What is Provision 29?

What is Provision 29? It’s a part of the United Kingdom’s revamped Corporate Governance Code, often considered the oldest and most extensive in the world. 

The Code itself was introduced in the 1990s and has been expanded repeatedly since. Successive UK governments have frequently left their own mark on the code, and all have supported reform over the years, including that which led to the introduction of provision 29, which came into effect on 1st January 2026. 

The provision is all about risk management and internal controls. It strengthens rules already in place, making them more thorough.

It’s a provision of the code that governs how corporate governance professionals in applicable companies approach risk management and internal controls. It lays out that:

• Annual reports need to thoroughly explain how companies monitor and review their risk control frameworks (before Provision 29, companies simply needed to state whether this work was completed).
• Companies need to include a specific declaration of the effectiveness of their material controls (all that was needed before Provision 29 was a reference)
• If any material controls have not worked as they should have, companies now need to explain why that was, and what’s being done to correct it.

It’s a little tricky to unpack this for reasons we’ll set out below, but in general, material controls are any control that would prompt a board to say, “if this failed, the impact would be big enough that investors need to know quickly.”

More specifically: 

• We would be talking about any risks strong enough to threaten a company’s business model, solvency or reputation. Controls mitigating these risks are therefore “material”.
• The financial lens is a crucial measuring tool for material control, but directors should not restrict themselves to it. Instead, they should look more holistically, recognising that modern governance also involves shareholder sentiment, consumer attitudes, and a company’s public profile.

Do you read the above and think that there’s a lack of clarity? That’s effectively done on purpose. The Financial Reporting Council (the agency behind the Code) has deliberately left it open-ended to avoid a tick-box culture and foster subjective scrutiny. 

While it might be beneficial in certain aspects, it does place a greater burden of judgment on directors.

Like all other parts of the UK Code, Provision 29 will work on a “comply or explain” basis. This means that you either follow the rules or explain why you can’t. If you do either to a satisfactory degree, regulators will be happy.

All companies with a “premium listing” on the London Stock Exchange. New companies and closed-ended investment funds have to comply.