On this page
Corporate governance scandals make headlines; excellence rarely does. When a major institution fails, whether through misconduct, operational collapse, or regulatory censure, investigators inevitably trace the rot to governance failures that could have been prevented. Yet across jurisdictions, from the Channel Islands to Singapore, a small cohort of regulated firms quietly demonstrates that robust governance is not merely a compliance burden but a competitive advantage.
What separates exemplary institutions from the merely compliant? After advising boards across multiple regulatory regimes, we have identified five non-negotiable elements that transcend local rulebooks. Whether you operate under the FCA, MAS, SEC, GFSC, or any other acronym, these principles remain constant.
1. A board that can actually govern
Competence without independence is merely management; independence without competence is merely decoration.
The first non-negotiable is a board comprising individuals who possess both the skills to understand the business and the courage to challenge it. This requires:
- Diverse expertise, not just former bankers on bank boards, but technologists, behavioural economists, and cyber specialists where relevant.
- Genuine independence, with independent directors who are truly independent, financially, socially, and operationally, from the executives they oversee.
- Serious time commitment from non-executives who treat the role as a responsibility, not a portfolio ornament.
Excellent boards conduct rigorous board evaluations, address skill gaps explicitly, and ensure the Chair provides strong leadership without usurping executive functions. In any jurisdiction, regulators can forgive a bad business decision; they rarely forgive a board that was not equipped to scrutinise it.
2. Clarity of authority down to the decimal point
Ambiguity is the enemy of accountability.
The second pillar is a governance architecture where every decision has an owner. This means:
- Reserved matters: a definitive list of what the board decides versus what it delegates to management, with no grey zones.
- Committee terms of reference: Audit, Risk, Remuneration, and Nomination committees with sharp, unambiguous mandates.
- Escalation triggers: clear thresholds, monetary, reputational, or regulatory, that automatically elevate matters to board level.
Too many institutions suffer from "dual key" confusion where nobody is quite sure who owns a decision. Excellent governance removes this friction. When something goes wrong, there is no hunt for the responsible party; they are already defined in the governance manual.
3. Control functions that cannot be captured
Risk, Compliance, and Internal Audit must have teeth, not just briefcases.
The third non-negotiable is the genuine independence of the three lines of defence. This independence is structural, not decorative:
- Budgetary autonomy, so control functions can request resources without business-line veto.
- Unfiltered access, giving the Chief Risk Officer and Head of Compliance direct lines to the board or relevant committees, bypassing the CEO where necessary.
- Career protection, ensuring internal audit findings do not trigger retaliation and compliance warnings are not buried for commercial convenience.
Regulators worldwide, from the FCA's focus on conduct to the MAS Guidelines on Risk Management, emphasise this independence because they know that captured control functions are worse than none at all. They provide false assurance while risks metastasise.
4. Risk intelligence, not risk archaeology
Excellent governance looks forward; poor governance digs backwards.
The fourth element is a risk management framework that anticipates rather than reacts. This requires:
- Dynamic risk appetite statements that guide decision-making, not documents filed and forgotten.
- An emerging risk radar with specific processes for identifying "pre-regulatory" risks such as cyber, ESG, AI governance, and third-party concentration before they become enforcement priorities.
- Integration of risk considerations into product approval, remuneration structures, and strategic planning, rather than siloing them in a quarterly report.
The best institutions treat risk management as an early warning system. They understand that in regulated sectors, the only surprise should be positive.
5. The discipline of documentation
If it is not recorded, it did not happen.
The final non-negotiable is meticulous documentation of governance processes. This is not bureaucracy; it is evidence of care:
- Decision-useful MI that tells directors what they need to know, not what management wants to tell them.
- Minutes as narrative, capturing not just decisions but the consideration behind them: the questions asked, the alternatives rejected, and the dissents noted.
- Follow-through through clear action registers with owners and deadlines, tracked and verified.
When regulators or litigators arrive, they reconstruct governance quality from the paper trail. Excellent institutions leave a clear record of diligent oversight; poor governance leaves ambiguity that invites suspicion.
The common thread
These five elements share a characteristic: they are hard. They require board members to confront uncomfortable truths, they demand that executives cede control to risk officers, and they insist on administrative rigour when shortcuts beckon.
Yet the reward is substantial. Firms with excellent governance enjoy lower cost of capital, stronger stakeholder trust, and the operational resilience to weather shocks. They attract better talent and retain regulatory goodwill. Most importantly, they sleep soundly knowing that their licence to operate is secure, not because they met minimum standards, but because they built something durable.
In corporate governance, as in architecture, the fundamentals matter more than the facade. These five non-negotiables are the foundation upon which lasting institutions are built, wherever in the world they do business.