What’s Actually Changed?
Rules have moved on from the early-2000s playbook. In the UK, the revised Corporate Governance Code applies from 2025, with a tougher board declaration on internal controls from 2026, putting a brighter light on risk, assurance and how companies explain weaknesses and fixes. The FCA’s Consumer Duty is live across open and closed products, raising the bar on outcomes and how firms evidence them. The Senior Managers and Certification Regime is being streamlined, yet accountability remains central. In Europe, CSRD expands sustainability disclosures so investors can see non-financial risks, with first reports landing from 2025. In the US, the Department of Justice continues to press for data-driven, well-tested compliance programmes.
Why Breaches Still Happen?
Rules help, but they do not run meetings or set incentives. Misconduct persists when targets, pay and workload push people to cut corners, when controls exist on paper but not in practice, and when communication is vague. Recovery starts when leaders pair a plain-spoken apology with visible reforms, independent checks and regular, high-quality updates that stakeholders can verify.
Six Trust Signals People Look for Now:
1. Shared values with proof: not posters, decisions.
2. Fair outcomes: incentives and wins that are not one-sided.
3. Care: act in people’s interests, especially after harm.
4. Ability: deliver, fix fast and manage risk.
5. Integrity: keep promises when pressure bites.
6. Real transparency: enough disclosure, clarity and accuracy for people to follow what happened and what changes next.
Action Point
Consider the extent to which different groups of stakeholders can positively identify with the six signals of trust in your organisation’s decisions and behaviour. Where a signal is weak, agree one visible action, an owner and a date to strengthen it.