top of page
Search

Provision 29 Decoded: What UK Boards Need to Know by 2026

  • cormacobrien8
  • Jul 31
  • 3 min read

The UK corporate governance landscape is about to change dramatically. Starting January 1, 2026, boards of premium-listed companies will face a new reality: annual reviews and public declarations


This is Provision 29 of the UK Corporate Governance Code 2024, and it's the most significant shift in board accountability we've seen in years.


What Exactly Is Provision 29?

Here's what the provision actually says:

"The board should monitor the company’s risk management and internal control framework and, at least annually, carry out a review of its effectiveness. The monitoring and review should cover all material controls, including financial, operational, reporting and compliance controls."

But the real impact lies in what boards must now do with that review. The provision requires three specific actions in your annual report:

  1. A description of how the board monitored and reviewed the framework's effectiveness

  2. A declaration of effectiveness of material controls as at the balance sheet date

  3. A description of any material controls that haven't operated effectively, plus remediation actions taken


The Three Pillars of Board Accountability

Provision 29 creates three distinct board-level duties that fundamentally change how internal controls are governed:


1. Direct Board Accountability

What it means: The board—not audit committees, not management—takes direct responsibility for the review and declaration.

Why it matters: This elevates internal controls from an operational concern to a governance priority. Board members are now personally exposed to scrutiny over control effectiveness.


2. Annual Effectiveness Review

What it means: Boards must review their risk management and internal control framework at least annually, with the review being planned, evidenced, and repeatable.

Why it matters: This isn't a tick-box exercise. The review must be thorough enough to support a public declaration of effectiveness.


3. Public Declaration in Annual Report

What it means: Companies must report the review outcome and declare whether internal controls are effective.

Why it matters: Transparency is now mandatory. Boards must stand behind the quality of their control systems in front of investors, regulators, and stakeholders.


What This Means in Practice: Key Board Actions

Understanding the requirements is straightforward—implementing them requires action. Provision 29 demands boards take three interconnected actions:

The three key actions boards should take to meet Provision 29 requirements
The three key actions boards should take to meet Provision 29 requirements

Establish a Governance Process

Define who owns internal control within the board structure and how review cycles are scheduled, challenged, and documented.


Demand Evidence-Based Reporting

Set expectations for consistent, auditable reporting from internal audit, risk, and compliance teams. The board must be confident in its declaration.


Close the Loop on Control Failures

Monitor actions taken to resolve deficiencies. Provision 29 expects boards to be seen addressing weaknesses—not just identifying them.


What's at Stake: The Risks of Non-Compliance

Provision 29 operates on a "comply or explain" basis, requiring companies to either meet its standards or clearly justify any deviations in their annual reports.


Key risks of failing to comply or explain:

  • Reputational Damage: Failure to declare or weak internal controls can erode board credibility

  • Investor Pushback: Shareholders expect assurance—uncertainty undermines trust and valuation

  • Regulatory Scrutiny: Non-compliance may trigger FCA attention or challenge under "comply or explain"


From Burden to Benefit: How Provision 29 Strengthens Your Business

Provision 29 isn't just a compliance burden—it's a chance to build resilience, trust, and governance maturity.


Key opportunities:

  • Better Risk Awareness: Encourages boards to proactively identify, monitor, and address risks before they escalate

  • Cross-Team Collaboration: Breaks down silos between risk, audit, compliance, and operations teams

  • Stronger Stakeholder Trust: Transparent internal control declarations build confidence with investors and regulators

  • Resilient Control Systems: Annual reviews drive continuous improvement, helping organizations adapt and withstand disruption


Who Must Comply?

Companies with a premium listing on the London Stock Exchange—including commercial and investment fund categories.


The Bottom Line

Provision 29 represents a fundamental shift in how UK boards govern internal controls. Starting in 2026, boards will be personally accountable for declaring the effectiveness of all material controls in their annual reports.


The companies that start preparing now—establishing robust governance processes, demanding evidence-based reporting, and viewing this as an opportunity to strengthen their control environment—will be the ones that thrive under the new requirements.


Ready to start your Provision 29 journey? Download our comprehensive guide to understand the full implications and discover how to turn compliance into competitive advantage. Or see our solution in action—book a free demo of Optial's GRC SmartStart platform.


About Optial: For over two decades, we've helped organisations across industries manage risk, compliance, and continuity—seamlessly, securely, and at scale. Our GRC SmartStart platform is trusted by Fortune 500 companies in 50+ countries.

bottom of page