Corporate Governance and Directors' Duties in 2026: What Boards Must Get Right

Last reviewed: June 29, 2026

At a Glance

• Internal-controls attestation is now live. Under the UK Corporate Governance Code 2024, boards must declare the effectiveness of their material internal controls for financial years beginning on or after 1 January 2026.
• Directors’ personal liability is expanding. Statutory reforms in India, the UK and across Asia are widening the circumstances in which individual directors face personal exposure for governance failures.
• OECD principles are reshaping national codes. The OECD’s revised standards on board accountability and risk management are being adopted as the template for domestic reforms worldwide.
• Conflicts and related-party processes face new scrutiny. Regulators and courts expect documented, independent approval processes, boilerplate minutes no longer suffice.
• Cross-border groups need a jurisdictional duty matrix. Multinational boards must map differing obligations across every country in which they operate or face cumulative risk.

Corporate governance directors duties in 2026 are under more pressure than at any point in the last decade. The UK’s Financial Reporting Council has phased in its most significant Code revision in years, requiring boards to formally attest to the effectiveness of material internal controls. The OECD has reinforced the expectation that directors of group companies owe duties that extend beyond a single entity’s balance sheet. Across Asia, including India’s own evolving Companies Act enforcement landscape, regulators are demanding greater transparency, stronger documentation and real personal accountability from those who sit at the board table.

This article sets out what has changed, what directors owe, where personal liability arises, and the practical steps boards should take now to protect both the company and themselves.

What Changed in 2024–26 and Why It Matters for Corporate Governance Directors Duties 2026 Boards

The governance landscape that boards navigated in 2023 is materially different from the one they face today. Three forces converged between 2024 and 2026 to raise the bar for directors across jurisdictions.

The UK Corporate Governance Code 2024. Published by the FRC in January 2024, the revised Code introduced a new Principle O and Provision 29, requiring boards to make a declaration on the effectiveness of their material internal controls. Most provisions of the 2024 Code took effect for financial years beginning on or after 1 January 2025, but the internal-controls declaration was deliberately deferred to financial years beginning on or after 1 January 2026, giving companies additional time to build assurance frameworks. The FRC has clarified that directors do not need to declare over every internal control; the obligation applies to those controls the board considers material to the company’s operations and financial reporting.

OECD revised principles. The OECD’s work on duties and responsibilities of boards in company groups has emphasised that board accountability, risk management and disclosure obligations should extend across group structures, not just at the parent level. These principles are being used as a benchmark for national code reforms from Seoul to New Delhi.

Asia-wide tightening. South Korea’s Commercial Act amendments have widened fiduciary duties and shareholder protections, increasing expectations on board oversight of group transactions. India’s enforcement of the Companies Act 2013 has accelerated, with regulators and courts holding directors to account for related-party compliance and disclosure obligations, including ESG-related disclosures that boards in 2026 can no longer treat as voluntary.

Core Duties Directors Owe: The Legal Standard Across Systems

Regardless of jurisdiction, directors owe a broadly consistent set of duties. Understanding where those duties overlap, and where they diverge, is the starting point for any cross-border compliance programme.

Duty of Care versus Fiduciary Duty

The duty of care requires directors to act with the skill, diligence and care that a reasonably competent person in their position would exercise. It is an objective standard that rises with a director’s expertise: a finance director is held to a higher standard on financial matters than a non-executive without that background. Fiduciary duties go further. They require directors to act in good faith, in the best interests of the company, to avoid conflicts of interest and to refrain from profiting from their position. In most common-law systems, fiduciary duties are owed to the company itself, not to individual shareholders, though shareholder-protection trends in both India and the UK are narrowing that gap.

Statutory versus Common-Law Duties

India’s Companies Act 2013 codifies directors’ duties in statutory form, setting out obligations relating to good faith, proper purpose, independent judgment, reasonable care and skill, avoidance of conflicts, and non-acceptance of benefits from third parties. The UK Companies Act 2006 takes a similar statutory approach. The OECD’s revised principles have encouraged this trend toward codification, noting that clearly defined statutory duties improve enforcement and reduce ambiguity for directors serving across multiple jurisdictions. For boards of multinational groups, particularly those with Indian and UK entities, the practical implication is that directors must satisfy the statutory duties of each jurisdiction in which they hold office, not merely the most familiar one.

Internal Controls Attestation 2026: What Boards Must Get Ready

The most operationally significant change facing boards in 2026 is the requirement to declare the effectiveness of material internal controls. This section addresses the scope, the evidence boards must hold, and the practical steps needed to comply.

Do directors have to make a declaration over all internal controls? No. The FRC has clarified that directors will not have to make a declaration over all internal controls. They are required to make a declaration of effectiveness over those controls the board deems material, meaning controls that are material to the company’s financial reporting, operations and compliance. This is a principles-based approach: the board decides which controls are material, documents the rationale, and attests to their effectiveness.

The audit committee plays a central role. It is expected to oversee the process by which material controls are identified, tested and reported to the board. The board then relies on the audit committee’s work, supplemented by internal audit findings and, where appropriate, external assurance, to make its declaration. The evidence trail matters: boards that cannot demonstrate how they reached their conclusion face both regulatory criticism and litigation risk.

Practical Steps for the Board

• Map material controls. Identify every control the board considers material to financial reporting, operational integrity and regulatory compliance. Document the rationale for inclusion and exclusion.
• Assign ownership. Each material control should have a named owner (typically a senior manager or function head) responsible for its operation and for reporting to the audit committee.
• Test and evidence. Internal audit should test material controls during the reporting period. Retain the testing methodology, sample evidence and findings in a structured assurance pack.
• External review. For high-risk controls (e.g. revenue recognition, treasury, regulatory capital), consider obtaining external assurance or an independent review to support the board’s declaration.
• Audit committee report. The audit committee should formally report its findings to the board before the declaration is made, with a clear recommendation and any caveats or qualifications.

Sample Board Attestation Language

Industry observers expect attestation language to vary, but a robust declaration might read: “The Board has reviewed the effectiveness of the Company’s material internal controls during the year ended [date]. Based on the work of the Audit Committee, internal audit findings and management representations, the Board confirms that those material controls were effective throughout the period under review, save as disclosed [below / in note X].” Any known weakness should be disclosed with an explanation of the remediation plan and timeline. Omitting known weaknesses from the declaration creates significant personal and corporate liability risk.

When and How Directors Face Personal Liability

Personal liability for directors is not theoretical. Enforcement trends in India, the UK and across the OECD demonstrate that regulators, liquidators and shareholders are increasingly willing to pursue individual directors, not just the corporate entity.

The triggers for personal liability typically fall into five categories:

• Breach of statutory duty. Failing to comply with codified obligations, such as filing requirements, disclosure rules or duty-of-care standards, can expose directors to civil penalties and, in some jurisdictions, criminal sanctions.
• Gross negligence or recklessness. Where a director’s conduct falls so far below the expected standard that it constitutes recklessness, courts may pierce the protections that ordinarily shield directors from personal claims.
• Dishonesty or fraud. Fraudulent trading, misrepresentation to regulators or deliberate concealment of material information removes virtually all protections, including most directors’ and officers’ (D&O) insurance coverage.
• Failure of oversight in regulated sectors. Directors of banks, financial institutions and entities subject to sector-specific regulation face heightened personal accountability for oversight failures, particularly where the regulator can demonstrate that the director knew or ought to have known of the risk.
• Wrongful or insolvent trading. Where a company continues to trade while insolvent, directors who fail to take steps to minimise creditor losses may be held personally liable, a risk that is directly relevant to directors considering insolvency proceedings in India.

Mitigation Checklist

• Maintain comprehensive D&O insurance with adequate limits and ensure policy terms cover the jurisdictions in which directors serve.
• Document every material board decision with the deliberation, evidence base and alternatives considered (see the minutes section below).
• Obtain independent professional advice before approving high-risk transactions or entering new regulated activities.
• Ensure the company’s articles of association or constitutional documents provide the widest permissible indemnity for directors acting in good faith.
• Review D&O policy terms annually, particularly exclusions, notification obligations and the scope of “insured persons”, with specialist brokers.

Conflicts of Interest and Related-Party Transactions: Process and Documentation

Conflicts of interest and related-party transactions (RPTs) remain among the highest-risk areas for boards. Regulators and courts in India, the UK and across Asia are no longer satisfied with formulaic disclosures or after-the-fact ratification. They expect a documented, independent process that operates before the transaction is approved.

The best-practice process follows a clear sequence:

• Identify. Every director must proactively disclose any direct or indirect interest in a proposed transaction. Disclosure should be made at the earliest possible stage, not at the board meeting where approval is sought.
• Disclose and abstain. The conflicted director should formally declare their interest, abstain from voting and, where the conflict is material, leave the meeting during deliberations.
• Independent review. An independent committee or the audit committee should assess the transaction on arm’s-length terms. For significant RPTs, an independent fairness opinion adds a layer of protection.
• Ratify and document. The board should record its approval (or rejection) with clear reasons, the terms of the transaction, any conditions imposed and the identity of the directors who voted.
• Ongoing monitoring. For continuing RPTs, the board should review compliance with approved terms at regular intervals and document those reviews.

A short RPT minute template should capture: the nature and value of the transaction; the identity of the related party and the nature of the relationship; the conflicted director’s declaration and recusal; the independent review or fairness opinion relied upon; the commercial rationale; the vote (including any dissent); and any conditions or follow-up actions. This documentation is the board’s primary defence if the transaction is later challenged.

Board Minutes, Decision-Making Records and Defending Decisions

Minutes are not an administrative formality. They are the single most important document the board will rely on if a decision is challenged in court, by a regulator or by shareholders. Directors’ minutes best practice requires that the record demonstrates the board’s process, not merely its conclusion.

Effective minutes should record:

• Attendance and quorum. Who was present, who joined remotely, who was absent, and whether a quorum was achieved.
• Material deliberations. The key points of discussion, including concerns raised, questions asked and the information the board considered.
• Alternatives considered. Where the board chose between options, the minutes should note what alternatives were discussed and why the chosen course was preferred.
• Expert inputs. Any professional advice received, legal, financial, tax, should be identified by adviser name and summarised in the minutes.
• Conflicts disclosed. Any director who declared a conflict, and the steps taken (recusal, abstention).
• Votes and dissent. The voting outcome, and any director who dissented, with the reason for dissent if the director wished it recorded.

Red flags to avoid include: retrospective amendments to minutes without board approval; minutes that record conclusions but no deliberation; minutes that omit conflicts or abstentions; and failure to retain board packs, presentations and supporting papers alongside the signed minutes. Document retention policies should specify a minimum period (typically at least the applicable limitation period plus a margin) and cover both physical and electronic records.

Directors Duties India 2026: Companies Act, SEBI and Practical Points for Indian Boards

India’s framework for directors’ duties is anchored in the Companies Act 2013, which codifies obligations that previously existed only in common law. The Act imposes duties of good faith, proper purpose, independent judgment, reasonable care and skill, and the avoidance of conflicts. It also creates specific procedural requirements for related-party transactions, board committee structures and disclosure to regulators.

For listed companies, the SEBI (Listing Obligations and Disclosure Requirements) Regulations add a further layer. These require detailed disclosure of RPTs, mandate audit committee approval for material transactions and impose continuing obligations around corporate governance compliance reporting. The combined effect of the Companies Act and SEBI regulations means that Indian directors face both civil and, in certain cases, criminal exposure for governance failures, a level of personal risk that is often underestimated by directors serving on Indian boards for the first time.

Enforcement trends in India are accelerating. The Ministry of Corporate Affairs and SEBI are both showing a greater willingness to pursue individual directors for non-compliance, and Indian courts have reinforced the principle that statutory duties cannot be delegated to management or advisers. Industry observers expect this enforcement posture to intensify through 2026 and beyond, particularly in relation to RPT compliance and financial-controls oversight.

Practical to-do list for Indian group boards:

• Conduct annual board training on statutory duties under the Companies Act and SEBI regulations, cover both existing obligations and any recent amendments or circulars.
• Map cross-border exposures: identify every jurisdiction in which each director holds office and ensure the board understands the cumulative duties.
• Review and strengthen the audit committee’s mandate to cover material internal-controls oversight, anticipating convergence with international attestation expectations.
• Ensure related-party transaction registers are current, that approvals follow the prescribed process, and that the documentation meets the standards described above.
• Establish or refresh a whistle-blower mechanism and vigil mechanism as required under the Companies Act, with clear reporting lines to the audit committee and independent directors.

Practical Action List for Multinational Boards: 30–90 Day Plan

For multinational groups operating across the UK, India and other jurisdictions, the following action plan provides a structured approach to compliance with the evolving corporate governance directors duties 2026 boards must address:

• Days 1–30: Map and inventory. Create a jurisdictional matrix listing every country in which directors hold office, the applicable statutory duties, governance code expectations, and regulator disclosure obligations. Inventory existing internal controls and identify gaps against the material-controls standard.
• Days 31–60: Build the attestation pack. For UK-listed or UK-reporting entities, prepare the evidence base for the board’s declaration on material internal controls. Assign control owners, commission internal audit testing and engage external reviewers where needed.
• Days 61–90: Strengthen processes and documentation. Update RPT and conflict-of-interest policies, revise minute-taking templates, and refresh D&O insurance terms. Brief all directors on the updated framework and schedule board training sessions.
• Months 4–12: Embed and monitor. Run a full cycle of the internal-controls attestation process. Conduct a post-cycle review and adjust the control inventory, testing methodology and reporting to the audit committee. Update the jurisdictional matrix annually and before any major transaction.

Conclusion

The governance obligations boards face in 2026 are broader, more prescriptive and more personally consequential than at any point in recent memory. Internal-controls attestation, heightened disclosure obligations, ESG reporting and accelerating enforcement mean that the corporate governance directors duties 2026 boards must discharge are not merely aspirational principles, they are enforceable obligations backed by personal liability. Boards that invest now in structured compliance programmes, robust documentation and cross-jurisdictional mapping will be better positioned to protect both the company and its individual directors. Those that do not should expect scrutiny, from regulators, shareholders and courts alike.

Sources

1. Financial Reporting Council, UK Corporate Governance Code 2024
2. FRC, Revised UK Corporate Governance Code Announcement (January 2024)
3. OECD, Duties and Responsibilities of Boards in Company Groups
4. PwC UK, UK Corporate Governance Code Reform
5. Chartered Governance Institute UK, UK Corporate Governance Code 2024 Factsheet
6. Law Debenture, Director Responsibilities in 2026