Two major governance developments are converging in the UK that will shape board oversight and executive accountability for years to come: the revised UK Corporate Governance Code, effective 1 January 2026, and the Economic Crime and Corporate Transparency Act (ECCTA), with its central “failure to prevent fraud” provision 29, which took effect 1 September 2025.
Both signal the same reality: boards are now expected to be far more active stewards of ethics, compliance, and risk. For CECOs, that means the bar is being raised, and the window to prepare is shorter than it seems.
What you need to know
Revised UK Corporate Governance Code
The 2024 update to the UK Code, issued by the Financial Reporting Council, introduces stronger requirements for boards to establish and maintain effective risk management and internal control frameworks, and to report on the effectiveness of those frameworks. It places renewed emphasis on ethics, culture, and accountability—making directors directly responsible for overseeing E&C program effectiveness.
Who it impacts: All companies with a premium listing on the London Stock Exchange, regardless of domicile. While voluntary for others, the Code is a de facto standard shaping investor expectations and proxy advisory benchmarks.
Why it matters: Boards must now formally report on the effectiveness of internal controls and demonstrate how they oversee culture, accountability, and executive conduct. This aligns UK governance expectations more closely with US SOX-style certifications and EU transparency directives.
What it means for compliance programs and operations:
- CECOs will need to brief boards more frequently and in greater depth on ethics and compliance risk.
- Misconduct and clawback policies will be under board review and public disclosure, requiring clear articulation and consistency in enforcement.
- Boards may request independent assessments of compliance program maturity to validate their oversight role. (We would, if we were them.)
- Documentation of board engagement (minutes, briefing materials, in-camera sessions) will be as important as the substance of the discussions.
Economic Crime and Corporate Transparency Act (ECCTA), Provision 29
Summary of the provision: Provision 29 creates a new corporate offence of “failure to prevent fraud.” If an employee, agent, or third party acting on behalf of a company commits fraud for the organization’s benefit, the company can be held criminally liable unless it can prove it had “reasonable procedures” in place to prevent it.
Who it impacts: Large companies incorporated in the UK (or carrying on business there), including multinationals with UK subsidiaries. Small and medium-sized enterprises are largely exempt, but global organizations with UK exposure are squarely in scope.
Why it matters: This offence dramatically raises expectations for fraud risk management and enforcement by agencies such as the Serious Fraud Office. CECOs must demonstrate that their programs actively prevent, detect, and respond to fraud, not simply that policies exist on paper.
What it means for compliance programs and operations:
- Program assessments now need to explicitly test fraud-related controls.
- Third-party due diligence processes must be risk-based, proportionate, and well-documented.
- Training and communication must address fraud risks alongside bribery, competition, and other misconduct.
- Internal audit and investigations teams will need closer coordination with compliance to evidence “reasonable procedures.”
What CECOs Should Do Now
1. Strengthen your dialogue with the board
Boards will be held to higher expectations for understanding how ethics and compliance risks are managed. Now is the time to:
- Formalize the cadence of your briefings.
- Ensure directors are hearing not only about issues but also about the effectiveness of your program.
- Introduce in-camera sessions where the board can probe on culture, controls, and accountability without management in the room.
2. Revisit policies on executive accountability
The revised Code puts sharper focus on misconduct and clawbacks. Review whether your policies are clear, enforceable, and benchmarked to peer practices. This will be one of the most visible signals of readiness.
3. Pressure-test your “reasonable procedures” defense
The ECCTA’s “failure to prevent fraud” offense is a watershed. Companies will need to demonstrate that they have proportionate, documented procedures in place, taking into account evolving prosecutorial expectations such as those highlighted in recent Crown Prosecution Service commentary on preparing for the new fraud prevention law. That means:
- Refreshing your risk assessment to account for fraud-specific exposures.
- Reviewing due diligence protocols, especially for high-risk third parties.
- Validating internal reporting and escalation systems.
4. Use benchmarking as a compass
One of the biggest mistakes CECOs make is assuming their program’s maturity is self-evident. It isn’t. Benchmarking against peers—whether on board reporting frequency, oversight structures, or fraud defenses—provides both perspective and credibility when engaging leadership.
The Upside of Preparation
Yes, the regulatory changes add pressure. But for CECOs who act now, they also provide opportunity. These shifts elevate ethics and compliance conversations in the boardroom. They create an opening to reframe compliance not as a defensive posture, but as a proactive element of corporate strategy.
With Ethisphere’s Ethics Quotient Questionnaire within the Sphere benchmarking platform and our updated Program Assessment protocol aligned to ECCTA, you can bring your board concrete data and a maturity roadmap – tools that not only demonstrate readiness but reinforce the credibility of your role.
The takeaway: The UK Code and ECCTA will test how boards oversee ethics and compliance. CECOs who engage early, bring data to the table, and validate program maturity will not just meet expectations, they will shape them.
Erica Salmon Byrne, J.D. | Chief Strategy Officer and Executive Chair, Ethisphere
As Chief Strategy Officer and Executive Chair, Erica Salmon Byrne is responsible for ensuring continuous and strong growth for the company while maintaining Ethisphere’s founding ethos that good businesses do better.
