Key Highlights
Here are the key aspects of the new Insurance Corporate Governance Code for 2025. This new code brings important updates to existing governance practices.
- The code introduces a requirement for boards to declare the effectiveness of their material controls in the annual report.
- It operates on a ‘comply or explain’ basis, offering flexibility for companies to adopt bespoke governance arrangements.
- There’s a strengthened focus on risk management and having a robust internal controls framework.
- A new principle encourages companies to report on the outcomes of their activities, moving away from boilerplate statements.
- The code applies to financial years beginning on or after 1 January 2025, with the material controls declaration effective from 1 January 2026.
Introduction
Welcome to our guide on the upcoming changes to corporate governance. For insurance companies, maintaining good governance is not just about meeting regulatory requirements; it’s about building trust and ensuring long-term stability. The Financial Reporting Council (FRC) has updated its UK Corporate Governance Code, and these changes, effective from 2025, will have a significant impact. Are you ready to understand how these new standards will shape your governance framework and what you need to do to prepare?
Overview of the Insurance (Corporate Governance) Code 2025
The 2025 Corporate Governance Code isn’t a rigid rulebook. Instead, it follows a ‘comply or explain’ philosophy. This means you can adapt the principles of the code to the particular circumstances of your company, offering flexibility while still upholding high governance standards.
The purpose of this guidance is to support you in applying the code requirements. The FRC provides advice and examples to help you navigate the changes, but these are not mandatory. This approach allows your company to choose governance arrangements that are most suitable for your specific needs. Let’s look closer at the code’s purpose and who it applies to.
Purpose and Scope of the Updated Code
The main goal behind the updated Corporate Governance Code is to restore trust in corporate reporting and governance. Following several independent reviews, the UK government asked the FRC to strengthen the code in specific areas to enhance transparency and accountability. This helps improve investor confidence and supports better decision-making across the board.
The new governance standards are designed to be adaptable. The guidance that accompanies the code offers further detail and examples, but it is not prescriptive. This reinforces the ‘comply or explain’ approach, which recognises that a one-size-fits-all model doesn’t work for every organisation. You are encouraged to tailor the principles of the code to your company’s unique size, complexity, and structure.
Ultimately, the code aims to promote high-quality governance that goes beyond simple regulatory compliance. By focusing on outcomes and allowing for departures from provisions with a clear explanation, it encourages you to think critically about what good governance looks like for your business’s particular circumstances.
Applicability to UK and Isle of Man Insurers
The UK Corporate Governance Code is directly applicable to companies with a premium listing on the London Stock Exchange. If your company falls into this category, you must apply the principles and either comply with the provisions or explain why you have not. This is a key part of the regulatory requirements for listed entities.
However, the code’s influence extends far beyond this group. Many companies that are not required to follow the code, including large private companies and those in the financial services sector, choose to adopt it. Why? Because it represents a framework for best practice in corporate governance, helping to build stakeholder trust and demonstrate a commitment to high standards.
For insurers in the Isle of Man, while the code is not mandatory, adopting its principles is a powerful way to enhance your corporate governance framework. It signals to investors, regulators, and customers that you are serious about robust oversight and risk management. This can be supported by specialised services like IT audit services Isle of Man to ensure your frameworks are effective.
Major Updates Compared to Previous Corporate Governance Codes
The new code introduces several significant changes compared to the 2018 version. While the core five sections remain—covering areas from board leadership to remuneration—the updates bring a fresh focus to risk, controls, and reporting. These adjustments are designed to be proportionate and strengthen governance without being overly prescriptive.
The most notable updates centre on internal controls and transparency. The new code provisions aim to give investors and stakeholders a clearer view of how a company manages its risks. We will now explore these changes in further detail, comparing them to the previous code and highlighting the new areas of focus.
Request a governance compliance reviewComparison with 2024 UK Corporate Governance Code
The 2024 UK Corporate Governance Code (effective 2025) refines the 2018 version rather than completely overhauling it. The changes are targeted, aiming to increase the quality of governance reporting and strengthen the internal controls framework. One of the key shifts is the introduction of a new principle focused on outcomes-based reporting, encouraging companies to move beyond simple compliance statements.
A major change is the updated Provision 29, which will require boards to make an annual declaration on the effectiveness of their material controls from 2026. This is a significant step up from the previous requirement to simply monitor and review controls. To streamline the code, some provisions related to audit committees have been moved into a separate Audit Committees and the External Audit: Minimum Standard document.
Here is a simple comparison of the key changes:
|
Feature |
2018 Code |
2024 Code (for 2025/26) |
|---|---|---|
|
Reporting Style |
Focused on compliance with provisions. |
Encourages reporting on outcomes and activities (New Principle C). |
|
Internal Controls |
Boards to monitor, review, and report on the control framework. |
Boards must declare the effectiveness of material controls annually (Provision 29, effective 2026). |
|
Audit Committee |
Contained specific provisions on audit committee responsibilities. |
Some provisions moved to a separate Minimum Standard document for audit committees. |
New Focus Areas Introduced in 2025
The new code for 2025 brings a sharpened focus to several key areas of corporate governance, moving beyond previous expectations. These changes reflect a desire from regulators and investors for greater assurance that companies are being managed responsibly. The central theme is strengthening the link between risk management and board leadership.
The primary new focus areas are designed to enhance accountability and transparency. They push companies to be more explicit about how they are managing their most significant risks. Good governance under the new code means being able to demonstrate, not just state, that your control systems are working.
Key new areas of focus include:
- Declaration on Material Controls: Boards must now explicitly declare whether their material financial, operational, and compliance controls are effective.
- Outcomes-Based Reporting: A new principle encourages companies to report on the results and impact of their governance activities.
- Strengthened Risk Management: The changes reinforce the board’s role in overseeing the risk management and internal control framework.
Board Leadership and Structure in Insurance Firms
Effective board leadership is the cornerstone of a strong corporate governance framework. The updated code reinforces the importance of a capable and engaged board to steer the company. It highlights the need for clear division of responsibilities, robust succession planning, and thoughtful consideration of the board’s overall composition and skills. Your governance arrangements must support this.
The code provides principles on the structure of the board, including the roles of the chair, non-executive directors, and the executive director team. Below, we’ll examine the specific expectations for board roles and the increasing emphasis on diversity and independence.
Speak with an insurance governance expertRole of the Chair and Non-Executive Directors
The Corporate Governance Code places significant emphasis on the role of the chair in providing effective board leadership. A key point of good practice relates to tenure. The code suggests a nine-year tenure period for the chair, starting from when they first join the board. However, it also recognises that extensions may be necessary for effective succession planning.
If a chair’s tenure is extended beyond nine years, the board must provide a comprehensive explanation. This is a core part of the ‘comply or explain’ approach, allowing investors to understand the rationale. This flexibility ensures continuity while still encouraging regular board refreshment.
Non-executive directors are vital for providing independent judgement and challenge to the senior management and executive director team. Their independence is a cornerstone of the code, ensuring that the board considers the interests of all stakeholders. The code’s criteria for independence help ensure that non-executives can provide objective oversight.
Board Diversity and Independence Requirements
The new code provisions continue to champion the importance of board diversity and independence. An effective board is one that benefits from a wide range of skills, experiences, and backgrounds. This diversity of thought leads to better decision-making and more robust governance practices. The code encourages you to consider diversity in its broadest sense.
The goal is to avoid groupthink and ensure that your board reflects the society it serves. This aligns with broader initiatives like the FTSE Women Leaders Review, which promotes gender balance in leadership positions. Independent boards are better equipped to challenge management and make decisions that support long-term value creation.
Key aspects of diversity and independence include:
- Composition: Boards should have a combination of skills, experience, and knowledge relevant to the business.
- Length of Service: A mix of lengths of service on the board is seen as beneficial, bringing both fresh perspectives and deep company knowledge.
- Succession Planning: Effective succession planning is crucial for developing a diverse pipeline of talent for future board and senior management roles.
Governance Standards for Risk Management
The refreshed governance standards place risk management and internal controls right at the centre of the board’s responsibilities. You are now expected to be more proactive and transparent about how you identify and manage material risks. This involves defining your risk appetite and ensuring the effectiveness of the risk management systems.
This enhanced focus means you can no longer treat risk management as a tick-box exercise. It requires a deep, ongoing assessment of your principal risks and the controls in place to mitigate them. Let’s look at the strengthened expectations for internal controls and the new approaches to oversight. This is an area where Cybersecurity compliance consulting can provide crucial support.
Strengthened Internal Control Expectations
One of the most significant changes in the 2025 code is the strengthened expectation around internal controls. The new Provision 29 requires your board to make an annual declaration on the effectiveness of your material controls. This goes beyond just financial controls to include operational, reporting, and compliance controls as well.
But what are ‘material controls’? The code doesn’t provide a prescriptive list. Instead, it’s up to each board to determine which controls are material to their specific business. These are the controls that, if they failed, could have a significant impact on your operations, reporting, or compliance. Designing effective internal control frameworks is therefore crucial.
Your board’s declaration must be based on evidence obtained through monitoring and reviewing your control framework. You need to consider any failings or weaknesses and disclose any material controls that have not operated effectively. This new requirement demands a more rigorous and documented approach to assessing the effectiveness of material controls.
New Approaches to Risk Oversight and Accountability
The updated code requirements foster a new level of accountability for risk oversight. Your board is responsible for carrying out a robust risk assessment to identify the company’s principal risks. This includes everything from financial and operational risks to emerging threats like cyber risks. The code doesn’t provide a list of risks; this judgement is left to the directors.
This approach ensures that your risk oversight is tailored to your company’s specific activities and strategic objectives. The goal of the disclosures is to give investors a clear understanding of how the board has considered these risks and the actions taken to manage or mitigate them. This transparency builds confidence and enables more meaningful engagement with shareholders.
The code promotes a continuous cycle of risk assessment and review. At least annually, your board must monitor the risk management framework and review its effectiveness. This ongoing process increases accountability and ensures that your risk oversight remains relevant and effective in a changing business environment.
Reporting and Transparency Enhancements
The 2025 code of practice ushers in a new era for corporate reporting, with a clear emphasis on greater transparency. The changes are designed to make the annual report a more meaningful document for investors and stakeholders. This moves away from boilerplate disclosures towards specific, insightful reporting on your governance and performance.
These enhancements affect everything from how you explain your governance choices to how you report on risk. The goal is to improve the quality of financial reporting and non-financial information, ensuring your regulatory compliance is built on a foundation of genuine transparency. Let’s explore the expanded duties and new disclosure requirements. This can also include seeking expert advice on areas like Financial crime compliance services.
Expanded Annual Governance Reporting Duties
Your governance reporting duties in the annual report are set to expand significantly. The Financial Reporting Council’s new guidance encourages a more narrative approach, explaining how your governance practices support your long-term success. A key takeaway from the FRC’s reviews is the need for more insightful explanations.
If you depart from a provision of the code, you must now provide a meaningful explanation. This should set out the rationale, describe any risks, and state when you intend to comply. This is a core feature of the new Principle C, focused on outcome-based reporting. It’s an opportunity to demonstrate that your corporate reporting is thoughtful and transparent.
Your new annual reporting duties will include:
- A declaration on the effectiveness of material controls, describing how the board has monitored and reviewed them.
- A description of any material weaknesses in controls and the actions being taken to remediate them.
- Detailed information on malus and clawback provisions for director remuneration, enhancing transparency in this area.
Disclosure Requirements for Third-Party Management
While the code doesn’t explicitly name third-party management, its implications are clear. The strengthened focus on a company-wide control framework means your oversight must extend to risks originating from your key third parties and supply chains. Operational resilience depends on understanding and managing these external dependencies.
Your board’s declaration on the effectiveness of material operational controls will inherently involve assessing the risks posed by suppliers and outsourced partners. This requires robust due diligence and ongoing monitoring to ensure these third parties meet your standards. Failing to manage these relationships properly could constitute a material weakness in your control framework.
Meeting these regulatory requirements means embedding third-party risk management into your governance. This might involve setting up a dedicated framework and considering whether an Outsourced compliance function could help manage the workload. Your corporate reporting should reflect the steps you’ve taken to ensure your entire value chain is resilient and well-governed.
Best Practices and Compliance for Insurance Companies
Adopting the 2025 code is an opportunity to elevate your governance practices. Good practice goes beyond simply meeting the new code requirements; it’s about embedding a culture of strong governance and robust compliance controls. This proactive approach helps build resilience and stakeholder trust.
Preparing for these changes now will put you in a strong position when the code takes effect. For further information and support, you might consider engaging with specialists in this area. Below, we outline key preparation steps and offer practical guidance for both UK and Isle of Man firms, including where to find support for things like an AML regulatory advisory.
Steps for Preparing for the 2025 Code
To prepare for the 2025 code requirements, you should start planning now. Acting early gives you the time to identify any gaps in your current governance practices and develop a clear roadmap for improvement. This ensures you are not rushing to meet regulatory compliance deadlines at the last minute.
A successful implementation requires a coordinated effort across your organisation. It’s not just a task for the compliance department; it involves everyone from the board down to individual control owners. Good governance is a collective responsibility, and fostering this culture is key to making the changes stick.
Here are some practical steps you can take:
- Start Early: Conduct a gap analysis against the new code to understand your strengths and weaknesses.
- Resource Appropriately: Establish a well-resourced programme to design, test, and enhance your compliance controls and internal frameworks.
- Embed a Controls Culture: Create the right culture from the top down, ensuring everyone understands their role in maintaining effective controls.
Practical Guidance for Isle of Man and UK Insurance Firms
For UK insurance firms, the key to compliance is understanding the flexibility of the corporate governance code. The ‘comply or explain’ basis is not a loophole; it is an invitation to tailor the number of provisions you adopt to your business needs, as long as you provide a clear, persuasive explanation for any departures in your corporate reporting.
Isle of Man firms can use the code as a benchmark for excellence. Voluntarily adopting its principles can significantly enhance your reputation and provide assurance to stakeholders. You can focus on key areas like risk management, board effectiveness, and transparent financial reporting to demonstrate your commitment to high standards. This can include services like Data protection consultants to ensure your non-financial reporting is robust.
Here is some practical guidance for all firms:
- Review FRC Materials: The FRC has published detailed guidance, myth-busters, and FAQs to support implementation.
- Focus on Materiality: Use judgement to define what constitutes a ‘material’ control for your business to keep the process proportionate.
- Seek Expert Support: For complex areas like implementing a new
FOI compliance frameworkorGDPR compliance support, consider seeking further information from specialists like Knight.
Conclusion
In summary, the Insurance (Corporate Governance) Code 2025 introduces significant changes that will shape the future of governance in the insurance sector. By emphasising robust leadership structures, risk management, and transparency, the updated code aims to foster an environment of accountability and ethical conduct. As insurers navigate these updates, it is crucial to embrace best practices and ensure compliance with the new requirements. Staying informed and proactive will not only help firms adapt effectively but also enhance their reputation within the industry. If you’re looking for tailored guidance on how to implement these changes, don’t hesitate to get in touch for a free consultation.
Frequently Asked Questions
What are the main impacts of the 2025 governance code on UK insurance companies?
The main impacts of the 2025 Corporate Governance Code include stricter regulatory requirements for governance practices, especially for financial years starting after 1 January 2025. You will face greater board accountability, an annual declaration on material controls, and more transparent reporting on how you meet the code requirements.
Discuss your governance obligations with KnightHow should Isle of Man insurers adapt to the updated code?
Isle of Man insurers should adapt by voluntarily adopting the principles of the Corporate Governance Code as best practice. This involves strengthening your governance arrangements, defining and testing material controls, and enhancing your corporate reporting to demonstrate a commitment to high standards, even if it’s not a formal regulatory compliance requirement.
What resources are available to help insurers comply with the new regulations?
The Financial Reporting Council (FRC) provides extensive resources, including the full Corporate Governance Code, supporting guidance, and review reports. For further information and hands-on help with implementing your compliance controls and navigating the code of practice, you can partner with specialist advisory firms like Knight at knightconsultancy.co.