ZYC-GOV-001 Governance Framework

(Applies to all Zeyro staff, directors, contractors, and consultants — Updated October 2025)

Background

Zeyro Limited is authorised and regulated by the Financial Conduct Authority (FCA) and operates as a Core firm under the Senior Managers & Certification Regime (SMCR). This Governance Framework explains how accountability, oversight, and decision-making operate within Zeyro, and how these are mapped through the firm’s Statements of Responsibility (SoRs) and supporting policies.

It complements the Business-Wide Risk Assessment (BWRA), which documents how governance and control structures mitigate key risks.

Purpose

To define how Zeyro is governed, who is responsible for regulatory and operational functions, and how decisions are made, recorded, and reviewed. This ensures that Zeyro meets its obligations under SYSC 4 (General Organisational Requirements) and Principle 3 (Management and Control).

Governance Structure

Zeyro operates a simple, proportionate governance model with clear accountability and independent oversight.

1. The Board of Directors

• Provides overall direction, control, and oversight of the business.

• Approves the firm’s policies, risk appetite, and key strategic and compliance decisions.

• Reviews the Conflicts Register, BWRA, and compliance reports at each meeting.

• Ensures all SMFs discharge their duties in line with the FCA’s expectations.

2. Board Composition and Roles

• Gareth Malna – Executive Director (SMF3), Compliance Oversight (SMF16), Money Laundering Reporting Officer (SMF17)

  • Responsible for compliance, financial-crime prevention, and overall risk management.

  • Owns and maintains all firm policies and the BWRA.

• Wayne Green – Executive Director (SMF3)

  • Oversees client relationships, operations, training, and Section 21 financial-promotion approvals.

  • Leads day-to-day management of the business.

• Giles Swan – Non-Executive Director (NED)

  • Provides independent oversight and challenge to the Board.

  • Focuses on governance effectiveness, risk appetite, and the integrity of decision-making.

  • Ensures appropriate balance between regulatory compliance and commercial development.

How this controls our risks: Embeds independent challenge and accountability at Board level, ensuring decisions are made in the firm’s long-term and regulatory interests.

3. Board Meetings and Decision-Making

• The Board meets quarterly, or more frequently where needed.

• Standing agenda items include: risk, compliance, conflicts, financial-crime controls, and client conduct.

• Minutes are maintained to record all discussions, challenges, and decisions.

How this controls our risks: Ensures transparent, documented, and collective decision-making.

Management Oversight and Reporting

• The MLRO / Compliance Officer provides quarterly reports on compliance, AML, and risk to the Board.

• The Operations Lead reports on client activity, training, and operational performance.

• The Board reviews and approves the BWRA, key risk metrics, and any FCA notifications.

How this controls our risks: Maintains a clear oversight chain linking operational control with Board accountability.

Policies and Controls

Zeyro’s policy framework is structured into suites that collectively form the internal control environment:

• Financial Crime Suite: AML/CTF, ABC, Fraud, Onboarding

• Conduct & Governance Suite: Consumer Duty, Market Abuse, Conflicts, Financial Promotions

• Operational Oversight Suite: Governance, Risk Management, Record Keeping

Each policy owner (typically the MLRO) is responsible for maintaining policy currency, coordinating training, and escalating material changes for Board approval.

How this controls our risks: Integrates compliance and governance obligations across all firm activities.

SMCR Accountability

Zeyro is classified as a Core SMCR firm.

• Each Senior Manager’s responsibilities are set out in their Statement of Responsibility (SoR).

• The firm maintains a Responsibilities Map showing key control and reporting lines.

• Certification staff (if appointed) are reviewed annually for fitness and propriety.

• Conduct Rule breaches are reported to the MLRO and notified to the FCA as required.

• The categorisation and SoRs are reviewed annually and after any structural or regulatory change.

How this controls our risks: Provides clear regulatory accountability and ensures individual responsibility is mapped and evidenced.

Governance Documentation

Zeyro maintains the following core governance records:

• Board minutes and action logs;

• Conflicts Register (reviewed at each Board meeting);

• BWRA and risk logs;

• Statements of Responsibility;

• Responsibilities Map;

• Policy Register and approval records.

These are retained for at least five years and form the evidence base for the firm’s governance effectiveness.

Review and Continuous Improvement

• The Governance Framework is reviewed annually by the Board, led by the MLRO.

• Any change in Board composition, SMF allocation, or business model triggers an interim review.

• Independent challenge from the NED ensures ongoing governance evolution and compliance integrity.

How this controls our risks: Keeps the governance model proportionate, transparent, and responsive to regulatory and business change.