Navigating the FRC’s new governance frontier

Simon Keslake is a founder of Behavioural Risk Intelligence, and a member of the British Psychological Society. He explains how boards need to work now to negate a major overhaul of the UK’s financial regulation in 2026.

Also Read

Alan at 80™ — Episode #20 – Alan Weiss, PhD

A Minute With Alan® — Quietly – Alan Weiss, PhD

Mega deals reach record high and propel surge in deal value

Plugin developed by ProSEOBlogger. Get free gpl themes.

The most sophisticated organisations in the world share a common, dangerous flaw: their governance frameworks are designed to map countless structural vulnerabilities – yet they ignore the very human systems whose judgement determines the organisation’s survival.

While the consulting industry has perfected the ‘what’ of risk – from operational complexities to technical vulnerabilities – recent history proves that even the most robust systems are frequently undone by the one variable stubbornly absent from the boardroom: the human dimension.

As of January 2026, this “behavioural blind spot” is no longer just a cultural concern; it is a regulatory liability. Under Provision 29 of the UK Corporate Governance Code, the FRC has moved the goalposts from process to provenance. It is no longer sufficient to present a tidy inventory of controls. Boards must demonstrate a granular understanding of the latent conditions that cause those controls to fail.

This shift effectively ends the era of plausible deniability. To meet this mandate, boards require a new form of intelligence – one that moves beyond the static reporting of the past toward a dynamic architecture of behavioural foresight.

The Governance Gap

Traditional risk models are built for a world of tangible threats. They excel at mapping external shocks but consistently fail to account for the human system – the subtle interplay of cognitive biases that silently erode governance from within.

In the boardroom, “culture” is often dismissed as anecdotal or intangible. This is a strategic blind spot. These dynamics are the structural antecedents of almost every catastrophic control failure. A leadership team’s predisposition for cognitive shortcuts is not a cultural nuance; it is a quantifiable risk multiplier with a direct link to resilience.

This is the ‘Compliance Paradox.’ While 69% of the FTSE 350 claim full compliance with the Code, the reality is fractured: 72% of firms are simultaneously under-reporting critical risks*. They are technically compliant, yet functionally vulnerable. Our analysis reveals the causal driver: 78% of these failures are linked to what we define as ‘Intensity’ clusters – behavioural patterns that create a systemic blindness to bad news. Boards are checking the boxes of ‘process’ while remaining blind to the behavioural provenance that determines their survival**.

As Provision 29 takes hold, the implicit question being asked of Chairs and Audit Committees is: “Do you truly understand the ‘why’ behind the ‘what’?”

The Causal Architecture

To address this, we map the hard physics of organisational failure. We have isolated the latent behavioural clusters that create the “pre-conditions for collapse” – allowing boards to diagnose three dimensions of Systemic Risk that traditional audits overlook:

• Intensity (The High-Achievement Trap): Triggered when a drive for results decouples from cognitive flexibility, inducing Threat Rigidity. This systemic narrowing of “vision” under pressure creates a statistically significant delay in strategic pivoting; the organisation becomes blind to disruptions that are, in retrospect, entirely visible.
• Uniformity (The Vigilance Gap): A deficit of cognitive diversity disguised as alignment. When leadership defaults to path-of-least-resistance decision-making, it manufactures Compliance Theatre. Controls remain functionally inert because the “will to challenge” has atrophied, making these organisations twice as likely to suffer profound regulatory failures.
• Interaction (The Metabolic Tax): The operational drag on execution. When culture prioritises short-term expediency over process integrity, the organisation hits its Metabolic Limit. This manifests as systemic unauthorised workarounds and a failure to realise strategic ROI – a measurable leak in revenue caused by the friction between strategy and an overstretched human infrastructure.

The Human Infrastructure

While boards traditionally focus on external market volatility, the most significant threat to resilience resides in the collective behavioural patterns of their leadership cohorts. This “human infrastructure” is the lens through which all data is processed and all strategy is executed. This is the point where theoretical risk becomes tangible failure.

The behavioural balance of these leadership layers determines whether the organisation’s infrastructure can support its strategic intent. The Board must ask:

• Under pressure, does the cohort’s collective drive for results trigger the Intensity Risk that blinds the firm to necessary pivots?
• In deliberation, does a lack of cognitive diversity default into the Uniformity Risk that masks systemic threats as false alignment?
• In execution, does a group-wide bias toward short-termism create the Interaction Friction that leaks revenue and stalls transformation?

For the Board, understanding these dynamics is about verifying load-bearing capacity. In the era of the 2026 Code, integrating this intelligence is the difference between a strategy that exists only on paper and a successful legacy built on proactive, evidence-based resilience.

The Strategic Dividend

Integrating behavioural intelligence is about providing the Board with a more powerful microscope to protect the organisation. This approach offers three distinct advantages:

• Evidence-Based Fiduciary Oversight: Instead of relying on “gut feel” or retrospective audits, the Board can point to empirical data regarding behavioural readiness. This provides a defensible narrative for regulators under the new Code.
• Targeted Resilience: By identifying latent vulnerabilities in the executive layer, the Board can move from asking “Are we safe?” to “How do we know we are vigilant?”
• Strategic Verification: This moves the Board from vague discussions of “culture” to a sophisticated analysis of Risk Appetite vs. Risk Capacity – evaluating whether the team’s collective DNA can deliver the strategy.

The Reality of the 2026 Code

Boards are composed of highly skilled individuals tasked with an increasingly complex mandate. The updated Code is essentially asking Directors to exercise better judgment and more courageous oversight.

However, even the most experienced Directors are limited by the data available to them. Mapping the “behavioural DNA” of the organisation isn’t an indictment of leadership; it is a strategic asset for the Board. It allows them to move from a place of “hope-based governance” to “evidence-based resilience.” It enables a Board to say: “We have identified the latent vulnerabilities in our human system, and we have implemented the necessary cognitive offsets to ensure the organisation remains robust.”

A New Standard for Board Oversight

As we navigate this new frontier, the benchmark for corporate resilience has changed. Compliance with the Code should not be viewed as a hurdle to be cleared, but as an invitation to elevate the science of board oversight.

The “greatest risk in the room” is rarely a failure of technology or a shift in the market; it is the unexamined behaviour of the people tasked with managing those variables. By integrating behavioural intelligence into the heart of governance, boards can finally move beyond the checklist and toward a future of proactive, evidence-based resilience.

The era of the “behavioural blind spot” is over. In the new governance landscape, the most effective boards will be those that realise the “why” is the only way to truly secure the “what.”