Seychelles Corporate Governance: The New Landscape For 2026

The Seychelles Financial Services Authority (FSA) has fundamentally changed the corporate governance expectations for regulated entities. The new Code of Corporate Governance, effective from 1 January 2026, represents a significant shift in regulatory philosophy and should be taken seriously by anyone operating in the jurisdiction.

This is not just another compliance exercise. The Code has the force of law under Section 33 of the FSA Act, and non-compliance is a criminal offence. More importantly, it signals where Seychelles is positioning itself in the global regulatory environment – toward international standards, transparency, and institutional credibility.

WHO THIS AFFECTS

The Code applies broadly across the FSA regulated sectors:

• International Corporate Service Providers
• Securities dealers and investment advisors
• Virtual Asset Service Providers
• Gambling operators
• Insurance companies
• Certain mutual fund and hedge fund entities

If you hold a license under any of these regimes, you need to be compliant by the end of 2026 (the first annual disclosure form is due 31 December 2026).

THE STRATEGIC SHIFT: APPLY OR EXPLAIN

The FSA has adopted an "apply or explain an alternative" approach. This is more sophisticated than a rigid compliance checklist, but also more demanding. You cannot simply ignore provisions that do not suit your structure. You need to either implement the principle or provide a defensible alternative that achieves the same objective.

This flexibility is valuable, particularly for smaller entities or those with straightforward structures. But it requires thoughtful analysis, not box-ticking. The regulator will expect your explanations to be substantive and your alternatives to be genuine.

THE NINE PRINCIPLES: WHAT ACTUALLY MATTERS

1.Board Role and Responsibilities

The board job is to promote long-term interests while balancing shareholder and stakeholder concerns. This principle requires active governance, not passive oversight.

Practical implications:

• Boards must meet at least twice annually (minimum threshold – many entities will need more)
• Formal induction processes for new directors are mandatory
• Directors need ongoing training on legal duties and regulatory responsibilities
• The board remains ultimately responsible even when functions are delegated to committees

The Code explicitly addresses multiple directorships. If your directors hold numerous board positions, you need to be able to demonstrate they have adequate capacity to discharge their duties effectively. The days of purely nominal directorships are over.

2. Independence

There must be clear separation between the chair and CEO roles. If you combine these positions, you need to explain why this structure serves the company interests and demonstrate how you prevent concentration of decision-making power.

This will be challenging for many Seychelles entities where ownership and management overlap significantly. The regulator is signaling that governance structures need to evolve beyond the traditional offshore model of minimal board oversight.

3. Composition and Appointment

Boards should comprise individuals with diverse skills, experience, and perspectives. The Code specifically mentions diversity across gender, age, ethnicity, nationality, and professional background.

Key requirements:

• Board evaluations every three years (or at the end of strategic planning periods)
• Formal, objective selection criteria for appointments
• Mechanisms for shareholder-nominated directors

For VASP operators and other high-risk sectors, this means demonstrating genuine expertise in your board composition, not just meeting minimum qualification thresholds.

4. Corporate Culture

The board must establish and maintain high ethical standards throughout the organization. This is not aspirational language – it has specific requirements:

• Anti-corruption policies that reflect global reform efforts
• Independent whistleblowing mechanisms (without fear of retribution)
• Political engagement policies covering lobbying and donations
• Transparent workforce safety risk management

Virtual asset service providers should note that crypto-specific risks need to be embedded in your corporate culture framework, including customer protection, market integrity, and technology governance.

5. Remuneration

Remuneration structures must align with long-term strategy and be defensible relative to broader social considerations around inequality.

The Code requires:

• Either a Remuneration Committee or detailed reporting on remuneration decisions
• Performance measures that integrate risk considerations
• Transparent explanation of any significant remuneration changes

For entities with lean structures, the reporting alternative may be more practical than establishing a formal committee. But you need to document your decision-making process.

6. Risk Oversight

This is where the Code becomes operationally demanding. The board must:

• Annually assess key risks, their probability, and mitigation procedures
• Submit annual institutional risk assessments to the FSA
• Review risk management policies every three years (or with significant business changes)
• Maintain business continuity and contingency plans (reviewed at least annually)

The Code specifically calls out cyber-security, systemic risks aligned with UN Sustainable Development Goals, and human capital risks. For VASP operators, this means your risk framework needs to address technology infrastructure, market volatility, counterparty risks, and regulatory change.

The FSA expects a "risk committee" at board level. Smaller entities can potentially delegate this to the full board, but you need to explain this structure and demonstrate how independent judgment is maintained.

7. Corporate Reporting

Financial reports must present a "true and fair view" and enable shareholders to evaluate past performance and draw inferences about future prospects.

Requirements include:

• Compliance with international accounting standards
• Neutral reporting (substance over form)
• Comparable information over time
• Human capital management disclosure as part of long-term strategy

For entities serving international clients, particularly in the virtual asset space, this means your financial reporting needs to meet institutional-grade standards, not minimal compliance thresholds.

8. Internal and External Audit

The Code requires both internal and external audit functions:

Internal audit: Companies should have dedicated internal audit functions with defined oversight and reporting structures. If you do not have this, you must explain why to the regulator and demonstrate how you are achieving adequate assurance.

External audit: Formal procedures for independent external audit are mandatory. The external auditor reports to the audit committee (or the board). Auditor independence is paramount – the Code specifically addresses this issue, including limits on non-audit services.

Audit Committee: Required unless you can demonstrate an alternative that achieves the same objectives. The committee must include directors with recent financial expertise, and all members must be financially literate.

Practical point: If your auditor resigns, you must notify the FSA following board resolution. This prevents quiet auditor changes that might signal underlying issues.

9. Conflict of Interest Management

This principle reflects the FSA increasing focus on investor protection and market integrity:

• Clearly defined roles and segregation of duties
• Regular audits of conflict management practices
• Mandatory disclosure of potential conflicts
• Continuous training on conflict of interest issues

Any updates to conflict of interest policies must be reported to the FSA. For entities handling client assets or operating in sectors with complex commercial relationships (like virtual asset exchanges), robust conflict management is not optional.

PRACTICAL IMPLEMENTATION: WHAT TO DO NOW

1. Gap Analysis (Q1 2026)

Review your current governance structure against all nine principles. Identify where you comply, where you need alternatives, and where you have genuine gaps.

Focus areas:

• Board composition and director capacity
• Committee structures (audit, risk, remuneration)
• Internal audit function
• Risk assessment and business continuity planning
• Conflict of interest policies

2. Board Resolution (Q1-Q2 2026)

The board needs to formally consider the Code, approve your compliance approach, and document decisions around alternatives to specific requirements.

This is not a management exercise. The board itself must engage with the requirements and take ownership of the governance structure.

3. Documentation (Q2-Q3 2026)

Prepare supporting materials:

• Updated board policies and procedures
• Committee terms of reference
• Risk assessment frameworks
• Business continuity plans
• Conflict of interest policies
• Training records

The disclosure form asks specific questions about committees, evaluations, and risk assessments. You need documented evidence of compliance or defensible explanations of alternatives.

4. Training (Q2-Q3 2026)

The Code requires director training on legal duties, regulatory responsibilities, and continuing professional development. Document all training activities.

For sectors with evolving regulatory frameworks (particularly VASPs), training needs to be ongoing and specific to your risk profile.

5. First Disclosure (Q4 2026)

The annual disclosure form (Annex 1 to the Code) must be submitted by 31 December 2026. This requires board-level sign-off and covers all compliance questions.
The declaration is personally signed by an authorized person who confirms the information is "true, complete and accurate." False information carries prosecution risk.

STRATEGIC CONSIDERATIONS FOR DIFFERENT SECTORS

Virtual Asset Service Providers

The VASP sector faces particular scrutiny. Your governance structure needs to demonstrate:

• Technical expertise at board level
• Robust risk management covering technology, market, and regulatory risks
• Clear conflict management in client-facing operations
• Sophisticated compliance capabilities

If you are a VASP with international ambitions (particularly entities eyeing exchange listings), your Seychelles governance needs to be defensible to institutional investors and foreign regulators. The Code provides a framework to demonstrate this.

International Corporate Service Providers

ICSPs handling complex structures for international clients need governance that matches the sophistication of the services provided:

• Independent oversight of client onboarding and due diligence
• Clear escalation procedures for risk and compliance issues
• Professional development for staff on AML/CFT and regulatory obligations
• Documented risk assessment for different client types and jurisdictions

Securities and Fund Operators

Entities managing client assets need particular attention to:

• Audit committee effectiveness
• External auditor independence
• Conflict of interest management
• Risk oversight appropriate to investment strategies

THE REGULATORY CONTEXT: WHY THIS MATTERS BEYOND COMPLIANCE

Seychelles is positioning itself within the evolving offshore landscape. Jurisdictions are being assessed not just on their legislative frameworks but on implementation, enforcement, and institutional quality.

The Code of Corporate Governance is part of this broader strategy. It signals:

• Alignment with international best practices
• Serious regulatory oversight expectations
• Movement away from minimal governance structures
• Focus on substance over form

For clients and stakeholders evaluating Seychelles entities, the Code provides assurance of governance standards. For operators, it raises the bar for institutional credibility.

This is particularly relevant for VASP operators dealing with exchanges, institutional counterparties, and investors who conduct detailed due diligence. Your governance structure is increasingly part of your commercial proposition, not just a regulatory obligation.

COMMON MISCONCEPTIONS

"This does not apply to my simple structure"

The Code applies to all licensed entities within scope, regardless of size or complexity. The "apply or explain" approach provides flexibility, but you still need to address each principle.

"I can ignore provisions that do not suit my business"

You need to either apply the principle or explain your alternative. Silence is not an option. The disclosure form specifically asks about key requirements, and you must answer.

"My current board structure is fine"

Many traditional offshore structures will not meet the Code expectations around independence, oversight, and active governance. Review objectively and be prepared to make changes

"This is just a paper exercise"

The Code has the force of law. Non-compliance is a criminal offence under Section 33(5) of the FSA Act. The regulator can take enforcement action against licensees, directors, and officers.

NEXT STEPS

If you operate in Seychelles under FSA regulation:

1. Put Code compliance on your board agenda for the next meeting
2. Conduct a gap analysis against the nine principles
3. Identify where you need committee structures, policy updates, or procedural changes
4. Document your governance decisions with clear rationales
5. Prepare your disclosure form for December 2026 submission

This is a jurisdiction-defining regulatory development. Entities that treat it as a compliance burden rather than a strategic opportunity will find themselves at a competitive disadvantage.

Those that embrace the framework and use it to strengthen their institutional credibility will be better positioned for the evolving regulatory environment – not just in Seychelles, but globally.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.