Tag: compliance presentation

26 Jun 2026
Why the Regulatory Finding Slide Decides the Next Six Months Before You Speak

Why the Regulatory Finding Slide Decides the Next Six Months Before You Speak

Quick answer: A regulatory finding presentation to the board is decided on slide one, not on slide forty. The chair, the audit committee chair, and any regulator dialled into the call are all reading the same first slide for the same signal: does the organisation understand the finding, own the response, and have the structural seriousness to act on it without the regulator having to escalate. The presenter who opens with the finding stated in the regulator’s own words, the scope of the breach in concrete numbers, and the remediation owner named on slide one is read as serious. The presenter who opens with a context section about the broader regulatory environment is read as the wrong person to be leading the response. The structural shape of slide one decides whether the next six months are a remediation programme or an escalation.

In 2003 I worked with a compliance director at a corporate banking division of a publicly-listed group who had been handed the job of presenting a supervisory letter finding to the board’s audit committee. The finding had landed on the chief executive’s desk on a Tuesday. The audit committee meeting was scheduled for the following Monday. The compliance director had been told he had twenty minutes on the agenda, with the regulator’s deputy director on a conference dial-in for the first part of the session. He sent me a thirty-six-slide draft on the Thursday afternoon. The deck opened with a twelve-slide context section about the broader supervisory environment, a three-slide history of the firm’s prior relationship with the regulator, and arrived at the actual finding — in the regulator’s own words — on slide nineteen. The audit committee chair, I knew from prior conversations, was not a man who tolerated context-led briefings. The regulator, on the line, would be listening specifically for whether the firm understood the finding as written or had translated it into something more comfortable. We cut the deck to nine slides over the weekend. Slide one stated the finding verbatim from the supervisory letter, named the affected business line, and named the remediation owner. The presentation landed. The next six months were a structured remediation programme. Had slide one been different, the deputy director would have been making a different recommendation to the regulator’s enforcement committee on the Tuesday.

I have watched approximately twenty regulatory finding presentations to boards and audit committees across financial services, healthcare, and a couple of energy clients in the years since. The pattern that separates the presentations that close down to a remediation programme from the ones that escalate is almost always the structural shape of slide one. The chair, the audit committee chair, and any regulator on the call are all running the same first read: does this organisation understand the finding, own it, and have the structural seriousness to act. That read is locked in on slide one. The forty-slide deck that follows can be brilliant, but if slide one signals the wrong things — context-led framing, softened language, ambiguous ownership — the read is locked in and the rest of the deck is a courtesy.

(This article was created with AI assistance; all stories and insights are based on 35 years of real client work.)

The two regulatory finding presentations I want to focus on in this article were delivered approximately five years apart, both to audit committees with the assigned supervisor on the call, both following supervisory letters of broadly similar gravity. The one that closed down to a remediation programme had slide one written in the regulator’s own words with the remediation owner named explicitly. The one that escalated had slide one written in the firm’s preferred translation of the finding with the remediation described as “to be assigned” pending board decision. The deputy directors on each call — different people, different firms — both made their assessment of the firm’s seriousness within the first slide. The first deputy director closed the call by confirming the remediation programme as adequate. The second deputy director closed the call by saying the regulator would be back in touch with a more specific request. The cost of the second outcome ran into approximately seven figures of additional supervisory engagement, external counsel, and remediation overhead over the following eighteen months. Slide one was where that cost was incurred.

Walk into your next regulatory presentation with slide one structurally correct:

The Executive Buy-In Presentation System covers the structural pattern for board-level regulatory presentations, the audit-committee opening protocol, and the rehearsal sequence that holds when the regulator is on the call. Self-paced modules, optional live Q&A calls, lifetime access.

See the Executive Buy-In Presentation System →

Why slide one decides the next six months of the relationship

The audit committee meeting at which a regulatory finding is presented is structurally different from a normal-time board meeting in one specific respect: there is a third party in the room or on the line who is not on the firm’s side. The regulator’s representative is not adversarial in the everyday sense, but they are watching the firm’s response with a specific question in mind: does this organisation understand what was found, take it seriously, and have the internal authority to remediate it without supervisory escalation. The presenter who opens with context loses the regulator on the call within the first slide, because the regulator is not there for the firm’s framing of the broader environment. The regulator is there to see whether the firm can name the finding as written and own the response.

The audit committee chair is doing a parallel read. The chair knows, from years of prior regulatory engagements, that the firm’s relationship with the regulator over the next six months is set by the audit committee’s response in this meeting. If the response signals seriousness — finding stated verbatim, scope named in concrete numbers, owner identified by name and seniority — the regulator usually accepts the response as adequate and the engagement closes down to a structured remediation programme. If the response signals softening, ambiguity, or context-first framing, the regulator’s deputy director almost always escalates, either by formal follow-up letter or by referral to the supervisory team for deeper engagement. The audit committee chair has seen this pattern before, and they are reading slide one for the signal.

The cost of getting slide one wrong is not theoretical. The seven-figure escalation cost I mentioned at the top of this article is a midpoint estimate for the kind of firm that escalates a moderate supervisory finding because slide one was structurally weak. The cost is borne in additional supervisory hours, external counsel, internal remediation overhead, and the opportunity cost of senior leadership attention being absorbed by the regulatory engagement for the following twelve to eighteen months. The compliance director who gets slide one right is not just landing a good presentation; they are saving the organisation a multiple of their annual cost in remediation overhead. The structural shape of slide one is one of the highest-leverage individual decisions a senior compliance leader will make in any given year.

Naming the finding in the regulator’s own words

The first rule of slide one in a regulatory finding presentation is that the finding is stated in the regulator’s own words, verbatim from the supervisory letter or formal notification. The temptation to translate the finding into the firm’s preferred phrasing is strong — usually motivated by a sense that the regulator’s language is harsher than necessary — and it is always wrong. The regulator on the call is reading slide one specifically for whether the firm has accepted the finding as written, and translation is interpreted as resistance even when it is not intended that way. The audit committee chair is reading slide one for the same signal. Verbatim quotation of the finding, with the date of the supervisory letter and the regulator’s reference number, signals acceptance. Any departure from the regulator’s wording signals negotiation, which is the wrong posture for the audit committee meeting.

The slide-one structure for a regulatory finding presentation: top quarter (finding stated verbatim from the supervisory letter with date and reference number, no translation or softening), middle quarter (scope of affected activity in concrete numbers — accounts, transactions, time period, monetary exposure — with no qualifiers like material or significant), lower middle (remediation owner named with role title and reporting line, plus the senior decision-maker the owner reports to), bottom quarter (timeline for board update with specific dates, not next quarter or in due course), all four elements visible on the same screen at the same time before any further slide opens.

The second rule is that the supporting context for the finding lives on slides three and onwards, not on slide one and not on slide two. Slide two is the scope of the affected activity, stated in concrete numbers. Slide three is the remediation owner with named seniority and reporting line. Only from slide four onwards does the deck begin to provide context, history, or framing. Inverting this order — putting context on slides one and two and arriving at the finding on slide three or later — is the most common structural failure in regulatory presentations, and it is the failure most reliably read by the regulator on the call as evidence of insufficient seriousness. The order matters more than the content.

The third rule, which most senior presenters discover only after their first escalation, is that the audit committee chair will sometimes ask the presenter to read the finding aloud verbatim from slide one before any further discussion proceeds. This is a deliberate check. The chair wants the room, and any regulator on the call, to hear the presenter say the finding in the regulator’s words without softening or translation. The presenter who has rehearsed slide one as a verbatim statement of the finding can read it aloud cleanly. The presenter who has built slide one as a paraphrase or translation cannot, because they have rehearsed the paraphrase rather than the original. The hesitation when reading the original aloud, even if it is only two or three seconds, is itself read by the chair as the wrong signal.

The scope-and-owner test for the first three slides

The scope-and-owner test is a simple diagnostic the presenter can run on their own deck before the audit committee meeting. The test is: hand the first three slides to a senior colleague who has not seen them before. Ask them, after thirty seconds, to tell you in their own words (a) what the regulator found, (b) how big the affected activity is in concrete numbers, and (c) who owns the remediation. If the senior colleague can answer all three questions from the first three slides without referring back, the structure is doing its work. If they can answer one or two but not all three, the structure is incomplete. If they cannot answer any of them — which is more common than presenters expect — the first three slides are context, history, or framing, and the actual finding has been pushed back to slide nine or later.

The test is deceptively simple, and it catches almost every structural problem with a regulatory finding presentation. The most common failure mode is that the senior colleague can answer “what was found” but cannot answer “how big” or “who owns it”. The scope is buried in a paragraph of qualified language (“material”, “significant”, “broadly within the expected range”), and the owner is named only in the footer of slide seven. The audit committee chair will not be running this test consciously, but they will be running an equivalent unconscious read in the first ninety seconds of the presentation, and a deck that fails the scope-and-owner test will fail the chair’s unconscious read for the same reason.

The structural pattern that closes regulatory engagements down to remediation, not escalation.

The Executive Buy-In Presentation System covers the audit-committee opening structure, the slide-one verbatim-finding pattern, the scope-and-owner test, and the chair pre-read protocol for regulatory presentations. Seven self-paced modules, monthly cohort enrolment, optional live Q&A calls fully recorded. Lifetime access to materials.

  • Seven modules of self-paced course content covering high-stakes board presentation structure
  • Optional live Q&A and coaching calls, fully recorded for asynchronous viewing
  • Monthly cohort enrolment — join the next available cohort whenever suits you
  • Lifetime access to all course materials, no deadlines

Join the next cohort — £499 →

What the audit committee chair is reading when the regulator is on the line

The audit committee chair, in a meeting with a regulator on the line, is doing three reads simultaneously. The first read is the substantive read: does the firm understand the finding and have an adequate remediation plan. The second read is the procedural read: is the chain of command in the response appropriate to the gravity of the finding, with senior enough ownership and clear escalation paths. The third read is the relational read: is the firm’s posture toward the regulator one of accepted partnership in the remediation, or is it one of subtle resistance.

The substantive read is largely a function of slide one through slide three: the finding stated verbatim, the scope in concrete numbers, the owner named. If those three slides are clean, the substantive read lands quickly and the chair moves on to the procedural read. The procedural read is set by who is in the room. If the audit committee chair sees that the chief executive, the chief risk officer, and the general counsel are all present for the presentation — in person or on the dial — the procedural read is that the response has appropriate senior gravity. If the only senior leader in the room is the presenting compliance director, with everyone else “in the office but not joining for the audit committee item”, the procedural read shifts toward “not yet escalated to the right level” regardless of what slide one says.

The relational read is the most subtle of the three and the one most likely to misfire if the presenter has not rehearsed slide one verbatim. The regulator on the call is reading the presenter’s tone of voice when stating the finding for whether the firm has internalised it or is reciting it under sufferance. The presenter who has rehearsed the verbatim statement enough times to deliver it in a calm, accepting tone signals partnership. The presenter who delivers it stiffly, or with audible reluctance, signals resistance even if the words themselves are exactly right. The relational read is what determines whether the next supervisory letter, if there is one, takes a partnership tone or an escalation tone, and that distinction shapes the next six months of engagement. See the Executive Buy-In Masterclass overview for the rehearsal protocol that builds this tonal calibration, and the broader catalogue of board-readiness assets at our services page.

The three reads the audit committee chair runs during a regulatory finding presentation: substantive read (does the firm understand the finding and have an adequate remediation plan, set by the verbatim finding statement and scope in concrete numbers in the first three slides), procedural read (is the chain of command in the response appropriate to the gravity of the finding, set by who is in the room — chief executive, chief risk officer, general counsel — and the escalation paths named in the deck), relational read (is the firm's posture one of accepted partnership in remediation or subtle resistance, set by the presenter's tone when reading the finding aloud, often more telling than the slide content itself).

For senior compliance leaders who want the slide-level structure that supports the verbatim-finding-first opening — the actual templates the scope-and-owner slides use — pair the Buy-In framework with the Executive Slide System (£39). It includes twenty-six executive slide templates, including formats for regulatory finding slide one, scope-of-affected-activity slides, remediation-owner slides, and remediation-timeline slides. Ninety-three AI prompts for structuring regulatory briefs, and sixteen scenario playbooks including a regulatory-presentation scenario. Most senior compliance leaders use the slide system to build the supporting deck and the buy-in framework to handle the live audit-committee moment.

Frequently asked questions

Is it worth investing in a structured programme like the Executive Buy-In Presentation System if I only present regulatory findings occasionally?

If you present regulatory findings only occasionally, the case for a structured programme is actually stronger, not weaker. Senior leaders who present regulatory findings every quarter develop their own intuitive structure through repetition; senior leaders who present them once every eighteen months do not have the repetition to build the intuition, and the cost of a single weak presentation runs to a multiple of any programme fee. The Buy-In Presentation System is most useful for the audit committee chair, chief compliance officer, or general counsel who knows a regulatory presentation is coming in the next eight to twelve weeks and wants the structural opening installed before the meeting. It is less useful for the leader who already presents at audit committee level every month and has internalised the pattern.

What is the most common mistake compliance leaders make in regulatory presentations?

The most common mistake is the soft translation of the finding. The supervisory letter says something specific and pointed; the compliance leader, often in coordination with internal communications or general counsel, builds slide one as a slightly softer version of the finding that is intended to be more palatable to the board. The regulator on the call hears the softening immediately and reads it as resistance. The chair hears the softening and reads it as the same thing. Both reads compound, and the meeting starts from a worse position than it needs to. The fix is not to be harsh on the firm; it is to state the finding exactly as the regulator wrote it, with date and reference number, and to handle any framing or context on slides four and onwards rather than in the opening.

Does the verbatim-finding approach work even when the finding is debatable or partially disputed?

Yes, and arguably it works better in that scenario. When the firm disputes a finding, the audit committee meeting is not the place to argue the dispute. The dispute, if it exists, is handled in the firm’s formal response to the supervisory letter, which is a separate document going to the regulator’s supervisory team. The audit committee meeting is for the board to be briefed on what the regulator has said and what the firm is doing about it. Presenting the verbatim finding does not commit the firm to accepting it as final; it commits the firm to taking the finding seriously enough to respond formally. The senior compliance leader who tries to handle the dispute in the audit committee meeting loses both audiences — the board, who is confused about whether the finding is accepted, and the regulator, who hears the resistance.

How should the deck handle remediation timelines that are still being scoped?

Slide three names the remediation owner. Slide five or six names the remediation timeline. If the timeline is still being scoped, the timeline slide states the scoping process, the scoping owner, and the date by which the full timeline will be brought back to the audit committee. “Full remediation timeline to be presented to the audit committee at the next scheduled meeting on [specific date].” That sentence is structurally complete and lets the chair and the regulator absorb that the firm is moving but is not yet able to commit to a final timeline. Vague language about “in due course” or “as soon as practicable” is read as the firm not yet owning the response, even if the underlying scoping work is being done diligently in parallel.

Should the chief executive be in the room for a regulatory finding presentation?

For all but the smallest findings, yes. The procedural read the audit committee chair is running in the meeting is partly a read of who is in the room. The presence of the chief executive, the chief risk officer, and the general counsel signals that the response has appropriate senior gravity. The absence of one or more of them signals that the firm has not yet escalated the response to the appropriate level, and the chair will sometimes ask the question explicitly: “Is the chief executive aware of this finding?” The structural cleanest answer is for the chief executive to be in the room and to be visibly engaged during the presentation. Even if they do not speak, their presence does part of the procedural read’s work for the firm.

The Winning Edge newsletter: weekly editorial on regulatory communication, board readiness, and the structural patterns senior leaders use in high-stakes audit committee meetings. Thursday morning to senior leaders presenting at board level.

Subscribe to The Winning Edge →

Walk into your next audit committee with slide one structurally correct.

The Executive Buy-In Presentation System covers the slide-one verbatim-finding pattern, the scope-and-owner test, the chair pre-read, and the audit-committee opening protocol. Seven self-paced modules, £499, lifetime access. Optional live Q&A calls fully recorded.

Reserve your seat in the next cohort →

The next time you are asked to present a regulatory finding to the audit committee — whether the supervisory letter landed last Tuesday or you have eight weeks to prepare — write slide one with the finding stated verbatim, including the regulator’s reference number and date. Read it aloud three times. Hand the first three slides to a senior colleague and run the scope-and-owner test. If they can answer all three questions in thirty seconds, slide one is doing its work, and the next six months will probably be a remediation programme rather than an escalation. For the broader catalogue of board-readiness assets that pair with the Buy-In framework, see The Complete Presenter bundle.

ABOUT THE AUTHOR

Mary Beth Hazeldine is Owner & Managing Director of Winning Presentations. She has 24 years in corporate banking at JPMorgan Chase, PwC, Royal Bank of Scotland, and Commerzbank, and 16 years coaching senior professionals across financial services, healthcare, technology, and government. She advises senior compliance leaders, general counsel, and audit committee chairs on the structural shape of high-stakes regulatory communications.

Winning Presentations Ltd, founded in 1990, is a UK consultancy specialising in executive presentation methodology and senior leadership communication.

09 Apr 2026

Regulatory Review Q&A: What Compliance Officers Need to Hear

Quick Answer

In a regulatory review Q&A, compliance officers are not primarily testing your knowledge — they are assessing whether you have adequate controls, whether you understand the gaps, and whether your organisation takes its obligations seriously. Answers that demonstrate awareness of risk, ownership of remediation, and a clear audit trail are received very differently from answers that are technically correct but defensively framed.

Marcus had been Head of Regulatory Affairs at a mid-size insurance group for four years when the firm received notice of a thematic review by the regulator. The review focused on claims handling practices — an area where Marcus knew the firm had strengthened its processes significantly over the previous 18 months, following an internal audit that had identified several procedural gaps.

His instinct was to prepare a comprehensive presentation: documented evidence of every improvement made, metrics showing the reduction in complaints, an appendix with the remediation plan timeline. When he sat down with the compliance officer who would lead the preparation, she offered a different perspective. “They are not coming to see your improvements,” she said. “They are coming to test whether you understood why the gaps existed. The improvements are supporting evidence. They are not the answer.”

Marcus restructured his preparation entirely — from a catalogue of what had been fixed to a clear account of what had been wrong, why it had persisted, what the root causes were, and what structural changes meant it was now genuinely controlled. The review took place two months later. The regulatory team noted the quality of the organisation’s self-awareness as a positive finding. The fact of the prior gaps was not used against the firm because the firm could demonstrate it had understood them.

Preparing for a regulatory review or compliance Q&A?

The preparation approach for regulatory Q&A is different from standard presentation practice. The Executive Q&A Handling System includes frameworks specifically for high-stakes question sessions where the asker has authority over outcomes. Explore the System →

What Compliance Officers Are Actually Listening For

Regulatory reviewers and compliance officers operate with a specific assessment framework, whether or not that framework is made explicit. Understanding what they are assessing — as distinct from what questions they are asking — changes the preparation entirely.

The first thing they are assessing is organisational awareness: does the firm know what its obligations are, and does it have a clear view of where it is meeting them and where it is not? Organisations that present a picture of complete compliance across every area are typically treated with more scrutiny, not less, because no organisation with adequate self-assessment finds itself fully compliant across every dimension. The ability to identify and articulate gaps is evidence of a functioning compliance culture, not a liability.

The second thing they are assessing is ownership: when problems are identified, does responsibility sit with a specific, accountable person or team, or is it diffuse and institutional? Answers that reference “the organisation” or “the process” without identifying a named owner typically invite follow-up questions about accountability. Answers that reference a specific role and a documented remediation plan signal that the problem is being managed, not just acknowledged.

The third thing they are assessing is proportionality: is the firm’s response to identified risks proportionate to those risks? Over-engineered controls for minor risks and under-engineered controls for material risks both attract scrutiny. A firm that has deployed extensive resources to manage a low-probability, low-impact risk while a material risk sits with a single point of failure has demonstrated poor risk governance, regardless of the quality of the documentation.

For the preparation of formal compliance presentations that precede a regulatory Q&A, the structural approach in compliance presentations for regulatory boards covers the format and language conventions that regulators expect to see — and the ones that tend to produce friction.

Three assessment dimensions in regulatory Q&A: organisational awareness, ownership, and proportionality

Six Question Patterns in Regulatory Reviews

Regulatory Q&A sessions tend to follow recognisable question patterns. Identifying the pattern quickly — before forming the answer — significantly improves the quality of the response and reduces the risk of inadvertently providing information that creates new lines of inquiry.

The scoping question is designed to understand the boundaries of the firm’s activity in a particular area. “How many of your customers fall within this category?” or “What proportion of your portfolio is subject to this requirement?” These questions are factual, and the answer should be factual, specific, and unambiguous. If the exact figure is not available, state the best available estimate, the source, and when a more precise figure will be available. Do not approximate without flagging that you are approximating.

The process question tests whether the firm has a documented, repeatable procedure. “Walk me through how you handle this situation” or “What is the process when a customer makes this type of request?” The answer should describe the actual process in practice, not the documented ideal. If the documented process and the actual practice diverge — which regulators often know before asking — acknowledging the divergence and explaining why it exists is far more useful than presenting the documented version as the operational reality.

The ownership question identifies accountability. “Who is responsible for ensuring this is done?” These questions should be answered with a specific name or specific role, not a committee, team, or department. If ownership is genuinely shared or unclear, say so — and describe what is being done to clarify it. Vague ownership is a finding; acknowledging vague ownership and having a plan is a mitigant.

The evidence question asks for documentation. “What records do you keep of this?” or “Can you show me an example?” Have specific examples prepared before the session. Asking for time to locate evidence during a regulatory Q&A creates an impression of inadequate preparation that is difficult to recover from within the same session.

The remediation question tests the quality of the firm’s response to identified issues. “What have you done since this was identified?” Answers should include: what changed, when it changed, who made the change, and how the firm knows the change has been effective. Remediation without a verification mechanism is not complete remediation.

The stress question tests the boundaries of the firm’s position. “What would happen if [extreme scenario]?” or “How would this control hold if [assumption was wrong]?” These questions are not designed to find a fault — they are designed to understand whether the firm’s risk thinking extends beyond the baseline scenario. Acknowledging the limits of a control and describing the compensating measures for those limits is the response that demonstrates mature risk governance.

Executive Q&A Handling System

A System for Preparing and Handling High-Stakes Q&A Sessions

The Executive Q&A Handling System is a structured approach for professionals who face high-stakes question sessions — including regulatory reviews, board Q&A, and scrutiny committee appearances. It covers how to predict the questions that matter, how to structure answers that hold up under follow-up, and how to manage the dynamics of an adversarial or high-pressure Q&A.

  • System for predicting and preparing for the questions that carry most risk
  • Answer frameworks for the six question patterns in regulatory and board Q&A
  • Preparation guides for compliance reviews, scrutiny hearings, and executive Q&A
  • Scenario playbooks for hostile, ambiguous, and stress-test questions

Get the Executive Q&A Handling System — £39

Designed for regulatory, board, and high-stakes executive Q&A sessions.

The Preparation Framework for Regulatory Q&A

Effective preparation for regulatory Q&A is not the same as rehearsing answers to anticipated questions. Rehearsed answers are often recognisable as such — they tend to be slightly too smooth, slightly too complete, and slightly disconnected from the specific question asked. Regulatory reviewers who ask the same questions in multiple firms become adept at distinguishing rehearsed responses from genuine understanding.

The preparation framework that produces better outcomes has three layers.

The first layer is factual verification. Before the session, verify the key facts — current figures, process descriptions, ownership assignments — rather than relying on memory. Know the numbers. Know the last audit date. Know the name of the person responsible for the control that is most likely to be questioned. Factual accuracy under follow-up questions is a significant trust signal; errors under follow-up — particularly errors that contradict something said earlier in the session — are recorded.

The second layer is gap mapping. Identify the areas where the firm’s position is least strong — where the documentation is incomplete, where the control is relatively recent, where there is a known remediation in progress. These are the areas where questions will be most difficult, and where the answer needs the most careful construction. The goal is not to conceal gaps; it is to be able to describe them clearly, with evidence of awareness and a credible remediation plan, rather than appearing to discover them in the room.

The third layer is scenario rehearsal. For each gap area, rehearse the answer to the worst version of the question — not the soft version that confirms your current position, but the version that directly challenges it. “Why did this take eighteen months to fix?” or “How do you know the control is working?” Rehearsing the difficult version means the actual question, which is rarely as sharp as the worst case, arrives as a manageable version of something already prepared for.

For the specific preparation techniques that apply when the Q&A is likely to include hostile or adversarial questions — common in enforcement-adjacent regulatory reviews — the approach in risk committee Q&A preparation covers how to identify the questions that expose the most significant vulnerabilities before the regulator does.

How to Handle Challenge Without Becoming Defensive

The most common error in regulatory Q&A is defensiveness. It manifests in several ways: excessive qualification of every answer, visible discomfort when a question implies criticism, or an impulse to explain away a finding before the reviewer has finished describing it. None of these responses are dishonest. All of them create the impression that the firm is managing a perception problem rather than a compliance problem — which is, from a regulatory perspective, a significantly more serious concern.

The discipline required is to receive challenge as information rather than attack. When a compliance officer says “We have seen in other firms that this type of control tends to break down under [condition] — how would yours hold up?”, the most useful response is genuine engagement with the hypothetical rather than immediate reassurance. “That is a fair stress to apply. Our current control would hold because [specific reason]. The area where we would be more exposed is [honest assessment], and we manage that through [compensating measure].” This kind of answer builds regulatory confidence; a smooth assurance that the control would hold under all conditions does not.

When a question reveals a gap that was not previously acknowledged — something the reviewer has found that the firm did not identify — the handling of that moment matters enormously. Immediate acknowledgement, followed by genuine engagement with the implications, is invariably received better than a search for an explanation that frames the gap as less significant than it appears. Regulators are experienced readers of defensive framing; the attempt to minimise rarely succeeds and always signals something.

Response framework for regulatory challenge questions: acknowledge, engage, and describe compensating measures

Building the Document Trail That Supports Your Answers

In regulatory Q&A, the answer in the room and the document trail that supports it are both assessed. An answer that cannot be corroborated by documentation — however accurate it may be — is substantially weaker than an answer accompanied by a clear reference to the relevant record. The preparation for a regulatory Q&A session should include identification of the specific documents that support the key answers, not just rehearsal of those answers.

This does not mean arriving with a trolley of paper. It means knowing where each material claim is documented, being able to reference that document specifically when asked, and having a process for providing it promptly if requested. “That is documented in our Q3 internal audit report, section 4.2 — I can provide that directly after this session” is a materially stronger answer than an oral description of the same content without a reference.

For areas where documentation is in progress — where a remediation plan exists but is not yet complete, or where a control has been strengthened but the updated procedure has not yet been formally signed off — the honest answer is to describe the current state accurately, including what is and is not yet complete. Representing in-progress documentation as finalised creates a specific type of regulatory exposure that is worse than the underlying gap it was meant to conceal.

If you are preparing for a regulatory review, compliance committee appearance, or board Q&A session, the Executive Q&A Handling System provides a structured preparation approach for high-stakes question sessions where the questioner has authority over outcomes.

Common Mistakes That Invite Further Scrutiny

Several answering behaviours consistently generate additional regulatory questions rather than resolving the line of inquiry. Awareness of these patterns allows for a deliberate correction in real time.

Answering a narrower question than the one asked. When a compliance officer asks a broad question and receives a specific, narrow answer, they typically note that the broader question was not addressed and return to it. The pattern signals either that the presenter is managing the scope of the answer to avoid uncomfortable territory, or that they did not listen to the full question. Neither reading is helpful. If the scope of a question is genuinely unclear, ask for clarification before answering, rather than answering the narrowest reasonable interpretation.

Using passive constructions to avoid ownership. “Errors were made” and “the process was not followed” are passive constructions that obscure who is responsible. Regulators notice this, and it tends to extend the Q&A rather than conclude it, because the ownership question will be asked again more directly. Name the role and the accountability clearly.

Answering the follow-up question before it is asked. When a presenter anticipates a follow-up and answers it preemptively — “and I should also mention that we are aware of [related issue]…” — it often opens a new line of inquiry rather than closing the original one. Answer the question asked. Wait for the follow-up. This is not evasion; it is discipline. The information will come out, but in a controlled sequence rather than as a cascade of preemptive disclosures.

For guidance on handling the most challenging variant of regulatory questions — the kind that appear in board meetings after a significant incident — the analysis of hostile questions in board meetings covers the specific techniques that prevent a difficult question from becoming a damaging exchange.

Executive Q&A Handling System

Prepare for Regulatory and High-Stakes Q&A Sessions

A system for predicting and handling the questions that carry the most risk — designed for regulatory reviews, board Q&A, and scrutiny committee appearances.

Get the Executive Q&A Handling System — £39

Designed for compliance, legal, and senior executive roles in regulated industries.

Frequently Asked Questions

How should you handle a question in a regulatory review when you do not know the answer?

State clearly that you do not have the specific figure or detail to hand, commit to providing it after the session with a specific timeline, and do not estimate unless you explicitly flag that you are estimating. “I do not have that figure with me today. I will confirm the exact number and send it to you by [specific date].” Then follow through precisely. Regulatory reviewers track commitments made in sessions; a failure to deliver on a stated commitment is a finding in itself. What you must not do is guess without flagging that you are guessing — an incorrect figure presented as fact, later contradicted by documentation, creates a significantly worse impression than the original admission of uncertainty.

Should you disclose problems proactively in a regulatory Q&A, or wait to be asked?

Issues that are material to the scope of the review should be disclosed proactively, not withheld in the hope they will not be raised. Regulators who discover in the course of a review that the firm was aware of a material issue but did not volunteer it treat that as a culture and conduct concern — separate from, and additional to, the underlying compliance issue. For issues that are immaterial or tangential to the specific review scope, the discipline is to answer the questions asked fully and accurately, without volunteering additional lines of inquiry. The distinction between proactive transparency and preemptive disclosure of everything is one of materiality to the current review.

How long should answers be in a regulatory Q&A session?

Shorter than most presenters instinctively provide. A direct answer to a scoping question should be one to two sentences — the figure, the source, and a brief qualifier if needed. A process description should describe the actual process in three to five steps, not provide a comprehensive account of every exception and variation. Longer answers in regulatory Q&A tend to introduce new threads that generate follow-up questions, and they sometimes suggest that the presenter is using volume to manage the impression created by the answer. The regulators who ask short questions and receive long answers are typically more attentive to the qualifications and caveats woven into those answers than to the headline claim.

The Winning Edge — Weekly Newsletter

Each Thursday: one executive presentation insight, one practical technique, one tool. Read by executives across financial services, healthcare, technology, and government.

Subscribe to The Winning Edge

About the Author

Mary Beth Hazeldine is Owner and Managing Director of Winning Presentations. With 25 years of corporate banking experience at JPMorgan Chase, PwC, Royal Bank of Scotland, and Commerzbank, she advises executives across financial services, healthcare, technology, and government on structuring presentations and Q&A responses for regulatory reviews, board appearances, and high-stakes approval meetings. View services | Book a discovery call

29 Mar 2026
Boardroom setting for a governance update presentation with non-executive directors reviewing slides

The Governance Update That Made Non-Executive Directors Lean In

Non-executive directors evaluate governance updates through the lens of risk, compliance, and organisational culture. They want clarity on board effectiveness, regulatory adherence, and the controls you’ve put in place—not lengthy operational detail. A well-structured update demonstrates that your organisation operates with transparency and deliberate oversight.

When Annika presented the governance update to her insurance company’s board, she’d prepared a 25-slide deep-dive on policy changes, committee attendance rates, and internal audit findings. Halfway through the second slide, the board chair interrupted: “Annika, we don’t need the granular data. Tell us what’s broken and what you’re doing about it.”

That five-minute conversation redirected her entire approach. She scrapped the presentation and rebuilt it around three themes: emerging risks, governance responses, and board-level assurance. The revised briefing took 12 minutes. Directors asked deeper questions. The conversation became strategic. What Annika learned that day is what non-executive directors have consistently told us: they’re not looking for comprehensiveness; they’re looking for clarity about what matters.

Struggling to pitch governance effectively to your board?

The Executive Slide System is built for exactly this moment. It includes a complete governance update framework, slide templates designed for director-level communication, and a step-by-step checklist to ensure you cover the issues that actually matter to your board. Hundreds of executives have used it to transform board conversations from operational updates into strategic dialogue.

What Non-Executive Directors Actually Want

Non-executive directors sit on boards for a single reason: to provide independent oversight and assurance. When evaluating your update, they’re asking three questions internally: Are we protected? Are we compliant? Is the executive team in control?

This is fundamentally different from what executives want to hear. An operational update highlights wins, progress, and momentum. A governance update addresses gaps, controls, and assurance. The best directors understand that governance doesn’t prevent success—it protects the organisation while success is being built.

This update must therefore start with this reframe. You’re not asking directors to approve operations; you’re inviting them into a transparent conversation about how the organisation manages risk. That transparency builds trust faster than any performance metric ever will.

The Three-Part Structure Framework

Every effective governance update follows the same underlying architecture, regardless of industry or organisation size. Mastering this structure is the quickest path to credibility.

Part 1: What’s Changed. Begin with the regulatory, market, or operational landscape shifts that have occurred since the last update. This establishes context. Directors need to understand what new risks or obligations have emerged. Be specific. “Regulatory environment remains stable” signals that you haven’t been paying attention. “Three new sector-specific compliance requirements from FCA took effect in Q1; we’ve mapped impact across finance, operations, and technology” signals rigour.

Part 2: What We’re Doing About It. Now present your response. Which controls have been tightened? Which processes have been redesigned? Which gaps remain visible to you, and what’s your timeline for closure? This is where directors assess executive competence. They’re listening for self-awareness, not defensiveness.

Part 3: What You Need to Know. Close with the items that require board attention: decisions you’re asking for, emerging risks you’re flagging early, or assurance you’re providing. This is your call to action. Directors leave feeling they’ve learned something and contributed something.

This three-part framework transforms the update from a compliance checkbox into a strategic conversation. It respects directors’ time, appeals to their decision-making authority, and positions you as a leader who thinks beyond the operational moment.

Four key expectations non-executive directors have for governance update presentations: strategic alignment, risk visibility, compliance status, and financial oversight

Stop Winging Board Presentations

The Executive Slide System gives you pre-built frameworks for governance, risk, finance, and strategy presentations. Every template is tested with real boards. Every slide follows the principles that make directors lean in.

Used by 300+ executives across banking, insurance, healthcare, and government.

Get the System — £39

Instant access. Lifetime updates.

Risk and Compliance: The Core of Your Story

If the three-part framework is the skeleton of your update, risk and compliance are the organs. They’re what directors care about most—and where many executives stumble.

The mistake most leaders make is presenting risk as a list. “Operational risk: medium. Reputational risk: low. Technology risk: medium.” Directors find this useless. A list doesn’t tell them what’s being done, why it matters, or whether they should worry.

Instead, present risk as narrative. Take your three or four most material risks and tell the story for each: What triggered this risk? How is it being managed? What’s the downside if controls fail? What’s the timeline for resolution? This approach transforms a compliance checkbox into a credible conversation about executive judgment.

On compliance, the principle is the same. Rather than listing policies or audit findings, centre your update around control effectiveness. Are the controls working? Have they been tested? What do auditors tell us? When controls fail, what’s the remediation? This is what matters to a director’s mind.

One additional note: directors despise surprise. If you’re aware of a control gap, tell them early and with a plan. If you’re managing a regulatory investigation, signal it proactively. Any update that raises flags early builds far more trust than one that tries to hide complexity and gets caught out later.

Board Effectiveness and Culture

Many governance updates stop at risk and compliance. The best ones go further. They address board effectiveness and organisational culture—the softer governance issues that often matter more than hard controls.

This might include: board composition and succession planning, diversity and inclusion progress, executive talent retention, or cultural health indicators. It might include anonymised whistleblowing data, employee engagement scores, or feedback from external stakeholders. The underlying message is the same: we understand that governance is about people and culture, not just policy.

Directors consistently report that they want more conversation about culture. They recognise that weak culture drives risk; strong culture mitigates it. When your update includes a thoughtful section on how you’re building and maintaining the right organisational culture, you’re speaking directly to what directors care about most.

This is also where you demonstrate leadership maturity. Executives who only present hard numbers and policies often appear defensive. Executives who reflect openly on culture, succession, and people dynamics appear thoughtful. This update is a chance to show directors that you’re thinking about the long term, not just the short term.

Comparison of weak versus strong governance update presentations across structure, tone, and outcome dimensions

The Critical Mistakes Directors Notice

We’ve sat with hundreds of directors in preparation meetings. When we ask them what weaknesses they see in these updates, the same patterns emerge repeatedly.

Mistake 1: Too Much Detail. Your presentation should run 15-20 minutes. If you need slides for every policy change, every audit recommendation, and every committee meeting, you’ve built a reference document, not a briefing. Directors can read a dashboard; they come to a meeting to think.

Mistake 2: Defensive Tone. When you present control gaps, do it matter-of-factly. Spending time explaining why the gap exists or defending past decisions signals weakness. Gap identified. Plan in place. Timeline set. Move forward. That’s the tone directors respect.

Mistake 3: No Clear Ask. Many of these presentations float without a landing. Directors don’t know what you want them to do. Do you need their approval for a new policy? Do you need their perspective on a trade-off? Do you need them to monitor a particular risk going forward? Close with clarity. It should end with a concrete next step.

Mistake 4: Mixing Governance with Operations. This briefing is not the place to sell your strategy or celebrate wins. Save that for your business update. The focus here is assurance and oversight. When you blur those lines, directors lose trust in your judgment about what actually matters.

Avoiding these mistakes alone puts you in the top quartile of executives. Most leaders haven’t thought carefully about any of them.

If you’re presenting to a board where governance has been an afterthought, the Executive Slide System includes a complete governance module that walks you through structure, messaging, and common director objections.

Preparing Your Presentation

Preparation is where most executives go wrong. They start writing slides before they’ve done the thinking. Reverse that. Think first.

Spend an hour identifying your genuine material risks and the status of your key controls. Not every risk is material to a board. Not every control is worth mentioning. Ruthless prioritisation separates executive-level governance from noise.

Then, have a conversation with your board chair or senior independent director. Share your proposed agenda and ask: What would help your board feel assured about governance this quarter? What keeps you awake at night? What questions do directors want answered? This conversation is worth far more than guessing.

Finally, build your briefing around the answer. Not around what you think should matter, but around what your board actually cares about. That alignment is what transforms a presentation into a conversation.

The Executive Slide System Includes:

  • Governance update templates with real board feedback
  • Risk communication frameworks that directors actually engage with
  • Step-by-step checklist to ensure you cover critical governance areas
  • Common director objections and how to address them
  • Lifetime access and quarterly updates

Explore the Executive Slide System — £39

Frequently Asked Questions

How long should this briefing be?

Between 15 and 20 minutes is optimal. This leaves time for questions and dialogue. If you need more than 20 minutes, you’ve included detail that doesn’t belong in a board presentation. Move granular content to written reports or appendices. Your briefing should highlight; a supporting document can detail.

Should I present governance updates in every board meeting?

Not necessarily. Some boards have a dedicated governance committee that reviews governance between board meetings. For full board meetings, governance can be a standing item, but it needn’t be a full presentation every time. Quarterly is common; some boards do it semi-annually. Alignment with your board’s cycle and governance committee structure matters more than frequency. What matters is consistency and visibility.

What if a director asks a question I can’t answer during the briefing?

Say so directly. “That’s an excellent question. I don’t have that data with me; let me investigate and come back to you within a week.” Then do it. Directors respect executives who admit knowledge gaps and follow up. They’re suspicious of those who bluff. Transparency about what you don’t know is part of demonstrating governance competence.

Get Board-Ready Insights Every Week

The Winning Edge newsletter shares governance, strategy, and risk communication strategies built on 24 years of board experience. Join 800+ executives.

Subscribe to The Winning Edge

Download the Executive Presentation Checklist — a free framework to prepare for any board presentation.

Related Reading

After you’ve mastered the governance update, explore how to present a data breach to your board — another critical conversation where structure and tone determine whether directors feel assured or alarmed.

Your next governance update is an opportunity to reframe how your board thinks about oversight. Structure it right, and you’ve not just informed them—you’ve built trust.

Mary Beth Hazeldine is Owner & Managing Director of Winning Presentations. With 24 years of corporate banking experience at JPMorgan Chase, PwC, Royal Bank of Scotland, and Commerzbank, she advises executives across financial services, healthcare, technology, and government on structuring presentations for high-stakes funding rounds and approvals.