Publication
Road to COP29: Our insights
The 28th Conference of the Parties on Climate Change (COP28) took place on November 30 - December 12 in Dubai.
United Kingdom | Publication | juni 2023
On May 24, 2023 the Financial Reporting Council (FRC) published a consultation paper (Consultation) proposing revisions to the 2018 UK Corporate Governance Code (Code)1.
The Consultation follows the UK Government's June 2022 response to the White Paper, Restoring Trust in Audit and Corporate Governance, which identified areas of the Code that could be strengthened, particularly around directors' responsibilities for internal control, risk, audit and corporate reporting.
As the regulator currently responsible for the Code, in July 2022 the FRC published a position paper setting out the broad areas it would look to revise2. As a result, the Consultation focuses primarily on Code provisions relating to internal control, assurance and resilience.
Responses to the Consultation are requested by September 13, 2023.
The FRC has not changed the structure of the Code, so it will remain in five sections. However, changes have been proposed to each of those sections, in particular to Section 4 (Audit, risk and internal control) dealing with the need for a more robust framework of prudent and effective risk management and internal controls. The Code also continues to comprise Principles which companies must apply, supported by Provisions that companies can ‘comply or explain’ against.
The main proposed changes to the Code are summarised below.
Section 1 - Board leadership and company purpose
Principle A is being revised to make it clear that, for a company to meet its objectives and measure performance against them, boards need to ensure that, as well as having the necessary resources in place to achieve this, the necessary policies and practices should also be in place.
A new Principle D has been added which requires boards, when reporting on their governance activity, to focus on activities and outcomes to demonstrate the impact of governance practices and how the Code has been applied. The FRC considers that reporting on this has been lacking and it is hoped that the new Principle will result in companies making greater progress in this area and better meeting stakeholders’ needs and expectations.
Amendments have been made to current Provisions 1 and 2 to bring more focus to environmental and social matters, including climate ambitions and transition planning, and to encourage companies to report on the effectiveness of embedding these matters in their culture3.
Section 2 - Division of responsibilities
Given increased investor concern about the number of board positions some listed company directors (executive and non-executive) hold, the FRC proposes strengthening Provision 15 to require annual reports to include more information on directors’ other commitments and how they manage these. This should include setting out not only board positions but also committee roles and the potential number of commitments each year. A further connected proposal concerns a change to current Code Principle L regarding board and director evaluations in Section 3 (see below).
The FRC does not think it would be helpful to specify, either in the Code or in guidance, a limit on the number of board appointments a director can hold (noting the Code already provides that full-time executive directors should not take on more than one FTSE 100 non-executive position or other significant appointment). This is on the basis that different board positions involve differing time demands and a limit would not take account of matters such as varying committee membership requirements, the size and complexity of the organisations involved and other constraints on directors’ time not related to board appointments.
Section 3 - Composition, succession and evaluation
The FRC intends to strengthen the Code in relation to diversity and inclusion without introducing extra targets or regulations given the recent revisions to the Listing Rules in this area4. An amendment to current Principle J (Principle I in the revised Code) is proposed to incorporate a reference to inclusion, and to give equal weight to all protected and non-protected characteristics. The aim of this is to encourage companies to consider diversity, beyond gender and ethnicity, in relation to board appointments and succession plans.
The FRC suggests a possible change to current Code Principle L (Principle K in the revised Code) to specify that the annual board performance review should consider each director’s commitments to other organisations and how directors are able to make sufficient time available to discharge their role effectively. The FRC is interested in views on whether giving the issue more prominence in a board’s discussions on its own performance is likely to lead to positive changes.
Suggested changes in relation to the nomination committee’s report in the annual report include providing improved clarity on the ways companies approach succession planning and board and senior management appointments. This reflects the FRC’s findings that reporting on approaches to succession planning is often poor, suggesting succession arrangements are more reactive than proactive. The FRC also wants to see improved transparency around the role of any targets or initiatives companies have chosen to use to achieve greater diversity and inclusion in their boards and executive management.
Amendments to Provision 21 (Provision 22 in the revised Code) are proposed to clarify that the chair should commission, rather than consider having, a board performance review, given the increased maturity of the board performance review market. The FRC has also used the term ‘board performance review’ in place of ‘board evaluation’ in a number of places in the revised Code in light of recommendations made in a review published by the Chartered Governance Institute in 20215. That review found that the term ‘evaluation’ had given rise to a misconception that externally facilitated reviews were meant to be a backwards-looking assurance function, rather than a means of informing a continual board self-improvement process.
Section 4 - Audit, risk and internal control
The new legislation relating to the requirement for companies to produce a triennial Audit and Assurance Policy (AAP) will only apply to those companies that meet the new ‘public interest entity’ (or PIE) definition6. However, Provision 26 in the revised Code, which sets out the audit committee’s responsibilities, will require all companies reporting against the Code (whether or not they meet the new PIE definition) to consider producing an AAP on a ‘comply or explain’ basis. The FRC believes this will ensure consistency in the matters that audit committees consider as part of the AAP (which is important for stakeholders who want to see consistent and comparable reporting), and also that a single requirement covering all Code companies is easier to comply with and monitor against.
Current audit committee responsibilities (and reporting obligations) that mirror those in the new FRC Minimum Standard for Audit Committees are being removed from the Code to avoid duplication, with the Code instead referring companies to the new Minimum Standard7.
In relation to sustainability reporting, Provisions 26 and 27 in the revised Code give the audit committee a new responsibility for monitoring the integrity of narrative reporting, including sustainability reporting, and for describing its work in this area in the annual report (where these matters have not been reserved for the board). They also provide that the annual report should describe, where commissioned by the company, the assurance of ESG metrics and other sustainability-related information. This reflects the wider responsibilities boards and audit committees have for expanded sustainability and ESG reporting, and appropriate assurance (where commissioned by the company) in accordance with the company’s AAP.
In relation to risk management and internal controls, the FRC has merged the requirements of existing Principles C and O into Principle N (in the revised Code). This goes further than the previous Principles by making the board responsible not only for establishing, but also for maintaining the effectiveness of, the risk management and internal control framework. This emphasises the board’s accountability for monitoring and reviewing the effectiveness of the framework, as requested by the Government in its response to the Restoring Trust White Paper.
Risk management and internal controls are also dealt with in Provisions 29 and 30 of the revised Code. The approach proposed is designed to strengthen board accountability for the effectiveness of the risk and internal controls framework by confirming that the board has put in place and maintains effective systems that deliver the expected outcomes. However, within this there is flexibility for companies to tailor their own arrangements, depending on their circumstances. Among other things, clearer reporting expectations around the effectiveness of the framework are set out in Provision 30, particularly on the evidence gathered by the company in support of its reporting. The board will also have to report on any material weaknesses it has identified in the risk management and internal controls systems together with the board’s actions to address these (with updated guidance being prepared to help boards determine material weaknesses). The aim of some of the changes is to increase transparency and avoid a situation where the effectiveness review is seen as a one-off exercise, and which only assesses the company’s systems at a single point in time. In addition, the ‘material controls’ the board should monitor and review will include operational, reporting and compliance controls. The reference in current Provision 29 to ‘financial’ controls has been replaced with reference to ‘reporting’ controls to reflect the importance of narrative reporting information (for example, on strategy, principal risks and ESG matters) to investors who use that information in investment allocation and stewardship decisions.
The going concern statement required by current Provision 30 is being retained (Provision 31 in the revised Code) but, to avoid duplication with the new requirements being introduced for a Resilience Statement to be prepared by PIEs, current Provision 31 (the viability statement) is being amended to ask the board to explain in the annual report how it has assessed the future prospects of the company. This reflects evidence of poor reporting against this Provision (often with insufficient qualitative and quantitative detail around inputs and assumptions used). The FRC notes that companies that comply with the new Resilience Statement reporting requirement will comply with this Provision, and those companies that comply or explain against the Code but choose not to prepare a Resilience Statement can explain why not, and the board should then report in a proportionate way to the requirement or set out the basis for the assessment in the annual report.
Section 5 - Remuneration
The FRC proposes amendments to current Principles P, Q and R to strengthen the links between companies’ remuneration policies and corporate performance in the wider sense, including ESG objectives. In doing this, some changes have been made to the order in which these Principles are presented to ensure a logical flow.
The Government asked the FRC to consult on changes to the Code to provide greater transparency around companies’ malus and clawback arrangements (enabling companies to withhold or recover remuneration from directors for misconduct and other serious failings). As a result, current Provision 37 (which will become Provision 39) now includes a specific mention of malus and clawback. A new Provision 40 is also proposed, which sets out a requirement for additional information to be included about such arrangements in companies’ remuneration reports. This includes a statement on whether the company has arrangements in place, the minimum conditions in which these would apply, the minimum period for applying them and why the selected minimum period is best suited to the organisation, as well as whether they have been used in the last financial year.
The FRC is also proposing changes to the Provisions relating to remuneration committee reporting following previous findings that such reporting needs improvement. Some elements of current Provision 41 have been removed and Provision 43 in the revised Code now takes a more direct approach in asking how a company’s executive remuneration policies, structures, and performance metrics support company strategy (including its ESG objectives). The reference to pay ratios and pay gaps in the Provision has been removed, given increased access to gender pay gap reports and disclosures on company websites, but the FRC welcomes views on an alternative approach which may strengthen reporting on pay gaps - for example asking companies to report on what measures have been implemented to reduce and eliminate pay gaps within their organisation.
The FRC notes that its current Guidance on Audit Committees and Guidance on Board Effectiveness are being revised so they are aligned with the updated Code and the new Minimum Standard for Audit Committees.
The FRC’s Guidance on Risk Management, Internal Control and Related Financial and Business Reporting is being revised to take account of the proposed changes to the Code’s Principles and Provisions on risk management and internal control. This will be available when the revised Code becomes applicable.
The Consultation indicates some of the key changes being considered in this updated guidance and requests views on these. It is expected that the revised guidance will set out possible structures, responsibilities, actions and recommendations but allow companies flexibility to adapt it to their unique circumstances and characteristics (for example, industry, size, geography etc). As the FRC points out, ultimately it is for the board to be comfortable that the internal controls framework is sufficiently effective to enable them to make the necessary declaration.
The FRC is proposing that the revised Code will apply to accounting years beginning on or after January 1, 2025 to allow sufficient time for implementation.
The Consultation forms part of a new approach being taken to regulating the UK’s audit, corporate reporting and corporate governance systems. As such, the proposed revisions to the Code complement and support certain of the new reporting requirements being introduced (the AAP and Resilience Statement in particular), and sit alongside other reporting developments on matters such as diversity and inclusion and ESG which investors see as priority areas for narrative reporting.
Having decided against a legislative approach to strengthening the risk management and internal controls frameworks of the UK’s largest companies, the hope is that directors will accept the challenge to be more open and accountable for operating an effective internal control system, not only for financial reporting but also for wider operational and compliance risks and wider sustainability objectives. Inclusion of the relevant Provisions in the revised Code should help directors develop arrangements that suit the circumstances of their particular organisation, without imposing disproportionate burdens on them or their business.
Other revisions that address concerns the FRC and stakeholders have had around the quality of reporting against particular Code Provisions will be welcomed by investors in the expectation that they will result in greater transparency and better reporting generally.
As the Consultation points out, the ‘comply or explain’ approach to the Code’s Provisions ensures that companies have the flexibility to explain any departures, provided those explanations are clear and sufficiently detailed such that they are appropriate explanations. Continuation of this approach will assist companies outside the new PIE definition who are either required to, or choose to, follow the Code but will not be required to meet all of the new corporate reporting requirements that will come into effect in due course.
The proposed implementation date of the revised Code (accounting years beginning on or after January 1, 2025) also means that companies applying the Code should have sufficient time to familiarise themselves with, and put in place the necessary practices and procedures to comply with, the new requirements. The FRC’s updated guidance will also assist with that process.
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023