Director’s Diary: 2025 was a defining year for governance

I suspect 2025 will be remembered, at least in my view, as the year expectations hardened.

It felt as though directors were increasingly seen as active, engaged contributors rather than symbolic figures. Senior managers were expected to own outcomes, not just oversee processes. Culture was no longer something to be talked about, but something to be governed. Behaviour was expected to align with stated values, and documentation to reflect reality rather than aspiration.

For me, and for many governance professionals I have spoken with, this has been a demanding but clarifying year. The role of the Company Secretary has continued to shift away from drafting policies for their own sake and towards shaping behaviour, challenging boards, and translating regulatory expectations into something that actually lives and breathes within organisations.

There are years when governance seems to move forward quietly, shaped by consultation papers and rule changes. And then there are years when it moves ahead, shaped by experience, reflection and a desire to do things better. From where I sit, 2025 has very much felt like the latter.

This was the year regulators, particularly in the UK, stopped accepting that good intentions, impressive policies or historic success were enough. They wanted to see how boards behaved when faced with uncomfortable truths. How senior leaders responded when performance clashed with conduct. And whether culture was something firms genuinely governed, or simply talked about.

It was not a single scandal that defined the year, but a pattern that had become impossible to ignore.

One of the most significant shifts in 2025 was the firm positioning of non-financial misconduct as a regulatory issue, not a human resources inconvenience. The FCA’s work on non-financial misconduct, building on earlier consultations, landed with real force this year. Bullying, harassment, sexual misconduct and abuse of power were no longer treated as secondary. They were framed clearly as indicators of governance failure and conduct risk.

This mattered because it punctured a long-held assumption in boardrooms. That behaviour between employees, particularly where customers were not directly affected, sat outside regulatory concern. That assumption no longer holds.

The regulator’s logic was simple. Firms that tolerate intimidation, silence or misuse of power internally are unlikely to act with integrity when under commercial pressure. Culture, the FCA made clear, is predictive.

For senior managers and directors, accountability felt sharper this year. The Duty of Responsibility under the Senior Managers and Certification Regime has existed for some time, but in 2025, it moved decisively from theory to practice.

Enforcement narratives increasingly focused on individuals. Not on whether controls existed, but on whether senior leaders actually engaged with them, what questions they asked, what information they demanded. What they escalated and what they tolerated.

Statements of Responsibilities, once treated as static compliance documents, became live evidence. Where responsibilities were vague, overlapping or misaligned with reality, regulators saw risk. Where senior managers could not demonstrate reasonable steps, personal exposure followed.

In UK boardrooms, the Companies Act duties stopped feeling like legal abstractions. Promoting the success of the company was no longer discussed purely in financial terms. Stakeholder impact, reputation and long-term sustainability became unavoidable considerations, not optional ones.

Independent judgment took on renewed importance in an era of dominant executives and charismatic founders. Several corporate difficulties in 2025 followed a familiar pattern. Warning signs existed. Concerns were raised. But they were not pursued with sufficient rigour, particularly while performance remained strong.

Care, skill and diligence were tested as directors were expected to understand increasingly complex risks. Cyber resilience, AI governance and supply chain ethics all featured prominently this year. Boards that relied solely on high-level assurances found themselves exposed when those assurances proved hollow. Courts and regulators did not ask whether directors intended harm. They asked whether decisions were reasonable and defensible at the time they were made.

Perhaps the most notable change in 2025 was how culture was treated in practice. Boards moved beyond values statements and employee surveys. They examined incentives, promotion decisions and how poor behaviour was actually handled. Whistleblowing data became a standing agenda item for many boards. Not as a box-ticking exercise, but as a diagnostic tool. Firms that had invested early in psychological safety and credible speak-up mechanisms were better positioned. Those who dismissed complaints as noise or risked marginalising whistle-blowers were not.

The uncomfortable truth of 2025 is that many governance failures were not caused by ignorance. They were caused by reluctance. Reluctance to challenge powerful individuals. Reluctance to disrupt performance. Reluctance to act without absolute certainty. Regulators were clear. Waiting for certainty is often the failure.

If there is one lesson from 2025, it is this. Good governance is no longer about having the right framework. It is about asking difficult questions early, listening to the answers, and having the courage to act on them. That is what regulators now expect. And it is what effective governance requires.