/ 2 min read / Reed Smith Client Alerts

UK audit and corporate governance reform – UK Corporate Governance Code consultation

Authors

Delphine Currie,
Edmund Tyler
The Financial Reporting Council (FRC), the UK corporate governance, audit and reporting authority, has published a consultation on changes to the UK Corporate Governance Code (Code). The consultation includes aspects of the Code that the government invited the FRC to strengthen in its proposals for far-reaching reforms to the UK’s audit and corporate governance regimes, announced in 2022. These aspects focus on a company’s risk management and internal control framework, the proposed new Audit and Assurance Policy and malus/clawback arrangements, together with associated reporting obligations. The consultation also proposes consequential changes to the Code as a result of the FRC’s new Minimum Standard for Audit Committees and the External Audit. Additionally, the FRC intends to make revisions reflecting board and audit committee responsibilities for sustainability and ESG reporting, to improve the functioning of the ‘comply or explain’ regime and to make a number of other changes to the detail of the Code where the FRC’s research indicates reporting is weaker. The consultation follows on from the FRC’s 2022 position paper in which it set out how it would support the government’s reforms as it transitions into the UK’s new Audit, Reporting and Governance Authority (ARGA).

Proposed changes

The key changes the FRC proposes include:

  • Risk management and internal controls. The FRC intends to make a number of significant changes in this area of the Code. In particular, as requested by the government, these are designed to strengthen board accountability for the effectiveness of a company’s risk and internal controls framework by confirming the board has put in place and maintains effective systems that deliver the company’s expected outcomes. The FRC proposes that a company’s board should make an annual declaration of whether it can reasonably conclude that the company's risk management and internal control systems have been effective throughout the reporting period and up to the date of the annual report. The board should also explain and provide disclosures on the basis for this declaration, and any material weaknesses or failures identified. As envisaged by the government’s revised proposals, the Code will not require companies to obtain external assurance on this statement. Instead, this will be a matter for companies to determine when drawing up their new triennial Audit and Assurance Policy (AAP). However, the FRC intends to publish a revised version of its Guidance on Risk Management, Internal Control and Related Financial and Business Reporting, which is expected to set out the circumstances when external assurance of internal control statements would be appropriate.
  • Audit and Assurance Policy. Under the government’s proposed changes to the law, so-called 750:750 PIEs (public interest entities, including private companies and LLPs, with at least 750 employees globally and an annual turnover of £750 million or more) will be required to publish a triennial AAP and an annual implementation report on their AAP. Among other things, the policy would need to address the company’s internal auditing and assurance arrangements, its policy on the tendering for external audit and non-audit services and its approach to seeking external assurance on the information reported to shareholders, including in relation to the company’s internal controls and the new Resilience Statements that the government intends to require 750:750 PIEs to publish. To ensure consistent and comparable reporting between Code companies, the FRC proposes that other companies applying the Code that are not 750:750 PIEs should also consider publishing an AAP, on a ‘comply or explain’ basis. For Code companies, the FRC envisages that audit committees should have responsibility for developing and overseeing the AAP and taking the lead on engaging with shareholders and other stakeholders in relation to the AAP.
  • Going concern and viability statements. Although the new Resilience Statements that the government intends to require 750:750 PIEs to publish are expected to cover much of the same ground as the going concern and viability statements that the Code currently requires, the FRC proposes to retain amended versions of these provisions in the Code in order to achieve a degree of reporting consistency for all companies applying the Code, whether or not they are 750:750 PIEs.
  • Audit Committees and the External Audit: Minimum Standard. In May 2023 the FRC published a new standard for audit committees of FTSE 350 companies (Standard), reflecting the government’s intention (as recommended by the Competition and Markets Authority) that the regulator have oversight of the work of the audit committees of FTSE 350 companies in relation to the external audit. For the time being the FRC has said that compliance with the Standard is voluntary, ahead of the anticipated legislation to make it mandatory. However, as many of the areas covered by the Standard already form part of existing legislation or the Code, the FRC proposes to change the Code so that all Code companies (on a ‘comply or explain’ basis, if they are outside the FTSE 350) are brought within the scope of the Standard, and to remove areas of duplication within the current Code.
  • Malus and clawback. As requested by the government, the FRC is consulting on amending the Code to provide greater transparency around malus and clawback arrangements that enable the company to recover or withhold directors’ pay and share awards where there has been wrongdoing by directors. The FRC proposes that director contracts and other documents covering director remuneration should include malus and clawback provisions, and set out the circumstances in which these would apply. The annual remuneration report should include specific disclosures on these provisions, including their use in the last reporting period and over the previous five years.
  • Sustainability and ESG. Several of the proposed changes to the Code are intended to reflect the wider responsibilities of the board and audit committee for environmental, social and governance (ESG) matters, and related reporting. In particular, the FRC expects a company to report on the sustainability of its business model and how environmental and social matters are taken into account in the delivery of its strategy, including its climate ambitions and transition planning. Remuneration outcomes should also be aligned to ESG objectives, as well as company performance, purpose and other values. The FRC intends to give audit committees more responsibility in this area, as it considers their experience in setting policies and frameworks best positions them to oversee ESG disclosures, controls, processes and assurance.
  • Other changes. In areas where the FRC’s research indicates reporting is weaker, it proposes adapting existing Code provisions, and including a new principle emphasising that reporting should demonstrate the outcomes of governance activities where possible. A number of other changes to the detail of the Code are suggested, including those relating to succession planning (with a renewed emphasis on diversity and inclusion), annual performance reviews, remuneration reporting, disclosures on directors’ external appointments and shareholder engagement.

The FRC seeks feedback on its proposals by 13 September. As noted above, the FRC also plans to publish revised versions of its guidance to reflect the amended Code in due course. The FRC intends to apply the revised Code for financial reporting years beginning on or after 1 January 2025, to allow sufficient time for implementation. Additional time will also be required for the government’s related reforms to progress through parliament and become law.

Client Alert 2023-131

Related Insights

Our insights