UK Corporate Governance Code 2024 Provision 29 - Are You Ready?
- cormacobrien8
- 4 days ago
- 3 min read
From 2026 Boards must declare the effectiveness of all material controls
Executive Summary
From financial years starting on or after 1 January 2026, companies must annually review and declare the effectiveness of their risk management and internal control systems in their annual report. Provision 29 sets out three key board-level duties:
Board-Level Accountability
What: The board (not just audit committees or management) must take direct responsibility for the review and declaration.
Why it matters: This elevates internal controls to a governance priority and exposes boards to scrutiny.
Annual Effectiveness Review
What: Boards must review the effectiveness of their risk management and internal control framework at least annually.
Why it matters: This is no longer optional—it must be planned, evidenced, and repeatable.
Public Declaration in Annual Report
What: Companies must report the outcome of the review and declare whether internal controls are effective.
Why it matters: Transparency is now required—boards must stand behind the quality of their control systems.
UK Corporate Governance Code 2024, What Provision 29 Actually Says
"29. The board should monitor the company’s risk management and internal control framework and, at least annually, carry out a review of its effectiveness. The monitoring and review should cover all material controls, including financial, operational, reporting and compliance controls. The board should provide in the annual report:
• A description of how the board has monitored and reviewed the effectiveness of the framework;
• a declaration of effectiveness of the material controls as at the balance sheet date; and
• a description of any material controls which have not operated effectively as at the balance sheet date, the action taken, or proposed, to improve them and any action taken to address previously reported issues." (FRC 2024 Code: extract Provision 29)
What is a Material Control?
A control is considered material if its failure could affect stakeholder decisions. This includes financial, operational, reporting, and compliance controls.
Who Must Comply?
Companies with a premium listing on the London Stock Exchange—including commercial and investment fund categories.
Impacts & Implications - Key Responsibilities for the Board
Establish a Governance Process
Define who owns internal control within the board structure and how review cycles are scheduled, challenged, and documented.
Close the Loop on Control Failures
Monitor actions taken to resolve deficiencies. Provision 29 expects boards to be seen addressing weaknesses—not just identifying them.
Demand Evidence-Based Reporting
Set expectations for consistent, auditable reporting from internal audit, risk, and compliance teams. The board must be confident in its declaration.
What’s at Stake - The Risks of Non-Compliance with Provision 29
Provision 29 operates on a “comply or explain” basis, requiring companies to either meet its standards or clearly justify any deviations in their annual reports.
Key Risks of Failing to Comply or Explain
Reputational Damage
Failure to declare or weak internal controls can erode board credibility.
Investor Pushback
Shareholders expect assurance—uncertainty undermines trust and valuation.
Regulatory Scrutiny
Non-compliance may trigger FCA attention or challenge under “comply or explain”.
Turning Compliance into Opportunity - How Provision 29 Can Strengthen Your Business
Provision 29 isn’t just a compliance burden — it’s an opportunity to enhance how your business understands and manages risk, collaborates across teams, and demonstrates governance leadership.
Key Benefits:
Better Risk Awareness
Encourages boards to proactively identify, monitor, and address risks before they escalate.
Cross-Team Collaboration
Encourages boards to proactively identify, monitor, and address risks before they escalate.
Stronger Stakeholder Trust
Transparent internal control declarations build confidence with investors, regulators, and the public.
Resilient Control Systems
Annual reviews drive continuous improvement, helping your organisation adapt to change and withstand disruption.
Optial’s GRC SmartStart - A Targeted Solution for Provision 29 Compliance

Optial’s GRC SmartStart is a modular GRC platform trusted by global organisations. For Provision 29, we’ve curated the key modules boards need to meet their new internal control obligations—clearly, securely, and with confidence.
Your Provision 29 Compliance Toolkit
Inside the Provision 29 Module Set - How Each Module Drives Control & Confidence

Provision 29 demands coordinated oversight. Optial’s GRC SmartStart is a modular platform—and for Provision 29, we’ve curated the four modules that matter most. You can also add any other SmartStart modules or tailor the setup to fit your organisation’s unique needs.

Get in touch with a GRC Specialist - Start Your Provision 29 Journey
Prefer another way to reach us?
Email: connect@optial.com
Phone: +44 20 7247 7673