ARTICLE 1

Preparing your business for upcoming UK corporate governance reforms

Following on from the revision of the UK Corporate Governance Code in January 2024, the new Labour government is planning to introduce the Corporate Governance Bill.

These initiatives are part of the Government’s promised reforms to the audit industry following a number of high-profile business collapses, i.e. Carillion, BHS, Patisserie Valerie. It is imperative that businesses prepare for their introduction and ensure compliance before they become effective.

In January 2024, the Financial Reporting Council (FRC) published the revised UK Corporate Governance Code following a consultation process, marking the first amendment to the Code since 2018. The revision is less extensive than originally anticipated, with most changes occurring in Section 4 - Audit, Risk, and Internal Control. The FRC emphasised that these changes reflect increased expectations for organisations to have robust risk management and internal control processes.

Reflecting the emphasis on Section 4, the new UK government announced in the King’s Speech in July 2024 its intention to introduce the draft Audit Reform & Corporate Governance Bill as part of a revision of the UK Corporate Governance Code. Parts of this legislation had been previously withdrawn by the Sunak government over concerns about excessive regulation for businesses. This Bill aims to reform the corporate reporting regime and strengthen audit and corporate governance, thereby enhancing confidence in the health of UK companies.

This Bill aims to reform the corporate reporting regime and strengthen audit and corporate governance, thereby enhancing confidence in the health of UK companies.

What changes with the 2024 Corporate Governance Code

The Code applies to all premium-listed companies on the London Stock Exchange and comprises five sections, 18 principles, and 41 provisions. Companies must comply with these provisions or explain any areas of non-compliance. The 2018 Code remains valid, with the 2024 Code taking effect for reporting periods starting on January 1, 2025. The main changes in Section 4 - Audit, Risk, and Internal Control include:

  • Amended Principle O: Boards are responsible for not only establishing but also maintaining the effectiveness of the organisation’s risk management and internal control framework.
  • New Provision 29: The board should monitor the organisation’s risk management and internal control systems and conduct an annual review of their effectiveness. Monitoring and review should cover all material controls, including financial, operational, and compliance controls. The annual report should include:

  1. A description of how the board has monitored and reviewed the effectiveness of the framework.
  2. A declaration of the effectiveness of the material controls as of the balance sheet date.
  3. A description of any material controls that have not operated effectively as of the balance sheet date, actions taken or proposed to improve them, and any actions taken to address previously reported issues.

Future Corporate Governance Reform

The draft Audit Reform & Corporate Governance Bill has not yet been published, so the full details of the reform areas are unknown. However, based on the proposals published by the Conservative government in May 2022, companies can expect the following key areas, possibly in a modified form:

  • Replacement of the FRC: Establishing a new statutory regulator, the Audit, Reporting and Governance Authority (ARGA), with powers to investigate and sanction company directors for serious failures related to their financial reporting and audit responsibilities. ARGA will have a range of statutory responsibilities and powers that the FRC currently lacks, including new powers to address breaches of company directors’ duties related to corporate reporting and audit.
  • Amendment of the Public Interest Entity (PIE) definition: The government intends to classify large private companies with 750 or more employees and an annual turnover of £750 million or more as public interest entities (PIEs), thereby subjecting them to ARGA’s expanded powers.
  • New reporting requirements for PIEs:
  1. Resilience statement: Outlining how companies identify and manage risks in the short, medium, and long term.
  2. Audit and Assurance policy: Detailing the organisation’s internal and external audit and assurance arrangements.
  3. Fraud prevention reporting: Directors of PIEs are required to report on actions taken to prevent and detect fraud.

How organisations should prepare for compliance

Under the FRC’s jurisdiction, organisations found to be non-compliant could face a loss of shareholder and public confidence, increasing their risk of corporate failure.

In the future, once the FRC is replaced by the ARGA, organisations could face significant reputational and financial implications for non-compliance with the Code and their statutory reporting requirements. Non-compliance could result in investigations, directors’ sanctions, fines, and withholding of directors’ renumeration.

As a result, there are a number of practical steps organisations could take to understand the implications of these changes to the business and start preparing for compliance.

  • Conduct a gap analysis and prepare a roadmap to ensure readiness for the 2024 Corporate Governance Code and the Audit Reform & Corporate Governance Bill.
  • Hold a board awareness session to ensure the board understands the impact of the proposed changes.
  • Prepare to address areas of non-compliance or obtain board approval ahead of annual reporting.

How Lockton can support

Our risk consultants can help your organisation identify areas of non-compliance and provide recommendations to achieve compliance in the following areas:

Risk Management

  1. Evaluate, design, and enhance the organisation’s risk management framework, covering key activities across the risk lifecycle (risk identification, assessment, evaluation, monitoring, and reporting).
  2. Assist the board in defining their risk appetite, both qualitatively in terms of a risk appetite statement and quantitatively regarding risk tolerance and appetite quantification.
  3. Provide the methodology and process for the board to assess the impact of principal risks, ensuring that risks threatening the organisation’s business model, performance, solvency, and reputation are managed at appropriate levels.
  4. Facilitate board discussions on emerging risks and provide insights as risk experts on global and regional risks that may affect the organisation.

Internal Controls

  1. Support the evaluation, design, and enhancement of the organisation's internal controls framework, including reporting, financial, operational, and compliance controls.
  2. Determine which controls should be deemed material and prioritised for monitoring and reporting.
  3. Evaluate the effectiveness of material controls and provide improvement recommendations.
  4. Define a monitoring process for material controls so the board can report on the details of material controls, action plans for ineffective controls, and how previously reported issues have been addressed.

Contact

For further information, please visit the Lockton Risk Control page or contact

Thu Nguyen

Risk Management Executive, Risk Practices

E: thu.nguyen@lockton.com

Matthew Couchman

Strategic Risk Team Leader

E. matthew.couchman@lockton.com

Contents

Previous page

Other major UK legislative changes

Next page