ASIC v Bekier [2026] -- What It Means for AI Governance

On 5 March 2026, the Federal Court of Australia handed down its judgment in ASIC v Bekier. The case concerned Star Entertainment Group, its former CEO Rob Bekier, and former Chief Legal Officer Paula Martin. ASIC alleged that both officers had breached their duties under sections 180 and 189 of the Corporations Act.

The court found Bekier and Martin personally liable. The judgment did not turn on whether they had good intentions or believed they were acting appropriately. It turned on what they could demonstrate with contemporaneous evidence.

The case has become a reference point for corporate governance because the court articulated a standard that applies far beyond casino regulation. The standard is structural: directors and officers must be able to show, with evidence that existed at the time of action, that governance was in place and functioning.

The court's analysis can be distilled into three questions that every director and officer must be able to answer:

Who was responsible? Not in the abstract sense of organisational charts, but specifically: who had authority over this action, who delegated that authority, and was the delegation appropriate? The court examined whether the delegation chain was clear and documented.

What did they know? What information was available to the decision-maker at the time? What should they have known given their role? The court assessed not just what information was provided, but what systems were in place to surface relevant information.

What did they do? Given their responsibility and their knowledge, what action did they take? Did they exercise appropriate judgment? Did they escalate when required? Did they document their reasoning?

These three questions are not new in corporate law. What is new is the emphasis on contemporaneous evidence. The court did not accept post-hoc explanations assembled after the crisis. It required evidence that existed at the time the decisions were made.

The court's emphasis on contemporaneous records represents a shift from outcome-based to process-based assessment. The question is not simply "did something go wrong?" but "was governance functioning at the time?"

Post-hoc explanations are inherently suspect. When a crisis occurs, institutions reconstruct what happened from emails, calendar entries, Slack messages, and human memory. This reconstruction is shaped by hindsight, coloured by the desire to demonstrate competence, and limited by what was preserved.

Contemporaneous records are different. They exist because the governance process produced them, not because someone assembled them after the fact. Board minutes taken during a meeting, constraint checks logged at the moment of action, escalation records created when an issue was flagged -- these are evidence of governance in operation, not governance reconstructed.

The court's standard creates a practical requirement: institutions need governance processes that produce evidence as a byproduct, not governance that relies on post-hoc documentation. If your governance evidence depends on someone remembering to write it down after the fact, it will not meet the standard.

ASIC v Bekier was not an AI governance case. But its implications for AI governance are profound.

AI agents act at machine speed. A deployment, a data transfer, a customer communication, a regulatory response -- these can happen in milliseconds. There is no time for a human to document the governance context before the action completes. If governance evidence is not produced contemporaneously -- automatically, at the moment of action -- it cannot be produced at all.

This creates a specific problem: the three questions from ASIC v Bekier become much harder to answer when AI agents are involved.

Who was responsible? When an AI agent acts, the delegation chain is often unclear. Was it IT (who deployed the agent), the business unit (who configured it), the vendor (who built the model), or the board (who approved the AI strategy)? Without explicit delegation boundaries, no one owns the action -- and everyone is exposed.

What did they know? AI agents have access to data, but "what did they know" in the governance sense means: what constraints governed their actions, what information were they authorised to use, and what boundaries were they operating within? If these constraints are not documented and enforced structurally, the answer is: we do not know what the agent knew.

What did they do? If there is no governance infrastructure intercepting AI agent actions, the only record of what the agent did is its operational log -- timestamps and API calls. This tells you what happened in the system, not whether it was appropriate, authorised, or within governance boundaries.

The Proof Layer is the infrastructure response to the ASIC v Bekier standard. It is the layer of governance infrastructure that produces contemporaneous governance evidence at the moment of action.

Unlike operational logs (which record system events) or audit trails (which are compiled after the fact), the Proof Layer captures the governance dimension: who had authority, what constraints were checked, whether the action was within boundaries, and what happened when it was not.

In Constellation, the Proof Layer operates through several mechanisms:

The governance gate intercepts actions before they execute and checks them against institutional constraints. Every check -- pass, block, or escalation -- is recorded with the constraint that was evaluated, the action that was attempted, and the outcome. This is contemporaneous evidence by construction.

Delegation boundaries are explicit and enforced. When authority is delegated, the delegation is recorded. When an action is attempted within or outside a delegation boundary, the boundary check is logged. The chain of authority is traceable at any point.

Escalation records capture not just that an escalation occurred, but what triggered it, who it was routed to, and how it was resolved. The full lifecycle of a governance event -- from detection to resolution -- exists in the governance trace.

The result is that the three questions from ASIC v Bekier are answerable from the governance trace at any moment, without reconstruction. Who was responsible: the delegation chain. What did they know: the constraints and information boundaries. What did they do: the governance events and their outcomes.

The implications of ASIC v Bekier extend across every governance role in an institution.

CEOs carry ultimate executive responsibility. When an AI agent acts outside its boundaries, the CEO must demonstrate that appropriate governance infrastructure was in place -- not just that a policy existed, but that the policy was structurally enforced. See /for/ceos for how Constellation addresses CEO-specific governance requirements.

CFOs face particular exposure around financial delegation. AI agents that commit expenditure, approve transactions, or generate financial reports operate within the CFO's governance domain. The three-question standard applies directly to financial governance infrastructure. See /for/cfos for financial governance specifics.

General Counsel must advise on whether the institution's governance infrastructure meets the contemporaneous evidence standard. If governance relies on manual documentation, post-hoc reconstruction, or policies that are not structurally enforced, the legal exposure is significant. See /for/general-counsel for the legal governance perspective.

Boards are responsible for the governance framework. ASIC v Bekier makes clear that directors cannot rely on management attestations alone -- they need evidence that governance systems are functioning. Governance telemetry and the Proof Layer provide this evidence automatically, transforming board oversight from periodic review to continuous assurance. See /for/boards for board-level governance infrastructure.