The Federal Court’s judgment in ASIC v Bekier (5 March 2026) is a clear warning: boards and executives are expected to actively oversee non financial risks and control the information flows that support decision making. Failures to do so can cause harm to investors and the community, invite regulatory sanction, and create personal liability.
This case attracted considerable coverage, but the more instructive story is not the headlines. It is the conditions that allowed failures to persist, and what boards should be doing now to respond.
This is the first time ASIC pursued an entire board and executive or an alleged section 180 breach centred on non financial risk. That makes it a watershed moment in how directors’ duties and governance expectations are applied.
What the Court actually found
ASIC pursued eleven current and former directors and officers of Star for alleged breaches of the duty of care and diligence, with particular focus on collective responsibility for risk. The Court found that two former senior executives breached their duties in relation to their handling of non-financial risks (a further two admitted breaches and settled in 2025).
ASIC’s case against the non executive directors failed; the Court was not satisfied their conduct fell below standard. That does not mean governance was sound. The four year long proceeding absorbed attention, attracted intense scrutiny and caused lasting reputational damage.
The information problem
A central theme was information: what reached the Board, in what form, and what directors did with it. Justice Lee stated that “directors cannot rely upon an inability to cope with the volume of information they receive” and that information must be “comprehensive and capable of proper digestion.” Board minutes showed little challenge where risks were obvious. Non executive directors argued key information was “buried” in large board packs.
What organisations can do. Start with a board reporting audit. Test what is reported, how risk items are highlighted, and whether material issues are clearly flagged or lost in detail. Boards should define the format and depth of risk reporting, covering both financial and non financial risks. A standing risk dashboard at every meeting, with minuted discussion of key items, is a practical step. If your board pack consistently exceeds what can be read and thought about properly, that is a governance red flag.
The escalation failure
ASIC Chair Joe Longo highlighted that senior executives have a critical responsibility to identify, manage and escalate serious risks to the Board. In Star’s case, escalation did not occur consistently or with the required urgency. ASIC argued the CEO and General Counsel “manifestly let Star’s Board down” by failing to inform directors of risks that could seriously affect regulatory compliance.
In any organisation, the flow of material risk information from management to the board is fragile. When that flow is filtered, delayed, or minimised, boards cannot exercise effective oversight.
What organisations can do. Define, in plain language, what constitutes a material risk or compliance issue needing immediate board notification. Give the Board direct channels to the General Counsel, Chief Risk Officer and internal audit, independent of the CEO. Boards that hear only what the CEO chooses to share are structurally exposed. Periodic private sessions with risk and internal audit are a practical test of escalation culture.
Culture and conduct at the executive level
The Bell 2 Report (2024) described Star’s executive group as dysfunctional, with weak governance and limited independence from its parent. It noted executives approached the regulator as if “preparing for war.” For any organisation, the way executives engage with regulators says a great deal about culture. Boards should be actively interested in both the substance and the tone of those interactions.
What organisations can do. Ask executives to characterise key regulatory relationships. If regulators are consistently framed as adversaries, that warrants direct board scrutiny. A regulatory engagement strategy that sets expectations for tone, transparency and conduct, especially under pressure, provides an important guardrail. Culture is defined by how leadership behaves when the situation is difficult, not when it is comfortable.
Governance structure and leadership continuity
The judgment drew a sharper line between board and management responsibilities. The Court was critical of how senior executives handled non financial risks and risk information but did not find non executive directors in breach, given the way information flowed.
The Bell Report also highlighted the impact of a prolonged vacancy in the Star Sydney CEO role (April 2023 – February 2024) noting that extended vacancies in key roles weaken oversight and blur accountability.
What organisations can do. Clarify the division of responsibilities between board and management in charters and delegations. Periodically trace a sample of risk decisions from frontline to Board to confirm who is deciding what, on what authority, and information. Extend succession planning to every role with material compliance, legal, financial or risk responsibility. Ensure the Board’s skills mix matches the organisation’s risk profile; where non financial risk expertise is thin, refresh composition or seek support.
Compliance culture: the hidden non-compliance problem
The Bell 2 Report detailed instances where compliance obligations were not just unmet but concealed. Inspectors observed a patron exceed the three hour welfare check threshold without contact; the officer on duty had falsely recorded a check. Further investigation revealed six other officers had done the same over an extended period.
The real issue is not the breach, but what it reveals about compliance culture. When frontline staff falsify compliance records, boards must ask not only why that occurred, but whether conditions existed for such behaviour to be detected and reported. Psychological safety, speak up culture and the credibility of internal escalation pathways are central.
What organisations can do. Assess speak up culture honestly. Consider whether people genuinely believe they can raise concerns without consequence. Complaints processes, incident data and anonymous surveys often reveal issues that formal reporting does not. Boards should receive regular metrics on compliance culture, including complaints and incidents, and confirm that compliance has enough independence and access to raise issues directly. Where compliance is structurally subordinate to the business lines it oversees, the conditions for concealment already exist.
Risk management: the illusion of control
On paper, Star’s risk management framework looked robust. In practice, key non financial risks were downplayed. Management presented an impression of progress while serious regulatory and control failures, and unresolved audit findings, persisted. Telling the Board what it expects to hear rather than what it needs to know is a common risk in complex organisations.
What boards should do now. Treat risk management as something to be tested, not simply reported. Consider commissioning independent deep dives into a small number of top risks each year, following each from the register to frontline. Review the “ugly data”: near misses, repeat audit findings, overrides and exceptions. Set clear risk thresholds and insist on escalation. Ensure the Chief Risk Officer and Internal Audit have direct access to the Board and are assessed on quality of challenge, not absence of issues. Align remuneration so executives are rewarded for candid escalation and durable remediation, not just short term performance.
What this means for mid-market boards
The Star case is extreme in its scale but the underlying risk and governance conditions that allowed these failures to develop can be present to varying degrees in many organisations.
Several practical questions emerge for boards and executive teams to consider honestly:
- Do board information flows surface material risks clearly, or is key information buried in volume?
- Is there a shared, well understood standard for what requires board level escalation?
- Does the Board genuinely test the information it receives, or largely accept management’s narrative?
- Has the risk management framework been independently reviewed? Does the Board have direct access to internal audit?
- How does the Board understand and shape the organisation’s relationship with regulators?
- Is your compliance culture one where breaches are reported and resolved, or where the appearance of compliance is enough?
These are uncomfortable questions. They are far less uncomfortable than answering them in front of a regulator.
A note on the AICD’s response
The Australian Institute of Company Directors has emphasised that the judgment confirms existing legal and governance principles remain sound; the courts have simply articulated more clearly what it requires in practice. Justice Lee highlighted the responsibility of directors, particularly chairs supported by company secretaries, is to strengthen board reporting and consider proactively what information the Board requires. For boards that have not recently reviewed their governance, this is a timely prompt.
Contact Us
Moore Australia’s Governance and Risk Advisory team works with boards and executive teams to strengthen governance frameworks, risk management, board reporting and compliance cultures that hold up under regulatory and public scrutiny.
If the issues raised in this article are relevant to your organisation, we would welcome a conversation.
At the time of writing, it is not known whether any of the parties will appeal the decision.
