In this edition, we cover the Australian Institute of Company Directors’ (AICD) latest Director Sentiment Index (DSI), which records sharply rising board concern about cost pressures, artificial intelligence (AI) and global volatility. In regulatory news, the Australian Securities and Investments Commission (ASIC) released two significant publications on 20 April 2026: a consultation on ASIC Regulatory Guide (RG) updates implementing reforms to financial market infrastructure (FMI) and an 18-month implementation roadmap for the new digital assets framework. We also discuss new G+T insights on how frontier Mythos-class AI is reshaping cyber security risk for boards.
In Over the Horizon, we revisit Australia’s energy security arrangements as Iran’s seizure of two cargo ships in the Strait of Hormuz pushes Brent crude back above USD100 per barrel ahead of the Reserve Bank of Australia’s (RBA) May meeting and the Federal Budget.
Governance
Rising costs, AI and global volatility top board concerns in latest AICD survey
On 16 April 2026, the AICD released its DSI for the first half of 2026, drawing on a survey of 828 company directors. Productivity growth remains the leading issue directors want governments to address, and a quarter of respondents reported global economic conditions have already reduced their investment plans. Almost 90% of directors surveyed expect business costs to rise and 84% anticipate further interest rate rises in the next six months. Notably, 41% believe current RBA monetary settings will trigger a major uptick in business insolvencies. Concerns about AI, cyber security and regulatory burden also continue to climb, with 68% of directors reporting that regulatory and compliance requirements are limiting productivity growth in their business. Directors should consider these findings when framing board discussions around strategy, capital allocation and risk appetite, particularly as organisations prepare for financial year-end reporting and navigate the evolving geopolitical and macroeconomic outlook.
Frontier AI and the evolving cyber risk landscape for boards
In two recent G+T insights published on 21 April 2026, we examine how Mythos-class autonomous AI systems are significantly lowering the time, cost and expertise required to find and weaponise software vulnerabilities, accelerating attack cycles to what is described as ‘machine speed’. We also consider existing obligations relevant to directors, including Australian Prudential Regulation Authority's CPS 234 (Information Security), CPS 230 (Operational Risk Management) and CPS 220 (Risk Management), as well as critical infrastructure risk management program obligations under the Security of Critical Infrastructure Act 2018 (Cth).
For directors, the practical message is that traditional cyber assurance models (periodic penetration testing, vendor questionnaires and tabletop exercises) may no longer reliably measure resilience. Directors should be asking management whether current threat models and third-party assurance programmes adequately account for the speed and autonomy of AI-enabled attackers. In particular, boards should ensure that incident response and business continuity plans, as well as continuous disclosure protocols, have been tested against scenarios in which the exploit window has compressed from weeks to hours.
Regulatory
ASIC consults on updated guidance for financial market infrastructure reforms
On 20 April 2026, ASIC released proposed updates to RG 172, RG 249 and RG 268 to implement the Treasury Laws Amendment (Financial Market Infrastructure and Other Measures) Act 2024 (Cth) (FMI Act), which received Royal Assent on 17 September 2024. The FMI Act strengthened ASIC’s and the RBA’s licensing, supervisory and enforcement powers across financial market operators, clearing and settlement facilities, derivative trade repositories and benchmark administrators. The FMI Act also introduced several additional measures:
- New fit and proper and capability standards for ‘core officers’ of FMI licensees.
- A new FMI banning order regime.
- Expanded oversight of foreign FMIs with a significant Australian nexus.
- A reallocation of certain Ministerial powers to ASIC.
The proposed RG updates seek to align ASIC’s regulatory guidance with the FMI Act. Submissions close at 5pm (AEST) on 25 May 2026. While the population of FMI licensees is small, directors of entities operating Australian market infrastructure should take the opportunity presented by the consultation to review their existing director and senior officer assessment processes, succession planning and internal escalation pathways against ASIC’s proposed guidance.
ASIC publishes implementation roadmap for digital assets platform licensing framework
On 20 April 2026, ASIC published an 18-month implementation roadmap for licensing, supervising and enforcing the new digital assets regime introduced by the Corporations Amendment (Digital Assets Framework) Act 2026 (Cth) (DAF Act). The DAF Act received Royal Assent on 8 April 2026 and brings digital asset platforms and tokenised custody platforms within the financial services licensing regime from 9 April 2027, with a six-month transition period following that date. The roadmap sets out ASIC's phased approach to licensing pathways, transitional relief and supervisory expectations across that period. We unpack the implications in a recent G+T insight. Directors should note that licensing applications, capital and custody requirements and responsible manager assessments will require significant lead time. Directors of digital asset platforms, custodians, exchange-traded product issuers and listed entities with material digital asset exposures should not wait for commencement. Audit committees of listed issuers holding digital assets on the balance sheet should begin scoping disclosure and accounting implications now.
Over the Horizon
Strait of Hormuz seizures, Brent above USD100 and the May RBA meeting: converging risks ahead of the Federal Budget
On 22 April 2026, Iran's Islamic Revolutionary Guard Corps fired on three vessels in the Strait of Hormuz, seizing two and damaging a third. President Trump extended the US-Iran ceasefire on an open-ended basis while maintaining the US naval blockade. Iran maintains that reopening the strait is conditional on the blockade being lifted. As at 28 April, peace talks remain stalled: Trump cancelled a planned visit by his envoys to Pakistan over the weekend, while Iran submitted a new peace proposal that the White House says is under review. Iran's Foreign Minister Abbas Araghchi has also met with Russian President Vladimir Putin in St Petersburg as part of a broader diplomatic push. Brent crude traded above USD100 per barrel on 22 April, closing the following week at around USD108, up more than 50% since the conflict began on 28 February 2026. The escalation is the latest leg of an energy and supply-chain story that has run through recent editions of Boardroom Brief, and it lands squarely between the RBA’s 4–5 May 2026 Monetary Policy Board meeting (where many commentators now expect a further cash-rate increase) and the 12 May 2026 Federal Budget. For boards, the practical implications are converging rather than discrete. First, continuous disclosure positions on forward-looking earnings guidance, hedging assumptions and cost pass-through mechanisms should be stress-tested against a sustained ‘Brent-above-USD100’ scenario. Second, with both the US and Iran seizing commercial vessels, sanctions screening and trade-finance arrangements warrant review, as do war-risk premiums and any gaps between insured and actual exposure. Finally, cyber resilience (compounded by the AI-enabled threat profile discussed above) should also be on the risk committee agenda, with a clear line of sight through to the FY26 results announcement window.