Geopolitical Risk 2026: What UK Boards and CFOs Must Own Now

Geopolitical risk is now the single largest threat on the UK executive agenda in 2026, and most boards are not governing it with the rigour the moment demands. According to Deloitte’s April 2026 CFO Survey — drawing on responses from 79 UK finance leaders, including CFOs at 12 FTSE 100 and 29 FTSE 250 companies — confidence among UK finance leaders has fallen sharply, with geopolitical instability cited as the dominant driver of uncertainty.

Why Has Geopolitical Risk Jumped to the Top of the UK Board Agenda?

The convergence of several structural shifts has made geopolitical risk qualitatively different from prior cycles. Trade fragmentation, sanctions proliferation, export controls on critical technologies, and shifting alliance structures are now directly affecting UK businesses’ supply chains, capital markets access, and regulatory standing in ways that cannot be hedged away at the treasury level alone.

Research from Deloitte’s April 2026 survey found that cost control is a strong priority for 68% of UK CFOs — up from 51% last quarter — precisely because geopolitical-driven inflation, supply disruption, and currency volatility are compressing margins in ways that were not modelled in 2025 planning cycles. The same survey found that cash management and capital allocation have moved up the priority stack alongside digital transformation, as boards scramble to maintain optionality in a less predictable macro environment.

The Companies Act 2006 already requires directors to act in the long-term interests of the company. The UK Corporate Governance Code 2024, applied from 1 January 2026, now demands that boards articulate how governance inputs translate into tangible strategic outcomes — not just that risk processes exist, but that they work. Geopolitical exposure sits squarely inside that accountability framework.

Executive Action

• Require the board to receive a standing geopolitical risk briefing at least quarterly, distinct from the standard risk register — covering trade policy shifts, sanctions exposure, critical technology restrictions, and country-specific operational risk.
• Map board-level accountability: which director or committee owns geopolitical risk oversight, and is that person equipped with sufficient external intelligence to challenge management assumptions?
• Review whether the company’s risk appetite statement explicitly addresses geopolitical scenarios — if not, that is a governance gap under the FRC’s outcomes-based reporting expectations.

What Does Geopolitical Risk Actually Mean for a UK CFO in Practice?

The CFO’s role in geopolitical risk has expanded well beyond currency hedging and sanctions screening. Finance leaders are now expected to model scenario-specific P&L impacts of trade corridor disruption, advise the board on the capital implications of reshoring or near-shoring decisions, and ensure that the company’s financing arrangements are resilient to sudden shifts in credit conditions driven by macro events outside management’s control.

UK businesses with supply chain exposure to Southeast Asia, the Middle East, or Eastern Europe are particularly vulnerable to what economists now call “friend-shoring” pressure — the push by governments to concentrate trade and investment within geopolitically aligned blocs. For listed companies, the FCA’s climate and ESG disclosure expectations increasingly expect boards to address physical and transition risks, but the parallel geopolitical risk to supply chains and markets is receiving far less structured governance attention.

According to research published by Grant Thornton in early 2026, geopolitical and macroeconomic uncertainty ranks as the top external threat for UK financial services executives, ahead of regulatory change and digital disruption — a reversal of the prior two years’ rankings. For boards operating under the UK Corporate Governance Code, that shift should translate directly into the quality and depth of risk disclosure in the annual report.

Executive Action

• Commission a geopolitical stress-test of the company’s top five supplier relationships and top three markets — model the P&L impact of a 60-day disruption in each, and bring results to the audit and risk committee before the next planning cycle.
• Review treasury policy for geopolitical triggers: does the company have pre-agreed contingency financing that would activate if access to specific capital markets or currencies became constrained?
• Engage the company’s external auditors now on how geopolitical assumptions are reflected in going concern assessments and impairment models — do not wait for the year-end process.

How Should UK Boards Govern Technology Export Controls and Sanctions Risk?

One of the sharpest practical edges of geopolitical risk in 2026 is the proliferation of technology export controls — particularly US CHIPS Act restrictions, UK strategic technology export licensing requirements, and EU dual-use regulation — which now affect not just defence and deep tech companies but any UK enterprise using advanced semiconductors, cloud infrastructure hosted on US hyperscalers, or AI systems with cross-border data flows.

Boards that have not reviewed their technology supply chain against current UK Export Control Joint Unit (ECJU) guidance, or assessed their exposure to US Office of Foreign Assets Control (OFAC) secondary sanctions, are carrying material compliance risk. The consequences — licence revocations, reputational damage, director disqualification under the Companies Act 2006 — are not hypothetical. Several UK mid-cap firms have received OFAC compliance inquiries in the past eighteen months as sanctions enforcement has intensified.

The UK National Security and Investment Act 2021 adds a further layer: acquisitions, joint ventures, and even certain licensing arrangements in 17 sensitive sectors require mandatory notification to the Investment Security Unit. Boards pursuing M&A or partnership strategies in technology, energy, defence supply chain, or critical infrastructure must build NSI Act assessment into deal timelines from the outset.

Executive Action

• Instruct legal and compliance to conduct a technology export control audit — covering the company’s own products, supplier-provided technology, and cloud/AI infrastructure — against current ECJU and OFAC requirements. Use the executive assessment tools at INFORMD to frame your board’s technology governance review.
• Build NSI Act screening into the M&A and partnership governance process as a mandatory pre-approval gate, not an afterthought. The capital approval assessment template at INFORMD includes a regulatory pre-clearance checklist for exactly this purpose.
• Confirm that the board’s D&O insurance coverage explicitly addresses sanctions and export control liability — coverage gaps in this area are becoming a material risk as enforcement escalates.

What Does Robust Geopolitical Risk Governance Look Like at Board Level?

The most effective approach observed among FTSE 100 boards in 2026 is the integration of geopolitical risk into existing governance structures — rather than creating a standalone process that risks becoming siloed. The best boards are treating geopolitical risk as a dimension of each strategic decision, not as a separate agenda item.

That means the strategy committee pressure-testing capital allocation against geopolitical scenarios. It means the audit and risk committee requiring management to articulate geopolitical assumptions in the risk register with the same rigour applied to cyber or climate risk. And it means the remuneration committee considering whether executive long-term incentive plans are appropriately structured for a world where multi-year revenue assumptions may be disrupted by events in Washington, Beijing, or Brussels.

The FRC’s updated Corporate Governance Code guidance expects the board to demonstrate, in its annual report, that governance processes are effective — not merely present. A risk register that lists “geopolitical uncertainty” as a principal risk without evidencing board-level debate, scenario analysis, and mitigation action will increasingly fail that test. Boards that have invested in scenario planning capability — whether through external advisors, a geopolitical risk specialist NED, or structured intelligence subscriptions — are better placed both operationally and in terms of investor relations.

Executive Action

• Review the annual report risk section before sign-off: can you point to a specific board discussion, a scenario that was modelled, and an action taken in response to geopolitical risk? If not, the disclosure is unlikely to meet the FRC’s outcomes-based expectations.
• Consider whether the board’s composition includes sufficient geopolitical and international commercial experience — if not, this is a legitimate NED recruitment priority to surface at the nominations committee.
• Access the full range of executive briefings at INFORMD to stay current on regulatory and geopolitical developments affecting UK business strategy.

INFORMD provides intelligence briefings, tools and frameworks for senior business leaders across technology, finance, strategy and compliance. Based in Milton Keynes, UK, we help executives stay informed and act with confidence. Explore our full briefing library or access our free assessment tools.

Stay ahead. Subscribe to INFORMD’s weekly executive briefing at informd.co.uk.

FAQ: Is geopolitical risk a formal governance obligation for UK boards?

Yes — indirectly but substantively. The UK Corporate Governance Code 2024 (applying from January 2026) requires boards of premium-listed companies to demonstrate effective risk oversight through outcomes-based reporting, not merely process compliance. The Companies Act 2006 requires directors to act in the long-term interests of the company and have regard to the likely consequences of decisions. Material geopolitical exposures that are not identified, monitored, and mitigated may constitute a breach of that duty if they result in avoidable harm to the company.

FAQ: What is the UK National Security and Investment Act and why does it matter to boards?

The National Security and Investment Act 2021 gives the UK Government power to scrutinise and block acquisitions, joint ventures, and certain licensing arrangements in 17 sensitive sectors — including AI, semiconductors, defence, energy, and communications infrastructure. Failure to notify a qualifying transaction is a criminal offence. Boards pursuing any deal activity in these sectors must build NSI Act assessment into their governance process from the earliest stages of negotiation.

FAQ: How should a UK board differentiate geopolitical risk from standard macro risk in its risk register?

Standard macro risk covers cyclical economic factors — recession, interest rate movements, inflation — that affect most businesses broadly and can be modelled using established financial tools. Geopolitical risk is structural and discontinuous: it arises from government decisions, military or diplomatic events, and policy shifts that can change the rules of a market suddenly and without economic precedent. The key governance discipline is to ensure geopolitical risk scenarios are assessed separately, with specific mitigations identified, rather than being absorbed into a generic “macro uncertainty” category that obscures the board’s ability to act on individual drivers.

FAQ: Which UK board committees should own geopolitical risk?

Geopolitical risk does not fit neatly into a single committee — it spans strategy, audit and risk, nominations, and remuneration. The most effective approach is to designate the audit and risk committee as the primary oversight body, with a clear requirement to escalate material geopolitical developments to the full board. The strategy committee or a dedicated board risk forum should conduct periodic scenario exercises. The nominations committee should assess whether board composition provides sufficient geopolitical expertise to challenge management assumptions effectively. Clear terms of reference, documented annually, prevent the topic falling into a governance gap between committees.