Above Board: Board Advisory and Governance Update – Autumn 2026

TJustice Michael Lee’s decision in ASIC’s civil penalty proceedings against former non-executive directors (NEDs) of The Star Entertainment Group provides a useful judicial restatement of directors’ duty of care. ASIC’s case against the NEDs failed because the regulator could not prove the specific pleaded contraventions against each individual. His Honour held that the statutory duty of care in section 180(1) of the Corporations Act is inherently contextual, requiring assessment of what a reasonable director, in that director’s actual position and informed by the knowledge available at the time, would have done — and that the Court must avoid hindsight reconstruction of events.

The Court contrasted governance failings attributable to management with the board‑level oversight failures alleged against the NEDs. Justice Lee reiterated the central principle – established in the AWA litigation in 1995 and confirmed in the case against the Centro Group NEDs in 2011, that directors have a core, irreducible obligation to place themselves in a position to guide and monitor the management of the company. Directors are entitled to rely on the “judgment, information and advice of management and other officers” for as long as it is reasonable to do so. Red flags or contradictory information might make reliance unreasonable, but that was not the case here.

The decision contains some interesting observations about directors’ obligation to manage the quantity and quality of information that comes to them. His Honour observed that the information must be in a form “that is both comprehensive and capable of proper digestion”, and the board (through the Chair) must insist on it. A director is “required to take reasonable steps to place themselves in a position to guide and monitor the management of the company, and is expected to take a diligent and intelligent interest in the information available to them, understand that information, and apply an enquiring mind to their responsibilities”. 

The decision in the Star Entertainment case also highlights the responsibilities under section 180(1) of company secretaries who combine their role with that of general counsel. ASIC succeeded against Star’s former Company Secretary and Chief Legal & Risk Officer, on the basis that the duty of care applies across the full spectrum of an officer’s functions – not just the duties attaching to the role that carries a formal title that qualifies the person as an “officer” (here, the role of Company Secretary). Company secretaries who hold hybrid roles in legal, governance, risk management and regulatory engagement have a statutory (not just contractual) duty to exercise due care in each of those areas, particularly when providing assurance to the board or liaising with regulators, and can be considered to have a proactive duty to directly advise the board of legal risk if they consider the board has not been adequately informed. 

The ASX’s Advisory Group on Corporate Governance has announced its direction for updating the Corporate Governance Principles and Recommendations (CGPR), with plans to make a draft available for public consultation in Q3 2026. Its media release dated 1 April signalled that the Advisory Group would retain the existing eight principles, and recommend that each “be accompanied by a short statement that explains why the principle is important”. Explanatory material will replace the previous commentary, to provide general background but not to create additional compliance and reporting obligations. The new approach will highlight the centrality of the ‘if not, why not’ approach, recognising that the general principles may sometimes be satisfied through alternative arrangements. 

The Advisory Group also recognised the important role that board diversity plays to strong corporate governance, and will retain a numerical gender diversity target for boards of ASX300 companies but not recommend a numerical target for other diversity characteristics or require disclosure of these characteristics for individual directors. It will also recommend that the approach of setting out additional recommendations to support governance of entities incorporated in other jurisdictions that are consistent with Australian law be maintained. 

ASIC has implemented an important security measure for directors, by removing residential addresses from current and historical company extracts purchased through its public companies extract service. Residential address data remains in the registry for law‑enforcement and regulatory purposes but is no longer available at low cost to the general public. The change anticipates further reforms to modernise registry operations, improve identity assurance and integrate Director Identification Numbers (DINs) with the companies’ registers. Treasury is concurrently consulting on these further reforms. Submissions closed in February 2026.

We were pleased to advise the Australian Institute of Company Directors on this important reform concerning directors’ residential addresses, first proposed by the Corporate Law Simplification Taskforce in 1993, which brings Australia in line with other major commercial jurisdictions. 

The Australasian Centre for Corporate Responsibility (ACCR) has appealed the Federal Court’s February 2026 decision dismissing its greenwashing allegations against Santos Limited. At first instance, Justice Markovic found that the terms “clean energy” and “clean fuel” lacked fixed meaning in the relevant industry context, and that Santos’ 2030 and 2040 emissions‑reduction targets were forward-looking statements supported by reasonable contemporaneous grounds.

The decision of the Federal Court also highlighted the need for companies to understand and consider the target audience for sustainability-related representations, to verify and ensure that such representations are supported by reasonable grounds (underpinned by robust internal processes, including appropriate analysis and supporting materials) and to carefully consider whether any omissions may make underlying claims misleading or deceptive.

In its appeal, the ACCR argues that the judgment sets disclosure standards too low relative to market and investor expectations and that clarification is needed on:

• the evidentiary standard for forward‑looking climate statements;
• the scope of “reasonable grounds” in net‑zero transition planning; and
• how courts should evaluate assumptions and uncertainties underpinning climate‑related claims.

The outcome of the case will be of key importance as more companies transition to an enhanced reporting regime around sustainability with the phased introduction of mandatory climate-related financial disclosures. 

The Federal Court recently ordered FIIG Securities to pay $2.5 million after it admitted failing to maintain adequate cyber‑security systems, including failing to detect or respond promptly to a significant breach in 2023 that exposed approximately 385 GB of sensitive client data. 

Justice Derrington held that while no organisation can prevent all cyberattacks, FIIG’s multi‑year underinvestment, inadequate controls, and poor implementation of its own security policies constituted breaches of its obligations as the holder of an Australian Financial Services Licence. These include an obligation to carry on its financial services business “efficiently, honestly and fairly”. 

The decision highlights the need for Australian Financial Services Licensees to not only have appropriate risk management frameworks in place, but to also ensure that those frameworks are actively applied, monitored and enforced, supported by ongoing training and regular (at least annual) testing.

Oversight and management of risks – including cyber risks – is a key responsibility for boards and directors and inadequate oversight has the potential to expose directors and other officers to potential personal liability and penalties. 

In 2012, ASX introduced a new requirement for entities seeking to list which required them to establish that their officers were of “good fame and character”. These requirements (which now find themselves in Listing Rule 1.1, Condition 20) are typically addressed by the provision of a criminal history check, bankruptcy check and statutory declaration confirming a number of matters relevant to this determination. While ASX is able to take into account any other information in its possession, ASX usually has regard to the materials submitted and the assessment is straightforward because nothing materially negative is revealed. 

In response to questions from listing applicants seeking guidance from ASX in circumstances where the lodged materials do contain relevant information, ASX recently published Compliance Update no. 01/26. This update contains a series of non-exhaustive issues (with illustrative examples) that ASX will take into account in making its assessment of “good fame and character”. 

There are 14 factors provided which go to matters including the nature of the conduct (and the outcome); when the conduct occurred; the existence and nature of any subsequent conduct; whether other board positions have since been held; and whether positive character references can be obtained from reputable associates.

While this is useful background, the update makes clear that ASX still expects listing applicants who know of negative information to bring that information to ASX's attention at the earliest opportunity. In certain circumstances, ASX also indicates that it may require any positive representation about good fame and character to be set out in the listing prospectus itself.  

ASX takes these matters seriously because they have the potential to affect the reputation and integrity of the market. Notwithstanding the update, close consultation with ASX on any matters revealed will remain essential. 

The Productivity Commission’s final reports from the five‑pillars inquiries, released in December 2025, highlight the extent to which regulatory settings have become a drag on economic dynamism. Its recommendations for improving the process of regulatory reform, contained in the final report entitled Creating a More Dynamic and Resilient Economy, focus on changing practices and attitudes within government, rather than advocating for an approach that engages business and the community more directly as many submissions had proposed. The Commission’s recommendations are that the Australian Government should:

• set a clear agenda for regulatory reform and regulatory burden reduction;
• set targets for regulatory burden reduction and commit to a comprehensive reporting regime to hold government to account for progress;
• bolster high-level scrutiny of regulations, and
• enhance regulatory practice to deliver growth, competition and innovation. 

Separately, the Senate Select Committee on Productivity in Australia has included an examination of regulatory burdens and their impact on productivity in its inquiry which is due to report in September 2026. 

Ms Sarah Court has been appointed as the next Chair of ASIC and will take over the role when Mr Joe Longo’s term concludes in May 2026. With a strong enforcement background and a leadership role in cyber‑resilience and governance‑related enforcement, Ms Court’s appointment signals continuity in ASIC’s approach to regulatory oversight and enforcement. ASIC announced its 2026 regulatory priorities in November 2025, and we expect they will be carried forward under Ms Court’s leadership. 

Importantly for entities outside the financial sector, they include a focus on financial reporting misconduct including failure to lodge financial reports. On 31 March 2026, ASIC announced that three large proprietary companies associated with the Mecca cosmetics retailing group paid $594,000 in infringement notices after allegedly failing to lodge audited financial reports on time.