Early Impressions

FRC’s Update to UK Corporate Governance Code

19, April 2024

Overview

On 22 January 2024, the FRC, published a revised edition of the Code along with accessible guidance to support companies applying the Code, most of which will take effect from 1 January 2025. These revisions will replace the current version of the Code published in 2018.

The new guidance combines the most relevant content from previous publications into a single, condensed, digitally accessible, and user-friendly resource. It links to examples of good practice and questions to help boards effectively implement the Code’s Principles and Provisions and aims to stimulate thoughtful discussions and decision-making rather than prescribe mandatory actions.

FRC has reiterated that this guidance is not a part of the Code itself and will be updated, whenever needed, to reflect additional reporting or regulatory requirements that may potentially develop in the UK in the future. The primary purpose of the guidance is to stimulate the Company’s boards’ thinking on how they can carry out their role in governing the company effectively. The guidance is prescribed not to serve as a mere checklist of actions to be adhered to in all situations.

The published changes to the Code are targeted and minimal, aimed at striking a balance between enhancing transparency and investor confidence while supporting UK economic growth and competitiveness. The guidance is split into sections, explained in the PDF, which align with the Code.

Key Changes

The Code continues to be based on principles with the flexibility of the current “comply or explain” policy with the provisions. This allows the directors to tailor governance practices to each company’s unique circumstances as long as the departure from the Code’s provisions is cogent, well justified and sufficiently transparent.

A primary focus of the updated Code is internal controls – with boards now being required to make an annual declaration concerning the effectiveness of their companies’ material controls. A small number of additional minor changes have been introduced to better streamline expectations, clarify language or remove duplication.

Some of the key changes introduced by FRC in the Code are as follows:

Section 1 – Board Leadership and Company Purpose

A new principle – Principle C, is added that emphasizes governance reporting in annual reports. It requires companies to disclose how they address risks and opportunities, the sustainability of their business model, and how governance
contributes to strategy delivery. Boards should demonstrate how the actions and other observable outcomes of their decisions align with the company’s strategy and objectives. The annual report should include a clear explanation, which should be provided in case of any deviation from the provision of the Code.
Provision 2 of the Section has been amended to include that Boards should periodically assess and monitor the company’s culture for alignment with purpose, values, and strategy while embedding the desired culture. Annual report should include disclosure of board’s activities and action in this regard along with disclosure on company’s approach to investing in and rewarding its workforce.

Section 2 – Division of responsibilities

The importance of a distinct division of duties between the Board’s management and the company’s executive leadership is emphasized by the Code; thus, establishing the need to include an appropriate combination of executive and non- executive (in particular, independent non-executive) directors in the Board, such that no one individual or small group of individuals dominates the Board’s decision making.
Information related to several meetings of the Board and its committees and the individual attendance by directors should be included in the annual report along with the disclosure related to the independence of the non-executive directors.

Section 3 – Composition, Succession and Evaluation

Principle J in the Section has been amended to promote diversity, inclusion, and equal opportunity, without referencing specific groups. The list of diversity characteristics has been removed to indicate that diversity policies can be wide- ranging. The FRC had originally proposed expanding the list of diversity groups to include references to protected and non-protected characteristics. However, it has decided to adopt a more generalist approach in revising Principal J in this Section, following feedback that expressed concern that listing non-protected characteristics risked inadvertently not prioritizing important groups.

Provision 23 in this Section has been amended to reflect that companies may have additional initiatives alongside their diversity and inclusion policy. Further, the tenure of the chairperson has been restricted to 9 years from the date of appointment, along with an additional requirement for the chairperson to commission a regular externally facilitated Board performance review. The annual report should include a detailed description of the process used with respect to appointments, the Board performance review process, the policy, any initiatives on diversity and inclusion, and the gender balance of those in the senior management and their direct reports.

Section 4 – Audit, Risk and Internal Control

Principle O in the Section has been amended to make the Board responsible for establishing and maintaining the effectiveness of the risk management and internal control framework. The Code requires the Board to establish an audit committee of independent non-executive directors, with a minimum membership of three, or in the case of smaller companies, two comprising at least one member with recent and relevant financial experience. The roles and responsibilities of the audit committee have been identified in the Code, along with the requirement to describe the work of the audit committee in the annual report.

Existing Provision 29 of the 2018 Code already required that boards monitor, review and report on financial, operational and controls. The 2024 Code asks that the board make a declaration of effectiveness over these controls and extends these controls to include those over reporting, such as narrative and ESG reporting controls.
The Board should monitor the company’s risk management and internal control framework and, at least annually, review its effectiveness wherein the monitoring and review should cover all material controls, including financial, operational, reporting, and compliance controls.

Section 5 – Remuneration

Provision 37 in the Section has been amended to include that directors’ contracts and/or other agreements or documents covering director remuneration should include malus (malus refers to the ability to reduce unvested and unpaid incentive awards) and clawback (clawback enables the recovery of cash or shares that have already been paid to participants). This nuanced scenario prompts a critical examination of the adequacy of the current accounting framework and related disclosures.
A new provision – Provision 38 is added in the Section, asking companies to include in the annual report a description of its malus and clawback provisions, including:
• The circumstances in which malus and clawback provisions could be used;
• A description of the period for malus and clawback and why the selected period is best suited to the organization; and
• Whether the provisions were used in the last reporting period. If so, the annual report should provide a clear explanation of the reason.
The Code Q&A states that these new malus/clawback disclosures should be focused on executive directors rather than all other executives.

How do the revisions compare to the US - Sarbanes-Oxley Act, 2002

With the aim to design a framework to increase board accountability over internals, the UK Government and the FRC initiated the overarching framework “SOX-lite regime” after years of consultation. However, the proposed framework is focused on a combination of regulatory rules, statutory provisions, standards, guidance and voluntary compliance and disclosure requirements.
It’s worth emphasizing that the Code maintains its “principles-based” approach, differing from the rigidly prescribed statutory requirements of the Sarbanes-Oxley Act 2002 in the United States. While the new requirements may create some apparent similarities, it’s crucial to note that the FRC lacks enforcement authority over the Board, thus limiting parallels to the SOX regime.
The most significant change brought in the revised Code is introduction of Provision 29 in Section 4. This requires the Board to provide an explicit statement about their assessment of the effectiveness of the internal control systems and the basis for the same. Due to this change and its similarity to US-SOX Act, some quarters have unofficially named the revised Code as UK-SOX. However, there is a fine print that differentiates the FRC’s revised requirements from the SOX Act 2002.
Provision 29 has a potential scope broader than internal controls over financial reporting, i.e., the traditional “SOX” and rather extends into non-financial reporting and compliance as well. This will significantly impact how organizations manage and report on the effectiveness of their risk and control systems. Another major difference is that the Code has from SOX is related to the requirement for an auditor to attest to management’s assertions on the effectiveness of internal controls wherein FRC hasn’t included any mandate for such attestation from an auditor yet.

Application

The new Code will apply to all premium listed companies (or “equity shares commercial companies”-listed companies when the FCA’s single segment listing reforms take effect) with financial years starting on or after 1 January 2025.

Cognizant of the time and efforts involved in the implementing the most important change introduced by the new Code as prescribed under provision 29 of Section 4 i.e. enhanced disclosures concerning risk management and internal controls; FRC has delayed the implementation for such requirements by another year and will only apply for financial years starting on or after 1 January 2026 (to give companies more time to prepare for making these new disclosures). Until such time, provision 29 of the existing 2018 Code will continue to apply.

Uniqus Point of View

When releasing the new Code, the FRC emphasized the essence of the ‘comply or explain’ principle. This means compliance is expected unless a clear and compelling rationale for departure from the Code is presented. This stands in contrast to the perception held by some companies that the investor community adopts a ‘comply or else’ attitude towards the Code’s reporting principle. In the press release for the new Code, the CEO of the FRC is quoted as saying: It is important that the flexibility of the ‘comply or explain’ principle is properly utilized. The FRC is clear that compliance can mean either complying with the Code provisions as set out or providing a cogent and justified explanation for why a provision is not suitable in the specific circumstances for the company while demonstrating the principles of good governance.

Amongst several minor and major changes, the most important change being made to the Code is to expand the existing disclosure and responsibility of the Board concerning the company’s risk management and internal control systems. This change represents a significant tightening up on what the Board currently has to say in the annual report about how satisfied they are about the effectiveness of their company’s risk management and internal controls systems.

Embracing a commitment to transparency aligns with regulatory principles and empowers investors with the information necessary for prudent decision-making. As discussed in section 4 above, in contrast to United States’ SOX Act, 2002, which focuses on financial reporting, the new Code revisions encompasses all operational activities, including financial and non-financial reporting and compliance. To meet these requirements, companies will need to maintain a thorough understanding of their operations and controls. Despite its similarity to the SOX Act of 2002, the UK Code is not prescriptive and does not mandate an external audit of internal controls.

This update of the Code, though limited in scope, strikes the right balance between introducing elements that will provide the biggest impact while minimizing the reporting burden as well as leaving the companies with the flexibility to apply the Code, customized to their unique circumstances. FRC’s vision is that the Code delivers regulatory objectives to enhance trust and confidence in governance while supporting economic growth and competitiveness.

Topics in this article

Accounting & Reporting Consulting

Early Impressions

Raising the Bar on Private Capital

Key Changes in the 2025 Guidelines The 2025 Guidelines address eight substantive areas. Some represent clarification of existing principles; others introduce new or expanded guidance that will require firms to revisit their current approach. Price of Recent Investment In earlier...

Building the AI Backbone

The Data Center Boom: Scale, Scope, and Strategic Context The Investment Landscape The numbers are staggering. S&P Global research indicates that data center and AI-related investments accounted for approximately 80% of U.S. private domestic demand growth in the first half...

Internal Controls Over Generative AI

1. Why This Matters Now: The Convergence of AI Adoption and Regulatory Expectations The adoption of generative AI in finance functions has accelerated dramatically. Across Corporate America, GenAI tools are being deployed for invoice processing, journal entry preparation, account reconciliation,...