Compliance and Regulatory Environment
Expert-defined terms from the Certified Professional in Corporate Governance for Executive Assistants (United Kingdom) course at London School of Business and Administration. Free to read, free to share, paired with a professional course.
Anti‑Money Laundering (AML) – a set of laws, regulations and procedures d… #
Related terms: KYC, Financial Crime, Sanctions
Explanation #
AML requires organisations to identify customers, monitor transactions, and report suspicious activity to authorities. In the UK, the primary legislation is the Money Laundering, Terrorist Financing and Transfer of Funds (Information) Act 2017. Example: An executive assistant (EA) receives a request to arrange a payment to a new supplier; the EA must verify the supplier’s identity and confirm the purpose of the payment before processing. Practical application: EAs maintain AML checklists, use approved vendor verification tools, and liaise with the compliance officer to ensure all documentation is complete. Challenges: Balancing speed of business operations with thorough due‑diligence, managing evolving regulatory updates, and ensuring staff awareness across the organisation.
Explanation #
The board sets policies, approves major decisions, and monitors management. In the UK, the Companies Act 2006 outlines directors’ duties, including the duty to act in the company’s best interests. Example: An EA schedules board meetings, prepares agendas, and ensures that all directors receive required documents ahead of time. Practical application: Maintaining a board calendar, distributing board packs, and tracking action items from minutes. Challenges: Coordinating diverse schedules, maintaining confidentiality, and ensuring compliance with statutory filing deadlines.
Board Pack – a collection of documents provided to directors before a boa… #
Related terms: Minutes, Agenda, Disclosure
Explanation #
The pack enables informed decision‑making and supports compliance with transparency obligations. Example: The EA assembles the pack, including the latest quarterly results, risk assessments, and regulatory updates, and circulates it electronically in accordance with data‑protection rules. Practical application: Using version‑controlled folders, tracking acknowledgements, and confirming receipt. Challenges: Managing version control, ensuring timely distribution, and safeguarding sensitive information.
Bribery Act 2010 – UK legislation that criminalises offering, promising,… #
Related terms: Corruption, UK Bribery Act, Anti‑Corruption
Explanation #
The Act contains four core offences: Bribery, failure to prevent bribery, abusive payments, and failure to maintain adequate records. Example: An EA is asked to expedite a procurement process in exchange for a personal gift; the EA must refuse and report the request. Practical application: Implementing a whistle‑blowing channel, providing anti‑bribery training, and maintaining a register of gifts and hospitality. Challenges: Detecting subtle forms of influence, fostering a culture of integrity, and navigating cross‑border interactions where local customs differ.
Corporate Governance Code – a set of principles and best practices for bo… #
Related terms: ESG, Shareholder Rights, Board Effectiveness
Explanation #
The Code operates on a “comply or explain” basis, requiring listed companies to either follow the recommendations or explain deviations. Example: The EA assists the board in preparing a “comply or explain” statement for the annual report. Practical application: Conducting governance self‑assessments, documenting compliance actions, and updating policies. Challenges: Interpreting ambiguous provisions, aligning with international standards, and balancing stakeholder expectations.
Data Protection Act 2018 (DPA) – UK legislation that implements the EU Ge… #
Related terms: GDPR, Privacy, Information Security
Explanation #
The DPA establishes lawful bases for data processing, data‑subject rights, and obligations for data controllers and processors. Example: An EA handles personal data of board members; they must ensure secure storage, obtain consent where required, and respond to data‑subject access requests. Practical application: Maintaining a data‑inventory, applying encryption, and conducting privacy impact assessments for new initiatives. Challenges: Keeping abreast of regulatory updates, managing cross‑border data transfers, and handling data breaches promptly.
Due Diligence – a comprehensive appraisal of a business or individual pri… #
Related terms: Risk Assessment, M&A, Vendor Management
Explanation #
Due diligence covers financial, legal, operational, and regulatory aspects, ensuring informed decision‑making. Example: Before onboarding a new vendor, the EA coordinates background checks, verifies AML status, and reviews contractual terms. Practical application: Using due‑diligence checklists, engaging legal counsel, and documenting findings in a risk register. Challenges: Accessing reliable data, managing time pressures, and reconciling conflicting information.
Environmental, Social and Governance (ESG) – criteria used to evaluate a… #
Related terms: Sustainable Finance, CSR, Non‑Financial Reporting
Explanation #
ESG factors influence investor decisions and regulatory reporting, with the UK’s Financial Conduct Authority (FCA) enhancing disclosure requirements. Example: The EA prepares ESG metrics for the board, such as carbon emissions, diversity statistics, and governance policies. Practical application: Collecting data from internal departments, integrating ESG KPIs into annual reports, and monitoring compliance with the UK Stewardship Code. Challenges: Standardising data collection, aligning ESG goals with business strategy, and addressing stakeholder scrutiny.
Financial Conduct Authority (FCA) – the UK regulator responsible for over… #
Related terms: Prudential Regulation Authority, Market Abuse, Conduct Risk
Explanation #
The FCA issues rules on market conduct, disclosures, and licensing, and can impose sanctions for non‑compliance. Example: An EA in a financial services firm must ensure that meeting minutes accurately reflect decisions that may affect market participants. Practical application: Maintaining a register of FCA‑regulated activities, updating policies in line with FCA Handbook changes, and preparing for supervisory inspections. Challenges: Interpreting complex regulatory language, implementing real‑time compliance monitoring, and managing the impact of regulatory change on operations.
Financial Reporting Council (FRC) – the UK body that sets standards for c… #
Related terms: International Financial Reporting Standards, Audit Committee, Accounting Standards
Explanation #
The FRC issues the UK Corporate Governance Code, the UK Stewardship Code, and the UK Auditing Standards. Example: The EA assists the audit committee by distributing audit reports and ensuring compliance with FRC guidance. Practical application: Tracking FRC updates, updating internal policies, and coordinating external audit engagements. Challenges: Aligning global reporting frameworks, managing audit timelines, and addressing findings from regulatory reviews.
Fit and Proper Test – an assessment of an individual’s suitability to hol… #
Related terms: Senior Management Certification, Regulatory Approval, Competence
Explanation #
The test is applied by regulators such as the FCA to senior officers and directors. Example: Before a new chief financial officer (CFO) joins, the EA compiles the required documentation for the regulator’s fit‑and‑proper assessment. Practical application: Maintaining a repository of qualifications, conducting background checks, and updating the regulator on changes. Challenges: Gathering comprehensive evidence, addressing gaps in experience, and managing ongoing monitoring obligations.
Four‑Eyes Principle – a control mechanism requiring that two independent… #
Related terms: Segregation of Duties, Internal Controls, Risk Management
Explanation #
The principle reduces fraud risk and enhances accountability. Example: An EA ensures that any payment over a defined threshold receives approval from both the finance director and the CEO. Practical application: Configuring workflow systems to enforce dual approval, documenting sign‑off procedures, and monitoring compliance. Challenges: Balancing efficiency with control, preventing collusion, and updating thresholds as the business grows.
General Data Protection Regulation (GDPR) – EU regulation governing the p… #
Related terms: Data Subject Rights, Data Breach, Privacy Impact Assessment
Explanation #
GDPR establishes principles such as lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality. Example: When a board member requests a copy of their personal data, the EA must provide it within one month, confirming identity and scope. Practical application: Maintaining a record of processing activities, appointing a Data Protection Officer, and conducting regular training. Challenges: Interpreting lawful bases, handling cross‑border transfers, and managing the administrative burden of multiple requests.
Governance, Risk and Compliance (GRC) – an integrated framework that alig… #
Related terms: Enterprise Risk Management, Compliance Programme, Control Environment
Explanation #
GRC promotes consistency, reduces duplication, and supports strategic decision‑making. Example: The EA contributes to GRC by updating the risk register, tracking compliance tasks, and reporting status to the board. Practical application: Deploying GRC software, establishing clear ownership of controls, and conducting periodic audits. Challenges: Ensuring cross‑departmental collaboration, avoiding siloed processes, and maintaining up‑to‑date documentation.
Harassment Policy – a corporate policy that defines unacceptable behaviou… #
Related terms: Workplace Conduct, Equality Act 2010, Whistleblowing
Explanation #
The policy helps organisations comply with the Equality Act and fosters a respectful environment. Example: An EA receives a complaint about inappropriate remarks during a meeting; they follow the policy’s reporting procedure and refer the case to HR. Practical application: Distributing the policy to all staff, providing training, and maintaining confidential reporting channels. Challenges: Encouraging reporting, handling investigations impartially, and protecting complainants from retaliation.
Health and Safety at Work Act 1974 (HSWA) – the primary legislation gover… #
Related terms: Risk Assessment, COSHH, Safety Culture
Explanation #
HSWA imposes duties on employers to ensure, as far as reasonably practicable, the health, safety, and welfare of employees. Example: The EA arranges ergonomic assessments for the boardroom to comply with HSWA requirements. Practical application: Conducting regular safety audits, maintaining incident registers, and providing safety briefings for visitors. Challenges: Adapting to new work arrangements (e.G., Hybrid working), ensuring contractor compliance, and managing emerging hazards.
Internal Audit – an independent, objective assurance function that evalua… #
Related terms: Audit Committee, Control Testing, Assurance
Explanation #
Internal audit reports to the audit committee and senior management, providing recommendations for improvement. Example: The EA coordinates the scheduling of internal audit fieldwork and distributes preliminary findings to relevant managers. Practical application: Maintaining an audit plan, tracking remediation actions, and ensuring timely follow‑up. Challenges: Balancing audit scope with resource constraints, maintaining auditor independence, and addressing audit fatigue.
International Financial Reporting Standards (IFRS) – globally recognised… #
Related terms: GAAP, Financial Statements, Consolidation
Explanation #
IFRS promotes comparability of financial information across jurisdictions. The UK permits IFRS for listed companies. Example: When preparing the annual report, the EA ensures that financial statements are presented in accordance with IFRS and includes required disclosures. Practical application: Coordinating with finance teams on IFRS adoption, monitoring standard updates, and updating internal policies. Challenges: Interpreting complex standards, managing transition from UK GAAP, and ensuring consistent application across subsidiaries.
Judicial Review – a court procedure in which the legality of a public bod… #
Related terms: Administrative Law, Public Law, Remedies
Explanation #
Judicial review can result in quashing orders, mandatory orders, or declarations. Example: A regulatory decision affecting a company’s licence is challenged; the EA assists legal counsel by gathering relevant board minutes and compliance evidence. Practical application: Maintaining accurate records, ensuring decisions are made within statutory authority, and documenting rationales. Challenges: Anticipating potential challenges, managing reputational risk, and allocating resources for legal defence.
KYC (Know Your Customer) – a process of verifying the identity of clients… #
Related terms: AML, Customer Due Diligence, Enhanced Due Diligence
Explanation #
KYC is mandatory for financial institutions and many non‑financial entities to satisfy AML obligations. Example: The EA collects identification documents from a new client, records the source of funds, and updates the client risk profile. Practical application: Using electronic KYC platforms, maintaining audit trails, and performing periodic reviews. Challenges: Dealing with incomplete documentation, balancing privacy concerns, and adapting to evolving regulatory expectations.
Legal Entity – a distinct organisational structure recognised by law, cap… #
Related terms: Subsidiary, Holding Company, Incorporation
Explanation #
Legal entities can be companies, partnerships, charities, or public bodies. Example: When a new subsidiary is established, the EA assists with registration, statutory filing, and board appointment documentation. Practical application: Maintaining a register of entities, tracking filing deadlines, and ensuring each entity complies with its jurisdictional obligations. Challenges: Managing multiple entities across jurisdictions, synchronising governance frameworks, and preventing duplicate reporting.
Legitimate Interest – one of the lawful bases for processing personal dat… #
Related terms: Lawful Basis, Data Processing, Balancing Test
Explanation #
Organisations must conduct a balancing test to justify reliance on this basis. Example: The EA processes employee attendance data for internal scheduling; a legitimate interest assessment is documented to support the decision. Practical application: Drafting legitimate interest statements, recording assessments, and providing transparency in privacy notices. Challenges: Demonstrating proportionality, handling objections from data subjects, and updating assessments as business needs evolve.
Letter of Authority (LOA) – a written document granting an individual the… #
Related terms: Power of Attorney, Delegation, Proxy
Explanation #
LOAs must be signed, dated, and sometimes witnessed to be valid. Example: The EA prepares an LOA for a senior director to sign on behalf of the company for a regulatory submission. Practical application: Maintaining a template library, tracking expiry dates, and ensuring proper archiving. Challenges: Preventing unauthorised use, verifying authenticity, and managing multiple LOAs across jurisdictions.
Limited Liability Partnership (LLP) – a hybrid business structure combini… #
Related terms: Partnership Act 1890, Companies Act, Member Rights
Explanation #
LLPs are governed by the Limited Liability Partnerships Act 2000 and must file annual accounts with Companies House. Example: The EA assists in preparing the LLP’s annual return, ensuring that all members are listed correctly. Practical application: Updating member registers, filing confirmation statements, and coordinating audits. Challenges: Managing differing member interests, ensuring compliance with both partnership and company law, and handling tax implications.
Money Laundering Regulations (MLR) – the UK statutory framework that impl… #
Related terms: AML, FCA, Risk-Based Approach
Explanation #
The MLR requires firms to conduct risk assessments, appoint AML compliance officers, and maintain records for five years. Example: The EA schedules annual AML training, updates the risk register, and monitors client onboarding procedures. Practical application: Conducting customer risk scoring, implementing transaction monitoring systems, and filing suspicious activity reports (SARs). Challenges: Keeping pace with evolving typologies, integrating technology solutions, and managing the cost of compliance.
Non‑Executive Director (NED) – a board member who does not engage in dail… #
Related terms: Board Independence, Audit Committee, Governance
Explanation #
NEDs bring external experience, challenge executive decisions, and help ensure accountability. Example: The EA arranges a briefing session for a newly appointed NED, covering board processes, regulatory responsibilities, and upcoming agenda items. Practical application: Maintaining a NED induction pack, tracking attendance, and documenting contributions. Challenges: Balancing independence with constructive engagement, managing information overload, and ensuring NEDs stay current on regulatory changes.
Operational Risk – the risk of loss resulting from inadequate or failed i… #
Related terms: Risk Appetite, Control Framework, Incident Management
Explanation #
Operational risk is a core component of Enterprise Risk Management (ERM) and is subject to regulatory reporting, especially for financial institutions. Example: A system outage disrupts board meeting logistics; the EA initiates the business continuity plan and records the incident for risk analysis. Practical application: Conducting risk assessments, maintaining a risk register, and testing recovery procedures. Challenges: Identifying emerging risks, integrating risk data across functions, and allocating resources for mitigation.
Parliamentary Oversight – the scrutiny exercised by the UK Parliament ove… #
Related terms: Committee Inquiry, Public Accounts Committee, Transparency
Explanation #
Parliamentary committees can request documents, summon witnesses, and publish reports. Example: The EA prepares a response package for a parliamentary committee inquiry into corporate governance practices. Practical application: Tracking requests, coordinating with legal counsel, and ensuring timely compliance with disclosure obligations. Challenges: Managing confidential information, meeting tight deadlines, and handling potential reputational impacts.
Performance Management – a systematic process for evaluating and improvin… #
Related terms: KPIs, Appraisal, Succession Planning
Explanation #
Effective performance management supports compliance with employment law and promotes a culture of accountability. Example: The EA assists HR in organising 360‑degree feedback for senior managers, ensuring that the process adheres to the company’s policies. Practical application: Setting measurable objectives, documenting reviews, and linking outcomes to training needs. Challenges: Avoiding bias, ensuring consistency across departments, and integrating performance data with governance reporting.
Policy Management – the creation, distribution, maintenance, and enforcem… #
Related terms: Policy Lifecycle, Version Control, Compliance Training
Explanation #
Effective policy management reduces risk, supports regulatory adherence, and clarifies expectations for staff. Example: The EA updates the Code of Conduct policy, circulates it to all employees, and records acknowledgements. Practical application: Using a central repository, setting review dates, and monitoring compliance through audits. Challenges: Keeping policies current amid regulatory change, ensuring staff awareness, and measuring policy effectiveness.
Privacy Impact Assessment (PIA) – a systematic process to evaluate the pr… #
Related terms: DPIA, Data Protection Impact Assessment, Risk Mitigation
Explanation #
A PIA is required under GDPR when processing is likely to result in a high risk to individuals’ rights. Example: Before implementing a new boardroom booking system that stores employee data, the EA commissions a PIA to identify and address privacy concerns. Practical application: Mapping data flows, consulting stakeholders, and documenting mitigation measures. Challenges: Determining the threshold for high‑risk processing, allocating resources for thorough assessments, and updating PIAs after system changes.
Regulated Activity – any activity that falls under the scope of a regulat… #
Related terms: FCA Licence, Authorisation, Supervision
Explanation #
In the UK, regulated activities include banking, insurance, investment services, and certain consumer credit operations. Example: The EA verifies that a new product launch does not constitute a regulated activity before proceeding. Practical application: Conducting a regulatory mapping exercise, obtaining necessary authorisations, and maintaining a register of regulated activities. Challenges: Interpreting regulatory definitions, avoiding inadvertent breaches, and managing the cost of licensing.
Risk Appetite – the amount and type of risk an organisation is willing to… #
Related terms: Risk Tolerance, Board Oversight, Strategic Risk
Explanation #
The board sets risk appetite, which guides risk‑taking behaviour across the organisation. Example: The EA records the board’s approved risk appetite statement and ensures it is communicated to relevant departments. Practical application: Embedding risk appetite into policies, monitoring risk metrics against thresholds, and reporting deviations. Challenges: Aligning appetite with operational realities, revising appetite in response to market changes, and ensuring consistent interpretation.
Sanctions List – a compilation of individuals, entities, or countries sub… #
Related terms: OFAC, EU Consolidated List, Embargo
Explanation #
Companies must screen customers and transactions against sanctions lists to avoid prohibited dealings. Example: Before processing a payment to an overseas supplier, the EA runs a sanctions screening and halts the transaction when a match is found. Practical application: Integrating automated screening tools, maintaining audit logs, and conducting periodic re‑screening. Challenges: Managing false positives, keeping up‑to‑date with dynamic list changes, and handling cross‑border complexities.
Explanation #
Activist shareholders may push for governance reforms, board changes, or strategic shifts. Example: The EA prepares a response to a shareholder proposal on board diversity, providing supporting data and the board’s rationale. Practical application: Monitoring shareholder communications, coordinating with investor relations, and documenting voting outcomes. Challenges: Balancing diverse shareholder interests, managing reputational risk, and ensuring compliance with voting procedures.
Stakeholder Engagement – the process of involving individuals or groups a… #
Related terms: Materiality, Public Consultation, Corporate Responsibility
Explanation #
Effective engagement supports transparency, informs decision‑making, and can mitigate regulatory scrutiny. Example: The EA arranges a stakeholder forum to discuss upcoming sustainability initiatives, recording feedback for board consideration. Practical application: Mapping stakeholder groups, defining engagement methods, and reporting outcomes in annual disclosures. Challenges: Prioritising engagements, handling conflicting expectations, and measuring impact.
Statutory Register – a legally required record kept at Companies House, d… #
Related terms: Companies House, Filing Obligations, Corporate Records
Explanation #
Failure to maintain an accurate register can result in penalties and loss of corporate status. Example: The EA updates the register after a director resigns, ensuring the change is filed within the statutory deadline. Practical application: Using company secretarial software, scheduling annual filings, and retaining supporting documentation. Challenges: Tracking multiple changes, ensuring data accuracy, and navigating complex filing requirements for multi‑jurisdictional entities.
Standard Operating Procedure (SOP) – a documented set of step‑by‑step ins… #
Related terms: Process Documentation, Compliance Manual, Best Practice
Explanation #
SOPs help embed controls, reduce errors, and support auditability. Example: The EA creates an SOP for arranging board meetings, detailing venue booking, document distribution, and post‑meeting minute preparation. Practical application: Reviewing SOPs annually, training staff on procedures, and monitoring adherence through checklists. Challenges: Keeping SOPs current amid organisational change, ensuring staff compliance, and avoiding overly burdensome documentation.
Statutory Audit – an independent examination of a company’s financial sta… #
Related terms: Audit Opinion, External Auditor, Audit Scope
Explanation #
In the UK, listed companies must undergo a statutory audit under the Companies Act 2006. Example: The EA coordinates the auditor’s access to board minutes, financial records, and governance documentation. Practical application: Preparing audit schedules, responding to auditor queries, and implementing audit recommendations. Challenges: Managing audit timelines, addressing audit findings, and ensuring audit independence.
Strategic Risk – risk arising from the fundamental decisions that affect… #
Related terms: Business Strategy, Scenario Planning, Competitive Risk
Explanation #
Strategic risk can stem from market shifts, technological disruption, or regulatory change. Example: The board considers the impact of Brexit on supply chains; the EA documents the discussion and tracks follow‑up actions. Practical application: Conducting strategic risk workshops, integrating risk assessments into business planning, and reporting to the board. Challenges: Anticipating low‑probability high‑impact events, aligning risk appetite with strategy, and maintaining flexibility.
Succession Planning – a systematic process to identify and develop intern… #
Related terms: Talent Management, Leadership Development, Workforce Planning
Explanation #
Effective succession planning ensures business continuity and reduces disruption from unexpected departures. Example: The EA assists HR in maintaining a succession matrix for senior management, updating it after each performance review. Practical application: Identifying critical roles, developing talent pipelines, and reviewing readiness annually. Challenges: Balancing development opportunities with operational demands, mitigating bias, and addressing skill gaps.
Targeted Sanctions – specific restrictions imposed on individuals or enti… #
Related terms: Counter‑Terrorism, Asset Freeze, Export Control
Explanation #
Targeted sanctions differ from broad embargoes and require precise due‑diligence. Example: The EA verifies that a prospective consultant is not listed on the UK Treasury’s Consolidated List before engaging them. Practical application: Conducting manual reviews for high‑risk counterparties, documenting screening outcomes, and escalating matches to compliance. Challenges: Interpreting ambiguous listings, handling appeals, and coordinating with legal counsel.
Third‑Party Risk Management (TPRM) – the process of assessing and mitigat… #
Related terms: Vendor Due Diligence, Supply Chain, Outsourcing
Explanation #
TPRM helps ensure that third parties adhere to the organisation’s compliance standards and regulatory obligations. Example: Before contracting a cloud‑service provider, the EA oversees a security questionnaire, reviews the provider’s certifications, and records the risk assessment. Practical application: Maintaining a vendor risk register, performing periodic reviews, and enforcing contractual clauses on data protection. Challenges: Gaining visibility into sub‑contractor practices, managing large supplier bases, and aligning risk thresholds.
Transparency – the principle of openly disclosing information about an or… #
Related terms: Disclosure, Reporting, Accountability
Explanation #
Transparency underpins trust, facilitates regulatory compliance, and supports informed decision‑making. Example: The EA prepares a transparency report summarising board decisions, ESG metrics, and regulatory filings for publication on the corporate website. Practical application: Establishing disclosure policies, tracking material information, and ensuring timely release. Challenges: Balancing commercial confidentiality with public expectations, handling information overload, and meeting varying stakeholder needs.
UK Corporate Governance Code – a set of principles and provisions issued… #
Related terms: Board Effectiveness, Shareholder Engagement, Remuneration
Explanation #
The Code follows a “comply or explain” approach, requiring companies to disclose how they meet or deviate from each provision. Example: The EA assists in drafting the “comply or explain” narrative for the annual report, referencing specific board actions. Practical application: Conducting annual self‑assessment, documenting compliance evidence, and updating governance policies. Challenges: Interpreting ambiguous language, aligning with international codes, and managing expectations of activist shareholders.
Whistleblowing Policy – a framework that encourages employees to report w… #
Related terms: Protected Disclosure, Ethics Hotline, Confidentiality
Explanation #
Under the Public Interest Disclosure Act 1998, whistleblowers are protected from dismissal or detriment. Example: An employee raises concerns about a potential conflict of interest; the EA forwards the report to the designated compliance officer while preserving anonymity. Practical application: Providing multiple reporting channels, training staff on their rights, and tracking investigations. Challenges: Ensuring confidentiality, preventing misuse, and maintaining trust in the reporting mechanism.
Working Capital Management – the oversight of short‑term assets and liabi… #
Related terms: Cash Flow, Receivables, Payables
Explanation #
Effective working capital management reduces financing costs and supports operational stability. Example: The EA monitors cash‑flow forecasts for upcoming board meetings, highlighting any liquidity concerns that may affect strategic decisions. Practical application: Implementing cash‑management dashboards, setting credit policies, and reviewing treasury arrangements. Challenges: Forecasting accuracy, managing seasonal fluctuations, and aligning with broader risk‑management frameworks.