A series of significant UK corporate failures, including BHS (2016), Carillion (2018), Patisserie Valerie (2018) and Thomas Cook (2019), each of which collapsed unexpectedly and not long after receiving clean bills of health from their respective auditors, served as a catalyst for a process of independent review, consultation and recommendations on 'Restoring Trust in Audit and Corporate Governance'.

A government consultation was published in March 2021, and the government response setting out which proposals it would be taking forward, and how, followed in May 2022. The current regulator, the Financial Reporting Council (FRC), endorsed these proposals, including the creation of a new body, the Audit, Reporting and Governance Authority (ARGA) to take over from the FRC, in a position paper released in July 2022.

The proposals for change set out throughout this process are very wide ranging. One set of proposals deals with a plan to overhaul the audit market, to improve independence, quality and competition among auditors. Other proposals within the same framework go more directly to the corporate governance responsibilities of directors of UK companies (and equivalent managers of other qualifying entities). The outcome over the coming years should be more and better corporate reporting, more director responsibility for internal controls and capital management, and more director liability for those things.

Change in scope. The first significant change is that a number of large private companies not currently subject to corporate governance regulation will come within scope of these rules. This occurs as a result of a change to the definition of 'public interest entities' which are considered significant enough to require this regulation. While currently companies listed on a regulated market, credit institutions and insurance undertakings are already within the definition, it will be expanded so that public and private companies and LLPs with both 750-plus employees and £750m-plus annual turnover will also be considered public interest entities.

Internal controls and capital maintenance. Secondly, the accountability of the board for their organisation's internal controls, i.e., financial, operational and compliance systems, is to be strengthened. Over the consultation period, this strand of reform has been likened to the introduction of the US' 2002 Sarbanes-Oxley Act legislation in the wake of the 2001 Enron and 2002 WorldCom scandals. In the end, the government decided not to legislate directors' statements on internal controls and instead the FRC will be consulting in 2023 on changes to the UK's Corporate Governance Code (Code) to incorporate this obligation, which will therefore be required on a 'comply or explain' basis. Proposals which would have required auditors to attest to internal controls have not been adopted, but directors will have to explain their basis for their assessment of internal controls - the FRC will be preparing guidance on how this should be approached.

Directors will also have to provide more information about, and take further responsibility for, their organisation's capital maintenance and distributions. While the legal rules around required capital maintenance are not changing, ARGA will be given formal responsibility for giving guidance on what counts as 'realised profits' and 'realised losses', which are the terms used to calculate a company's distributable reserves. Qualifying companies will have to disclose what their distributable reserves are, as well as setting out their long-term approach to amount and timing of returns to shareholders. Any dividends will have to be supported by an explicit statement by the directors confirming the legality of those dividends.

Additional reporting. Thirdly, a new set of corporate reports are going to be required from qualifying entities. These new reporting obligations reflect the most pressing current concerns of stakeholders in the current environment. The first new report is the 'Resilience Statement', to be included in their strategic report. This requires an organisation to set out the matters it considers material to its resilience over the short and medium term and explain how it determined what was material.

Reflecting key risks of the modern age, all such entities will have to have regard to a specified range of matters including climate change and digital security risk when preparing the Resilience Statement. In addition, qualifying companies will need to publish an 'Audit and Assurance Policy'. This new report will explain to stakeholders how the company assures itself of the quality of the information it reports to shareholders.

Enforcement and liability. In respect of directors' duties relating to reporting and audit, ARGA will, for the first time, be given powers of civil enforcement. This power, which will give ARGA the right to investigate and sanction breaches, will exist over all directors, including non-executive directors, of all public interest entities. These new powers require legislation, so while ARGA may begin preparing guidance for directors in the interim, their enforcement power will likely arise in the 2023-24 legislative session at the earliest.

The increased reporting and attestation obligations of directors coming into existence are also likely to enable closer shareholder scrutiny and more shareholder stewardship and activism, and even litigation. Close monitoring and engagement with companies by investors is explicitly encouraged in the UK's corporate governance framework, as set out in the Stewardship Code. The FRC notes in its most recent position paper that as the Stewardship Code was last updated in 2020, the FRC intends to allow one more year before carrying out a further review.

The Code, however, was last significantly updated in 2018. Companies that have adopted it, either as a requirement for premium listed companies, or because they choose to do so voluntarily, are required to 'comply or explain', allowing investors and other stakeholders to evaluate how the principles of the Code have been applied. The FRC will consult in 2023 on changes to update the Code for application in periods commencing on or after 1 January 2024. The revisions are required to implement some of the developments discussed above, and will also include updates to the existing malus and clawback provisions to encourage adoption of a broader range of circumstances (beyond gross misconduct or material misstatements) in which executive remuneration could be withheld or recovered.

Conclusion

The UK government and regulators are at an inflection point in their multiyear process aimed at 'restoring trust' in the UK's corporate governance system, as well as the audit and reporting system. The most recent publications set out the proposals that will be taken forward to do this. Legislation will be required for some measures, notably the expansion and strengthening of the regulator, transitioning the FRC to become ARGA.

Nonetheless, the reforms maintain the broad structure of the UK corporate governance framework. Corporate governance in the UK will continue to be primarily principles-based, with a focus on reporting and explaining to ensure duties are met, and the principles and guidance to be followed will be in the main set out by the regulator and therefore more flexible and more easily evolved than legislative rules.

Thus, in the near term the FRC will make revisions to the Code focusing on strengthening current reporting mechanisms and enhancing effectiveness of internal control throughout the fiscal year, making necessary revisions to reflect the wider responsibilities, including for expanded environmental, social and governance reporting. Since the intention of the FRC is for the revised Code to become effective on or after 1 January 2024, consultation on a revised Code and supporting materials is set to begin in early 2023.

Reprinted from: Financier Worldwide | October 2022

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.