Autumn edition of Above Board, in a well-publicised decision, Justice Michael Lee found that both the former Managing Director and CEO, and the former General Counsel, Company Secretary and Chief Legal and Risk Officer of The Star had each contravened their duty of care under section 180(1) of the Corporations Act. This was a result of their failure to take reasonable steps to address and escalate serious regulatory risks at Star’s casino operations. That decision, controversially (at least to some), held that Star’s non-executive directors had not breached section 180(1) on the case pleaded by ASIC. The liability decision did not address the penalties to be metred out to the CEO and the General Counsel, and in June Justice Lee handed down his decision on sanctions.
With perhaps a hint of defensiveness, before turning to the penalty question, in a strongly worded but ultimately toothless rebuke, Justice Lee took the opportunity to criticise the conduct of the non-executive directors, noting that the evidence did not generally indicate that any of the NEDs had taken a diligent and intelligent interest in the information provided to them, been vigilant to understand it or apply an enquiring mind to their responsibilities. His Honour was particularly critical of their failure, in a business he described as being pregnant with inherent and obvious risks, to pursue lines of enquiry that one might expect of a director in the circumstances.
Having (further) admonished the non-executive directors, Justice Lee turned his gaze, once more, to Mr Bekier and Ms Martin. He disqualified the former from managing corporations for six years and ordered him to pay a pecuniary penalty of $700,000 while the latter was disqualified for seven years and ordered to pay $400,000. They were also ordered to pay (on a joint and several basis), 45 per cent of ASIC’s costs, which while undisclosed, were no doubt substantial.
At least in relation to the pecuniary penalty, Mr Bekier and Ms Martin were lucky to avoid stronger sanctions. ASIC had sought substantially higher penalties – $1.3 million against Mr Bekier and $1.1 million against Ms Martin – but Justice Lee felt constrained by established principles of parity to have regard to the “generous” penalties against Star’s former CFO ($65,000) and Chief Casino Officer ($180,000) arising from the same general circumstances. These penalties had been imposed by the Court by consent between ASIC and these defendants at an earlier time (albeit quite late in the process).
There were a number of other factors that His Honour took into account in his determination of the appropriate penalty that are worthy of note:
- First, His Honour was particularly critical of, in His Honour’s view, the defendants’ lack of contrition or apparent insight into the nature of their impugned conduct and its impact on others.
- Second were the roles each of the defendants occupied, which were aggravating factors in assessing their conduct. Mr Bekier was Managing Director and CEO and, in that role, was required to take all reasonable steps to ensure that the Board was informed of pertinent legal, financial and reputational matters that created or increased the risk that The Star would breach its legal obligations. In the case of Ms Martin, she was an experienced lawyer occupying central legal, governance and risk responsibilities on whom the Board was reliant to bring to its attention matters that gave rise to real legal or reputational risks. She was also a solicitor with heightened obligations of honesty and candour.
- Third, the conduct of both Mr Bekier and Ms Martin was not limited to an isolated instance, but occurred over a period of time during the course of which regulatory compliance and anti-money laundering risks were becoming more prominent and the warning signs that Star was not meeting its obligations were becoming increasingly obvious.
- Fourth, The Star operated a business that was wholly dependent on its social licence and the risks inherent in that business demanded a degree of vigilance corresponding to those risks.
- Finally, in a warning to organisations inclined to gild the lily in communications with their bankers, The Star’s principal financier was entitled to expect complete candour and accuracy in communications concerning matters of obvious regulatory significance.
Notwithstanding some of the special features of The Star’s situation, Justice Lee’s judgment is a strong signal that the Court will treat seriously a breach by an officer of a corporation of their statutory duty of care and diligence. It remains also to be seen whether ASIC will be more reticent to make favourable accommodations with defendants, particularly if there is a risk that others being pursued will receive significantly reduced penalties if a contravention is found.
Revisions to ASX corporate governance principles progressing
The ASX’s Advisory Group on Corporate Governance (AGCG), chaired by Dr Philip Lowe, has announced its plan to release a consultation draft of the fifth edition of the Corporate Governance Principles and Recommendations (CGPR) in July. The AGCG aims to provide final advice to the ASX Board on a revised set of Principles by the end of 2026.
In its recent communiqué, the AGCG signalled that it would retain the existing eight principles and the ‘if not, why not’ approach that has characterised the CGPR since the first edition in 2003, while pursuing simplification and the removal of prescriptive or duplicative requirements.
The AGCG is expected to retain a numerical gender diversity target for boards of ASX300 companies, but not to set numerical targets for other diversity characteristics or require disclosure of characteristics for individual directors. It will also recommend a formal renewal cycle – for example, a review every three to four years – to provide certainty and ensure the Principles remain fit for purpose.
ASIC’s cases against directors caught up in continuous disclosure breaches conclude
ASIC’s civil penalty proceedings against intelligence software provider Nuix Limited and five of its former directors were dismissed. The judgment rejected ASIC’s allegations of misleading or deceptive conduct, breaches of continuous disclosure obligations, and breaches of the directors’ duty of care.
ASIC’s case concerned statements made by Nuix following its $1.8 billion IPO in December 2020. The regulator alleged that Nuix engaged in misleading or deceptive conduct when it reaffirmed prospectus revenue forecasts in early 2021, that it breached its continuous disclosure obligations by failing to disclose internal financial information, and that the then chief executive officer and non-executive directors breached their duty of care in failing to prevent the company from making the allegedly misleading statements.
The internal forecasts on which ASIC relied were management documents – insufficiently definite, confidential, and capable of falling within the Listing Rule 3.1A exception. Importantly, the Court confirmed that revenue forecasts are merely an expression of opinion about a future matter, and that a listed entity is not required to publish every internal forecast nor liable simply because outcomes differ from projections.
ASIC has indicated that it intends to appeal the decision in respect of Nuix (though not in respect of the directors). A shareholder class action is also scheduled for hearing later in 2026.
In another continuous disclosure case, ASIC alleged that Regional Express Holdings Limited (Rex) and four of its directors had contravened the continuous disclosure and directors' duties laws. The proceedings centred on a market announcement released by Rex on 28 February 2023, in which the company expressed confidence that it would achieve positive operating profits for the 2023 financial year. ASIC contended that, once the factual foundation for that statement had fallen away, Rex was required to inform the market accordingly and failed to do so. Following Rex's entry into voluntary administration, ASIC sought declarations against the company and pecuniary penalties and disqualification orders against the individual directors.
Justice Black held that Rex breached its continuous disclosure obligations under s 674A(2) from 14 April 2023 to 20 June 2023 by failing to disclose that it no longer had reasonable grounds for the earnings outlook conveyed in its February announcement. His Honour found that, by at least 14 April 2023, information available to the company – including severely constrained cash reserves, weak domestic sales performance and a deteriorating financial position – meant that the optimism previously communicated to the market no longer rested on a reasonable basis. The company's executive chair admitted contravening s 180 by failing to take reasonable steps to ensure compliance with Rex's continuous disclosure obligations. Justice Black accepted that admission, characterising the contravention as serious. Questions of penalty and disqualification were deferred for later determination.
But the Court dismissed ASIC's case against the three non-executive directors, concluding that ASIC had not established, to the standard required, that any of those directors actually knew that Rex no longer had reasonable grounds for maintaining its positive earnings outlook. Although materials before them, including a management email circulated on 14 April 2023 and matters discussed at a board meeting on 16 May 2023, were sufficient to give rise to concern, ASIC had not adduced expert evidence capable of demonstrating the conclusions that a reasonable director should have drawn from the financial information available at the time. In the absence of such evidence, the evidentiary gap could not be bridged by its own assessment or general commercial experience of the aviation industry.
His Honour nevertheless observed that, had the requisite knowledge been established, the alleged contraventions would have been made out and would properly have been regarded as serious. He further indicated that the directors' reliance on the statutory defence in s 189 would not have succeeded, as the directors declined to go into evidence.
Legislation to update ASIC’s corporate registry function passed
The Treasury Laws Amendment (Business Registries Stabilisation and Uplift) Act 2026 (Cth) passed just before the winter recess. The legislation contains measures that include linking the Director Identification Number to the companies’ registers, and allowing directors to nominate an alternative address, rather than a residential address, for registry purposes.
As we reported in the Autumn edition, directors’ residential addresses are currently removed from company searches. The new legislation raises two significant concerns. First, it gives ASIC a broad discretion under new s 1274AB(1) to disclose a director’s residential address – including to publish it – even where the director has nominated an alternative address Secondly, for directors who have not nominated an alternative address, the Bill contemplates that their residential addresses may again become publicly accessible.
We advised the Australian Institute of Company Directors on proposed amendments to the Bill to better protect the personal information of Australia’s 2.5 million company directors from misuse. The legislation leaves some important policy choices to ASIC, and we will continue to monitor the way in which it chooses to protect directors’ personal information.
Budget foreshadows increased reporting thresholds for large proprietary companies
The May 2026 Budget foreshadowed that the monetary thresholds determining whether a proprietary company is classified as “large” for financial reporting purposes will be doubled: from $50 million to $100 million in consolidated revenue, and from $25 million to $50 million in consolidated gross assets. The employee threshold (100 or more) remains unchanged. A proprietary company is classified as large if it satisfies at least two of the three criteria. Companies that fall below the new thresholds will no longer be required to lodge an annual audited financial report, directors’ report or sustainability report with ASIC.
The change will reduce the number of proprietary companies in Group 3 for mandatory sustainability reporting from 2028.
ASIC and AICD release useful feedback on sustainability reporting
ASIC has published early observations from its review of sustainability reports lodged under Chapter 2M of the Corporations Act, drawing on reports prepared by Group 1 entities for financial years commencing on or after 1 January 2025. The observations are directed at assisting other reporting entities as they approach the 30 June 2026 reporting season.
Key themes include the need for clear, effective and proximate disclosure of relevant judgments, assumptions and areas of measurement uncertainty. Where entities cross-reference information outside the sustainability report, they must still satisfy the disclosure requirements of AASB S2 Climate-related Disclosures. The definition of “climate-related targets” in AASB S2 should be carefully considered when determining what must be disclosed. In addition, disclaimers that are inconsistent with the statutory framework (e.g. that indicate that readers should not rely on the information to make investment decisions, or that disclaim responsibility for the accuracy or completeness of certain information) are not permitted to be used.
Separately, the AICD has usefully collected and published directors’ observations and “lessons learned”, emphasising the board’s responsibility to establish systems for identifying, assessing and monitoring material climate-related financial risks and opportunities. Directors need to have an adequate understanding of the reporting regime to enable them to challenge management and apply a critical lens to the disclosures made in the sustainability report.
Budget foreshadows measures to remove deeds of cross guarantee
The Budget also proposes to simplify reporting relief for corporate groups by replacing the current requirement to enter into deeds of cross guarantee with a streamlined statutory process. Under the existing mechanism, wholly-owned entities within a group may obtain relief from the requirement to prepare and lodge individual financial reports, but establishing and maintaining a deed is complex and administratively costly.
The proposed new process would preserve protections for those dealing with group companies – including the joint and several liability that currently underpins the deed mechanism – while reducing the cost and complexity of establishing, maintaining and varying group relief arrangements. This is a reform that has been discussed for some time, and boards and company secretaries responsible for managing existing deeds should monitor its progress.
APRA releases further consultation draft of governance standards
APRA has released an updated consultation draft of Prudential Standard CPS 510 Governance, overhauling its governance requirements for banks, insurers and superannuation trustees. The draft was published in June 2026 together with APRA’s formal response to feedback received during earlier consultation stages.
The revised standard addresses requirements for board governance, conflicts management, and the fitness and propriety of directors and senior executives. APRA has also proposed removing routine fit and proper reporting – signalling an intention to shift the emphasis from process-oriented compliance toward demonstrable governance effectiveness.
Notably, APRA has abandoned its earlier proposal that at least two independent non-executive directors of a regulated entity could not sit on any other board in the corporate group, but will remove the current presumption of independence for directors who serve on multiple group boards. The consultation remains open until end-August 2026, with a final standard planned for late 2026 and commencement expected from early 2028.
Productivity Commission begins regulatory reform inquiry
The Commonwealth Treasurer has asked the Productivity Commission to conduct a new inquiry into business dynamism. The inquiry, announced as part of the May 2026 Budget, will examine the barriers firms – particularly early-stage firms – face in opening, expanding and closing businesses, and consider whether Australia’s corporate, anti-phoenixing and personal insolvency frameworks are fit for purpose.
The inquiry follows the Commission’s final reports from the five-pillars inquiries released in January 2026. The Government says it is progressing 13 of the 17 reform areas identified by the Commission in that report, intending to reduce regulatory burden.
ASD consults on the evolution of the “Essential Eight” cyber security framework
The Australian Signals Directorate (ASD) has announced a national consultation on the evolution of its Essential Eight cyber security framework. The consultation is open until 12 July 2026. ASD has indicated that the Essential Eight guidance will form the first chapter of a broader “Essentials” series – titled “Essentials for enterprise IT” – with additional chapters to follow addressing other environments.
The Essential Eight Maturity Model – originally published in 2017 and substantively updated in 2022 and November 2023 – sets out eight prioritised mitigation strategies: application control, patching applications, configuring Microsoft Office macros, user application hardening, restricting administrative privileges, patching operating systems, multi-factor authentication, and regular backups. ASD’s 2025 Commonwealth Cyber Security Posture report noted that 22 per cent of federal government entities have reached overall Maturity Level 2, but that most organisations still fall below this benchmark. ASD expects Maturity Level 2 will increasingly become the baseline expectation for regulated sectors.
Treasury commences statutory review of whistleblower protections
Treasury has commenced the statutory review of the tax and corporate whistleblower protections in Part 9.4AAA of the Corporations Act 2001 (Cth) and the Taxation Administration Act 1953 (Cth), as required by the legislation. Submissions close on 29 July. The review will investigate whether the protections introduced in 2019 are working as intended, identify ongoing concerns, and recommend improvement where appropriate.
Robust governance is the key to every successful, sustainable and resilient business. Our specialist Board Advisory & Governance team works closely with boards and senior management in understanding stakeholder expectations and meeting contemporary governance standards.