Insurance Non-Executive Directors


Click the headings below for more information:

What is the NED taking on?


NEDs in the UK insurance sector are members of Boards that are highly regulated. Not only do their companies have to comply with the Companies Act 2006, but as NEDs on the Boards of insurers or intermediaries, their companies will fall within the remit of the current financial services regulators.


Many of today’s regulations have their origins in the Financial Services and Markets Act 2000 (FSMA), which consolidated much of the existing, but quite disparate, regulations covering insurers, brokers and their agents. Under FSMA, a new regulator, the Financial Services Authority (FSA) was formed. Its regulatory objectives focussed on market confidence; financial stability; public awareness (of financial regulations); the protection of consumers and the reduction of financial crime.

Under the Regulated and Prohibited Activities section of FSMA, specific rules were drawn up for Authorised Persons to act only with permission. NEDs fall within the category of Approved Persons.

In 2013, the Financial Services Authority was replaced by the “twin peaks” regulators.

These regulatory bodies are the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA). Both bodies have statutory powers and obligations:

The PRA’s statutory objectives are to promote the safety and soundness of firms and, specifically for insurers, to secure an appropriate degree of protection for policyholders.

The PRA’s initial areas of focus are: management and governance; corporate culture and behaviour; the quality of capital and its adequacy; capital models and insurers’ compliance with Solvency II.

The FCA’s statutory objectives are to secure an appropriate degree of protection for consumers (especially retail customers); to protect and enhance the integrity of the UK financial system and to promote competition in the interests of consumers.

The PRA is part of the Bank of England (BoE). The FCA is an independent regulatory body which is accountable to HM Treasury.



While it remains an EU member state, the UK also has to comply with financial regulations that are determined by the EU Parliament, in Brussels. HM Treasury and the BoE are responsible for ensuring that regulated firms in the UK financial sector are compliant with such regulations.

A notable example of such rules is those which are known, collectively, as Solvency II, promulgated, today, by EIOPA (European Insurance and Occupational Pensions Authority).

Following the UK’s decision to leave the EU, as a result of the Referendum held on 23 June 2016, the regulatory framework described above will change. The UK Government triggered Article 50 of the Treaty on European Union (the” Lisbon Treaty”) on 29 March 2017.

Article 50 allows a member state to notify the EU of its withdrawal and obliges the EU to try to negotiate a “withdrawal agreement” with that state.

The time-frame allowed in Article 50 is two years. This deadline can only be extended by unanimous agreement from all EU countries.

If no agreement is reached in two years, and no extension is agreed, the UK automatically leaves the EU and all existing agreements would cease to apply to the UK. If that happens, Brexit Day would be Friday, 29 March 2019.

Accordingly, all references to the current regulatory framework in this iNED Information Bank continue to regard the UK as having to comply with financial regulations that are determined by the EU Parliament.

As regulatory changes that affect NEDs are introduced, they will be explained and featured in this Information Bank.

Of recent interest, in April 2017, Sam Woods, CEO of the PRA, wrote to all regulated firms in the financial services sector asking their Boards of Directors to confirm their contingency plans for the UK’s withdrawal from the European Union. This letter can be accessed via this attachment.


Since this Information Bank was first launched, in September 2014, the regulations governing Board appointments and senior management positions in the UK insurance industry have changed significantly. In particular, the SIMR (Senior Insurance Managers Regime) has been introduced by the PRA along with the FCA’s RAPR (Reformed Approved Persons Regime), which are described more fully below.

Both the PRA and FCA have operated, and will continue to operate in a modified form, an Approved Persons Regime, but before they are examined it is worth looking at the context in which all approvals exist.



The PRA’s Fundamental Rules (FR) replaced their earlier Principles for Business.

The Fundamental Rules (FR) set out the PRA’s high-level expectations and they underpin the entire PRA Rulebook. The Fundamental Rules are:

FR 1: A firm must conduct its business with integrity.

FR 2: A firm must conduct its business with due skill, care and diligence.

FR 3: A firm must act in a prudent manner.

FR 4: A firm must at all times maintain adequate financial resources.

FR 5: A firm must have effective risk strategies and risk management systems.

FR 6: A firm must organise and control its affairs responsibly and effectively.

FR 7: A firm must deal with its regulators in an open and cooperative way and must disclose to the PRA appropriately anything relating to the firm of which the PRA would reasonably expect notice.

FR 8: A firm must prepare for resolution so, if the need arises, it can be resolved in an orderly manner with a minimum disruption of critical services.

The most notable difference between the previous Principles and Fundamental Rules is that under the Principles approach, firms had more freedom to achieve the intended outcomes in the way they deemed to be most appropriate. Rules, by their very nature, are less open to interpretation and so should provide greater clarity and certainty.


The PRA’s powers to address serious failings in the culture of firms

The PRA expects firms not merely to meet the letter of its requirements, but to maintain sight of the overriding principle of their safety and soundness and to act accordingly. As such, the PRA expects firms to have a culture that supports their prudent management.

The PRA does not have any “right culture” in mind; rather it focuses on whether Boards and management clearly understand the circumstances in which the firm’s viability would be under question, whether accepted orthodoxies are challenged and whether action is taken to address risks on a timely basis.

The PRA also expects that individuals, whatever their position in the firm, should take responsibility for acting in a manner consistent with its safety and soundness and that remuneration and incentive structures should reward careful and prudent management.

Identification of failings in culture is not limited to individual serious occurrences, but may include:

  • The observation of multiple examples of firms failing to conduct their business in a safe and sound manner, including failings in different business areas, that may not be related or that when examined individually may not be considered serious.
  • Evidence of a poorly functioning Board that fails to challenge Executives or take a lead in consideration of conducting business in a safe and sound manner; which can include setting, articulating and embedding an appropriate culture in the firm and drawing up clear policies and guidelines that are linked to staff objectives, training, evaluation and incentives.
  • Evidence of weak control areas such as risk, compliance and internal audit that may indicate poor management, lack of resource, or insignificant representation on the Board.
  • Evidence of other weaknesses in Board or senior management behaviour and influence on its firm’s culture, including incentives and their adherence to the firm’s values.
  • Any other evidence of failings in culture identified by the PRA’s supervisory approach.


The need to challenge Executives represents a major responsibility for NEDs and underlines their role in ensuring that a firm’s culture is appropriate.


It should be understood that the PRA seeks to address serious failings in culture as part of its approach to supervision. If serious failings in culture are identified, the PRA has a variety of powers which it may use if deemed necessary to reduce risks and achieve desired supervisory outcomes. The powers include the use of Section 166 Skilled Persons Reports, Variation of Permissions (which can extend as far as withdrawal of authorisation) and various other means.



Historically, the PRA, which has oversight of insurers’ (including Lloyd’s managing agents’) prudential activity, has referred to certain management functions (and not just Directors) as being Controlled Functions.

It should be noted that Insurers are dual regulated. This means that applications from dual regulated firms will be considered by both the PRA and the FCA.



Both the PRA and the FCA will have regard to a number of personal factors when assessing the fitness and propriety of an individual to perform a particular controlled functionBoth UK regulators’ assessment criteria relate to the person’s:

  • Honesty, integrity and reputation
  • Competence and capability
  • Financial soundness (as an individual)

These requirements are known as The FIT and Proper Test for Approved Persons and appear under the regulators’ handbooks with the acronym FIT.

The PRA publishes guidance entitled Approved Persons – FAQs.



In November 2014, the PRA published its Consultation Paper (CP26/14) entitled “Senior insurance managers regime: a new regulatory framework for individuals”.

The current regime is the result of changes required by Solvency II and the regulators’ intention to bring insurance into line with banking supervision rules. The insurance regime (SIMR) is aligned with the Banking One SMR and reflects changes made in the banking sector as part of the Financial Services (Banking Reform) Act 2013.

The FCA consulted via its CP14/25, outlining its proposals to update their Approved Persons Regime, as a result of which they now operate a Reformed Approved Persons Regime.

Both UK regulators have introduced Conduct Standards (PRA) and Conduct Rules (FCA) aimed at shaping the culture, standards and policies of authorised firms as well as acting as a deterrent against misconduct.

The Chartered Insurance Institute (CII) issued a Policy Briefing, in November 2015, which covers SIMR comprehensively and contains links to both the PRA’s and FCA’s source materials. The following section is based largely upon this CII document.



The Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) have introduced rules for the new regulatory framework for insurance.

This strengthening of accountability in insurance is a result of a number of developments: Solvency II requirements, European Insurance and Occupational Authority (EIOPA) requirements and a move to bring insurance into line with new banking conduct rules.

There has been a need to incorporate legal requirements under the Solvency II Directive implementation of the “fit and proper” requirement for relevant individuals.

In parallel with this need is the UK regulators’ wish to align the insurance sector with changes made to banking supervision as a result of the Banking Act and the belief that the previous “approved persons’ regime” was no longer fit for purpose for any part of financial services.

The main impact of the changes is to strengthen the regulatory regime applicable to individuals (including NEDs) and to toughen the governance and vetting regime at firm level. Today’s regime reflects the regulators’ increased focus on greater personal responsibility.

This regime aims at identifying and approving those senior persons responsible for running an insurer or who have responsibility for a key function. SIMR seeks to ensure those holding senior responsibility “behave with integrity, honesty and skill”.

It also requires governance maps to confirm the allocation of these responsibilities and has introduced new conduct standards and fitness requirements.

The current regime impacts all insurers who fall within the scope of Solvency II and applies to the Society of Lloyd’s and to Lloyd’s managing agents, the UK branches of third country insurers and Insurance Special Purpose Vehicles.

Variations of the new regime have also been proposed for non-Solvency II insurers, so-called non-Directive firms (NDFs). Those NDFs with assets over £25 million from regulated activities will be subject to a similar SIMR to Solvency II firms, while NDFs with fewer assets than this will be subject to a streamlined version of the SIMR.

Most of the SIMR information in this website refers to Solvency II insurers.


Senior Insurance Management Functions

The PRA’s SIMR focuses on those holding critical high level roles within Solvency II insurers. The result is a narrower set of Control Functions, meaning fewer individuals coming under the remit of the new regime. However, those who are covered by SIMR will face greater scrutiny from the PRA.

This narrower set of control functions is known as Senior Insurance Management Functions (SIMFs) and individuals require pre-approval by the PRA before assuming responsibility for any one of them.

From January 2016, regulated firms have to submit a Scope of Responsibilities document with each individual’s application for PRA approval. It may be possible for a SIMF to be shared by two people, though only when it is “appropriate and justified”.


PRA Control Function Title
Chief Executive function SIMF1
Chief Finance function SIMF2
Executive Director SIMF3
Chief Risk function SIMF4
Head of Internal Audit SIMF5
Group Entity Senior Insurance Manager
Third country branch manager
Chief Actuary function SIMF20
With-Profits Actuary function SIMF21
Chief Underwriting function SIMF22
Underwriting Risk Oversight function
(Lloyd’s only)


Key Functions

The Solvency II Directive requires firms to have “an effective system of governance”.

This system includes a Risk Management function, a Compliance function, an Internal Audit function and an Actuarial function.

In addition, the PRA has identified a number of other functions that firms might want to consider as “key”. These are: Investment, Claims management, IT, and Reinsurance.

However, this list is not exhaustive and firms are required to identify their own key functions, depending on their business. As with those holding a SIMF, key function holders will require pre-approval by the PRA. There is scope for overlap between SIMF and key function holders. Where this occurs firms will need to show how conflicts of interest are minimised and that the individual is competent to undertake both roles.

Significant Influence Functions (SIFs)

There are a number of control functions that are beyond the scope of the PRA regime, but that instead require FCA approval. These are known as FCA Significant Influence Functions (SIFs). They are:

  • Directors (CF1) not otherwise approved by the PRA
  • Apportionment and oversight function (CF8)
  • Compliance function (CF10)
  • CASS Operational Oversight function (CF10a)
  • Money Laundering Reporting Officer (CF11)
  • Significant Management function (CF29) not otherwise approved by the PRA
  • Customer function (CF30)


Given the nature of the PRA and FCA regimes, there is scope for regulatory overlap. If an individual were to perform an FCA SIF and was already approved by the PRA to hold a SIMF, the FCA function would be included with the PRA function. Therefore, the individual will need to provide information on the FCA function they are looking to perform in their Scope of Responsibilities document.

Prescribed Responsibilities

Firms are required to allocate a number of prescribed responsibilities between those who hold a SIMF or SIF, or in some cases Non-Executive Directors.

In practice, the PRA expects firms will generally allocate prescribed responsibilities to the function to which they are most closely linked. These can be summarised as follows:

  1. ensuring that the firm has complied with the obligation to satisfy itself that persons performing a key function are fit and proper;
  2. leading the development of the firm’s culture and standards;
  3. embedding the firm’s culture and standards in its day-to-day management;
  4. production and integrity of the firm’s financial information and regulatory reporting;
  5. allocation and maintenance of the firm’s capital and liquidity;
  6. development and maintenance of the firm’s business model;
  7. performance of the firm’s Own Risk and Solvency Assessment (ORSA);
  8. induction, training and professional development for all the firm’s key function holders;
  9. maintenance of the independence, integrity and effectiveness of the whistleblowing procedures, and the protection of staff raising concerns; and
  10. oversight of the firm’s remuneration policies and practices.

FCA RAPR Significant Influence Functions

The FCA requires pre-approval of all individuals taking up Executive and certain other functions who are not PRA approved under SIMR. They will become FCA Significant Influence Functions.

For NDF firms with assets of less than £25 million, the PRA have introduced a reduced set of prescribed responsibilities. They are required to seek approval for a single function called the Small Insurer Senior Management Function (SISMF).

Fit and Proper Assessment

A key element of the new regime is the focus on personal responsibility. Individuals, including NEDs, will need to show that they possess the necessary level of competence, knowledge and experience, as well as hold the requisite qualifications and be able to demonstrate integrity.

There is a greater emphasis on technical and personal characteristics in the preapproval process. It is the responsibility of firms to carry out fit and proper tests. They will need to be satisfied that individuals looking to hold roles that are SIMFs or SIFs (including “governing NEDs”) meet the requirements before seeking approval from either the PRA or FCA.

Conduct Standards

A key element of the current regime is a highly prescriptive set of Conduct Standards – for SIMF and SIF holders. The regulators rely on these standards when taking enforcement action against individuals.

The PRA’s standards for SIMF holders are similar to the previous Approved Persons Conduct Standards but with a new responsibility for the oversight of the discharge of any delegated responsibilities, along with a responsibility related to the PRA’s insurance objective.

Anyone performing a key function needs to observe standards 1-3.

SIMFs and Key Function Holders, in addition, are required to observe standards 4-8.

Firms will be required to consider whether a person has observed the conduct standards as part of ongoing assessment of their being considered “fit and proper”. This can be achieved through firms’ performance management cycles.

The PRA requires firms will keep records of the extent to which individuals are following necessary Conduct Standards.

PRA Conduct Standards:

Standard 1: You must act with integrity.
Standard 2: You must act with due skill, care and diligence.
Standard 3: You must be open and cooperative with the FCA, the PRA and other regulators.
Standard 4: You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled effectively.
Standard 5: You must take reasonable steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system.
Standard 6: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively.
Standard 7: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.
Standard 8: When exercising your responsibilities, you must pay due regard to the interests of current and potential future policyholders in ensuring the provision by the firm of an appropriate degree of protection for their insured benefits.


FCA Standards

The FCA’s standards follow the PRA’s conduct rules but with the addition of treating customers fairly. The first tier rules apply to all FCA and PRA approved persons in Solvency II firms. The second tier ones relate to those holding a SIF.

FCA First Tier
Individual Conduct Rules:

Rule 1: You must act with integrity.
Rule 2: You must act with due skill, care and diligence.
Rule 3: You must be open and cooperative with the FCA, the PRA and other regulators.
Rule 4: You must pay due regard to the interests of customers and treat them fairly.
Rule 5: You must observe proper standards of market conduct.


FCA Second Tier
Significant Influence Function Holder Conduct Rules:

SIF 1: You must take reasonable steps to ensure that the business of the film for which you are responsible is controlled effectively.
SIF 2: You must take responsible steps to ensure that the business of the firm for which you are responsible complies with the relevant requirements and standards of the regulatory system.
SIF 3: You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that you oversee the discharge of the delegated responsibility effectively.
SIF 4: You must disclose appropriately any information of which the FCA or PRA would reasonably expect notice.


Governance Maps

Firms subject to SIMR are required to develop a “Governance Map” detailing the positions of senior personnel and key functions. Its purpose is to confirm the firm’s allocation of the aforementioned responsibilities.

The map is used by the PRA in its supervision of the firm. It also forms part of enforcement cases against individuals as evidence of individual responsibility. This map must be kept up-to-date on at least a quarterly basis.



Certain “Prescribed” Responsibilities can only be assigned to NEDs who have been approved by the PRA or FCA to perform a governing function. These relate especially to policies on remuneration and whistleblowing (see below).

The responsibilities for which NEDs are accountable are more limited than SIMF or SIF holders. Their accountability is restricted to activities for which they are responsible, such as ensuring that the Board or Board Committees that they chair meet regularly; fostering open and challenging discussion and providing independent oversight of Executive decisions.

NEDs with specific responsibilities, such as the Chairman of the Board, come under the SIMR, but not all NEDs are affected (see below).

The “governing NED” roles are:

  • Chairman
  • Senior Independent Director
  • Chairs of the Risk, Audit, Remuneration and Nominations Committees.

The individuals performing these roles are subject to all aspects of the SIMR, including regulatory pre-approval, the FCA’s and PRA’s new Conduct Rules and the presumption of responsibility. They are be known as “governing NEDs”.

“Unapproved” NEDs, referred to as “Standard” NEDs, who are not “governing”, fall outside of the SIMR and are no longer be subject to regulatory pre-approval, are not subject to the Conduct Rules nor the presumption of responsibility. The PRA has instead, adopted a fitness requirement and notification process for Standard NEDs as an alternative to pre-approval.

This revised notification process allows firms to:

  • Assess the fitness and propriety of all NEDs not subject to pre-approval before appointing them and periodically thereafter;
  • Notify the PRA that such NEDs have been deemed fit and proper, and provide the PRA with the information set out in the proposed notification form;
  • Notify the regulators of any other information which would be reasonably material to the assessment of a NED’s fitness and propriety.

The following graphic, supplied by the accountants Moore Stephens, sets out the roles of NEDs within the SIMR:


WCI iNED NED SIMR Graphic per MS

As a result of the above proposals bringing certain NED functions into scope of the SIMR, the PRA requires firms to allocate the following two SIMR Prescribed Responsibilities to a NED within the SIMR:


1. Maintenance of the independence, integrity and effectiveness of the whistleblowing procedures, and the protection of staff raising concerns.
2. Oversight of the firm’s remuneration policies and practices.

The FCA originally suggested that NEDs should be whistleblowers’ champions in PS 15/24, section 1.9.


Extension of the Senior Managers and Certification Regime

In October 2015, the Treasury announced that the Senior Managers and Certification Regime (SM&CR) will be extended to all sectors of financial services with the aim of creating a “fairer, more consistent and rigorous regime for authorised financial services firms”.

Although the insurance sector was covered by SIMR from March 2016, it now appears that this will be updated by the SM&CR in 2018.

The Treasury acknowledges that SIMR “paves the way for the application of the SM&CR to insurers” given that SIMR incorporates many of the banking regime’s principles.

HM Treasury has stated: “This expansion of the SM&R to all financial services firms will enhance personal responsibility for senior managers as well as providing a more effective and proportionate means to raise standards of conduct of key staff more broadly, supported by robust enforcement powers for the regulators.”


SIMR & RAPR Historical and Prospective Timeline:

1 January 2016 Governance maps required to be in place.
Scope of responsibilities form required for new SIMF applications.
8 February 2016 Closing date for submission of grandfathering notifications to the PRA and FCA (for SIF holders).
7 March 2016 SIMR & RAPR come into force.
Grandfather existing Control Functions holders in NDFs into the regime.
7 September 2016 Closing date for submission scope of responsibilities form for grandfathered individuals to the PRA. Notification required for those transitional key function holders at 1 January 2016 (who are not grandfathered). These are key function holders who do not need to be pre‐approved by the PRA, but have to be notified to the PRA (for its assessment).
7 March 2017 Small NDFs required having Scope of Responsibilities documents in place for all SIFs.
2018 Senior Managers and Certification Regime (SM&CR) for all sectors of financial services.


Extending Personal Responsibility and Accountability

The PRA has stated: “Senior managers will be held individually accountable if the areas they are responsible for fail to meet our requirements. Our new accountability regime will hold all senior managers, including non-executive directors, to a clear standard of behaviour and we will take action where they fail to meet this”.

In May 2016, Moore Stephens published an Insurance Update article that addressed the issue of personal responsibilities within the new regime entitled “Senior Insurance Managers Regime – the onus on the individual”.

Further valuable information on SIMR and RAPR can be obtained from the following sources:

PRA: Strengthening Accountability (issued January 2016).

Grant Thornton’s entitled Strengthening Accountability in Insurance. Particular reference is made to NEDs on Page 7 and to the FCA RAPR throughout.

Grant Thornton’s PDF 10 questions iNEDs should be asking on SIMR implementation.

FCA: Culture and Conduct – Extending the accountability regime. Address by Jonathan Davidson, Director of Supervision, Retail and Authorisations at the FCA, delivered at the City and Financial Summit, London in September 2017.



Attestation is a formal supervisory tool used with increasing regularity by both the PRA and the FCA.

The primary aim is to attach personal responsibility and accountability to Board members (including NEDs), senior management and anyone performing a controlled or significant influence function, to ensure that firms are meeting their regulatory responsibilities.

The key words are “personal responsibility” and “accountability”, so if, or when, adverse issues arise, no longer can Board members or senior management hide behind the concept of collective responsibility or blame the less tangible “corporation” or “firm” rather than the individuals who run the company. The impact of statements made in an attestation can also potentially “follow” an individual throughout his or her career.

The FCA has stated: “When we use an attestation, we do so to gain personal commitment from an approved person at a regulated firm that specific action has been taken or will be taken. The aim of an attestation is to ensure that there is clear accountability and senior management focus on those specific issues where we would like to see change within firms…”

The focus of the regulators when using attestations is on Boards taking corrective action. This is a crucial point because if a regulated entity has been asked to attest to something then it is almost guaranteed that the regulator making the request either knows, or seriously suspects, that something has gone wrong in the area in which the attestations are requested. There are four typical (but not exclusive) scenarios in which attestations are used:

  1. Notification: For emerging risks that are unlikely to result in material consumer detriment or negative impact on market integrity, the regulator may ask an appropriate individual at a firm to attest that they will notify the regulator if the risk changes in its nature, magnitude or extent. The responsibility on the person making the attestation is to ensure that the firm appropriately monitors the risk and makes any notifications which the regulator deems appropriate.
  2. Undertaking: Where the regulator wants a firm to take specific action within a particular timescale, the risk is one which is unlikely to result in material consumer detriment or negative impact on market integrity, but nonetheless, the regulator requests an attestation undertaking that certain action will be taken.
  3. Self-certification: For more significant issues but ones where the regulator is confident that a firm can resolve the issue unilaterally, an attestation that certain risks have been mitigated or resolved will be requested.
  4. Verification: In certain cases, the regulator may not only require that certain risks have been mitigated or resolved, but will also request positive verification (e.g. by an internal audit report) that those risks have indeed been resolved.

Throughout the process it is essential to have an open dialogue with the regulators. Authorised Directors, including NEDs are under a regulatory obligation to deal with the PRA and the FCA in an open and cooperative way.

On receipt of an attestation request, communication with the regulator must be undertaken to inform them that the Board is aware of the nature of the attestation; that it will make an appropriate attestation at an appropriate time and that the company intends to deal with the regulator on the matter in question in a transparent and cooperative manner.



Since the early 1990s, a number of reports have been published seeking to codify and comment upon corporate governance and the requirements and behaviour of Boards, including NEDs.

Electronic links to the most relevant codes are included at the end of this section.

The most notable codes were as follows:

  • Cadbury Report 1992: Entitled Financial Aspects of Corporate Governance, the report was issued by The Committee on the Financial Aspects of Corporate Governance chaired by Adrian Cadbury (former Chairman of Cadbury Schweppes plc and a Director of the Bank of England). It set out recommendations on the arrangement of company Boards and accounting systems to mitigate corporate governance risks and failures. It made a series of strong recommendations about the value, number and roles of NEDs on Boards. The origins of the Combined Code were to be found in the Cadbury Report.
  • Turnbull Report 1999: The report on corporate internal controls known as the Turnbull Report was drawn up on behalf of the London Stock Exchange for UK listed companies. The committee which wrote the report was chaired by Nigel Turnbull of The Rank Group plc. The report informed Directors of their obligations under the Combined Code with regard to establishing and maintaining effective “internal controls” in their companies through good audit procedures and checks to ensure that the quality of financial reporting was of a high standard and capable of detecting any fraud before it became manifest.
  • Higgs Report on Non-Executive Directors 2003: In April 2002, Derek Higgs, the then accountant and merchant banker, was appointed by the Secretary of State for Trade and Industry to head the above review. His report, entitled Review of the Role and Effectiveness of Non-Executive Directors, was published in January in the following year. In a series of annexes, Higgs made reference to the role of a NED with particular emphasis on challenge and contribution to the development of the company’s strategy; scrutinising performance of management in meeting agreed goals and monitoring performance; the accuracy and robustness of financial information and financial controls, as well as that of risk management. Higgs argued that NEDs should determine Executive Directors’ remuneration and the report emphasised the fact that a NED’s prime role is in appointing and/or removing senior management. The Higgs Report also detailed a number of personal attributes and behaviours (all of which have been included in this website), before commenting on the need for NEDs meeting annually without their Executive colleagues and the necessity of carrying out due diligence before joining a Board.

Its conclusions concentrated on the effectiveness of risk management at Board level, including the incentives in remuneration policy to manage risk effectively; the balance of skills, experience and independence required on the Boards of UK banking institutions; the effectiveness of Board practices and the performance of Audit, Risk, Remuneration and Nomination committees; the role of institutional shareholders in engaging effectively with companies and monitoring of Boards; and whether the UK approach is consistent with international practice and how national and international best practice can be promulgated.

Its terms of reference were extended so that the review could identify where its recommendations would be applicable to other financial institutions, including those in the insurance sector.

Much of the guidance offered by this Information Bank originates within these reports and codes, and it is not difficult to detect the key influences that have shaped today’s regulatory framework for Boards of Directors, especially NEDs.



While the foregoing reports and codes are of interest and underpin much of the guidance contained within this website, all Directors, including NEDs, should be familiar with the UK Corporate Governance Code, formerly called the Combined Code.

The UK Corporate Governance Code sets out standards of good practice in relation to Board leadership and effectiveness, remuneration, accountability and relations with shareholder.

The requirements of the
UK Corporate Governance Code are of such a seminal nature that they can be said to represent good practice for most financial services firms and are recommended reading for all aspiring or existing NEDs.

In 2015, the FRC confirmed proposals for Boards to include a “viability statement” in the strategic report to investors. This statement will provide an improved and broader assessment of long-term solvency and liquidity. It is expected that this statement will look forward significantly longer than 12 months. The Code has also been changed in relation to remuneration. Boards of listed companies will now need to ensure that Executive remuneration is designed to promote the long-term success of the company and demonstrate how this is being achieved more clearly to shareholders. The key changes to the Code include:

Going concern, risk management and internal control

  • Companies should state whether they consider it appropriate to adopt the going concern basis of accounting and identify any material uncertainties to their ability to continue to do so;
  • Companies should robustly assess their principal risks and explain how they are being managed or mitigated;
  • Companies should state whether they believe they will be able to continue in operation and meet their liabilities taking account of their current position and principal risks, and specify the period covered by this statement and why they consider it appropriate. It is expected that the period assessed will be significantly longer than 12 months; andCompanies should monitor their risk management and internal control systems and, at least annually, carry out a review of their effectiveness, and report on that review in the Annual Report.

Companies can choose where to put the risk and viability disclosures. If placed in the Strategic Report, Directors will be covered by the “safe harbour” provisions in the Companies Act 2006.

In Q1 2017, the FRC announced that it will be reviewing the UK Corporate Governance Code. How will the proposed changes affect business?

At the end of August 2017, Theresa May announced plans for corporate governance reform “to enhance the public’s trust in business” by making the UK’s biggest companies more transparent and accountable. The changes received a mixed response, with many critical that they do not adequately address the issues raised in the initial consultation. The question remains, will the reforms improve transparency and accountability? Grant Thornton provides some of the answers in their September 2017 Newsletter.


  • Greater emphasis will be placed on ensuring that remuneration policies are designed with the long-term success of the company in mind, and that the lead responsibility for doing so rests with the Remuneration Committee (normally comprising NEDs only); and
  • Companies should put in place arrangements that will enable them to recover or withhold variable pay when appropriate to do so, and should consider appropriate vesting and holding periods for deferred remuneration.

Shareholder engagement

  • Companies should explain when publishing General Meeting results how they intend to engage with shareholders when a significant percentage of them have voted against any resolution.

Other issues

  • The FRC has also highlighted the importance of the Board’s role in establishing the “tone from the top” of the company in terms of its culture and values.
  • The Directors should lead by example in order to encourage good behaviours throughout the organisation.
  • In addition, the FRC has emphasised that key to the effective functioning of any Board is a dialogue which is both constructive and challenging.
  • One of the ways in which such debate can be encouraged is through having sufficient diversity on the Board, including gender and race. Nevertheless, diverse Board composition in these respects is not on its own a guarantee. Diversity can be just as much about difference of approach and experience.

A valuable summary of current corporate governance issues is contained within Grant Thornton’s annual 2017 FTSE 350 Corporate Governance Review released in October. This report makes particular reference to the roles of NEDs in FTSE 350 companies in the UK.