/ 3 min read / Reed Smith Client Alerts

UK audit and corporate governance reform – draft regulations

Authors

Delphine Currie,
Edmund Tyler
The UK government has published a draft set of regulations that, once in force, will impose significant new annual reporting obligations on the UK’s largest companies. The draft regulations form part of the government’s plans for far-reaching reforms to the UK’s audit and corporate governance regimes. The regulations follow on from a related consultation on changes to the UK Corporate Governance Code (Code) for listed companies launched by the Financial Reporting Council (FRC) in June this year. However, unlike the Code, the regulations will apply to all UK public and private companies that have at least 750 employees and £750 million in annual turnover. After the UK parliament has approved their final form, the regulations will apply to financial years beginning on or after 1 January 2026, or, in the case of companies quoted on the London Stock Exchange’s main market, 1 January 2025. The government has published an overview of the draft regulations and the FRC intends to consult on further guidance by the end of 2023 or early 2024.

The draft regulations

  • Scope. Once in force, the regulations will apply to public and private UK companies with a high level of employees and turnover, that is, 750 or more employees globally and annual turnover that equals or exceeds £750 million. The regulations contain further detail on the calculation of these thresholds, including for groups and banking and insurance companies. In general, a UK parent company that prepares group reports and accounts will be able to report under the regulations on behalf of the group. Separate regulations will be required to apply the new regime to UK LLPs.
  • Resilience statement. The new annual resilience statement, to be included in the company’s strategic report, must explain the steps the company is taking to build and maintain its business resilience over the short, medium and long term. For in-scope companies, the resilience statement is expected to replace equivalent reporting obligations, such as the statement of principal risks, and the going concern and viability statements that listed companies publish under the Code. Among other matters, the statement will need to cover: the company’s strategic approach to managing risk; principal business risks over the short to medium term and their management; reasons for adopting the going concern basis of accounting; the company’s prospects over the medium term (as defined by the company); the results of an annual reverse stress test; and a summary of any long-term threats to the business model or operations.
  • Distributable profits. A note to the accounts must state the company’s accumulated realised profits (or a least a minimum figure, if calculating the full amount would involve unreasonable expense or delay). This must also disclose changes in available distributable profits during the financial year, including any dividends or buybacks (and the impact of the additional net asset test, if the company is a public company). A company must also include a distribution policy statement in its directors’ report, explaining its policy on the amount and timing of dividends and buybacks over the short and medium term, and any risks or constraints to this, and disclose how the directors have implemented the policy in the last year. In the case of a UK group, only the UK parent company will be required to disclose its distributable profits in the note to its accounts. However, it will be expected to comment on the availability of distributable profits within the wider group in its distribution policy statement.
  • Material fraud statement. The directors’ report will need to provide an annual material fraud statement summarising the directors’ assessment of the risks of material fraud occurring at the company. This must also set out the main measures in place, and any new steps taken, to prevent and detect material fraud. For these purposes, material fraud is fraud on a scale or of a nature that could influence shareholder investment decisions, and includes both fraud committed by the company and fraud where the company is the victim
  • Audit and assurance policy statement. The directors’ report will need to include a triennial audit and assurance policy statement. This must describe the company’s internal audit and assurance capabilities and its plans for obtaining internal assurance over information in the annual reports and accounts over the next three years. It must also explain whether the company plans to obtain external assurance of any information in the annual reports and accounts (beyond the annual statutory audit) over the same timeframe. This must specifically address whether external assurance will cover some or all of the resilience statement and the effectiveness of the company’s internal financial reporting controls. The directors will also need to provide an annual update disclosing how the audit and assurance policy has been implemented in the year, and any updates to the policy. For listed companies subject to the Code, the FRC’s consultation proposes that the audit committee should have responsibility for developing and overseeing the audit and assurance policy statement. As requested by the government, the FRC’s consultation also considers broader amendments to the Code designed to improve the risk and internal controls frameworks of Code companies, including a requirement for an annual directors’ declaration on the effectiveness of the company’s risk management and internal controls.

As noted above, the final form of the regulations must be approved by parliament. The regulations will apply to financial years beginning on or after 1 January 2026, or, in the case of companies quoted on the London Stock Exchange’s main market, 1 January 2025. Further legislation will also be needed to establish the new regulator (ARGA) and to provide it with its new powers. These are expected to include powers to investigate breaches by the directors of in-scope companies of their corporate reporting and audit-related statutory duties, and to impose fines and other civil sanctions for non-compliance. In the meantime, companies will need to take steps to prepare for the increase in their reporting obligations and the associated liability risks for directors. The forthcoming FRC guidance on the expectations of the regulator under the new regime will play an important part in informing this process.

Client Alert 2023-185

Related Insights

Our insights