Governance Guidelines
Sky Nexus Proprietary Limited is committed to strong corporate governance — transparent decision-making, sound risk management, and accountability to clients, employees, and the community. Our governance framework is aligned to the Corporations Act 2001 (Cth), ASX Corporate Governance Principles and Recommendations (4th Edition), and applicable APRA prudential standards.
Legal and regulatory framework
Our governance obligations arise from the following legislation and standards.
- Corporations Act 2001 (Cth) — director duties (ss 180–184), financial reporting (Chapter 2M), related party transactions (Chapter 2E)
- ASX Corporate Governance Principles and Recommendations, 4th Edition (2019) — 8 core governance principles applied on an 'if not, why not' basis
- APRA CPS 510 Governance — applied to the extent we hold or handle APRA-regulated client data
- APRA CPS 220 Risk Management — integrated risk management obligations
- APRA CPS 234 Information Security — Board-level accountability for information security
- Modern Slavery Act 2018 (Cth) — annual reporting on modern slavery risk in operations and supply chain
- Australian Sustainability Reporting Standards (ASRS) — we monitor AASB/AUASB developments and will report as standards are mandated
- ISO 31000:2018 Risk Management — principles and guidelines for our ERM framework
Board responsibilities
The Board of Directors is responsible for the strategic direction, oversight, and overall governance of Sky Nexus. Directors owe statutory duties of care, diligence, and good faith under the Corporations Act 2001 (Cth) ss 180–184.
- Set and monitor strategy, risk appetite, and culture
- Oversee financial performance and approve material transactions
- Appoint and evaluate the CEO and senior executives
- Ensure adequate financial reporting and audit controls (Corporations Act s 295A)
- Meet minimum quarterly; quorum and voting thresholds specified in the Company Constitution
- Majority of directors must be independent (ASX Principle 2)
- Board skills matrix reviewed annually and disclosed in governance reporting
Risk management (APRA CPS 220 / ISO 31000:2018)
We maintain an enterprise risk management (ERM) framework covering all material risk categories.
- Risk register maintained in a dedicated GRC platform; reviewed quarterly by executive leadership and reported to the Risk Committee
- Cyber risk — aligned to NIST CSF 2.0 and ASD Essential Eight; CISO reports directly to the Board annually
- Operational risk — business continuity plan and DR plan tested at minimum annually (ISO 22301:2019)
- Legal and compliance risk — dedicated legal counsel; regulatory change monitoring with 90-day incorporation SLA
- Third-party / supply chain risk — all material suppliers subject to security assessment; Modern Slavery due diligence conducted
- Strategic and reputational risk — Board-level horizon scanning; scenario planning conducted annually
Financial integrity (Corporations Act 2001)
Sky Nexus maintains rigorous financial controls and is committed to accurate, timely financial reporting.
- Financial accounts prepared in accordance with Australian Accounting Standards (AASB) and IFRS where applicable
- Annual external audit by a registered company auditor (Corporations Act s 307)
- Directors' declarations required under s 295A — financial statements give a true and fair view
- Segregation of duties enforced for all financial approvals; dual-signatory required above defined thresholds
- Anti-bribery controls — policy, training, and third-party due diligence aligned to Criminal Code Act 1995 Division 141
Information security governance (APRA CPS 234)
The Board maintains ultimate accountability for information security. APRA CPS 234 obligations are applied to our operations and extended to our clients in financial and regulated sectors.
- Board-approved Information Security Policy reviewed annually
- CISO accountable to the Board; reports to the Technology & Security Committee quarterly
- Information security capability assessed against ISO/IEC 27001:2022
- Material information security incidents notified to APRA (where applicable) within 72 hours; to ACSC within 12 hours for critical infrastructure incidents (SOCI Act)
- Annual independent review of information security controls
Modern Slavery Act 2018 reporting
As required by the Modern Slavery Act 2018 (Cth), Sky Nexus publishes an annual Modern Slavery Statement identifying modern slavery risks in our operations and supply chains, and the actions taken to address them. The Statement is lodged with the Australian Border Force Modern Slavery Register.
Questions about this policy?
Contact our team for clarification, to exercise your rights, or to request engagement-specific documentation.
legal@skynexus.co