Reflecting on the Revised UK Corporate Governance Code 2024

Published: 16 February 2024

13 minute read

FRC Director of Stakeholder Engagement and Corporate Affairs Kate O’Neill sits down with the Acting Director of Corporate Governance and Stewardship at the FRC, Maureen Beresford, a month after the publication of the UK Corporate Governance code to discuss the key revisions including its focus on internal controls, and the response to it so far.

You can also listen on Apple Podcasts and Spotify

Hello there and welcome to another FRC in conversation. My name's Kate O'Neill. I'm the Director of Stakeholder Engagement and Corporate Affairs here at the FRC. And today, I'm joined by our Acting Director of Corporate Governance and Stewardship, Maureen Beresford. Welcome, Maureen. Hi, Kate. Good to be here. I'm Maureen, 3 weeks and counting since we published the revised Corporate Governance Code and a couple of weeks since we published the updated guidance to support the code. I mean it's been a busy few weeks and we certainly talked to a lot of people.

0:41

It's great to see that continuing, strong interest on the code generally, but also the revisions to it. But whatever type of things that you've been most struck by when we've been talking to stakeholders across a number of different platforms. Thanks Kate. As you said, it's been very busy few weeks. I have been surprised that some people and some responses seem to think that it's for the FRC to prescribe what is a material risk and what a risk framework should look like and what cheques and balances are company should undertake. That is not what we're intending to do and I don't think that is our remit at all. What we are saying is that it's for the board

1:20

and their advisers, their management etcetera to decide what their material risks are and what their risk framework looks like taken into account risk appetite and their business model. I think the stakeholders are in general welcomed. The internal controls piece being at the centre of the codes, a lot of support as you'd expect for continuing with a principles based approach to jump in there, principles based. And I know there are people who aren't as familiar with this as some others of our stakeholder universe. That means it's not based in legislation, it's not a rule, it's a principle that we're looking for people to apply. That's exactly right.

1:59

It's not a rule, it's not legislation and it's not a standard, it's a code. They principles should be applied by the companies following the code and the provisions work on a comply or explain basis. And just to add a little bit more colour to that, the FCA underpins the code with their listing rules. So it applies to companies with a premium listing in the UK,

2:24

right. And I guess it's used by other people who aren't listed as a bit of a baseline for the way in which they approach corporate governance, sometimes in private companies, sometimes in smaller entities. I mean we're talking about a code that really there's a very high baseline people work off that's exactly right here. Lots of different companies use this from top end of the foot. So two small cap companies and others that think that it's a good idea to look at their governance, their policies and practises and put things in place to demonstrate that they are taking governance seriously. So, Maureen, if you were new to this whole arena or haven't had a chance to read the very brief

3:03

12 pages that is the code. What are the key points in the revised code? I think again, we should just remind people it is a comply or explain code against the provisions. So if a provision is something that you cannot or unable to follow, you're able to explain against that provision as long as you set out the reasons for the departure from the provision and demonstrate good governance. We feel that it's an effective way of reporting against the code or other things that we've changed. We've put an emphasis on outcomes rather than boilerplate reporting or talking about policies and principles in detail. We want to know what the outcome of a project is and we've made it clear

3:42

our guidance that outcomes shouldn't be reported for everything. It should be on the most important things. And we've also acknowledged that an outcome may take a while to achieve. And so, you know, we're not expecting companies to write a long list of outcomes in their reporting. And Maureen, I guess there'd be people who'd say, yeah, this is easy to go. If you're a big company, lots of resources, surely you intend the flexibility of this through reflect that some companies are at different stages of their maturity, whether it's from a reporting or an operational perspective, right? That's exactly right. And if you do look at the guidance, I think we mentioned many times the reporting and the detail would depend on

4:21

maturity, size, sector, et cetera. There will be lots of complexity from the top end of those companies that list and they're new to listing. They can use the comply or explain function. They won't be as detailed, but it's all about telling your story. We've talked about this many times, it's what's right for your company, what's right for your board and demonstrating good governance. But also more in a lot of boards just say what's easier to comply because then you're not seen to be making excuses being defensive. I mean, what do you say to people who say that?

4:53

I think, again, we've talked about this a lot of time. It's about being brave and setting out the reasons for a departure from the code. It's much more insightful to demonstrate through that reporting what you're good governance is. And given a line that's a declarative statement doesn't give you that information. And readers will potentially question that if it looks as though you're trying to fit your reporting to a provision rather than giving a detailed explanation. So I think we are seeing companies that are explaining and I've said before in our last review over 50 companies out of the 100 that we looked at did offer an explanation. In some areas, explanations

5:32

need to be improved and we've also said that as well. But we are seeing an upward trend and what we want to do at the FRC is continue saying we'd like to see explanations. They should be cogent, but this is something that we are promoting and talking to proxy advisors about and investors about the Maureen, you really focused on internal controls, which has been widely supported and welcomed. What's the big difference we're asking of boards in Provision 29?

6:00

Yes, Kate, this is the one that most people have concentrated on Provision 29. And when you look at the current Provision 29 side by side with the new Provision 29, most of the text until the reporting element is very similar. We talk in the current privilege in 29 about reporting on the review and monitoring of all material controls and then we go on to illustrate what we mean by that as financial reporting and compliance controls. But I wanted to just say that this is an illustration. The current code does not suggest that all material controls are just those three, It's much further. So we've kept that language

6:39

in the new code. So we're still looking for reporting on all material controls. We've added to the illustration reporting controls because as non financial reporting becomes more important and we've seen that in terms of environmental reporting, perhaps social reporting, perhaps fibre reporting etcetera, it's really important to link these to risks as well. So we've added the reporting in for illustrative purposes and what we've done then in provision 29 is ask for a little bit more detail. So we've asked for companies to report on that monitor and review that's very similar to the current wording. And then we've got one step

7:17

whether and asking for boards to tell us whether their material controls are effective as of the balance sheet there. And I just want to reiterate, it's the material controls that the declaration is around, not the whole framework. And I think there might have been some confusion there for a little while just on that. So do you think some people thought that the FRC was going to prescribe what the internal control framework should be to support the declaration, which of course was never the intention of the revised code?

7:51

Yeah, I think we've had lots of questions about what is a material control. And I think we've said on a number of webinars that we, as the FRC couldn't even begin to tell a company what is their material controls. You've got to be in there. You've got to look at your risk, your risk appetite and the makeup of your company. We've talked about size, maturity, et cetera. And what we wanted was to think about that risk framework, what the controls are around it and then figure out what they're very few. Well, we do think it will be relatively few material controls are required to keep everything running smoothly. We're talking about the most

8:30

important controls and our guidance does offer some suggestions how to think about material controls when boards and management are discussing this.

8:40

And I think Maureen people have had to be reminded that non financial material controls have always been in the code. This is not a new addition to the revised code. That's right. We talked about material controls in the current provision 29. I think perhaps what we found over the last year when we've been talking to some stakeholders is that the illustrative reference to financial, operational and compliance has LED some reporting to concentrate on those areas. But actually, material controls have always been in there.

9:11

And you know, last year, over 1/3 of companies specifically said in their reporting out of our hundred that they have covered their material controls. So the guidance, we talked to you and I on these podcasts and on many webinars about the frustration when we see people using guidance not as it's intended, as in helpful guidance and perhaps a road map to the application of the code, but actually making it part of the code. So do you think this new approach to our guidance this time

9:41

will help people with that mistaken belief that it's part of the code?

9:46

I hope it does, Kate. You know, we've been clear in our messaging that the guidance is exactly that guidance. And you know, we've offered a lot of ideas and suggestions within the guidance rather than giving an answer to the question. So we've suggested where the areas that boards might want to think about actions that boards might want to take, but absolutely it's not an addition to the code. We wouldn't want to see a list of all the things that people think the code requires them to do, then

10:17

an additional list of all the things that they think the guidance suggests. That is not our intention at all. And I think by clicking through to the guidance from the code, it helps you think about what issues are important when considering reporting against the provisions and the principles. But it doesn't give you the direct answer. It's for boards to think for themselves and to get support from their management team and others where appropriate. And Maureen, another topic you and I have discussed a lot of times is there are a lot of people interested in the corporate governance.

10:48

And that's great because it shows that's importance at the heart of UK corporate life and that it is driving better behaviours, better outcomes, clearer reporting. They are frustrates you. I know when people say, Oh well, this is what the FRC wants us to do when in fact you know, it's somebody's interpretation of the code, not what we are actually putting out there. I mean, the annual review is a great handbook really for any corporate reporting team or boards to get a sense of some examples of good reporting, some examples of not so good,

11:19

but also some suggestions. Are you hoping to close that gap between people's interpretation and really what we're saying ourselves? Yes, Kate, I really want to do that. And as you said, the annual review does demonstrate good reporting and trends in reporting to see how things are changing over time. And I would urge everybody that's interested in this area to take a look at our reviews and also take a look at next year's review as well, because we will of course be focusing on some of the areas that are in the new code. Although there's no requirements

11:50

follow the new code until 2025, there will be themes that link towards the 2024 code. So we will be trying to give help and suggestions of better reporting in that document. So Maureen, this has been incredibly helpful because it's clear that some people are newer to the code today. You're putting out some helpful Saqs, pointers on some of the issues we've discussed just to make sure people have not been confused by some of the commentary on the code since its publication. So that's going to be on the

12:21

you'll see website, right? That's right. I'd like to thank people who've raised some of these issues because we can't provide the FAQ's on the additional information unless we get that kind of feedback. So yeah, we'll be putting some additional material out which we hope is useful for everybody going forward. I'd just like to add, as I said, the code is not effective until reporting years beginning 1st January 2025 and then 26 would provision 29. So I would really urge everyone to take a look at the new code, think about what it's getting

12:51

that and look at it in conjunction with the guidance that we've put out because the two do work together, but they are not one in the same. It is important that extra time that people have been given because it's not a sense of first to the post is the best report to the best corporate governance outcomes. It is about thoughtfulness, about how you're going to use a variety of assurance whether it's internal, external or whatever the combination is to make the board feel comfortable to make that declaration and that might take time

13:22

for some organisations who haven't got a sophisticated controls perhaps because of the nature of their business. That's exactly right, Ken. And that's why we gave the extra time to those companies and to all companies really because it is a slightly different approach. We think it's an extension, it's not a revolution. So I think people should think about the provision 29 in those terms. Most of it as I said, is there and I think controls change, risk changes over time. This will not be static. And as you started saying,

13:52

this is about a thoughtful process that we want boards to go through with their management team and with anyone who offers internal or even external assurance. But I do want to put on record that the code does not require external assurance for Provision 29. Thanks, Maureen. And look, as ever, we're interested in people's feedback. We're not doing a consultation here. I think we've got to be clear. The four months probably was enough, but I think it's helpful to hear people's feedback and also experience in the way that they're looking at

14:22

written 29, how they're going to put in place or use existing frameworks to assist the declaration. So I think it's great that the team and the stakeholder engagement team at the FRC are always open to having conversations where people might need some help to get their minds around what may be for them are quite a new requirement. That's right, Kay, especially those that are new to listing that will be a change. But again I really want to reiterate that for many companies you know we've looked at reporting over the years,

14:53

we do think that they've got a lot of the systems in place and it's just a case of pinning down the material controls, the Fumito controls and reporting on them, right. Well thanks Maureen. And I mean I think everybody we've spoken to have seen the purpose of the revision. They like their focus on internal controls which is so much at the heart of any well run company. And also the guidance being more accessible and in one place will certainly perhaps take away some of the perceptions that.

Corporate Governance Code 2024 FAQs

What has changed since the version of the Code that was consulted on?

We have considered the full range of feedback received and have taken decisions based on this. In doing so, we have given thought to the different impacts which the proposals may have on the various parties who responded. The key changes are summarised in the feedback statement.  As we explained during the consultation we wanted to hear as many views as possible on the proposals.

The FCA’s Listing Rules and the Companies Act already require in-scope companies to provide climate-related financial disclosures.  In addition, HM Treasury has launched the Transition Plan Taskforce Disclosure Framework and work is ongoing to introduce UK Sustainability Disclosure Standards for companies on the sustainability-related risks and opportunities, based on the International Financial Reporting Standards S1 and S2.

The Code already asks companies to consider long-term sustainability, therefore proceeding with our original proposal risked duplication.

Are boards required to report on outcomes from all of their decisions?

The purpose of the outcomes-based reporting is to move away from boilerplate disclosures. We recognise that not all board decisions have an immediate or observable outcome, and that some outcomes may be commercially sensitive. Reporting should take account of this.

Why do the changes now focus on risk management and internal controls?

These changes have always been central to our proposals and align with the Government’s desire to strengthen reporting in this area. We have sought to implement the changes in a proportionate way.

What constitutes a ‘clear explanation’ for the purpose of complying with the new Principle C?

A meaningful explanation should set out the background, provide a clear rationale for the action the company is taking, describe any risks and mitigating actions to address them, and set out when the company intends to comply (timescales). Most importantly, it must be understandable and persuasive for those reading the annual report.

Will directors have to make a declaration over all internal controls?

No. Directors will not have to make a declaration over all internal controls, they will only have to make a declaration of effectiveness over those controls deemed to be material. What is a ‘material control’ is for each individual board to determine. ‘Material controls’ will be company-specific and therefore different for every company depending on their features and circumstances, including for example size, business model, strategy, operations, structure and complexity.

What should the board consider when making a declaration on the effectiveness of the material controls?

The board should make its own assessment as to the effectiveness of the material controls using evidence it has obtained through the monitoring and review of the risk and internal control framework. When making this declaration, the board may wish to specifically consider any failings, near misses or weaknesses of the material controls and whether these controls are effective at mitigating or managing the underlying risks.

Will boards have to seek assurance over controls?

Provision 29 of the Code requires that the board should monitor the company’s risk management and internal controls framework and carry out a review of its effectiveness, at least annually. An effective risk management and internal controls framework will include many components and it is possible for information collected internally to be relied upon for the purposes of reporting and making a declaration regarding the effectiveness of material controls. It is for individual boards to decide whether external assurance is required over material controls, and to what degree.

There is no change to the scope of work for the external auditors. The reporting on risk management and internal controls constitutes other information for the purposes of an audit and the auditor’s responsibilities for other information are set out in ISA (UK) 720 (Revised November 2019).

Why have the FRC not set out a framework?

The 2024 Code and accompanying guidance does not set out a template risk and internal controls framework.  Risk and internal controls frameworks will be unique to each company, taking into account a range of factors including size, complexity and maturity. The board may wish to use an established standard or framework as part of designing and maintaining the effectiveness of the risk management and internal control framework. Many companies already use established frameworks (or bespoke frameworks) to report on their internal controls in other jurisdictions.

Why have you changed the wording in Provision 30 from ‘half yearly financial statements to interim financial statements?

This was purely an update of wording and the intention is that this would be half- yearly statements.

The new Provision 38 states that the annual report should include a description of provisions and circumstances for malus and clawback, which many companies include in their remuneration policy. Is this not at odds with the general move to remove duplication?

Currently companies are required to present a new/revised policy for shareholder approval at least every three years, under section 439A of the Companies Act. It may be omitted from the directors' remuneration report for a particular financial year in which the company does not intend to move a resolution to approve the directors' remuneration policy, provided certain information is included in the directors' remuneration report. We have introduced this provision to a consistent approach going forward and to provide greater transparency around these provisions.