22 januari 2024 Judy Pink Corporate Governance

Boards to be more accountable for internal controls under new UK Corporate Governance Code

The Financial Reporting Council has published a new edition of the UK Corporate Governance Code

The new Code is intended to strengthen boards’ accountability for monitoring and reporting on internal controls. The FRC is aiming to avoid a prescriptive US-style regime and to retain flexibility and proportionality, with an eye to helping the competitiveness of UK equity markets.

Many of the other changes on which the FRC consulted in May last year have been dropped in line with its November 2023 policy statement. This follows the government’s withdrawal of reporting regulations linked to audit and corporate governance reform.

Internal controls

Provision 29 of the Code has been amended to require the board to include in the annual report:

  • a description of how the board has monitored and reviewed the effectiveness of the company’s risk management and internal control framework;
  • a declaration of the effectiveness of the material controls at the balance sheet date (rather than the date of the annual report); and
  • a description of any material controls which have not operated effectively as at the balance sheet date, the action taken, or proposed, to improve them and any action taken to address previously reported issues.

This has been toned down from the consultation which had proposed that the board should declare whether it could reasonably conclude that the company’s risk management and internal control systems were effective.

In response to stakeholder feedback about the need for boards to have more time to develop their approaches to internal controls, this provision will come into force for financial years commencing on or after 1 January 2026, one year after the remainder of the updated Code. 

Principle O governing the board’s responsibility for risk management and internal controls has also been changed  to clarify that the board is responsible not just for establishing but also for maintaining the risk management and internal control framework. This will take effect for financial years commencing on or after 1 January 2025.

Other changes 

A few other changes have been made to the Code to streamline expectations or clarify the language. In particular:

  • Outcomes reporting: there is a new principle that governance reporting should focus on board decisions and their outcomes in the context of the company’s strategy and objectives. Where the board reports on departures from the Code’s provisions, it should provide a clear explanation.
  • Culture: Provision 2 has been amended so that boards should not only assess and monitor culture but also how the desired culture has been embedded.
  • Diversity: Principle J has been amended to state that board appointments should promote diversity, inclusion and equal opportunity but the list of diversity characteristics has been dropped to give boards greater freedom to develop appropriate diversity policies.
  • Board performance: References to “board evaluation” have been changed to a “board performance review”. Provision 21 now provides that chairs should commission regular externally facilitated board performance reviews (rather than consider having them).
  • Role of audit committees: Provisions 25 and 26 now refer to the FRC’s Minimum standard on audit committees and the external audit and have been streamlined to avoid duplication with the standard.
  • Malus and clawback: Directors’ contracts and other agreements or documents which cover director remuneration should include malus and clawback (Provision 37). In addition, the annual report should include a description of malus and clawback provisions including:
    • the circumstances in which malus and clawback provisions could be used;
    • a description of the period for malus and clawback and why the selected period is best suited to the organisation; and
    • whether the provisions were used in the last reporting period. If so, a clear explanation of the reason should be provided in the annual report.

These changes take effect for financial years commencing on or after 1 January 2025. 

What is not included:

In line with the FRC’s policy statement and in the interests of proportionate and targeted regulation, the following proposals from the FRC’s May 2023 consultation are not included in the new Code:

  • the role of audit committees on environmental, social and governance issues;
  • over-boarding;
  • the engagement of committee chairs with shareholders; and
  • provisions that mirrored the government’s withdrawn reporting regulations, such as on audit and assurance policy reporting.

Comment

Although the changes to the new Code are relatively slimmed down, it is significant that the FRC is allowing an extra year for boards to prepare to report under the new provisions on monitoring and effectiveness of internal controls. It is likely that many boards will need to use this time to reassess their processes, how they measure “effectiveness” and how problems are dealt with where they arise. 

New guidance (intended to “stimulate thinking” rather than be prescriptive) will be published by the FRC on 29 January, and we will provide a further briefing when this guidance is available.

Further information

The 2024 UK Corporate Governance Code can be found here.

The FRC has also published a summary of the principal changes and a 2024 UK Corporate Governance Code mythbuster.