ASIC v Bekier: The Three Questions Every CEO, CFO, and Director Must Now Answer

A landmark Federal Court decision, handed down 5 March 2026, establishes the governing accountability standard for institutional governance. Here is what it means for you.

Roshan Ghadamian··6 min read

What the Case Is

ASIC v Bekier [2026] FCA 196 is a landmark Federal Court civil penalty case brought by ASIC against the CEO, General Counsel, CFO, Chief Casino Officer, and all non-executive directors of Star Entertainment Group for breach of directors' duties under section 180(1) of the Corporations Act.

The core facts: Star's executives knew about serious anti-money laundering failures, criminal activity in a VIP gambling room, and misconduct around banking arrangements. The information existed inside the organisation. It was not escalated properly. Decisions were made without boards being adequately informed.

The judgment was handed down on 5 March 2026. It is the current legal standard in Australia for how courts assess governance accountability.

The Three Questions

The court's analysis centres on three questions that apply to any governance failure. These are not abstract principles. They are the questions that regulators, insurers, and boards will ask — and for which contemporaneous records are the only adequate answer.

Who was responsible? Not who signed the approval form. Who held institutional accountability for the decision, the system, or the process that failed? The court traces accountability to the person with authority over the relevant domain — not the person who happened to be in the room.

What did they know? What information existed, at the time of the decision, that was available to the responsible person? The court does not ask whether you read every report. It asks whether the governance infrastructure surfaced the right information to the right person at the right time. If it did not, the infrastructure failed — and the person accountable for that infrastructure is exposed.

What did they do? Given what they knew (or should have known), what action did they take? The court examines contemporaneous records — not post-hoc explanations, not reconstructed timelines, not "we would have done X if we had known." Records produced at the moment of the decision. If those records do not exist, the court draws its own conclusions.

The Surprising Outcome: Executive Exposure, Not Board Exposure

The CEO and the Chief Legal and Risk Officer were found to have breached their duties. The claims against the non-executive directors failed.

This is directly relevant to how organisations think about governance risk. The liability landed on the executives who held and controlled information flow — not on the board members who received curated summaries.

For CEOs and CFOs, this means the risk is not just "board exposure." It is executive exposure — specifically when executives control what reaches the board and what does not. If you are the person who decides what the board sees, and the governance infrastructure does not produce an independent record of what information existed and how it was handled, you are the person the court will scrutinise.

For non-executive directors and NEDs, the outcome is more nuanced than "you are safe." The directors were not found liable in this case because the information was controlled by executives. But if directors had independent access to governance data — dashboards, real-time constraint violations, escalation logs — and failed to act on it, the analysis would be different. The case establishes that what you had access to determines what you are accountable for.

What This Means for CEOs

If you are the CEO, the Bekier standard means your governance infrastructure is no longer optional. It is personal liability infrastructure.

The court does not ask whether you had good intentions. It does not ask whether you had a governance framework document. It assesses the claim by reference to the corporation's circumstances and the responsibilities of the particular office — on a detailed evidentiary record.

In practical terms: when something goes wrong with an AI agent, a compliance process, a financial decision, or an operational failure, the court will reconstruct what you knew, when you knew it, what you did with it, and whether your governance infrastructure produced contemporaneous evidence of all of that. If it did not — if your governance is advisory rather than recorded — you are defending yourself from memory against a regulator with documents.

The question is not whether you are diligent. The question is whether your infrastructure produces the evidence that you are.

What This Means for CFOs

For CFOs, the Bekier standard intersects with financial governance at every point. Financial thresholds, spending authorities, budget commitments, and regulatory reporting all involve decisions where the three questions apply.

The specific risk: a CFO who sets financial controls but lacks governance telemetry — contemporaneous records of who authorised what spend, on what basis, against what constraint — is exposed if those controls fail. The court will ask not whether controls existed, but whether the CFO had evidence that they were being enforced at the moment of each decision.

With AI agents now capable of committing budget, processing transactions, and generating financial reports, the volume of financially consequential decisions has multiplied. The CFO's accountability surface has expanded correspondingly. Manual review cycles — quarterly audits, monthly reconciliations — cannot produce the contemporaneous evidence the Bekier standard requires for decisions that happen continuously.

What This Means for Non-Executive Directors and NEDs

The Bekier outcome — directors not liable because information was controlled by executives — is a double-edged finding. It protects directors who genuinely lacked access to critical information. But it also means that any system that gives directors independent access to governance data raises the bar for what directors are expected to act on.

If your organisation deploys Constellation or any governance infrastructure that surfaces real-time constraint violations, escalation logs, and decision traces to the board, directors can no longer claim they did not know. The infrastructure produces the evidence. The question shifts from "did you know?" to "what did you do about what the system showed you?"

For NEDs specifically, this creates a new duty of engagement with governance data. The days of relying solely on management reports and board packs are numbered — not because management is untrustworthy, but because the legal standard now asks whether better information was available and whether you accessed it.

The practical advice: if your organisation has governance infrastructure, use it. If it surfaces a violation, act on it. The Bekier standard means the evidence of your engagement — or your non-engagement — will be contemporaneous and reconstructable.

What Adequate Governance Infrastructure Requires

The Bekier standard is answerable. But it is answerable only from governance infrastructure that produces contemporaneous records — not retrospective documentation.

Three capabilities are required:

Governance telemetry. Distinct from operational telemetry. Engineering telemetry tells you what the system did. Governance telemetry tells you who decided, on what basis, and with what authority. Every consequential action — human or AI — must produce a governance trace at the moment it occurs.

The Proof Layer. The infrastructure that ensures the three questions are answerable from records, not from memory. Who was responsible: recorded at the moment of delegation. What they knew: recorded at the moment information was surfaced. What they did: recorded at the moment action was taken. The Proof Layer is not an audit log. It is a legal-grade evidence architecture.

Classification at the design link. Not all decisions carry equal governance weight. A decision to mandate AI tool adoption across 30,000 engineers requires different governance infrastructure than a decision to approve a team lunch. Risk classification at the design link — before deployment, before the decision is made — ensures that governance resources are allocated proportionally.

This is what Constellation builds. Not a compliance dashboard. Not a policy management tool. Governance infrastructure that produces the contemporaneous evidence the Bekier standard requires — automatically, at the moment of action, before anyone needs it.

The moment you need the evidence is the moment it is too late to build it.

Related Glossary Terms

Governance TraceGovernance Debt

Related Posts

Amazon Did Not Have a Coding Problem. It Had a Governance Architecture Problem.What the AWS outages reveal about the difference between oversight and governance — and why "senior sign-off" is not a fix.Corporate Governance in 2026: What's Changed and What Hasn'tAI agents are making decisions, teams are distributed, and the speed of business has doubled. Board structures haven't moved.The Board's AI Blind Spot: What Directors Don't Know About Agent GovernanceMost boards think AI governance means ethics policies and responsible AI statements. What it actually requires is moment-of-action enforcement for autonomous agents making decisions on behalf of the organisation.

Related Comparisons

vs board softwarevs grc software

See governance infrastructure in action

Constellation enforces corporate governance at the moment of action — for both humans and AI agents.

How it worksFree governance health check
← All postsBrowse glossary →