Publication
Real Estate Focus - December 2024
December has been a very busy month, with a flurry of new government policies and consultations.
United Kingdom | Publication | January 2024
On 22 January 2024, the Financial Reporting Council (FRC) published an updated UK Corporate Governance Code (2024 Code). This follows publication of a consultation paper (Consultation) in May 2023 which proposed revisions to the 2018 UK Corporate Governance Code (2018 Code), and a subsequent Policy Statement published by the FRC in November 2023 which gave an indication of the revisions to be made in the 2024 Code.
Background
The Consultation followed the UK Government's June 2022 response to the White Paper, Restoring Trust in Audit and Corporate Governance, which identified areas of the 2018 Code that could be strengthened, particularly around directors' responsibilities for internal control, risk, audit and corporate reporting. Further details of the Consultation are in our briefing Changes proposed to UK Corporate Governance Code - Potential implications for listed issuers.
However, when the Government’s previously announced plan for primary legislation to modernise the regulation of audit, corporate reporting and governance was not included in the King’s Speech 2023, the FRC’s Policy Statement noted that, following engagement with stakeholders in relation to the Consultation, the FRC had decided to take forward only a small number of the original 18 proposals in the Consultation and to stop development of the remainder.
Section 1 – Board leadership and Code purpose: Key changes
Section 3 – Composition, succession and evaluation: Key changes
Section 4 – Audit, risk and internal control: Key changes
Section 5 – Remuneration: Key changes
Effective date of 2024 Code changes
All changes apart from those relating to Provision 29 concerning the risk management and internal controls framework will come into effect for accounting periods beginning on or after 1 January 2025. This means that premium listed companies (whether UK or overseas incorporated) with a financial year end of 31 December will need to start reporting against the 2024 Code in their annual report and accounts for the year ending 31 December 2025.
In light of the new arrangements companies will have to put in place to be able to report against revised Provision 29, the effective date for reporting against that Provision is accounting periods beginning on or after 1 January 2026. Until then, Provision 29 of the 2018 Code will continue to apply.
Next steps
The FRC is proposing to publish digitally accessible guidance to accompany the 2024 Code on 29 January 2024. While not forming part of the Code, that guidance is aimed at helping boards consider how they might comply with the 2024 Code.
(FRC, UK Corporate Governance Code January 2024, 22.01.2024)
On 22 January 2024, Companies House published a further blog post about changes resulting from the Economic Crime and Corporate Transparency Act 2023 (ECCTA) that are likely to come into effect in early March 2024. This follows a previous Companies House blog post on the changes published on 3 January 2024.
Companies House is aiming to introduce the first set of changes on 4 March 2024 though the precise date depends on parliamentary timetables as secondary legislation is needed to introduce the changes.
The blog post focuses on the following changes:
New rules for registered office addresses
From 4 March 2024, companies must have an ‘appropriate address’ as their registered office. This is one where:
Companies will not be able to use a PO Box as their registered office address from 4 March 2024, though they can continue to use a third-party agent’s address if they meet the conditions for an appropriate address. Companies using a PO Box as their registered office address will need to change it by 4 March 2024.
Companies that do not have an appropriate registered office address could be struck off the register. When Companies House identify an inappropriate registered office address, they will change it to a default address held at Companies House. The company must then provide an appropriate address, with evidence of a link to that address, within 28 days. If Companies House do not receive this evidence, they will start the process to strike the company off the register.
Registered email address to be provided
From 4 March 2024, all companies will have to provide a registered email address to Companies House but that email address will not be published on the public register.
From that date, new companies will need to provide a registered email address on incorporation. Existing companies will need to provide a registered email address when they file their next confirmation statement with a statement date from 5 March 2024.
Companies will have a duty to maintain an appropriate registered email address, in the same way as their registered office address. Any company that does not do this will be committing an offence.
Statement of lawful purpose
On a new company incorporation from 4 March 2024, the subscribers will need to confirm that they are forming the company for a lawful purpose.
Companies will also need to confirm the company’s intended future activities are lawful on the annual confirmation statement from 4 March 2024.
(Companies House, Get ready for changes to UK company law, 22.01.2024)
On 23 January 2024, the Department for Science, Innovation and Technology (DSIT) published a draft Cyber Governance Code of Practice (Cyber Code) to help directors and others in organisations of all sizes shore up their organisation’s defences from cyber threats. Views on the Cyber Code are being sought.
Aimed at executive and non-executive directors and other senior leaders, the measures in the Cyber Code seek to establish cyber security issues as a key focus for businesses, putting them on an equal footing with other threats such as financial and legal issues.
A key focus of the Cyber Code, which has been designed in partnership with industry directors, cyber and governance experts and the National Cyber Security Centre (NCSC), is making sure organisations have detailed plans in place to respond to and recover from any potential cyber incidents. This plan should be regularly tested so it is as robust as possible, with a formal system for reporting incidents also in place.
Organisations are also encouraged to equip employees with adequate skills and awareness of cyber issues so they can work confidently alongside new technologies.
Views, to be submitted by 19 March 2024, are sought on three particular issues as follows:
Design of the Cyber Code
The draft Cyber Code (set out in Annex A) is presented in the form of five overarching principles with relevant actions underneath each principle. The actions are not framed in technical language and they go beyond being outcomes focused to provide a clearer expectation of directors. The aim of this is to make it easier for directors in organisations of all sizes to understand which actions they should be taking, and why, so that they can better govern cyber risk. However, the Government seeks views on whether the actions that directors should be taking to govern cyber risk are presented and explained in a way that is straightforward to understand and implement.
The Government notes that further guidance on implementation of the principles and actions in the Cyber Code is provided within the NCSC’s Cyber Security Toolkit for Boards and the two will work together to form a coherent set of guidance for boards, directors and their senior advisers. However, views are sought as to whether further guidance would help industry implement the Cyber Code effectively.
Driving uptake of use and compliance with the Cyber Code
The Cyber Code would be launched as a voluntary tool but it would support and align with a number of existing regulatory obligations. The Government plans to work closely with regulators and competent authorities, as well as broader sectoral regulators, to embed the Cyber Code in the existing regulatory landscape as and where it relates to cyber security and broader resilience.
However, views are sought on where the Cyber Code may be best placed and promoted to ensure it reaches directors and forms a core aspect of their knowledge base on risk management in a digital age, as well as on the role other bodies could play in the implementation and uptake of the Cyber Code. Views on potential barriers to implementation that should be considered are also called for.
Merits of and demands for an assurance process against the Cyber Code
To drive uptake, the Government is also seeking views on the benefits and risks of implementing either a self or independently assessed assurance process against the Cyber Code. Views are sought on potential demand for an assurance mechanism to support the implementation of the Cyber Code, who might find value in an independently assured ‘badge’ and for what market communication and transparency purposes it would be used. Equally, view are sought on associated risks of assuring cyber governance.
(DSIT, Draft Cyber Governance Code of Practice – Call for views, 23.01.2024)
Publication
December has been a very busy month, with a flurry of new government policies and consultations.
Publication
On 13 December 2024 the Financial Conduct Authority (FCA) published Primary Market Bulletin 53 (PMB 53) which includes confirmation of the final form of two new, and one amended, sponsor-related technical notes previously consulted on in PMB 50, and a consultation on various proposed changes to the technical and procedural notes in the FCA’s knowledge base.
Publication
The Regulator has provided a link to its dashboard webinar held on November 26, 2024, which it urges scheme trustees to watch. The Money and Pensions Service also collaborated with the Pensions Dashboard Programme to host a “town hall” dashboard event on December 2, 2024.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023