Governance in groups with a regulated subsidiary

By Ruth Finch | Published: November 3, 2025

Governance in groups with regulated firms – whether banks or other financial institutions – involves points that don’t apply to unregulated firms.

The general rule is that directors of a company have:

  • A duty of trust, a fiduciary duty to act with integrity, fairness and honesty, having regard to the interests of shareholders; and
  • A duty of care, to exercise independent judgment and act with care, diligence and appropriate levels of skill.

Directors are accountable to shareholders when exercising these duties.

In a group structure, the parent company will usually set a direction for the group as a whole. The board will approve a group strategy and set a budget for the group. There might be group-wide policies and procedures and there may be consolidation of resources into central ‘Group’ functions (e.g. HR; IT; Finance; Legal; Risk; Internal Audit) with subsidiaries being required to use those services and pay an annual fee for doing so.

This can work where a subsidiary is a regulated firm but there are a number of points to consider, particularly where the ultimate parent company is unregulated or where a subsidiary is subject to a specific regulatory regime (e.g. a bank or an insurance company) or is a significant member of the group. Here are some thoughts. Where the points raise a problem in practice, there can be structural and other ways to address concerns but those will be fact-specific and are outside the scope of this note.

1          Regulators focus on the regulated entity, not the group – from a regulatory perspective, the group is relevant only to the extent that it affects a regulated entity within that group. Regulatory focus is on the regulated entity.

2          The rights of a parent company, as the shareholder, are subject to laws and regulatory requirements that apply to the subsidiary – this is true of all companies so, for instance, a parent can’t direct a subsidiary to do something that would be illegal or would breach data protection requirements. In the case of regulated firms, it means that a parent company has to exercise its rights subject to financial services laws and regulatory requirements.

3          Tensions generally develop over where the limits of regulatory requirements sit and, in particular, how regulatory guidance and the often-unwritten expectations of regulators apply – in some cases, whether they even exist. This can be a challenge for regulated subsidiaries and their boards who want to maintain a good relationship with regulators and, from dealing with them, have a feel for what will and won’t be acceptable. A parent company might not understand the nuances of the relationship with regulators or be willing to work within regulatory parameters described by the subsidiary company (and its board and senior management), particularly where those are set by expectation and custom, rather than being written down. Directors of the subsidiary company who are senior managers under the senior managers regime (SMR) might also find it difficult to meet personal obligations under the SMR. And someone who is a director of both the parent company and the subsidiary company might face a conflict of interests.

4          Group strategy and the subsidiary – strategy is a topic that might not be entirely at the discretion of a subsidiary and its board: it’s likely that a group strategy will be set, usually after input from each subsidiary, and budget-setting will usually follow a similar process. That won’t always matter but it’s important for the board of each subsidiary to consider whether the strategy and budget are appropriate in the context of the subsidiary’s business. For regulated subsidiaries, there’s an additional obligation to meet regulatory requirements in relation to the business undertaken which might have an impact on the strategy adopted. And parent company boards should avoid any direction or steer that commits a regulated subsidiary to deliver a specific amount for the dividend or even a profit figure set by the parent

5          Whether group policies should apply to a regulated subsidiary – some group policies will probably apply to subsidiaries, without any changes being needed, particularly if requirements specific to regulated firms have been taken into account when preparing the policies. However, it’s likely that most policies will need tweaks, at least, to reflect points specific to regulated firms – for instance, reference to regulators in the whistleblowing policy. This could be dealt with by adding material to the group policy that only applies to specified subsidiaries or by preparing subsidiary-specific policies. Where group policies are to apply to all group companies, there’s generally a risk that they’re very short, are drafted at a high level and need to be built out by additional documents at the subsidiary level.

6          It’s a similar story in relation to risk management – groupwide risks apply in a groupwide context and my experience is that they’re unlikely to match the key risks for banks and other financial institutions. Lower impact thresholds at subsidiary level than at group level might result in key risks for a regulated subsidiary not being ‘material’ to the group. Two points follow from this:

  • Regulated subsidiaries (and, perhaps, all subsidiaries) need to set their own risk categories, identify their own risks, assess them and manage the risks within the relevant (subsidiary-specific) risk appetite; and
  • There should be a mechanism for communicating – if not reporting – subsidiary-specific key risks to the parent company board, possibly (but not necessarily) through its board risk committee.

In most cases, subsidiary-specific risk management frameworks will be needed. Expect regulators to want to see how risks will be identified and managed and how subsidiary boards are considering risk management within the business. As mentioned above, regulators’ focus is on the regulated entity – i.e. the subsidiary.

7          Subsidiary board composition can also raise challenges – the parent will probably want to appoint directors to the board but they generally won’t be independent, even if they are non-executive directors. There’s also the challenge of serving more than one master although all parent-appointed non-executive directors should consider only the interests of the subsidiary when acting as a director of that company. Where the regulated subsidiary’s board doesn’t need to have a majority of independent non-executive directors, there’s more scope for the parent appointing director representatives. But where there’s a subsidiary (such as a bank) that needs to have a majority of INEDs on the board to ensure independence, additional INEDs will have to be appointed to achieve that independence if there are parent-appointed NEDs on the board.

8          Board committees – similar points apply to board committees of subsidiaries, particularly where these are intended to ‘replicate’ committees of the parent board. And there are a number of difficulties in relying on parent board committees (in relation to culture, remuneration and nomination committees, as well as risk and audit committees).

9          Conflict of interests – this topic has been touched on a few times and will be relevant to the board of a regulated subsidiary that is influenced or swayed by the parent. Interests between parent and subsidiary should, generally, be aligned but board independence is crucial for the subsidiary and there will almost certainly be points where the two companies (and their boards) have conflicting viewpoints and interests. The directors of any subsidiary (regulated or unregulated) should never do something or decide something simply because that’s the direction given by the parent – i.e. doing what the subsidiary is told to do – even if that’s in the group’s interests. The test is whether it’s in the best interests of the subsidiary company to do that.

10        Where the parent is a regulated firm – the position is usually simpler and there’s more scope for setting an agenda from the top, particularly where the most heavily regulated entity is the ultimate parent in the group. However, even in these cases, firm-specific points need to be considered and addressed, particularly where the subsidiary is a bank.

 

This note is intended to provide general information about current and expected topics and perspectives that might be of interest. It does not provide or constitute, or purport to provide or constitute, advice relevant to any particular circumstances. Legal or other professional advice relevant to any particular circumstances should always be sought.

This entry was posted in Governance Reframed and tagged , , , , , , , , . Bookmark the permalink. Both comments and trackbacks are currently closed.