UK Corporate Governance Code 2024 Webinar
Published: 23 January 2024
8 minute read
On the 23 January 2024, the FRC hosted a webinar where Richard Moriarty, Chief Executive Officer, Mark Babington, Executive Director of Regulatory Standards and Kate O'Neill, Director of Stakeholder Engagement and Corporate Affairs explored the UK Corporate Governance Code and the key updates.
If you missed the webinar, you can watch the recording below.
Q&A
There have been slight changes to the comply or explain principle regarding outcomes in relation to strategy and objectives, could you explain how this change would work in practice?
We have found that reporting can often be boilerplate or offers little insight into policies or practices that are in place to achieve objectives. The 2024 Code asks companies to report on the progress or outcomes of the policies. Did the proposal or board decision to do something achieve its aim? These are the outcomes we are looking to see.
Was any consideration given to the open letter signed by a group of general counsels last summer suggesting that the role of the GC should be set out in the governance code? Any thought on this?
We did carefully consider this point, but the Code has always been focused on the role of the unitary board, and the role of the Chair in particular, rather than individual executive roles. Government did ask the FRC to look at the issue of an internal control reporting regime, but as a non-legislative measure through the Code. This focuses on the role of the Board rather than executive directors.
As a result, we decided not to depart from that approach in revising the Code. Of course, we do recognise the important role that the General Counsel plays in a company, but decided on balance that it was not a matter for the Code to reference.
Will the "Good practice guidance for the successful management of board committees" (footnote 3 of page 7 of the Code) also be published on Monday?
Yes – this is part of the new guidance.
Can the speakers clarify the significance of adding reporting controls in to the scope? Is the intention to broaden the scope or does this mean non-financial reporting controls?
Material controls may take many forms – the change is to recognise that for some companies reporting on either financial or non-financial controls may be significant and therefore should be included within the review.
The FRC initially mentioned that the new IC requirements would be less onerous than the US version, but ours include narrative reporting. Why is that?
The current Code at Provision 29 askes for the monitoring and review to cover all material controls, this includes non-financial. Therefore, this is not an extension of the UK approach.
Will there be a transitional period for newly listed companies? We are planning to IPO at some point?
The 2024 Code does not become effective until reporting years beginning on or after 1 January 2025. Therefore, there will not be a transition period. We have explained that reporting will be dependent on the make-up of the company. The flexibility of both the principles and the ability to explain against the provisions offers newly listed companies an opportunity to report on their own unique circumstances.
To what extent are the changes related to Internal Control similar and/or different to what is required by SOx (US)?
The UK approach is based on principles and provisions. We have not set out a framework to follow or a list of controls to be checked off. The UK approach supports the board in its decision making and asks for a board declaration – the US approach involves a CEO/CFO certification. The board in conjunction with management should determining their principal risks and associated controls and report on the effectiveness of them at a point in time. The UK approach does not ask for external audit assurance.
You say Boards must make the judgement on definitions of material controls and assurance...relevant to their business - but how do you call out companies / Boards that are not doing enough? Is there a theoretical benchmark?
We are not setting a benchmark. Annual reports are for investors and stakeholders and should be used as an opportunity for additional engagement. Investors will want to consider the declaration in terms of the company and seek assurance that the board has appropriate oversight of the risk and internal controls framework. The FRC will want to see that companies have reported on their monitoring and review, made a declaration of effectiveness of their controls and described any controls that have not operated effectively.
The new Code sets out annual reporting in relation to the application of M&C. However, it also says that the annual report should include a description of provisions and circumstances for M&C, which is already in the Rem Policy - seems at odds to with the general move to remove duplication?
The new provisions on malus and clawback (M&C) are part of the Government’s request to the FRC to provide greater transparency around the provisions. Companies are required to present a new/revised policy for shareholder approval at least every three years, under section 439A of the Companies Act. It may be omitted from the directors' remuneration report for a particular financial year in which the company does not intend to move a resolution to approve the directors' remuneration policy, provided certain information is included in the directors' remuneration report.
The changes introduced are to provide a consistent and transparent approach to the disclosures of malus and clawback within remuneration reports across the marketplace with the hope of providing investors with more insight into how and when these policies operate.
Will the new guidance apply only once the 2024 Code comes into effect or will it be effective for the 2018 Code immediately?
As explained the guidance supporting the 2024 Code will bring together the three sets of guidance currently supporting the 2018 Code. Therefore we have reduced duplication and removed some out of date information. The guidance to the 2024 Code also includes specific information relating the new elements of the Code.
The spirit of the Code is for compliance, why does the FRC stress it is "or explain" equally weighed?
The spirit of the Code is to promote good corporate governance through application of the principles and complying or explaining against the provisions. As we have said a cogent explanation that offers transparency and demonstrates good governance is just as important as complying.
Reporting timescales. If my FY is from Sep 1 – Aug 31, will my first declaration in the annual report have to be included in YE 2027? (I.e., report on health of controls from Sep 01 2026 to Aug 31 2027)?
The reporting should follow normal rules relating to end of the financial year. Therefore if your reporting year begins in 1 September 2026 the company will report after the end year in 2027.
Can the speakers clarify whether 'reporting' is intended to be both financial and non-financial reporting risks and control i.e. all reporting risks in the front and back half of the ARA? Then assuming the financial category is referring to financial risk?
The current Code states that the monitoring and review of risk management and internal controls should cover all material controls. Boards will need to determine its most important risks which may be a risk of financial and non-financial. The number of items disclosed is expected to be relatively small and should not result in a comprehensive list of performance measures or internal controls.
What's the status of the audit committee standard now?
The audit committee standard should be followed on a comply or explain basis. The 2024 Code makes an explicit link to the standard for Code companies to follow on this basis.
You talk about quality of reporting/transparency. is this just about improving quality of disclosure or also about improving the quality of controls?
Reporting should offer transparency on the risk and internal control framework that is operating with the company. In some cases the current reporting may convey the quality of the controls system, in others the improved reporting requirement we hope will raise standards.
Audit Committees and the External Audit: Minimum Standard says inside the Standard itself that it applies to FTSE 350 companies, how does this align to referring to it in the Code which will apply to smaller companies as well?
All companies who follow the Code should follow the Minimum Standard on a ‘comply or explain’ basis. The Standard contains language which was previously in the Code and in guidance. In our updated Code guidance, we draw attention to those sections of the Minimum Standard which were previously included in the 2018 Code.
By 'material control', does this equate to a key control?
It will be those controls that support the most important risks to the company. This will be determined by the board and management. The number of items disclosed is expected to be relatively small and should not result in a comprehensive list of performance measures or internal controls.
The FRC had committed to produce an internal controls assurance standard in one of your policy statements - how progressed are you on this?
The FRC had considered a standard to support the audit and assurance policy which was part of the Government’s Corporate Reporting Statutory Instrument. This was withdrawn. We have no current plans to produce a standard but will keep this under review.
Paragraph 29 references effectiveness of the material controls as at the balance sheet date. Does this means the assessment is point in time only hence no need to disclose any material control failures during the financial year which were addressed by the year end? eg controls failing 11 months of the year but passing testing in final month wouldn’t need disclosing?
This is correct. The material controls which need to be disclosed as part of the declaration are those which are not operating effectively at the balance sheet date. However, if a failure had been reported to the market during the year it would seem appropriate to cover this at the end of the year.
Have the provisions on malus on clawback been moved into the main Code also with a view to avoiding boilerplate language on the previous general provision that remuneration should "enable the company to recover and/or withhold sums or share awards and specify the circumstances in which it would be appropriate to do so"?
The words malus and clawback have been introduced into the 2024 Code to add clarity, and to encourage more transparent reporting in this area.
Is the expected focus of non-financial controls monitoring in line with previous expectations e.g. Cybersecurity, Resiliency etc. Do you see the focus on non-financial controls changing given the withdrawal of secondary legislation?
The changes to the Code which were linked to the proposed secondary legislation have been removed from the final 2024 Code. The Code (including the 2018 version) has always referred to material controls beyond financial controls.
Although the requirement for resilience statements has been withdrawn, would the FRC expect controls relating to operational resilience to be classed as 'material'?
This is a matter for boards to decide. Support is provided in updated Code guidance issued by the FRC on 29 January 2024, however we expect boards to make the final judgment in such matters.
Will the new provisions in the Code be reflected in the AIC Code for Investment Companies?
The FRC has been in dialogue with the Association of Investment Companies as part of the process of revising the Code. It will be up to the AIC to decide whether the changes are reflected in its Code.
What would you expect the role of the external auditor to be in relation to the Board's declaration on internal controls?
It will be for boards to decide the level of internal of external assurance which they wish to seek in relation to their declaration on internal controls. External auditors have a role to play in considering the disclosures within the annual report, there is no change to this.
Can you provide clarity on what is meant by "reporting controls" - does this cover non-financial report in the ARA? All narrative reporting which we publish?
Reporting controls include those which cover the non-financial report in the annual report and accounts, and those reports that could impact on investor confidence, if considered material by the board. When determining which controls are ‘material’, the board considers how a deficiency in the control could impact the interests of the company, shareholders and other stakeholders.
How is materiality thought about in the context of material operational controls?
This is a matter for boards to decide. Support is provided in updated Code guidance issued by the FRC on 29 January 2024, however we expect boards to make the final judgment in such matters.
One element of US SOX that isn't clear if it is in scope is ITGCs, is it the expectation that these would fall in scope for the disclosure?
Those controls deemed material by the board of a company will fall within the scope of the declaration. The number of items disclosed is expected to be relatively small and should not result in a comprehensive list of performance measures or internal controls.
What are the sanctions or penalties for Boards incorrect attestation, if any?
The FRC monitors compliance with the UK Corporate Governance Code and publishes an annual review setting out good practice and areas for improvement. The Code is not associated with enforcement mechanisms such as sanctions or penalties. Investors should consider the disclosures and engage with the company on reporting that they have concerns with. The Code is underpinned by the Listing Rules and they may wish to follow up should a company not report.
What do you think the role is of the Chief Audit Executive / Head of Internal Audit to sign off the statement and should that be published?
The Code does not require sign-off by other internal or external parties of the declaration made by boards. Boards themselves will decide on the level of assurance required, and the on the publication of assurance materials.