Beyond the Boardroom: What the Star Entertainment decision means for governance leaders

Drawing on our recent Dynamic Board webinar, which attracted more than 1,700 registrations, this article explores the issues raised most frequently by in‑house participants and what the decision tells us about governance failures that occur before matters reach the boardroom.

Governance failed before the boardroom

A central theme of the judgment is that governance failure did not occur because the board ignored clear warnings.  Rather, it occurred because risk never crystallised into a decision point.

As the evidence showed:

• material risks were known within management;
• information reached the board in fragmented ways, if at all; and
• risks were never escalated in a form that demanded board attention and a board decision.

This framing is critical for in‑house counsel. The Court repeatedly emphasised that passing information is not the same as creating awareness. The failure was not simply one of disclosure, but of synthesis, framing and escalation.

The GC as a control point – not a support function

One of the most important – and challenging – aspects of the decision is the Court’s treatment of the General Counsel (GC) / Chief Legal & Risk Officer (CLRO).

Justice Lee made it clear that a senior legal leader is not merely a support function. In this case, the GC/CLRO was assessed holistically as an “officer” under section 180(1) of the Corporations Act 2001 (Cth), with personal obligations shaped by:

• proximity to material risks;
• access to information not available to the board;
• responsibility for synthesising and framing risk; and
• influence over how and whether matters escalated.

Justice Lee made the stark observation that a senior in-house counsel would know that they have a client, which is the company that employs them – and not the CEO of that client.

For in‑house lawyers, this reinforces a fundamental principle: loyalty runs to the company, and that loyalty may require interrupting or bypassing management flow, not deferring to it.

China UnionPay, conflation and misleading communications

The China UnionPay issues illustrate how legal risk can harden into personal exposure.

In this case:

• issues that were properly matters of legal compliance and risk management were treated as operational problems to be worked around, rather than escalated through appropriate legal and governance channels;
• misleading external communications were prepared and sent with the GC/CLRO’s knowledge; and
• the board was not informed of the organisation’s misleading responses to the Star’s banker’s, or the broader relationship risks that were emerging.

The takeaway for in‑house counsel is not simply “don’t mislead”, but also:

• ensure clarity about what the organisation is representing externally, be alert to broader relational risk with key stakeholders, and brief the board as necessary;
• be alert to the risk that operational practices – however well-intentioned – may conflict with or circumvent legal obligations, and intervene before they do; and
• intervene early where explanations begin to drift from reality.

In the Star case, the GC/CLRO appears to have been actively involved in deceptive activity.  The challenge for other GCs is to ensure that a course of action that seems justifiable does not over time drift into an illegal zone.  More broadly, the decision highlights the risks that arise when a GC is involved in preparing or approving external communications to stakeholders.  Misleading or inaccurate communications – even those framed as operational updates – can damage the organisation’s credibility and expose individuals to personal liability, regardless of how the communication is labelled.  The framing does not insulate the individuals responsible from the consequences of inaccuracy.

Segregated GC and CRO roles – who must escalate?

A recurring question during the webinar was whether responsibility to notify the board sits with a Chief Risk Officer (CRO) rather than a GC when those roles are separated.

The decision does not provide a neat job‑description answer. Instead, it reinforces that:

• responsibility follows knowledge, proximity and influence, not title alone; and
• where a legal leader is aware of material risk and understands its significance, deferring escalation because “someone else owns the risk” is unacceptable and may itself create personal exposure.

Segregated roles can reduce risk – but only if escalation paths are deliberately designed and actively used. Structural separation is not a defence if it creates knowledge asymmetry between management and the board or if it results in risks falling between roles.

CEO filtering – a silent risk

Several participants in our webinar queried whether CEO filtering was a decisive issue.

While not labelled explicitly as such, the judgment strongly criticises informal and incomplete escalation, including:

• reliance on CEO summaries,
• failure to provide full reports to directors, and
• normalisation of repeated “yellow flags”.

The Court was clear that senior officers cannot deflect responsibility to the CEO for filtering or holding back information. If a reasonable officer in a comparable position to Ms Martin’s would understand that directors are relying on them to alert the board to serious risks, then allowing those risks to be filtered away is itself a failure of duty.

The Chair and CoSec dynamic

The judgment also carries implicit lessons about how information actually flows to the board – and the roles played by the Chair (through agenda-setting, tone and follow-up) and the Company Secretary (CoSec) (through governance discipline and escalation quality).  Where that relationship is informal, overly deferential or reliant on side-channel conversations, risk has a way of quietly dissipating before it reaches a decision point.

This does not mean the CoSec polices the Chair.  But it does mean the role is no longer invisible where governance systems fail. The fair characterisation is that the CoSec’s function has not become broader – but it has become more visible where information flow breaks down.

Legal advice, privilege and dual GC/CoSec roles

Another area of acute interest was the intersection between:

• legal advice;
• risk management; and
• legal professional privilege – particularly where a GC also acts as CoSec.

The decision does not suggest that GCs’ advice is not privileged simply because it is shared with the board.  However, it does reinforce the need for discipline to:

• clearly distinguish legal advice from governance or operational reporting; and
• record when advice is given in your role as a lawyer.

Dual GC/CoSec roles are common and legitimate, but they may increase exposure at the role boundaries, especially where legal advice becomes intertwined with executive decision‑making.

How far down the in‑house chain does this extend?

Participants also asked whether these obligations could extend to senior legal counsel reporting to a GC.

The answer is necessarily fact‑specific. Exposure increases where a lawyer:

• sits close to material risk;
• meaningfully contributes to board papers or escalation decisions, including through having a direct reporting line to the board; and
• understands that their input is relied upon by decision‑makers.

Not every in‑house lawyer has a duty to notify the board directly. But every in‑house lawyer has a duty to escalate serious risk to the level at which it can be addressed. Silence is not a morally neutral decision where material risk is only understood by the in-house counsel.

AI, board packs and accountability

The Court’s comments on board packs and AI use prompted lively discussion.

The judgment makes clear that:

• accountability does not shift because AI tools are used;
• volume of information is not a substitute for clarity; and
• boards and management share responsibility for curation.

Several participants asked whether boards should have formal AI policies. The better question may be whether governance processes are designed to surface what matters, regardless of the tools used.

A related concern is the growing trend of directors relying on AI summaries to condense board packs – effectively outsourcing the reading to the tool.  That sits uncomfortably with the judgment’s emphasis on accountability and curation.  A more defensible approach is to read the pack in full first and then use AI to stress-test or sharpen thinking.  The distinction matters: AI used to challenge thinking after the work has been done is leverage; AI used instead of reading the pack is over-reliance – and, in light of this decision, a potential exposure.  The Court stressed that any use of AI to assist comprehension must be controlled and transparent, and governed by a board policy.  Above all else, the duty of care and diligence requires informed human judgement, which cannot be displaced by reliance on AI.

Key takeaways

For in‑house legal leaders, the Star decision reinforces that personal exposure tends to sit in the gaps:

• between information and escalation,
• between awareness and action, and
• between trust and abdication.

Pragmatically, reasonable GCs and legal leaders should focus on four control disciplines:

1. See risk early
2. Frame it clearly
3. Escalate deliberately
4. Ensure it lands with and is understood by the right decision‑makers

Above all, the case is a reminder that strong governance is not just about what happens in the boardroom. It is about who ensures that the right issues get there in the first place.

These lessons are not confined to GCs and senior legal leaders.  The governance chain is only as strong as the understanding of each person within it.  When those who contribute to board reporting, risk synthesis and escalation decisions appreciate the significance of what they are doing – and the consequences when it is done poorly – the organisation’s collective capacity to manage governance risk improves materially.