ECCTA & the Corporate Governance Code’s Provision 29

Home » ECCTA & the Corporate Governance Code’s Provision 29

ECCTA & the Corporate Governance Code’s Provision29: One framework – complete compliance

Transform dual regulatory pressure into a single governance advantage. ECCTA’s “failure to prevent fraud” requirements have been in force since September 2025, and Provision 29’s board effectiveness declarations begin for financial years starting 1 January 2026.

Most organisations treat these as separate compliance exercises, creating potential risks and inefficiencies in terms of duplication, inconsistent reporting and governance complexity. Forward-thinking companies are discovering the integration opportunity.

The reality: Your ECCTA work already started your Provision 29 framework – you just need to connect the dots.

Requirements & who should act

Although the new requirements formally apply to companies as detailed below, they represent good governance practice for organisations of all sizes – and early action will enhance resilience across the organisation.

ECCTA: In force since September 2025

Applies to:

Large/medium companies: £36M+ turnover, 250+ employees or £18M+ balance sheet

Key requirements:

Risk assessment and fraud prevention procedures
Active monitoring and robust documentation
Clear accountability and board oversight

Non-compliance risks:

Unlimited fines
Criminal liability
Reputational damage

Provision 29: Framework needed from 1 January 2026

Applies to:

Premium listed companies: Mandatory for financial years starting 1 January 2026
Expected to influence all listed and any private companies

Timeline clarification: Controls must operate effectively throughout 2026, with first declarations published in annual reports Q1 2027

Key requirements:

Annual board review of control effectiveness throughout the reporting period
Formal board declaration of material controls effectiveness at balance sheet date
Public disclosure of any control failures
Evidence of effectiveness throughout the entire financial year

Non-compliance risks:

Listing rule breaches
Investor relations crisis
Director liability

The real timeline: You have time to get this right

1 January 2026: Control frameworks must be operational (not reporting deadline).
Throughout 2026: Evidence collection of controls operating effectively.
31 December 2026: Controls must have operated effectively throughout the period.
Q1 2027: First annual reports published with Provision 29 declarations.

“The delayed implementation of provision 29 buys extra time for companies to strengthen internal control frameworks” and prepare robust evidence collection processes.

How these work together: The unified framework

Both share the same fundamental requirement: proving that controls actually work, not just that they exist.

Both expect that boards can prove their control frameworks actually work through “active monitoring, robust documentation and clear accountability.”

ECCTA‘s fraud prevention procedures are essentially Provision 29’s material controls.

Both require the same infrastructure:

Risk management processes
Control testing
Board oversight
Evidence collection

Smart organisations use their existing ECCTA implementation as the foundation for Provision 29 compliance, creating unified systems that serve both requirements efficiently.

The Bridgehouse Integrated Solution

We can help you implement this unified approach through:

1. Framework preparation:

Map controls together: Align your existing ECCTA controls to Provision 29 material controls

Single risk register: Integrate fraud, financial, operational and compliance risks in one framework

Unified board review: Design one process covering both requirements with evidence trails

2. Implementation & monitoring: Throughout 2026

Integrated testing: Establish combined testing cycles with materiality filtering and assurance pathways

Evidence collection: Build documentation supporting both regulatory requirements throughout the financial year

Continuous monitoring: Implement real-time dashboards for joint oversight of both requirements

3. Board support & disclosure: 2027 reporting

Combined disclosure: Design coordinated annual report sections for both requirements

Board-ready materials: Prepare materials for annual declarations and public disclosures

Ongoing support: Provide updates and guidance for regulatory developments

Why choose Bridgehouse?

Deep regulatory expertise in both requirements and their integration
Proven unified approach reducing compliance burden
Board-ready solutions designed for regulatory scrutiny
Sector specialisation across listed, financial services and large private companies

How we can support your organisation:

Independent readiness and risk assessments
“Associated‑persons” mapping
Internal control framework design
Support with board reporting and evidence gathering

Turn regulatory pressure into competitive advantage. One framework. Complete compliance.

Get in touch

We would be pleased to answer any queries or have an informal chat to discuss your possible governance needs.

First Name

Last Name

Company Name

Phone Number

Message

Bridgehouse Company Secretaries needs the contact information you provde to us in order to contact you about our products and services that may relate to your enquiry. You may unsubscribe from these communications at any time. For more information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.