Chapter 4

Question 1

Definition of Corporate Governance

Answer 1

Corporate governance is the system by which companies are directed and controlled.

Question 2

Key Elements of Good Corporate Governance

Answer 2

Transparency and accountability, including timely provision of high-quality information and clear decision-making processes.

Question 3

Commonly Adopted Governance Principles

Answer 3

Shareholder rights, stakeholder obligations, board responsibilities, ethical decision-making, accountability, and financial verification.

Question 4

UK Corporate Governance Code

Answer 4

Applies to companies listed on the London Stock Exchange and focuses on board leadership, accountability, and risk management.

Question 5

The Companies Act 2006

Answer 5

Governs company formation, statutory reporting, and director responsibilities in the UK.

Question 6

Three Lines of Defence Model

Answer 6

1st: Business managers controlling risks.

2nd: Risk management and compliance teams.

3rd: Internal audit for independent oversight.

Question 7

Role of the Board of Directors

Answer 7

Establishes company objectives, monitors performance, and ensures compliance with governance standards.

Question 8

Audit Committee Responsibilities

Answer 8

Oversees financial reporting, internal controls, and external audits to ensure accuracy and compliance.

Question 9

Statutory Reporting Requirements

Answer 9

Includes confirmation statements, annual reports, directors’ reports, and financial accounts.

Question 10

Risk Management in Corporate Governance

Answer 10

Essential for identifying, assessing, and mitigating risks to ensure business stability and regulatory compliance.

Question 11

Record Keeping and Data Quality

Answer 11

Accurate record-keeping is crucial for business planning, risk management, and compliance with data protection laws.

Question 12

Data Protection Legislation (UK GDPR)

Answer 12

Enforces principles like lawfulness, fairness, transparency, data minimisation, and security.

Question 13

ICO (Information Commissioner’s Office) Role

Answer 13

Regulates data protection compliance and can impose fines of up to £17.5 million or 4% of annual turnover.

Question 14

Breach Notification Requirements

Answer 14

Companies must report data breaches to the ICO, and if the risk is high, notify affected individuals.

Question 15

International Data Transfers

Answer 15

Transfers of personal data outside the UK must comply with data protection laws to prevent misuse.

Question 16

What is the primary purpose of corporate governance?
a) Maximising shareholder dividends
b) Ensuring companies are controlled and directed properly
c) Reducing the number of employees on a board
d) Avoiding regulatory compliance

Answer 16

b) Ensuring companies are controlled and directed properly

Question 17

Which of the following is NOT a key principle of corporate governance?
a) Accountability
b) Transparency
c) Monopoly creation
d) Ethical decision-making

Answer 17

c) Monopoly creation

Question 18

What is the UK Corporate Governance Code primarily designed for?
a) Companies that operate globally
b) Private companies with fewer than 50 employees
c) Companies listed on the London Stock Exchange
d) Sole traders and partnerships

Answer 18

c) Companies listed on the London Stock Exchange

Question 19

What role does an audit committee play?
a) Setting corporate tax rates
b) Overseeing financial reporting and internal audits
c) Approving employee bonuses
d) Determining stock market investments

Answer 19

b) Overseeing financial reporting and internal audits

Question 20

Under the three lines of defence model, who is responsible for identifying and controlling risks first?
a) Internal audit team
b) External auditors
c) Business managers
d) Shareholders

Answer 20

c) Business managers

Question 21

Which legislation governs company formation and reporting requirements in the UK?
a) Financial Services Act 2012
b) UK GDPR
c) Companies Act 2006
d) Consumer Credit Act 1974

Answer 21

c) Companies Act 2006

Question 22

Which of these is NOT a statutory reporting requirement?
a) Confirmation statement
b) Director’s report
c) Employee pension contribution report
d) Annual financial accounts

Answer 22

c) Employee pension contribution report

Question 23

Why is risk management important in corporate governance?
a) To avoid paying employee salaries
b) To help identify and mitigate risks to business operations
c) To eliminate the need for financial audits
d) To reduce the number of employees

Answer 23

b) To help identify and mitigate risks to business operations

Question 24

What does the Information Commissioner’s Office (ICO) do?
a) Regulates banking transactions
b) Enforces UK data protection laws
c) Sets corporate tax rates
d) Approves stock market trades

Answer 24

b) Enforces UK data protection laws

Question 25

Which of the following is a key requirement under UK GDPR? a) Unlimited data storage for future use b) The right for individuals to request their data be erased c) Selling customer data to third parties without consent d) No need for businesses to inform individuals about data processing

Answer 25

b) The right for individuals to request their data be erased

Question 26

What is one of the main penalties for breaching data protection laws? a) Suspension of employee contracts b) Fines of up to £17.5 million or 4% of annual global turnover c) Public warnings with no financial consequences d) Reduction in tax obligations

Answer 26

b) Fines of up to £17.5 million or 4% of annual global turnover

Question 27

What is the purpose of internal audits in corporate governance? a) To set employee performance targets b) To monitor and improve internal control systems c) To approve executive salaries d) To replace external auditors

Answer 27

b) To monitor and improve internal control systems

Question 28

Which governance principle ensures shareholders can hold boards accountable? a) Transparency b) Secrecy c) Fraud protection d) Outsourcing

Answer 28

a) Transparency

Question 29

Why do companies need to maintain accurate records? a) To comply with regulatory requirements b) To avoid having to file tax returns c) To make their operations less transparent d) To reduce competition

Answer 29

a) To comply with regulatory requirements

Question 30

What is the primary role of external auditors? a) To advise on marketing strategies b) To independently verify a company’s financial statements c) To approve employee bonuses d) To manage internal risk assessments

Answer 30

b) To independently verify a company’s financial statements

Question 31

A publicly traded insurance company is facing declining profits. The shareholders demand better transparency in financial reporting. What action should the board take? a) Ignore the concerns since profits fluctuate b) Improve financial disclosures and increase communication with shareholders c) Replace the CFO without explanation d) Stop publishing financial reports

Answer 31

b) Improve financial disclosures and increase communication with shareholders

Question 32

A director on the board of an insurance company also owns shares in a major supplier. What is the most appropriate action? a) They should declare their interest and abstain from related decisions b) They should secretly influence decisions to benefit their shares c) They should sell all their shares to avoid suspicion d) They should resign from the board immediately

Answer 32

a) They should declare their interest and abstain from related decisions

Question 33

A company experiences a major cybersecurity breach due to weak security controls, exposing customer data. What should the board prioritise first? a) Ignore the breach and hope it does not attract attention b) Immediately inform regulators and affected customers while enhancing security measures c) Blame the IT department and take no further action d) Shut down all online services permanently

Answer 33

b) Immediately inform regulators and affected customers while enhancing security measures

Question 34

An insurance firm fails to submit its annual financial report on time due to internal delays. What consequences might they face? a) A fine and potential regulatory scrutiny b) Increased company profits c) A reduction in regulatory requirements d) A reward for saving operational costs

Answer 34

a) A fine and potential regulatory scrutiny

Question 35

An employee reports fraudulent financial activities within the company, but their manager threatens to fire them. What should the board do? a) Investigate the claims and protect the whistleblower from retaliation b) Fire the employee to prevent damage to the company's reputation c) Offer the employee a bonus to stay silent d) Ignore the allegations unless the media finds out

Answer 35

a) Investigate the claims and protect the whistleblower from retaliation

Question 36

A financial services company loses customer data due to improper handling by a third-party provider. What legal responsibility does the company have? a) None, because the third party is at fault b) Full responsibility under data protection regulations c) Only a warning from the regulator d) They can claim insurance and ignore the issue

Answer 36

b) Full responsibility under data protection regulations

Question 37

A company director learns that the firm is about to merge with a competitor before it is publicly announced. They decide to buy shares in the company before the news goes public. What is the consequence? a) A criminal offence, leading to fines and potential jail time b) A smart financial decision with no legal impact c) Encouraged as a benefit of being a director d) No action unless the regulator finds out

Answer 37

a) A criminal offence, leading to fines and potential jail time

Question 38

A company's CEO also serves as the head of the audit committee. What governance issue does this raise? a) Conflict of interest and lack of independent oversight b) Improved efficiency and cost savings c) No issue, as long as the CEO has experience in audits d) Better decision-making due to one person controlling both roles

Answer 38

a) Conflict of interest and lack of independent oversight

Question 39

A company discovers an accounting error that inflated profits in previous years. If they report it, they may face regulatory penalties. What is the correct action? a) Report the error immediately and correct financial statements b) Hide the error to avoid fines c) Destroy the relevant financial records d) Blame a former employee who has left the company

Answer 39

a) Report the error immediately and correct financial statements

Question 40

An insurance company manipulates its financial statements to show higher profits and attract investors. What could happen if regulators find out? a) Heavy fines, loss of investor trust, and possible criminal charges b) Increased stock prices and company growth c) A government bailout to avoid job losses d) A minor warning with no real consequences

Answer 40

a) Heavy fines, loss of investor trust, and possible criminal charges

Question 42

A UK-listed insurance firm is reviewing the make-up of its board. According to the UK Corporate Governance Code, which of the following should it prioritise? A) Appoint only executive directors B) Ensure a majority of non-executive directors C) Include junior staff representatives D) Appoint the CEO as Chair

Answer 42

Answer: B) Ensure a majority of non-executive directors Explanation: The Code recommends a majority of independent non-executive directors to enhance board objectivity​

Question 43

Which statutory act requires UK companies to prepare and disclose annual financial statements? A) Data Protection Act B) Companies Act 2006 C) Financial Services Act D) Prudential Reporting Code

Answer 43

Answer: B) Companies Act 2006 Explanation: This act governs the preparation and disclosure of accounting records and annual reports.

Question 44

An insurer sets up a board-level audit committee. According to best practice, who should chair it? A) CEO B) Senior actuary C) Independent non-executive director D) Finance director

Answer 44

Answer: C) Independent non-executive director Explanation: To maintain independence and transparency, the committee should be chaired by an INED.

Question 45

Q: A company detects that internal data used for regulatory reporting contains errors. Which governance function is compromised? A) Product development B) Internal audit C) Data management and record keeping D) Claims handling

Answer 45

Answer: C) Data management and record keeping Explanation: Accurate record keeping is a legal and operational requirement for compliance and reporting.

Question 46

A subject access request is received from a former policyholder. What is the company legally required to do under UK data protection law? A) Delete the record B) Refuse and redirect to the ombudsman C) Provide requested personal data within 1 month D) Charge a £50 fee

Answer 46

Answer: C) Provide requested personal data within 1 month Explanation: Data subjects have a legal right to access personal information held about them.

Question 47

Which of the following is not a core component of the UK Corporate Governance Code? A) Accountability B) Remuneration C) Whistleblowing D) Leadership

Answer 47

Answer: C) Whistleblowing Explanation: Whistleblowing is important but not a named principle within the core five sections of the Code.

Question 48

A board decides to split the CEO and Chair roles. What governance principle does this support? A) Simplicity B) Executive control C) Separation of powers D) Strategic redundancy

Answer 48

Answer: C) Separation of powers Explanation: Dividing roles ensures one individual does not wield excessive influence over strategy and oversight.

Question 49

Under the Companies Act 2006, how long must financial records be retained? A) 1 year B) 2 years C) 6 years D) 10 years

Answer 49

Answer: C) 6 years Explanation: Companies are legally required to retain records for at least 6 years.

Question 50

A firm wants to assess the effectiveness of its corporate governance structure. Which document would be most useful? A) Risk register B) Governance assurance report C) Claims reserving model D) Policyholder retention analysis

Answer 50

Answer: B) Governance assurance report Explanation: This evaluates internal controls and the board's effectiveness.

Question 51

Why is it important that board members have diverse backgrounds? A) To meet FCA fitness tests B) To reflect policyholder demographics C) To ensure better decision-making D) To rotate roles annually

Answer 51

Answer: C) To ensure better decision-making Explanation: Diversity enhances board effectiveness and challenges groupthink.

Question 52

Q: A board lacks a formal risk appetite statement. Which outcome is most likely? A) Clear operational boundaries B) Inconsistent decision-making C) Improved audit ratings D) Faster product launches

Answer 52

B) Inconsistent decision-making Explanation: Without defined risk appetite, decisions may vary unpredictably.

Question 53

What is a key risk of failing to report statutory data correctly? A) Lower combined ratio B) Regulatory sanctions C) Customer refunds D) Delisted insurance products

Answer 53

Answer: B) Regulatory sanctions Explanation: Breaches in reporting can trigger fines or license conditions.

Question 54

Q: In corporate governance, what is the primary role of the board of directors? A) Launch new products B) Approve all claims C) Provide strategic leadership and oversight D) Monitor share prices

Answer 54

C) Provide strategic leadership and oversight Explanation: The board sets long-term direction and ensures sound governance.

Question 55

A company wishes to share anonymised data for research. What must be ensured before sharing? A) ICO registration B) Data subject notification C) Strong encryption D) No risk of re-identification

Answer 55

Answer: D) No risk of re-identification Explanation: Anonymised data must not allow individuals to be traced.

Question 56

Q: A board oversees cyber risk within the organisation. This is an example of: A) Insurance risk management B) Operational risk oversight C) Marketing compliance D) Product innovation

Answer 56

Answer: B) Operational risk oversight Explanation: Cyber risk falls under operational risk, a key board responsibility.

Question 57

Internal audit reports to which party to preserve independence? A) CEO B) Compliance officer C) Audit committee or board D) Marketing head

Answer 57

Answer: C) Audit committee or board Explanation: Reporting directly to the board enhances auditor objectivity.

Question 58

What must a company do upon discovering a significant data breach? A) Wait for the next board meeting B) Notify ICO within 72 hours C) Destroy affected data D) Freeze all user accounts

Answer 58

Answer: B) Notify ICO within 72 hours Explanation: The GDPR requires regulators to be notified within 72 hours of becoming aware of a breach.

Question 59

Which type of risk is best captured using a risk matrix and heatmap? A) Liquidity risk B) Strategic risk C) Operational risk D) All of the above

Answer 59

Answer: D) All of the above Explanation: Risk matrices can visualise likelihood and impact across

Question 60

Internal audit reports to which party to preserve independence? A) CEO B) Compliance officer C) Audit committee or board D) Marketing head

Answer 60

Answer: C) Audit committee or board Explanation: Reporting directly to the board enhances auditor objectivity.