Use Case · Multi-Entity Governance

One authority layer across every entity and jurisdiction.

Every legal entity in your group runs its own authority: its own signatories, its own bank mandates, its own board, its own approval limits, under its own jurisdiction's rules. Maintained separately, in spreadsheets and per-entity policies, the group has no single, real-time answer to the question every regulator and auditor asks in a different way: who can approve, sign, and commit in which entity, under which jurisdiction, and within what limits? Aptly runs one authority model across every entity, respects what is genuinely different about each, and gives the group a single, live, audit-ready view of authority everywhere.

Schedule a Discovery CallGet the Multi-Entity Authority Playbook
Aptly as one authority model across three group entities, each with its own limits and signatories, with one entity routing a decision up to its limit.
Security & compliance
SOC 2 Type II
ISO 27001
GDPR
The Gap

Each entity governs its own authority. The group can't see the whole.

A large enterprise is rarely one company. It is many separate legal entities, each its own legal person with its own board, signatories, bank mandates, and approval limits. Authority is real only at the entity level, where it flows from each entity's statute, charter, bylaws, and board resolutions, yet the group has to operate, report, and prove control as one organization. It is no surprise that in EY's 2025 governance study with the Society for Corporate Governance, the most-cited difficulty with delegation of authority was understanding roles and responsibilities given a complex organizational structure: the multi-entity problem in their own words.

Authority is maintained separately, per entity. Each legal entity keeps its own signatories, bank mandates, board, and approval limits, in its own spreadsheets and its own per-entity policy. There is no single place where the group's authority lives, so reconciling it means collecting documents from every entity and hoping they are current.

There is no single, real-time group view. Ask “who could commit more than a set amount in any entity last quarter, and who actually did,” and the answer is assembled by hand across entities, weeks after the fact. A reorganization, a new subsidiary, or a leaver moves the real authority in one entity without the group's view ever updating.

Cross-border obligations vary by entity, and must be evidenced consistently. Consolidated financial-reporting controls, group-basis prudential rules, downstream-entity accountability, and jurisdiction-specific cyber and supply-chain duties apply differently to different entities. Meeting them one entity at a time, in each jurisdiction's language, multiplies the work and leaves gaps where two entities are governed differently for the same obligation.

116

Third-Party Research

An analysis of SEC 10-K filings found the largest 100 US public companies reported a median of 116 major subsidiaries (an average of 204). Authority is real only at the entity level, yet the group must operate, report, and prove control as one. That gap between per-entity authority and the group view is what one authority model closes.

SEC Form 10-K Exhibit 21.1 analysis; Pargendler, Harvard Business Law Review, 2024.

The fix isn't a tidier set of per-entity spreadsheets. It's one authority model that respects what is different about each entity while giving the group a single, live view of all of it.

The Authority Layer

One model. Every entity. Each one different where it must be.

Aptly sits between your identity systems (Okta, Microsoft Entra ID, SailPoint) and your execution systems (SAP, Oracle, NetSuite, Workday, ServiceNow) as the system of record for who can approve, sign, and commit on behalf of the enterprise. In a multi-entity group, that means one platform holding each entity's delegation of authority (DOA), signatory lists, and approval limits, while giving the group a single, real-time view across all of them. Each entity can keep its own framework; the group sees the whole.

Because every entity's authority lives in Aptly as structured, versioned records, the group's question has a live answer rather than a per-entity reconstruction: who holds and exercises what, in which entity, under which jurisdiction, within what limits? Entity-level differences are respected, not flattened: a limit in one entity, a signatory in another, a bank mandate in a third, a jurisdiction-specific rule on a fourth, and the same model still rolls up to one view. When a decision exceeds an entity's limit, it routes to the level that holds the authority, with the escalation recorded, whether that level sits inside the entity or up at the group.

This is the operational authority layer that runs one authority model across every entity and jurisdiction, with tracked acceptance. It is not a legal-entity-records repository, a subsidiary-management database, or a per-entity signatory spreadsheet, and it is more than a register that maps, reports on, or archives who holds which authority. Entity-management platforms hold the corporate record (incorporations, registered agents, officers and directors, statutory filings, cap tables, and org charts) as a single source of truth for what each entity is. Some can even map and archive a point-in-time picture of the group's authorities. Aptly is the layer those records assume already exists and stays current: it governs what each entity is authorized to decide, sign, and commit, cascades that authority to the front line with each recipient's acceptance recorded, and keeps it live as roles, limits, and entities change, not as a snapshot that has to be re-mapped. Keep your entity-management system for the corporate record; use Aptly for the live, accepted, self-currenting authority that runs across it.

Identity systems
Who can log in
OktaMicrosoft Entra IDSailPoint
The Authority Layer
Aptly governs who can approve, sign, and commit
Delegations, limits, conditions, and signatories, versioned and evidenced.
Execution systems
Where transactions happen
SAPOracle · NetSuiteWorkday · ServiceNow
One authority layer between identity and execution, holding each entity's limits and signatories and rolling them up to a single group view.

Identity proves who you are. Your ERP moves the transaction. Aptly is the system of record for what each entity is authorized to decide, unified into one live group view.

How It Works

From per-entity authority to one group view, in four steps.

1
Model authority per entity, in one platform.
Capture each entity's delegation of authority, signatory lists, and approval limits as structured records, distinguishing the entity-level delegations that flow from statute, charter, and board resolutions from the management-level delegations that flow from policy. One platform, one model, many entities.
2
Respect entity- and jurisdiction-level differences.
Set the limits, signatories, bank mandates, conditions (RACI), and local rules that genuinely differ from entity to entity. The model bends where each entity needs it to, without becoming a separate spreadsheet for each.
3
Unify into one real-time group view, with tracked acceptance.
Authority cascades within and across entities, from the board through executive leadership to the front line, with redelegation controlled, limits that cannot exceed the issuer's own, and each recipient's acceptance recorded. The group sees who holds and exercises what, everywhere, as it changes.
4
Produce audit-ready evidence across any entity, jurisdiction, or period.
When a decision exceeds an entity's limit, it routes to the level that holds the authority, with the escalation recorded. And on demand, the group generates evidence of who was authorized, in which entity, under which jurisdiction, on any date: one export, not a per-entity scramble.

Model each entity's authority once, and the group view stays current as you run the business. Audit readiness across the group becomes a property of the system, not a per-entity scramble.

The Platform

The platform behind one authority model.

Delegation of Authority
Available
Hold each entity's authority as structured, versioned records (limits, conditions, and RACI roles), distinguishing entity-level delegations (from statute, charter, and board resolutions) from management-level delegations (from policy), so one model runs across every entity with tracked acceptance at each level.
Learn more →
Authority Hub
Available
Give the group one live view of who holds and exercises authority across every entity and connected application, kept in sync with the ERP, HRIS, and identity systems where decisions are made across 30+ connectors with multi-currency and multi-region support, with immutable action and audit logs and point-in-time recall of who was authorized in any entity on any date.
Learn more →
Signatory Management
Available
Keep authorized signatories and the bank mandates, resolutions, and powers of attorney behind them current across every entity, jurisdiction, and counterparty relationship, in sync with each entity's delegations, so who can bind a given entity always matches what was approved.
Learn more →
Decision Compass
In Preview
Built to give group GCs, company secretaries, and entity leaders instant, policy-aligned answers on who can decide or sign for a given entity and jurisdiction, checked against that entity's approved authority.
Learn more →
See one authority model run across your entities.
Schedule a Discovery Call
Frameworks

When the rules apply across the group, the authority has to as well.

Many regimes apply not entity by entity but across the group, or differently in each jurisdiction. Aptly maps your authority model to how each one reaches across your structure:

SOX / ICFR (group)

Hold one provable authorization model across every entity.

US public companies assess ICFR on a consolidated basis, so the parent's control scope reaches in-scope subsidiary processes. Authorization controls are entity-level controls that must hold consistently across every entity, and Aptly holds that model across the group with point-in-time evidence per entity.
Amended PCAOB AS 2201/AS 2101 re-center scoping on entity-level controls; effective for fiscal years beginning on or after 15 Dec 2026.
APRA CPS 511 (group)

Carry remuneration-governance accountability across the group.

APRA found groups generally apply CPS 511 on a group basis, considering roles in non-regulated subsidiaries and offshore arrangements. Board-level accountability has to hold across the group, not just the regulated entity, and Aptly holds the group's authority and its entity-level differences as one model.
Staged commencement; all other APRA-regulated entities from 1 Jan 2024.
Singapore MAS IAC

Identify accountable senior managers in each downstream entity.

MAS expects each downstream local entity and material business function to have clearly identified senior managers with allocated responsibilities, while each overseas entity still meets its own jurisdiction's requirements. Accountability is assigned across the group while obligations differ by entity.
Individual Accountability and Conduct Guidelines; five outcomes required from 10 Sep 2021.
EU NIS2

Reflect cyber-risk accountability that differs by jurisdiction.

Management bodies are personally accountable for governing cyber-risk measures, but national transposition is fragmented: the October 2024 deadline was widely missed, and obligations still differ by the jurisdiction an entity operates in. A group needs one authority model that can reflect those differences entity by entity.
Transposition ongoing and uneven (France and Spain still legislating; Netherlands expected around 1 Jul 2026); verify per jurisdiction. Subject to change.
LkSG / CSDDD

Assign due-diligence authority by group size and structure.

Supply-chain due-diligence obligations turn on group size and jurisdiction. The EU's CSDDD is final via the Omnibus I Directive (EU) 2026/470 and applies to EU companies above 5,000 employees and EUR 1.5 billion net worldwide turnover, assessed on a group basis for ultimate parents. Which group is in scope, and how accountability cascades, turns on thresholds and structure.
Dir (EU) 2026/470 in force March 2026; transpose by 26 Jul 2028; apply from 26 Jul 2029. German LkSG amendment in progress. Subject to change.
UK Code (group)

Apply the board's scheme of delegation across every entity.

Where a group reports under the UK Code, the board's schedule of matters reserved for its decision and the scheme of delegation beneath it are expected to apply across the group, including subsidiaries. Aptly carries that scheme of delegation across every entity.
UK Corporate Governance Code 2024, FRC; see the Board Governance page for the board's reserved matters.
Frameworks last verified June 2026.
See how to run one authority model across entities and jurisdictions →

You hold one authority model across the group. Each regime reads it in its own terms, so a new jurisdiction becomes a mapping exercise, not a new per-entity programme.

Proof

What one authority model across entities looks like.

Meridian Industries is a $1.2B group with three subsidiaries (Meridian Pacific, Meridian EMEA, and Meridian Capital), each with its own limits, signatories, and bank mandates, and each under its own jurisdiction's rules. When the Director of Operations at Meridian EMEA moved to execute a $4.2M, 24-month vendor master services agreement, the commitment exceeded the EMEA authority of $250K and 12 months. Under the old way of working, whether anyone caught that depended on a local spreadsheet being current and someone remembering the EMEA limit.

“Who can approve, sign, and commit in which entity, under which jurisdiction, and within what limits?”
Entity limit held automatically
EMEA's $250K, 12-month limit applied at the moment of the decision.
Routed up the entity's own chain
To the Managing Director of Meridian EMEA, then the group CFO, every step recorded (ref MER-2026-00142).
Group view stayed whole
Treasury kept bank mandates and FX authorities current across all three entities from the same platform.

One model, holding differently in each entity where it had to. Visible to the group as a single, current picture rather than three reconciled spreadsheets, and the group General Counsel could see, in one place, who was authorized to bind each entity.

Illustrative scenario based on Aptly's canonical Meridian Industries dataset. Not a real customer.
FAQ

Questions teams ask before an audit.

What is multi-entity governance, and what is multi-entity authority?
Multi-entity governance is how a group with more than one legal entity (subsidiaries, business units, regions) keeps each entity properly governed while still operating as one organization. Multi-entity authority is the part of that problem that concerns who can approve, sign, and commit in each entity: each entity has its own signatories, bank mandates, board, and approval limits, often under different jurisdictions' rules. The hard part is running one consistent authority model across all of them while giving the group a single, real-time view. Aptly is built for exactly this: it supports multiple business units, subsidiaries, currencies, and regions in one platform, with each entity keeping its own delegation of authority framework, signatory lists, and limits.
How do you manage delegation of authority across multiple entities?
Hold each entity's delegation of authority (DOA) as structured, versioned records in one platform rather than as a separate document per entity. Each entity sets its own limits, signatories, conditions, and bank mandates; the same model cascades authority from the board through to the front line within each entity, with redelegation controlled and each recipient's acceptance recorded. The group then sees one live view across every entity, and when a decision exceeds an entity's limit it routes to the level that holds the authority, with the escalation logged. That replaces the reconcile-the-spreadsheets exercise with a single source of truth that is current by design.
What's the difference between entity-level and management-level delegations?
They have different sources. Entity-level delegation is the formal allocation of legal authority that flows from a corporation's governing statute, charter, bylaws, and board resolutions down to the people who can bind the entity, and it cascades. Management-level delegation is the operational allocation of authority within the organization's own policies and approval limits, used to coordinate day-to-day work; it cannot grant authority the entity-level architecture has not already established. Conflating them is a common source of audit findings, especially across a group, because clarity about which is which has become a board-level oversight obligation. Aptly holds both, distinctly, in one model.
How do you keep signatories and bank mandates current across entities and jurisdictions?
Manage authorized signatory lists in the same system as the delegations that should produce them, scoped by entity, instrument type, and signing threshold, with the resolution or power of attorney behind each authority attached. When an entity's delegation changes, or an officer moves, the corresponding signatories and bank mandates can be reviewed and updated rather than drifting in a local file. Because the lists are governed across entities, jurisdictions, and counterparty relationships from one platform, who can sign for a given entity always matches what that entity approved, which is exactly what counterparties and banks ask you to evidence in cross-border dealings.
What's the difference between entity management software and an authority layer?
Entity-management software is a system of record for what each entity is: it holds the corporate record (incorporations, registered agents, officers and directors, statutory filings, cap tables, and org charts) and keeps each entity in good standing. Some of these tools can also map and archive a point-in-time picture of who holds which authority. An authority layer is a system of record for what each entity is authorized to decide, sign, and commit: who holds approval and signing authority, up to what limit, under what conditions, with the live cascade of that authority to the front line, each recipient's acceptance recorded, and the whole picture kept current as roles, limits, and entities change, not re-mapped after the fact. They are complementary. Most groups keep their entity-management system for corporate records and add Aptly for the live authority that runs across every entity.
Pairs With

Built to work with the rest of your authority program.

Use case

Board Governance
Carry the board's reserved matters and scheme of delegation across every entity in the group.

View use case →

Use case

Regulatory Readiness & Compliance
Produce cross-jurisdictional, audit-ready evidence of who was authorized in every entity.

View use case →

Use case

Continuous Authority Assurance
Move from a per-entity reconstruction to living evidence that authority held across the group every day.

View use case →

See one authority model run across your whole group.

Bring two or three of your entities and the authority each one holds. We'll show you the single, live, audit-ready group view Aptly produces, using your authority data.

Schedule a Discovery CallSee the platform overview →

Getting Decision Rights Right.

Learn MoreLogin
Product
Aptly OverviewDelegation of AuthoritySignatory ManagementIntegrations
Resources
BlogResource LibraryFAQsSupport CenterPricing
Company
AboutServicesTrust CenterContact
About Aptly
Aptly is transforming how organizations manage corporate authority. Its integrated suite of approval and signature authority solutions streamline operations, improve compliance and reduce risk.
SOC 2 and GDPR compliance badges representing Aptly’s enterprise security and data privacy standards.
Copyright Aptly, Inc. 2026  |  Legal  |  Terms  |  Privacy Policy