Governance Retrospective — Governance

From 2020 through early 2022 corporate governance frameworks evolved rapidly. Stakeholder expectations on environmental, social, and governance (ESG) performance intensified; regulators advanced audit and disclosure reforms; and boards faced heightened accountability for cyber, climate, and workforce issues. Reviewing the period helps organizations refine governance structures, data systems, and assurance models for the next planning horizon.

Key governance developments 2020–2022

ESG disclosure surge: The EU launched the European Green Deal, advanced the Corporate Sustainability Reporting Directive (CSRD), and expanded the EU Taxonomy. The UK introduced mandatory TCFD-aligned disclosures for premium-listed companies, and New Zealand, Switzerland, and Japan moved toward climate reporting. The U.S. SEC signaled climate and human-capital disclosure rulemaking.

Audit and assurance reforms: The UK pursued audit market reforms, proposing the creation of the Audit, Reporting and Governance Authority (ARGA) to replace the Financial Reporting Council. The EU reviewed audit rules, and the U.S. PCAOB intensified inspections. Assurance over non-financial data gained prominence.

Stakeholder governance and workforce issues: The pandemic spotlighted worker health, diversity, and supply-chain ethics. Many jurisdictions introduced pay equity reporting, whistleblower protections, and diversity requirements (for example, Nasdaq board diversity rule, California board diversity laws).

Risk oversight expansion: Boards addressed cyber risk, operational resilience (UK PRA, EU DORA), and geopolitical developments. Regulators demanded clearer documentation of risk appetite, scenario analysis, and contingency planning.

What to prioritize

• Data infrastructure: Build integrated data platforms that capture ESG metrics, risk indicators, and assurance evidence. Ensure data lineage, quality controls, and audit trails support regulatory reporting.
• Disclosure coordination: Establish cross-functional disclosure committees incorporating finance, sustainability, risk, legal, and investor relations. Align reporting calendars and messaging across jurisdictions.
• Scenario planning: Conduct multi-risk scenario exercises covering climate, cyber, supply-chain disruption, and social unrest. Use findings to update business continuity plans and strategic priorities.
• Policy harmonization: Update corporate policies on ethics, human rights, climate, and diversity to reflect regulatory changes and stakeholder expectations.
• Stakeholder engagement: Develop engagement strategies with investors, employees, communities, and regulators. Use materiality assessments to prioritize issues.

Board governance actions

• Committee mandates: Clarify roles of audit, risk, sustainability, and nomination committees. Consider adding ESG or technology committees to oversee emerging risks.
• Director skills: Refresh board skills matrices to include climate science, cyber security, digital transformation, and workforce expertise. Plan succession and training as needed.
• Board evaluations: Enhance annual evaluations with external facilitators, peer reviews, and action plans.
• Compensation alignment: Integrate ESG and risk metrics into executive compensation frameworks, ensuring transparency and consistency.
• Information flows: Improve dashboards and reporting packs delivered to the board, including leading indicators and early-warning signals.

Technology and assurance enablement

• ESG reporting platforms: Deploy software to collect and consolidate sustainability data, manage audit trails, and produce reports aligned with frameworks (TCFD, SASB, GRI).
• Analytics and automation: Use analytics to identify anomalies in financial and non-financial data. Apply automation to simplify control testing and evidence collection.
• Assurance partnerships: Engage external auditors and specialist assurance providers to validate ESG metrics, cyber controls, and supply-chain data.
• Digital boardrooms: Adopt secure collaboration tools for board materials, ensuring encryption, access control, and version management.
• Risk management systems: Integrate enterprise risk management (ERM) software with disclosure processes to align risk appetite statements with reporting.

Sourcing and talent considerations

• Advisory relationships: Expand relationships with legal, ESG, and risk advisors who can interpret evolving regulations.
• Internal talent: Build multidisciplinary teams combining finance, data science, sustainability, and compliance expertise. Offer training on new reporting standards.
• Supplier governance: Update supplier codes of conduct, due diligence processes, and remediation plans to meet CSDDD and forced labor regulations.
• Third-party assurance: Evaluate service providers offering assurance over cybersecurity, privacy, and ESG metrics; integrate findings into internal control environments.
• Education partners: Collaborate with institutes (for example, Institute of Directors) to deliver governance training programs.

Path to implementation

1. Phase 1: Conduct governance maturity assessments, map regulatory obligations, and prioritize data infrastructure projects.
2. Phase 2: Implement reporting platforms, update committee charters, and launch stakeholder engagement initiatives.
3. Phase 3: Embed continuous improvement through scenario analysis, assurance cycles, and periodic board training.

Strategic outlook

Governance pressures will intensify as regulators finalize climate and sustainability rules, investors demand transparency, and teams scrutinise corporate purpose. Organizations that strengthen data governance, board oversight, and assurance capabilities will work through the changing environment effectively.

Integrated reporting evolution

Organizations now converge financial and sustainability reporting. Integrated reporting frameworks encourage linkage between strategy, governance, performance, and prospects. During 2020–2022 many issuers adopted integrated reports referencing the International Integrated Reporting Council framework or preparing for the International Sustainability Standards Board (ISSB). Finance and sustainability teams must coordinate to ensure consistent narratives, reconcile metrics across reports, and manage assurance workloads.

Data quality remains a challenge. Establish data dictionaries, control owners, and validation procedures for each ESG metric. Engage internal audit to review controls and collaborate with external assurance providers to verify accuracy. Technology solutions should support automated data collection, workflow management, and audit trails across multiple reporting regimes.

Future governance watchlist

Looking ahead, you should monitor regulatory initiatives including the EU Corporate Sustainability Due Diligence Directive, U.S. SEC climate and cyber proposals, and UK audit reform legislation. The rise of digital assets and decentralized finance introduces new governance questions around custody, risk management, and disclosure. Boards must also prepare for increased scrutiny of AI ethics, data governance, and workforce algorithm management as governments craft new rules.

To stay ahead, establish regulatory horizon-scanning processes, participate in industry consultations, and maintain flexible governance frameworks that can adapt quickly. Regularly reassess committee structures, reporting lines, and decision rights to ensure agility. Embedding continuous education for directors and executives will help organizations respond confidently to the evolving governance environment.

If you are affected, capture setup progress in governance dashboards, highlighting ownership, milestones, and assurance status for each regulatory requirement to maintain executive visibility.

Include whistleblowing statistics, culture survey trends, and stakeholder feedback summaries in governance dashboards to provide a complete view beyond compliance metrics.

Schedule periodic board workshops to review dashboard trends, recalibrate priorities, and capture feedback for continuous improvement.

See also

Selected articles on related subjects.

Governance · Credibility 73/100 · January 25, 2022

UK Online Safety Bill: Duty of Care Framework for Digital Platforms

The UK published its Online Safety Bill, creating a duty of care for platforms to protect users from illegal and harmful content. It is ambitious and controversial—critics say it could undermine encryption.

Governance · Credibility 73/100 · April 4, 2023

Singapore charities governance

Singapore updated its Charities Code in 2023. Stronger governance expectations for nonprofits: board responsibilities, financial controls, and transparency. If you are running a Singapore charity, review the new…

Governance · Credibility 89/100 · March 19, 2024

OMB Issues M-24-10 AI Risk Management Guidance

The U.S. Office of Management and Budget released Memorandum M-24-10 on March 19, 2024, requiring federal agencies to inventory AI use cases, implement risk management controls, and publish transparency dashboards by…

Governance · Credibility 73/100 · September 5, 2024

Chile and Issuer disclosure

Chile's CMF General Rule 501 strengthens cybersecurity requirements for financial institutions. Risk management, incident reporting, and third-party oversight requirements align with international standards. Chilean…

Governance · Credibility 86/100 · April 1, 2025

Governance — United States

OMB M-24-10 AI requirements are fully in effect for federal agencies. Every agency needs a Chief AI Officer, an AI governance board, and documented risk management. If you sell AI to the government, know what your agency…

Continue in the Governance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• Board Oversight Governance Blueprint

  Unify Basel Committee, PRA, SEC, and ISSB oversight mandates into an auditable board governance operating model with data lineage, assurance cadences, and regulatory source packs.

• Third-Party Governance Control Blueprint

  Deliver OCC, Federal Reserve, PRA, EBA, DORA, MAS, and OSFI third-party governance requirements through board reporting, lifecycle controls, and resilience evidence.

• Public-Sector Governance Alignment Playbook

  Align OMB Circular A-123, GAO Green Book, OMB M-24-10 AI guidance, EU public sector directives, and UK Orange Book with digital accountability, risk management, and service…

Coverage intelligence

Published

March 21, 2022

Coverage pillar

Governance

Source credibility

93/100 — high confidence

Topics

Governance · Risk Management · Compliance

Sources cited

5 sources (eur-lex.europa.eu, bis.org, ifrs.org, sec.gov)

Reading time

5 min

Cited sources

1. Proposal for a Regulation on European Data Governance (Data Governance Act) — European Commission
2. Principles for Operational Resilience — Bank for International Settlements
3. IFRS Foundation announces International Sustainability Standards Board, consolidation with VRF and CDSB — IFRS Foundation
4. Proposal for a Directive on Corporate Sustainability Due Diligence — European Commission
5. The Enhancement and Standardization of Climate-Related Disclosures for Investors — U.S. Securities and Exchange Commission