Changes to the Corporate Governance Code (UK)

This article was co-authored by Trainee Solicitor Samantha Conlon.

The updated UK Corporate Governance Code 2024 (the Code) was published on 22 January. The amendments to the Code are much more limited than were originally consulted on. The Financial Reporting Council (FRC) has stated that the changes are intended to be targeted and proportionate and has dropped a number of proposals.

The key revision in the Code focuses on internal controls, where the FRC has introduced additional disclosure requirements and the need for a declaration by the board as to the effectiveness of those controls. Boards will need to ensure that they can demonstrate management of and accountability for their control frameworks going forward and enhancements may be needed to their risk management practices.

Following the consultation, the FRC announced amendments to the UK Corporate Governance Code with its accompanying guidance published on 29 January. The guidance is a “live” digital document, likely to be updated frequently to adapt to changes. These changes will affect directors of companies with a Premium Listing on the London Stock Exchange (whether UK or overseas incorporated).

The amendments strike a balance between the importance of effective regulation and the need to support the UK’s economic growth and its attractiveness as a place to invest. They follow the government scaling back its Audit and Corporate Governance reform package.

The key changes – internal controls and declarations

The key change is the requirement for companies to explain their material risk management and internal controls in their annual report and accounts. It is for boards to decide what is a material control, not the FRC. In assessing materiality, directors should consider factors such as the impact on the company, impact on stakeholders and impact on shareholders. Ultimately, directors have to make an annual declaration that the controls the directors deem to be materially important, are effective. They also need to explain what action they are taking to address controls which have not operated effectively, and to address emerging risks.

Further changes include:

• transparent governance reporting on board decisions and their outcomes in the context of a company's strategy and objectives
• monitoring corporate culture and reporting on how it has been embedded
• continuing to promote (wide-ranging) diversity policies and other initiatives and reflect on the board’s performance in the light of such
• providing clarity on Audit Committee responsibilities and reporting requirements by reference to Minimum Standards and
• strengthening reporting on malus (downward adjustment of incentive awards before they become payable) and clawback arrangements regarding directors remuneration.

Following feedback during the consultation, the Code does not contain a number of the more prescriptive proposals (more than half) included in the original consultation. These include more detailed changes to provisions dealing with diversity and inclusion; the role of audit committees on ESG matters; director time commitment; and board committee chairs engaging with shareholders.

Comply or explain

The FRC has confirmed that its "comply or explain" principle will still be in place to afford flexibility in governance. This means companies either have to comply with governance rules or provide a cogent explanation as to why some provisions do not work for their particular business, in recognition that one size may not fit all.

The FRC has reemphasised that the Code is principles based and different to a more prescriptive approach (for example the US Sarbanes-Oxley Act). Unlike the US regime, the UK approach does not require an external auditor to review the company’s controls. However, a prudent board may now determine that to support its decision making process, it may want some degree of external assurance on what a good risk management and internal framework might “look like”.

Impact of the Code on directors

The updated Code will come into effect in January 2025 but the specific internal control declaration will not come into force until 2026. In the meantime, directors should familiarise themselves with the new Code and new FRC guidance in readiness for reporting on the Code in its annual report and accounts for the year ending 31 December 2025 (if they have a financial year end of 31 December).

Comment

The new Code has largely been welcomed, with the ICAEW, the Institute of Directors and the Chartered Institute of Internal Auditors (CIIA) issuing positive comments in recent days. However, the CIIA has urged the government to accelerate other aspects of the Audit and Corporate Governance reform programme to put the FRC on a statutory footing with the powers it needs to transition to the new Audit, Reporting and Governance Authority.

The FRC also recognises that its comply or explain approach in preference to ‘box ticking compliance’ does not find favour with all stakeholders. It therefore proposes to look at ways of addressing this through a review of the UK Stewardship Code later this year.
Presently, the revised Code is unlikely to require radical change in governance. However, boards will need to explain how they have conducted the necessary monitoring and review exercise on internal controls, and their conclusions, through a declaration in their annual report.

This new requirement reinforces directors’ accountability for their company’s risk management and internal control framework. As ever, any focus on accountability creates increased risk for directors and consequently increased risk for D&O insurers.

Related items

• BEIS publishes audit reforms and corporate governance proposals – considerations for D&Os and their insurers

Read other items in Professions and Financial Lines Brief - March 2024