Financial Services Compliance Blog - Thistle Initiatives

Is Your Board Actually Working? Why FCA Regulated Firms Can No Longer Assume the Answer is Yes

Written by Nikki Bennett | Jul 15, 2026 2:36:47 PM

The FCA is placing greater scrutiny on board effectiveness, an increasingly important issue for regulated firms. Thistle Initiatives Partner Nikki Bennett explores why boards are facing greater scrutiny, what the FCA’s expectations are in practice, and how independent reviews can help firms.  

Board Effectiveness Reviews were once considered a corporate governance nicety, something encouraged by the UK Corporate Governance Code (FRC) and mandatory for FTSE 350 PLCs who are required to commission an external evaluation. That world has changed. For FCA-regulated firms, the question of whether the Board is functioning effectively has become a regulatory question, not just a governance one, and the FCA has been increasingly explicit about what it thinks the answer looks like and inquisitive as to how it achieves its desired outcome. 

The Regulatory Shift: Governance as a Root Cause, Not a Risk Factor

For much of the past decade, governance has sat alongside risk and compliance as one of the things the FCA expects firms to have in place. But the framing has shifted. For example, the FCA’s September 2023 insurance sector priority letter made the position explicit: poor governance and culture are root causes of consumer harm. No symptoms. Not contributing factors. Root causes.

That language matters. If poor governance is a root cause of harm, then a firm’s governance arrangements are not a structural backdrop to be evidenced once and filed; they are an active harm-prevention mechanism that needs to be working. And if they are not working, the harm that follows is, in the FCA’s view, a governance failure.

The practical implication is significant: an FCA supervisor reviewing a firm will now look at governance not just to assess whether the right committees are in place, but to ask whether the Board’s governance arrangements could have identified and stopped the harm they are investigating.

The FCA's Position in Plain Terms

A Board that has never formally assessed its own effectiveness, and cannot demonstrate that it receives adequate management information, challenges what it is told, and holds management to account for consumer outcomes, is, in the FCA’s framing, a Board that is allowing harm to persist undetected. 

What the FCA's Own Publications Say About Board Governance Failures

The FCA has published a series of good and poor practice findings over the past two years that, taken together, build a clear picture of what a governance failure looks like at Board level. The findings are spread across its Consumer Duty Board Reports thematic (December 2024), its complaints and root cause analysis review (December 2024), and its Year 2 Board reports blog (April 2026). The pattern is consistent.

The MI Problem

The most common and consequential failing the FCA identified was the quality of management information reaching Boards. Boards were receiving process metrics, calls answered, claims registered, products sold, and the number of vulnerable customers, rather than outcome metrics. What did customers actually experience? Were vulnerable customers being treated differently? Were complaints pointing to a systemic issue or a one-off? Are our products really delivering fair value?

The FCA found boards receiving reports that relied on high-level assertions rather than evidence, phrases like “products are designed to meet the needs of the target market” with no explanation of what the target market was, how fit-for-purpose had been tested, or what data supported the claim. It found boards with no sight of outcomes from outsourced providers, relying instead on contractual assurances. It found imbalances between qualitative and quantitative data that left Boards with an incomplete picture.

The critical point is this: a Board cannot identify harm it cannot see and, more importantly, isn’t asking for the MI that enables the business to identify risk of or actual harm. Inadequate MI is not merely an administrative deficiency; it creates a blind spot that prevents emerging harm from being identified, escalated, and addressed. As a result, customer harm can persist without the Board having sufficient visibility to take timely action.

The Challenge Problem

The FCA’s review of Board minutes and committee papers found a consistent pattern: Boards approving rather than challenging. Reports that were noted without scrutiny. Management recommendations that were accepted without question. Minutes that recorded decisions but not the discussion that led to them.

The FCA is explicit that this is not adequate. Good governance, in the FCA’s view, means a Board that asks the difficult questions: why is this complaint trend rising? What is the root cause of this customer outcome failure? What has actually changed since we approved that remediation plan? A Board that always agrees is a Board that is not functioning as a governance mechanism.

The Accountability Problem

The FCA’s complaints and root cause analysis review found firms where responsibility for complaints oversight was undefined, where no named individual could be held accountable for whether complaints data reached the Board, whether root cause analysis was being conducted, or whether remediation was effective. It found firms where board discussions of complaints were not documented, making it impossible to demonstrate that the challenge had taken place.

For SM&CR firms, this is particularly acute. Where accountability is unclear or undocumented, the reasonable steps analysis for named Senior Managers becomes very difficult to satisfy. The FCA’s message is that accountability is not a structural arrangement - it has to be evidenced.

The SM&CR Dimension: Personal Liability is Now in the Frame

The Senior Managers and Certification Regime was designed to ensure that where things go wrong, someone is accountable. That was always the theory. What has changed is the FCA’s increasing willingness to use it, combined with recent reforms that are likely to heighten rather than reduce individual exposure.

In July 2025, the FCA published CP25/21 proposing Phase 1 reforms to SM&CR, with Phase 1 finalised in PS26/6 in April 2026. The reforms are framed as reducing regulatory burden, streamlining approvals, and simplifying some administrative requirements. But the substantive direction of travel is towards greater firm-led judgment and principle-based accountability. As one analysis put it, this “places greater responsibility on firms and senior managers to evidence reasonableness, oversight and compliance”.

PS26/6 may reduce administrative burden and make SM&CR more efficient, but strong individual accountability remains intact, the regime is refined, not diluted.

In other words, fewer prescriptions from the FCA mean more reliance on firms’ own governance structures. And if those governance structures are inadequate, the exposure for named individuals, under the duty of responsibility and the conduct rules, increases, not decreases.

The SM&CR Link to Board Effectiveness

The duty of responsibility under SM&CR requires Senior Managers to take reasonable steps to prevent regulatory breaches in their area of accountability. If a Board’s governance arrangements are weak, if the SMF responsible for governance cannot demonstrate it received adequate MI, exercised challenge, and ensured accountability, the reasonable steps defence becomes very difficult to run. Board effectiveness is not a peripheral governance concern for SMFs. It is their personal liability exposure. Evidence of effective oversight and appropriate decision-making is essential.

The Listed Company Dimension: New Code Obligations From January 2025

For PLCs, the timing could not be more pressing. The refreshed UK Corporate Governance Code applies to accounting periods starting 1 January 2025, and with it two significant changes that bring Board effectiveness into sharper focus.

First, the chair’s duty regarding external Board evaluations was strengthened. Previously, Boards were expected to ‘consider’ commissioning an external review. The 2024 Code changed the language to ‘commission’, a deliberate shift from aspiration to obligation. The FRC’s intent was explicit: to end the perception that externally facilitated reviews are optional or backwards-looking assurance exercises.

Second, and more significantly, Provision 29, which requires Boards to make a formal declaration on the effectiveness of their material controls in the annual report, came into force on 1 January 2026. Listed companies are now in their first reporting year under this requirement. A Board that has not conducted a formal effectiveness review cannot credibly make that declaration.

For PLCs that are also FCA regulated, and many are, particularly in insurance, credit, and financial intermediation, the obligation is twofold: Corporate Governance Code compliance and FCA regulatory governance expectations. Those two frameworks are not in conflict. They are pointing in the same direction, enhancing transparency and accountability, and strengthening trust in the UK markets.

What a Good Board Effectiveness Review Actually Does

A Board Effectiveness Review is not a rubber-stamping exercise, and it is not a structural audit. Done properly, it answers a specific question: Is this Board functioning effectively as a governance mechanism, not just on paper, but in practice?

That means looking at what MI actually reaches the Board, not what the terms of reference say it should receive. It means reviewing Board and committee minutes for evidence of challenge, not just approval. It means testing whether accountability is named and documented, not just assumed. It means asking whether the Consumer Duty annual Board report, the document the FCA reviews to assess governance quality, would withstand scrutiny.

For FCA-regulated firms, the output of a well-conducted review serves several purposes simultaneously. It provides evidence of governance effectiveness that can be referenced in Consumer Duty reporting. It supports the SM&CR reasonable steps analysis for named Senior Managers. It provides a pre-supervisory baseline, an anchor document that demonstrates the firm has assessed its own governance before the FCA asks the question. And where gaps are found, it provides a prioritised action plan that turns a potential vulnerability into a managed remediation.

The Question Every Board Should Be Asking

The FCA’s consumer outcomes agenda is not going away. Its enforcement posture is sharpening. SM&CR reform, far from reducing accountability, is likely to increase reliance on firms’ own governance structures and therefore increase individual exposure where those structures are found wanting.

The question for every Board of an FCA-regulated firm is not whether a Board Effectiveness Review is required. It is whether, if the FCA asked tomorrow whether the Board was functioning effectively, there would be any evidence to show it was.

For most firms, the honest answer is not enough.

How Thistle Initiatives Can Help

Thistle Initiatives offers an independent Board Effectiveness Review specifically designed for FCA-regulated firms. Our review assesses governance against the standard the FCA applies, not just the standard a company secretary would apply. We look at Board composition and independence, information and MI quality, Board challenge and decision-making, accountability and governance structure, risk oversight and culture, SM&CR reasonable steps, and Consumer Duty governance, and we produce a written report with a rated scorecard and prioritised action plan.

If you would like to discuss what a review might look like for your firm, contact Nikki Bennett, Compliance Partner.

Meet the Expert

Nikki Bennett, Partner 

Nikki Bennett has re-joined Thistle Initiatives as a Partner in the Insurance team, working alongside Matthew Williamson. Formerly Managing Director at UKGI, she brings extensive expertise in Delegated Authority markets, MGAs, InsurTech and product development, with a proven record of delivering practical, solutions-driven outcomes for insurance firms. Nikki also continues to serve as a Director at the Association of Professional Compliance Consultants (APCC).