UK Corporate Governance Code 2024 Provision 29 

Igniting the Flames of Governance Excellence across the ‘Board’ 

Provision 29 of the revised UK Corporate Governance Code 2024, set to take effect in January 2026, is creating a bit of a stir among UK companies. This new requirement asks boards to declare the effectiveness of their risk management and internal control systems. While some draw parallels to the US Sarbanes-Oxley Act, dubbing it “UK SOX,” this comparison is not entirely accurate given the three distinctions below:

• Scope: Provision 29 primarily targets high-risk firms and premium listed companies, unlike the broader reach of US SOX. 
• Approach: The UK code adopts a principle-based “comply or explain” model, offering more flexibility than the strict US regulations. 
• Focus: Provision 29 emphasises ongoing, proactive risk and control management rather than solely focusing on financial control attestation.

This change represents a significant shift in UK corporate governance, requiring boards to implement more robust monitoring and review processes for their risk management and internal control frameworks. Companies should start preparing early to ensure compliance and maintain investor confidence in the UK market. 

The Worries: 

The key concerns and challenges regarding UK Corporate Governance Code (CGC) compliance and risk management: 

1. Simplification needed: Avoiding unnecessary complexity in CGC approach 

2. Education: Ensuring organisation-wide understanding of CGC requirements 

3. Knowledge gaps: Lack of shared understanding across departments 

4. Communication issues: Poor organisational culture and leadership 

5. Isolated approaches: Limited visibility and consistency in risk management 

6. Unclear standards: Difficulty defining ineffective risk management 

7. Reporting problems: Unclear incident reporting processes 

8. Adapting to change: Keeping controls up to date with new risks 

9. Redundancy: Overlapping risk and control functions 

10. Legacy controls: Evaluating if inherited controls are still relevant 

11. RISK Integration: Incorporating risk management into core business operations 

12. Practical application: Implementing CGC principles effectively 

13. Effectiveness measures: Avoiding over-control and bureaucracy 

14. Clear roles: Defining ownership and accountability, aligning controls with business needs 

15. Accountability: Embedding CGC across all three lines of defence 

16. Cultural shift: Making governance a shared responsibility 

17. Collaboration: Encouraging cross-departmental teamwork 

18. Strategic alignment: Linking CGC to business goals and performance 

19. Prioritisation: Focusing on material controls 

20. Team building: Assembling the right expertise for CGC compliance 

This list summarises the main worries and obstacles faced when dealing with UK CGC compliance and risk management. 

Jumping through the fiery hoops: 

Provision 29 isn’t just another regulatory hoop – it’s our golden ticket to organisational resilience. Here’s how to turn compliance into a competitive edge: 

Demolish the Silos, Build a Fortress 

• Gone are the days of fragmented risk management. It’s time to unite your troops! 
• Risk and control should be the battle cry echoing through every corridor of your organisation. From the boardroom to data-room to the mailroom, everyone’s a risk warrior now. 

Embed CGC in Your Corporate DNA 

• Don’t just comply – thrive! Weave the UK CGC into the very fabric of your business strategy.  
• Let risk awareness flow through your performance metrics and operational arteries. Make governance your secret sauce, not a bitter pill. 

Cultivate a Risk-Savvy Culture 

• Spark a revolution in risk awareness! Fan the flames of engagement across all ranks. Transform every decision into a calculated risk assessment.  
• When risk management becomes second nature, you’re not just complying – you’re conquering. 

Harness the Power of Tech-Driven Assurance 

• Unleash the full potential of technology! Deploy cutting-edge monitoring systems that keep your finger on the pulse of control effectiveness.  
• Let robust assurance mechanisms be your lighthouse, guiding you through the stormy seas of compliance. 

Master the Art of Material Control 

• Focus on the controls that truly matter! Don’t drown in a sea of unnecessary compliance – zero in on the safeguards that shield you from your most formidable risks. 
• It’s quality over quantity, and at times it may be worth electing to ‘explain’ rather than ‘comply’. 

The UK Corporate Governance Code is a catalyst for transformation and firms should embrace it as their springboard to organisational excellence. By integrating governance into every fibre of your enterprise, we’re not just ticking boxes – we’d be setting the gold standard for resilience and accountability in the corporate world. 

About TORI Global 

TORI Global offers a comprehensive solution to help firms navigate complex regulatory requirements. Our multi-disciplinary service combines expertise in governance, risk, and compliance with operational excellence and digital transformation capabilities. 

Start a conversation with one of our consultants.