Cabinet Office: Call for Evidence – National Security and Investment Act 2021

On 13 November 2023, the Cabinet Office published a Call for Evidence in relation to the National Security and Investment Act 2021 (NSI Act). With the Call for Evidence there is a survey link that can be used to submit responses.

Respondents to the Call for Evidence are asked to share their views on how the NSI Act system can be even more business friendly while maintaining and refining the essential protections needed to protect national security. In particular, views are sought on:

  • The impact of the system on businesses and investors, and their experience interacting with the process;
  • Whether the scope and requirements of the system are proportionate and effective; and
  • How well stakeholders understand the NSI system, how it is likely to be used, and what national security risks may be posed by investments.

This Call for Evidence will be used to:

  • Inform the review of the National Security and Investment Act 2021 (Notifiable Acquisition) (Specification of Qualifying Entities) Regulations 2021 (the ‘Notifiable Acquisition Regulations’, which set out the 17 sensitive areas of the economy subject to mandatory notification requirements) and the NSIA post-implementation review;
  • Hone the scope, in particular of the mandatory notification requirements, to continue to ensure the Government does not need to be notified of the large majority of deals that pose no national security risk while making sure it is notified of those deals that do warrant consideration under the NSI Act;
  • Improve NSI notification and assessment processes to minimise business burdens as far as possible, without compromising Government’s ability to conduct proper scrutiny; and
  • Develop the Government’s public guidance and communications on how the NSI Act works and where the Government tends to see risk arising.

Depending on responses, there may be more detailed consultation on specific measures or legislative changes, but the Cabinet Office is not currently considering changes that would require primary legislation.

Responses are requested by 15 January 2024.

(Cabinet Office, Call for Evidence – National Security and Investment Act 2021, 13.11.2023)

FRC: Review of Corporate Governance Reporting

On 16 December 2023, the Financial Reporting Council (FRC) published their latest annual review of the reporting of 100 premium listed companies who are required under the Listing Rules to follow the UK Corporate Governance Code (Code). The aim of the review is to give an overview of the reporting that the FRC has assessed, highlight good practice, trends over time, and explain where practices and reporting fall short, and need improvement.

The review looks at particular disclosures in some detail, providing examples of good reporting practice. In general terms, key findings include the following:

Application of the Code’s Principles within compliance statements

The FRC notes that whilst there have been improvements in how companies report on their application of the Code Principles, companies need to move away from a formulaic Principle by Principle approach which adds to the length of the annual report and contains little company-specific information, and instead companies should report clearly and concisely on how application of the Principles has made a difference to actions taken by their board.

Compliance with the Code’s Provisions

In an improvement from previous years, the FRC found that a majority of companies either clearly stated full compliance or set out what Provision(s) they depart from. However, it points out that some companies are still not offering clear reporting on compliance, with vague statements still being employed, such as ‘the company has complied with all the Provisions of the Code except as specifically identified in this report’. The FRC points out that a company’s compliance statement should clearly set out which Provisions they have not complied with and when companies do depart from a Provision, they should still demonstrate through clear explanations that they are applying the Principles.

In addition, simply stating the timeline for achieving compliance with a Provision is not enough. Companies must also say why their alternative arrangements delivered benefits to the company and its shareholders.

Reporting on the assessment of risk and the quality of internal controls

The FRC comments that despite this being an area of focus and debate, the review finds that there has been little year-on-year improvement in the quality of reporting in this area, with some companies reporting very well but the majority not doing so, and failing to demonstrate that sufficiently robust systems, governance and oversight are operating effectively. When explaining the processes for reviewing the effectiveness of the systems, the FRC points out that companies do not need to provide extensive reporting but should be specific and concise about the board’s actions.

Workforce and stakeholder engagement

The FRC comments that focus on workforce engagement is commendable, with the best reporters showing the beneficial impacts arising when companies broaden their engagement to include culture, purpose and values. Stakeholder engagement reporting also continues to improve, and the FRC would like to see companies build on this by reflecting on the feedback received and its impact on board decisions. The report does state that reporting on stakeholder engagement is often formulaic and missing specific examples that help companies to demonstrate how they have considered the interests of stakeholders as set out in section 172 Companies Act 2006.

Reporting on culture

The FRC notes that reporting on culture is evolving and that good reporting focuses on setting out both the practice and policy along with objectives and progress towards milestones. This includes reporting on what activities helped to achieve the outcome. Too often culture-related disclosures in the governance report repeat what can be found in the strategic report or wording from the Code.

Climate reporting

The report states that reporting in this area is improving. The FRC reminds companies that a good statement of consistency with the Task Force on Climate-related Financial Disclosures (TCFD) framework clearly explains a company’s level of consistency with the TCFD recommendations and recommended disclosures, states any areas where they are not yet compliant, and avoids vague statements. Many companies provided a table including a key to show the areas in which they are compliant or partially compliant with the TCFD recommendations.

Diversity reporting

The report notes that, overall, companies have improved in disclosing certain aspects of diversity reporting within their annual reports. However, the FRC believes more can be done by companies to ensure that there is a link between company and diversity strategy. Companies should define their business strategy clearly and link this to their diversity objectives.

Remuneration reporting

While the report notes that the quality of reporting in this area is improving, the FRC comments that companies should look to provide specific explanations and directly refer to their corporate purpose and values when discussing their executive remuneration arrangements. Most statements of remuneration arrangements fail to explain how the framework is designed to align with purpose and values, and what the benefits are.

Cyber and information technology

While the FRC notes that the Code does not require this specifically to be reported on, it was encouraged that most companies in the sample outlined the risks, opportunities and medium to long-term importance of cyber security to their business and market. Among other comments, the FRC states that boards should be comfortable understanding cyber risks within the organisation and how they are managed. In addition, boards should have a clear view of the responsible development and use of Artificial Intelligence (AI) within the company and the governance around it. Boards should consider the potential of AI as well as risks – including risks to people and wider society. This requires boards to increase their knowledge on AI, whether it be through training or tapping into management and external expertise.

(FRC, Review of Corporate Governance Reporting, 16.11.2023)

(FRC, Strides made in corporate governance reporting but more work needed to meet stakeholder expectations, 16.11.2023)

QCA Corporate Governance Code Updated

The Quoted Companies Alliance (QCA) published an updated version of its Corporate Governance Code (QCA Code 2023) on 13 November 2023. The previous version was published in 2018. The QCA Code 2023 applies to financial years beginning on or after 1 April 2024, so the first disclosures under it will appear in 2025. There will be a 12-month transitional period so that companies applying the QCA Code 2023 have time to focus on their explanations as to their application of the principles in it while they become accustomed to the new reporting requirements.

The QCA Code 2023 continues to be constructed around ten principles and related disclosures and while recommended locations for each disclosure have been specified, it is noted that a company should decide for itself the best location for its disclosures, with both its shareholders and accessibility in mind.
Changes in the QCA Code 2023 include the following:

  • Demonstrating good corporate governance – In this section, the QCA Code 2023 points out that where there are divergences from ‘best’ practice that are a result of point-in-time circumstances, it is preferable, where possible to do so, for companies to signal clearly when a return to prior arrangements is expected to occur.
  • Chair’s corporate governance statement – Section 3 of the QCA Code 2023 continues to include guidance on the content of the chair’s explanation of how the company applies the QCA Code 2023, but there is additional guidance as follows:
    • Describes how the company’s governance arrangements are aligned with and are supportive of the company’s stated business purpose.
    • Describes the outcomes of key governance-related developments that have occurred during the year (whether positive or negative).
    • Explains how the company’s approach to governance ensures the continued effective operation of the board, its committees and their oversight.
    • Details how the board has evolved its governance arrangements and practices in response to the growth in the company; developments in regulatory requirements/standards; shareholder expectations; and updates to good/best practice guidance.
  • Principle 1: Establish a purpose, strategy and business model which promotes long-term value for shareholders – There is more guidance on the application of this principle, including that a company’s purpose is its essential reason for being and its strategy and business model; should ‘fall out of this’. If disclosures relating to purpose, strategy and business model have been included elsewhere in the annual report, companies can cross-refer to those disclosures in their strategic report.
  • Principle 2: Promote a corporate culture that is based on ethical values and behaviours – This was previously principle 8 in the 2018 QCA Code, and while the wording of the application of the principle is broadly similar in the QCA Code 2023, more disclosure is now required. This includes how the tone from the top (board, chief executive, and senior management) is supportive of this culture, how the board assesses and monitors corporate culture and how any actions which notably deviated from what is expected were addressed.
  • Principle 3: Seek to understand and meet shareholder needs and expectations - This was previously principle 2 in the 2018 QCA Code, but additional disclosure is required. Companies should provide appropriate quantitative and qualitative reporting of a company’s environmental and social matters to meet investor needs and expectations. Extra guidance on application is also included as follows:
    • Where not already required, companies with a controlling shareholder (for example, an investor controlling 30% or more of the votes able to be cast at a general meeting of the company) should consider putting in place arrangements to protect minority shareholders which may include a relationship agreement or other measures.
    • The board should ensure proactive engagement with shareholders on governance matters. This should be led by the chair or, where appropriate, the Senior Independent Director. Other directors, such as the chairs of the board’s sub-committees, should also make themselves available for engagement with shareholders.
  • Principle 4: Take into account wider stakeholder interests, including social and environmental responsibilities, and their implications for long-term success – Previously principle 3 in the 2018 QCA Code, reference to ‘environmental’ responsibilities is new and there are extra annual report and website disclosures recommended. As far as the annual report is concerned, companies should describe the environmental and social issues that the board has identified as being material to the company with reference to its purpose, strategy, and business model. They should also set out any relevant associated KPIs that are used for tracking performance on such matters and, where relevant, key forward-looking targets that have been established. There is further new guidance on application as follows:
    • The company should devote particular attention to its workforce and ensure that its practices towards its employees (direct and indirect) are consistent with the company’s values. Arrangements should be in place to enable employees to raise concerns in confidence and processes to ensure that such matters are considered and where appropriate actions are taken.
    • The governance and appropriate oversight of a company’s approach towards relevant environmental and social issues is a responsibility of the board. Matters that relate to the company’s impact on society, the communities within which it operates, or the environment – including those relating to or stemming from climate change – have the potential to affect the company’s ability to deliver shareholder value over the medium to long-term. These matters must be integrated into the company’s strategy, risk management and business model. It is noted that the QCA Practical Guide to ESG can assist companies in this regard.
  • Principle 5: Embed effective risk management, internal controls and assurance activities, considering both opportunities and threats, throughout the organisation – Based on principle 4 in the 2018 QCA Code, but it includes more guidance on application and requires more disclosures in the annual report. In terms of application, among other things, the company should ensure that a balanced view of risk is achieved, and, as well as threats should consider opportunities and the potential for value creation, the board should ensure that all potential risks are considered, on a proportionate and material basis, including those relating to climate change, and the board should review and consider whether the company’s enterprise-wide internal controls are sufficiently robust to manage the identified risks adequately. Among the new disclosure requirements, companies should explain their governance around climate-related risks and opportunities; the process for identifying, assessing and managing climate-related risks and how these processes are integrated into the company’s overall risk management framework.
  • Principle 6: Establish and maintain the board as a well-functioning, balanced team led by the chair – This principle includes some of what was in principles 5 and 6 in the 2018 QCA Code as well as aspects of Section 4 of that Code. There is more guidance on the application of the principle, including on the question of independence, and there is new guidance on the need for boards to consider diversity in relation to the board to avoid group think. It states that consideration should be given to factors such as socio-economic backgrounds, nationality, educational attainment, gender, ethnicity and age. Boards should assess how their collective and individual perspectives add to board discussions and ensure there is sufficiently wide-ranging and business relevant input, to deliver the best decision-making process in the context of the company’s business model, geographic footprint and forward-looking strategy.
  • Principle 7: Maintain appropriate governance structures and ensure that individually and collectively the directors have the necessary up to date experience, skills and capabilities – This is an expanded version of principle 9 in the 2018 QCA Code, but with increased explanations as to its application and annual report disclosures specified, as well as website disclosures. Among other things, the guidance now states that the board should ensure that it has the necessary skills and experience to fulfil its governance responsibilities, including among other things with respect to cyber security, emerging technologies, and relevant sustainability matters such as climate change. The board should also consider any need to establish further dedicated sub-committees and, where appropriate, seek input from external advisers on such matters.
  • Principle 8: Evaluate board performance based on clear and relevant objectives, seeking continuous improvement – This was principle 7 in the 2018 QCA Code, but the application guidance now states, among other things, that the board performance review should be carried out on an annual basis and include opportunities for improvement with respect to the performance of the chair, and the operation of the board and its committees. The review should identify development or mentoring needs of individual directors and/or the wider senior management team. It also states that while the annual review can be carried out internally it should, ideally, be supplemented periodically by an external independent third-party review, and there is guidance on succession planning. Increased expectations as to annual report disclosures include that an outline description of the succession planning process including any indicative timelines for expected appointments (to the extent practicable) should be made.
  • Principle 9: Establish a remuneration policy which is supportive of long-term value creation and the company’s purpose, strategy and culture - This is a new principle around remuneration that was not in the 2018 QCA Code. The annual report should explain how the remuneration structure and practice supports the delivery and attainment of the company’s purpose, business model, strategy, and culture (noting that the the QCA’s Remuneration Committee Guide can be used to assist). In terms of application of the principle, there is guidance on remuneration policies, the role of the remuneration committee and the remuneration report.
  • Principle 10: Communicate how the company is governed and performing by maintaining a dialogue with shareholders and other key stakeholders –This is based on principle 10 in the 2018 QCA Code but references the importance of communication and reporting structures with key stakeholders as well as shareholders.

The QCA Code 2023 also includes further guidance on the independence of directors, requires all directors to be re-elected annually and sets out new requirements for board committees. For example, it states that both the audit and remuneration committees should comprise at least a majority of independent non-executive directors and aim for full independence.

The QCA Code 2023 can be purchased from the QCA by members and non-members. 

(QCA, 2023 QCA Code published, 13.11.2023)

Transition Plan Taskforce Sector specific guidance published for consultation

On 13 November 2023, the Transition Plan Taskforce (TPT) launched a consultation on its sector-specific guidance for preparers and users of climate transition plans. This follows publication of its Disclosure Framework for transition plans in October 2023. For more information on that see here.

The new draft guidance published for consultation covers seven sectors, namely asset managers, asset owners, banks, electric utilities and power generators, food and beverage, metals and mining, and oil and gas. These ‘Sector Deep Dives’ are intended to help preparers interpret the final TPT Disclosure Framework in more detail for their sector.

The consultation on the draft guidance will be open until 29 December 2023.

(TPT, Sector Deep Dives, 13.11.2023)



Contacts

Raj Karia
Raj Karia
Head of Corporate, M&A and Securities, Europe, Middle East and Asia
Email
raj.karia@nortonrosefulbright.com
T: +44 (20) 74443374
Jo Chattle
Jo Chattle
Knowledge Of Counsel
Email
jo.chattle@nortonrosefulbright.com
T: +44 20 7444 3356

Practice areas:

Recent publications

Publication

Digital Operational Resilience for the Financial Sector (DORA): 10 things to know

On 16 January 2023 Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (DORA) entered into force.

Global | October 2024

Financial institutions

Publication

Mission impossible? Teresa Ribera’s mission letter and the future of EU merger review

Executive Vice President Vestager’s momentous tenure as Commissioner responsible for EU competition policy is nearing its end.

Global | October 28, 2024

Antitrust and competition
Oil and gas pipes

Publication

Agreement on new EU gas projects and measures under the European Green Deal

On November 28, 2023, the European Commission (EC) adopted its first list of Projects of Common Interest (PCIs), i.e., projects within the EU territory, and Projects of Mutual Interest (PMIs), i.e., projects connecting the EU with other countries, including 166 projects implementing the European Green Deal.

Global | October 24, 2024

Energy
Site search

Subscribe and stay up to date with the latest legal news, information and events . . .

Register now