Consumer Duty in Gibraltar: Why Silence is No Longer an Option

The financial services sector has always had a way of letting responsibility slip through the cracks. When outcomes are poor, too often the conclusion is that it was “everybody’s fault”—which usually means nobody’s. Problems are delegated so many times that, by the time harm is clear, no one can point to who should have acted differently.

That is precisely why the Consumer Duty exists. Both the UK’s FCA and Gibraltar’s GFSC are now placing accountability firmly at the boardroom table. Boards, and particularly non-executive directors, are expected not just to approve strategies but to own the consequences of how those strategies play out for customers. In the UK, they call it “passing the hot potato.” In Gibraltar, it’s “passing the monkey.” Whichever metaphor you prefer, the days of passing risk down the line are over.

For NEDs, this makes the role more challenging than ever. Your duty is not to manage the business day to day but to ask the awkward questions, to challenge executives, to insist that issues are not brushed aside. And crucially, to ensure that this challenge is visible in the board minutes. Because if the minutes are silent, regulators will assume you were too.

A Year of Heightened Scrutiny

This past year has been pivotal. In March 2025, the GFSC published its thematic review on Consumer Duty board reports. Later, in September, the focus shifted to product governance across the insurance sector. Both reviews scrutinised how firms in Gibraltar were demonstrating control and whether their boards could evidence oversight.

The findings were sobering. Many board reports were vague, offering little analysis or actionable insight. Too much reliance was placed on group-wide documentation rather than Gibraltar-specific reporting. Fair value assessments were often weak or absent, particularly where commissions exceeded 35 percent, and the treatment of vulnerable customers was inconsistent or poorly evidenced.

The regulators’ message could not have been clearer: it is not enough to produce data or adopt group frameworks. Gibraltar entities must demonstrate their own grip on local risks, backed by documented evidence of oversight, challenge, and remediation.

Personal Accountability in Practice

Under Gibraltar’s Corporate and Professional Conduct Directive (CPCD), the expectation is explicit: boards, and the NEDs who sit on them, must take responsibility for governance, risk oversight, and customer outcomes. The FCA’s Senior Managers and Certification Regime may not apply in Gibraltar, but the standard of personal accountability is essentially the same.

This means that a director’s signature—or their silence—matters. When Sheldon Mills of the FCA said, “Silence in the boardroom is not an option,” he was speaking directly to this issue. If board minutes do not show that NEDs asked questions, raised concerns, or challenged assumptions, regulators will conclude that none of that took place.

Delegation is Not Abdication

Perhaps the most pressing theme for Gibraltar firms is delegation. The GFSC has made it clear that delegation, whether to intermediaries, group functions, or MGAs, does not absolve boards of responsibility. Over-reliance on distributor data, especially when commissions exceed 35 percent, has already been flagged as a common failing. Too many boards are accepting figures at face value without probing whether they are accurate or whether they truly demonstrate fair value for customers.

The danger is particularly acute with so-called “letterbox insurers”—entities with little local substance, whose boards have neither the expertise nor the information to oversee the products they are underwriting. Regulators see this as a red flag: products being signed off without real scrutiny, commissions justified only verbally, and new activities launched without proper disclosure.

What Regulators Want to See

It is worth remembering that regulators are not asking for perfection. They do not expect firms to eliminate every problem. What they do expect is a clear demonstration that when problems occur, boards notice them, ask questions, and follow through until they are resolved.

This is not about glossy board packs or binders of documentation. A simple, well-structured one-page dashboard that highlights outcomes and trends can be more effective than reams of MI. A log of board challenge, showing when questions were asked and how they were addressed, may carry more weight than a dense report that obscures the issues.

The real test is cultural: whether boards are taking a proactive stance, moving beyond compliance as a box-ticking exercise and instead treating Consumer Duty as the foundation of governance. When fair value, vulnerable customers, and distribution oversight become standing items of boardroom debate, regulators will see that oversight is alive and genuine.

The Firewall Role of NEDs

For NEDs, the implications are profound. You are not there to run the business, but you are the governance firewall. Your role is to probe, to push back, and to ensure that when decisions are taken, the customer perspective is not lost. If you sit quietly, regulators will see risk; if you challenge and record that challenge, they will see control.

The bottom line is this: in Gibraltar, as in the UK, Consumer Duty is not going away. Scrutiny is rising, accountability is personal, and regulators will not accept silence as a defence. As a NED, your responsibility is not simply to be present, but to be heard—and to make sure that evidence of your oversight is there for all to see