The modern company secretary toolkit: What today's governance teams need beyond entity management software
Company secretaries are evolving from compliance administrators to strategic governance leaders. However, even with improved entity management software, a key gap remains: managing authority to act on the organisation’s behalf.
Contents
- Entity management software doesn't manage authorised signatory authority
- Why traditional entity management software falls short on governance
- The real cost of manual authorised signatory management
- What modern company secretary teams actually need for authorised signatory management
- How digital authorised signatory management transforms CoSec operations
- Building your future-ready CoSec technology stack: Beyond entity management software
- The path forward: 5 actions for CoSec leaders on authorised signatory governance
- Matching governance tools to responsibility: Entity management software + authorised signatory management
The company secretarial function has evolved significantly over the past decade. Once seen as a back-office compliance role, it is now recognised as a core governance pillar responsible for transparency, auditability, and organisational clarity.
Despite this progress, the majority of organisations still use spreadsheets, Word documents, or SharePoint folders to track authorised signatories responsible for legally binding the organisation through contracts, payments, and transactions.
This approach is inefficient and poses a significant governance risk.
Entity management software doesn't manage authorised signatory authority
Traditional entity management software excels at tracking corporate structures, filing deadlines, statutory registers, and compliance calendars. These platforms have become indispensable for CoSec teams managing complex multi-jurisdictional entities.
However, these systems do not manage distributed authority across functions.
Who can sign bank mandates? Which directors are authorised for specific subsidiaries? Who has trading authority on investment accounts? When someone leaves the organisation, how quickly are their signing rights revoked across all systems?
These questions are central to corporate governance, yet most organisations rely on static documents that quickly become outdated.
Why traditional entity management software falls short on governance
The challenges facing corporate secretarial and legal operations teams are now structural and technological, rather than issues of awareness or intent.
Recent research commissioned by Thomson Reuters and conducted by Forrester (2025) highlights that fragmented, poorly designed legal technology stacks are now among the most significant barriers to operational efficiency.
More than 52% of corporate legal teams cite disconnected or disparate systems as a primary challenge, while 51% report that overlapping tools actively disrupt workflows rather than improve them. A further 45% point to poor usability, indicating that many legal platforms fail at the execution layer where governance work actually happens.
This disconnect between technology adoption and operational value is echoed in Gartner’s September 2024 survey of legal departments. Gartner found that most legal teams are not realising the expected benefits from their technology investments, with only 23% demonstrating high digital readiness. This gap strongly correlates with dissatisfaction, under-utilisation, and tools that fail to support evolving regulatory and governance requirements in practice.
Although entity management software is widely adopted, its scope remains limited.
Most traditional entity management platforms are designed to handle:
✓ Corporate structure visualisation
✓ Compliance calendars and filing deadlines
✓ Statutory registers
✓ Document storage and retrieval
✓ Basic entity records
What they consistently fail to support is the operational reality of authority and delegation:
✗ Real-time authorised signatory and mandate management
✗ Automated, auditable records of authority changes
✗ Clear visibility into who can sign what, for which entity, and within which limits
✗ Integration with banks, counterparties, and internal stakeholders for mandate verification
✗ Tamper-proof records of delegated authorities over time
As a result, corporate secretarial and governance teams manage signatory risk through manual processes, spreadsheets, email trails, and fragmented systems, lacking the infrastructure required for accuracy, auditability, or real-time control.
The issue is not a lack of tools but a lack of infrastructure designed for modern governance workflows.
The real cost of manual authorised signatory management
Manual signatory management creates significant operational, financial, and compliance risks for organisations managing multiple entities, bank mandates, and delegated authorities.
Tracking authorised signatories through spreadsheets, email approvals, and static documents inevitably leads to errors and delays, especially in regulated environments.
These are the typical ways those risks materialise.
Operational inefficiency in signatory management
Manual signatory management turns governance into a coordination exercise.
Common operational impacts include:
Slow updates to authorised signatory lists, especially following joiners, movers, and leavers
Email-based approval workflows that delay time-critical transactions
Fragmented records spread across Word files, Excel spreadsheets, and inboxes
High administrative overhead, diverting governance teams from strategic oversight
In complex organisations, updating signatory lists across multiple entities often takes days or weeks rather than hours, creating friction in banking, treasury, and transactional workflows.
Fraud and financial risk from outdated signatory records
Outdated signatory information is a known contributor to mandate fraud and unauthorised payment activity.
When internal authority records are not updated in real time or cannot be easily verified by banks and counterparties, gaps emerge between who should have authority and who appears to have it.
Typical risk scenarios include:
Former employees retaining signing authority after departure
Mandate changes processed using outdated documentation
Banks relying on static signatory lists without real-time verification
These gaps create opportunities for misuse before discrepancies are identified.
Audit and compliance exposure in signatory governance
Manual signatory management also undermines audit readiness.
Organisations frequently struggle to produce a complete and reliable record showing:
When signing authority was granted or revoked
Who approved the change
What documentation supported the decision
Which limits applied at the time
Without a structured audit trail, organisations find it increasingly difficult to demonstrate effective governance during internal audits, regulatory reviews, or investigations, especially in financial services and other regulated sectors.
Why do signatory governance failures escalate quickly
Signatory management sits at the intersection of governance, finance, and operations.
When visibility is limited, small control gaps can quickly compound.
Authority changes lag operational reality.
Verification relies on trust rather than evidence.
Oversight becomes reactive rather than preventative.
This is why signatory failures rarely occur in isolation. They often surface alongside broader governance breakdowns.
Governance lesson: The Steinhoff case
The Steinhoff International accounting scandal highlights how governance failures intensify when oversight and visibility are weak.
Operating within a complex organisational structure, the absence of timely insight into operational authority contributed to wider control failures.
The lesson is clear: effective governance requires continuous visibility into delegated authority, not just formal policies or board structures.
What modern company secretary teams actually need for authorised signatory management
The role of the company secretary has changed. Governance teams are no longer simply maintaining records in the background; they are expected to support faster decision-making, operate in real time, and provide confidence to boards, regulators, banks, and counterparties.
This shift means the CoSec toolkit must extend well beyond traditional entity management. In practice, modern teams require six key capabilities to perform effectively.
Clear, real-time visibility over authority
In critical moments such as a funding drawdown, a bank mandate change, or a time-sensitive transaction, there must be no ambiguity about who is authorised to sign.
Modern teams need a single, real-time view of signing authority across entities, jurisdictions, and roles. They require up-to-date information, not static lists or outdated documents, to support timely decision-making.
This need is even greater as governance becomes increasingly digital. As more directors use AI to support board work and meeting preparation, governance teams must operate with the same expectation of current, trusted data.
Audit trails that stand up to scrutiny
Good governance is not only about having the right controls in place; it is also about being able to demonstrate them.
This requires clear, tamper-proof records showing when the signing authority changed, who approved it, and what evidence supported the decision. A complete audit trail should exist by default, not be reconstructed under pressure.
As regulatory expectations rise and governance assumes a greater role in ESG reporting, the ability to demonstrate strong “G” controls is now essential.
Workflows that reflect how organisations actually change
Authority changes rarely occur in isolation. People join, leave, change roles, and teams restructure, often rapidly.
Modern CoSec teams need systems that manage these changes seamlessly, without manual updates across multiple documents, email chains, or approval loops. Role-based workflows ensure authority is updated once, accurately, and reflected wherever necessary.
Without this, governance teams spend hours each week on manual reporting and reconciliation, time that would be better used managing risk and advising the business.
Shared visibility across the business
Signatory authority is not solely a legal concern. It affects treasury, finance, risk, compliance, and operations, often simultaneously.
Modern governance infrastructure must support this reality by providing the right teams with access to a single, trusted source of truth. When everyone works from consistent data, decisions are made faster and with greater confidence.
Research shows that when treasury and governance teams are closely aligned with senior leadership, they are more likely to be involved in major strategic and technology decisions. Shared visibility enables this alignment.
Direct connectivity with banks and counterparties
Manually submitting signatory lists to banks and auditors is increasingly misaligned with current financial operations.
Modern teams need the ability to share verified signatory data directly with external parties, securely and consistently, without having to repeatedly recreate the same information in different formats.
As treasury operations move toward real-time, continuous processing, governance infrastructure must keep pace. Static documents and batch updates will not suffice as banking cut-off times disappear.
Security that matches the sensitivity of the data
Signatory information is high-risk data. It defines who can move money, commit to the organisation, and execute transactions.
Modern systems must support granular access controls, ensuring that only authorised users can view or modify authority data, with full visibility into who accessed what and when.
As most organisations strengthen their cybersecurity posture and fraud becomes more sophisticated, protecting signatory data is no longer a technical detail. It is a core governance responsibility.
How digital authorised signatory management transforms CoSec operations
Leading organisations recognise that signatory management is a strategic governance control with direct impact on the following areas:
Fraud prevention: Reducing exposure to unauthorised transactions
Regulatory compliance: Meeting AML, MiFID II, and corporate governance code requirements
Operational efficiency: Eliminating delays in time-sensitive transactions
Audit readiness: Providing instant, complete documentation for internal and external audits
ESG performance: Supporting the "G" (governance) pillar with measurable, transparent controls
Real life case study: Network Rail authorised signatory management transformation
Network Rail, the UK's government-owned rail infrastructure operator, was struggling with a slow, manual approach to signatory management. Treasury and governance teams were relying on spreadsheets and paper-based processes to manage signing authority across multiple jurisdictions, including the UK, UAE, Canada, and Australia. Updating signatory lists could take up to four weeks, creating audit trail gaps, version-control issues, and unnecessary fraud risk during the lag between personnel changes and formal updates. With more than 15 signatory changes per day globally, the process was consuming significant administrative effort and making it harder to demonstrate compliance to banks and auditors.
To address this, Network Rail replaced its spreadsheet-based approach with Cygnetise's digital signatory management platform. The new system introduced tamper-proof, verified audit trails, real-time updates shared instantly with banks and counterparties, and strong security controls, including SSO and two-factor authentication. As a result, signatory updates that previously took weeks could be completed in a single morning, delivering a 95% reduction in maintenance time while processing daily changes securely at scale. The platform provided a single, bank-approved source of truth across jurisdictions, strengthened governance and compliance, and significantly reduced operational and fraud risk.
Why this matters for CoSec teams managing governance
Network Rail's experience demonstrates that digital signatory management is not only about efficiency but also about fundamentally enhancing governance capability.
The transformation enabled Network Rail's governance and treasury teams to:
Operate strategically rather than spending time on manual administration.
Demonstrate robust controls to auditors, regulators, and banking partners.
Reduce fraud exposure by revoking authorities in real time.
Scale operations without scaling administrative overhead.
Meet ESG governance standards with transparent, auditable processes.
This is the governance infrastructure modern CoSec teams require: purpose-built, secure, and capable of supporting global operations at scale.
Building your future-ready CoSec technology stack: Beyond entity management software
The most effective governance teams are developing layered technology stacks that integrate complementary capabilities.
| Layer | Category | Primary Purpose | Typical Capabilities | Leading Solutions |
|---|---|---|---|---|
| Layer 1 | Entity Management Systems | Corporate structure visibility and statutory compliance | Corporate structure visualisation, compliance calendars, statutory register maintenance, entity records | Diligent Entities, Blueprint OneWorld, Corporatek |
| Layer 2 | Digital Signatory Management Platforms | Authority governance, verification, and auditability | Secure signatory repository, real-time updates, automated distribution, API connectivity with banks and counterparties, regulator-ready audit trails | Cygnetise (purpose-built for authorised signatory and mandate management) |
| Layer 3 | E-signature Tools | Document execution workflows | Digital signing, workflow routing, execution tracking | DocuSign, Adobe Sign |
| Layer 4 | Board Portal Software | Board and director communications | Meeting management, board packs, secure director collaboration | Diligent Boards, BoardEffect, Nasdaq Boardvantage |
Note: Authorised signatory management is not a feature of entity management software. It is a distinct governance discipline that requires dedicated, purpose-built infrastructure, particularly where banking, audit, and regulatory verification are involved.
The path forward: 5 actions for CoSec leaders on authorised signatory governance
1. Audit your Signatory Management Process
Map out how signatory data flows through your organisation. Where are the bottlenecks? Where are the risks? How much time is consumed by manual processes?
2. Calculate the true cost
Factor in staff hours, fraud risk exposure, audit findings, and opportunity cost of delayed transactions. Most organisations underestimate the total impact by 50% or more. Take our signatory risk scorecard to evaluate your level of risk.
3. Build the business case
Frame digital signatory management as a strategic governance investment, not an IT project. Highlight risk reduction, efficiency gains, audit readiness, and ESG contributions.
4. Engage cross-functional stakeholders
Involve treasury, legal, compliance, risk, and operations early. Digital signatory management delivers value across all these functions, and its support strengthens the business case.
5. Pilot purpose-built technology
Avoid adapting signatory management to existing systems. Evaluate solutions specifically designed for this discipline, with proven results at organisations similar to yours.
Matching governance tools to responsibility: Entity management software + authorised signatory management
Company secretaries are no longer back-office administrators. They are governance strategists, risk managers, and operational leaders navigating an increasingly complex regulatory and technological landscape. The technology supporting this function must align with this evolution.
Cygnetise enhances the modern CoSec toolkit by centralising signatory authority, automating audit trails, and providing cross-functional visibility, eliminating reliance on spreadsheets. Trusted by global leaders such as Vistra, Maples Group, Bacardi, and EFG, Cygnetise is the category leader in digital authorised signatory management.
The key question for CoSec teams is not whether to digitise signatory governance, but how quickly they can address this critical gap before inefficiency, risk, or regulatory pressure requires action.
The future of corporate governance is digital, transparent, and real-time. Is your toolkit ready?
Want to learn more about Cygnetise? Request a free demo below and one of our team will get in touch with you right away!
FAQ: Entity Management Software + Authorised Signatory Management
-
Entity management software is a digital platform designed to help corporate secretarial and legal teams manage corporate structures, track filing deadlines, maintain statutory registers, and ensure compliance across multiple entities and jurisdictions. These systems provide visualisation of corporate hierarchies, automated compliance calendars, document storage, and entity records management. Leading solutions include Diligent Entities, Blueprint OneWorld, and Corporatek.
-
While entity management software excels at tracking corporate structures and compliance deadlines, it has key limitations in operational governance. Most platforms don't manage who has authority to sign on behalf of the organisation, can't provide real-time updates to banks and counterparties, lack integration with banking systems for mandate verification, don't generate tamper-proof audit trails for authority changes, and can't automate workflows when personnel changes occur. This creates a gap between entity records and operational authority.
-
Most entity management software can store static signatory lists as documents or data fields, but this is fundamentally different from active signatory management. Static records become outdated quickly and don't support real-time verification, automated distribution to banks, audit trails showing when authority changed, or integration with HR systems for offboarding. As a result, even organisations with sophisticated entity management platforms typically manage signatories separately through spreadsheets and manual processes.
-
Entity management software forms the foundation layer of the modern CoSec technology stack, handling corporate structure visibility and statutory compliance. However, effective governance requires a layered approach: entity management software for corporate structures and compliance calendars, digital signatory management platforms for authority governance and bank mandate distribution, e-signature tools for document execution workflows, and board portal software for director communications. Each layer addresses distinct governance needs that entity management software alone cannot fulfill.
-
Even with entity management software in place, most organisations use spreadsheets to track information that changes frequently and requires real-time sharing, particularly authorised signatory data. This happens because entity management software wasn't designed for operational workflows that involve multiple stakeholders (treasury, legal, compliance, banks) who need instant access to current authority information. Spreadsheets create governance risks, but they persist because entity management platforms don't bridge this gap.
-
When evaluating entity management software, CoSec teams should assess: corporate structure visualisation capabilities across complex hierarchies, compliance calendar automation and filing deadline tracking, statutory register maintenance and document management, multi-jurisdiction support and local regulatory compliance, integration capabilities with other governance systems, and user access controls and security features. However, teams should also recognise what entity management software doesn't cover, particularly operational authority management, and plan for complementary solutions.
-
Entity management focuses on corporate structures, tracking subsidiaries, maintaining registers, managing filings, and ensuring statutory compliance. Signatory management focuses on operational authority, tracking who can legally bind the organisation, verifying authority with banks and counterparties, managing mandate changes, and providing audit trails for delegated permissions. While related, they serve different governance functions. Entity management software handles the former; purpose-built platforms handle the latter. Modern CoSec teams need both.