1. Directors' accountability
Strengthening boardroom focus on internal control matters
The Government had originally proposed to introduce a requirement for a directors' statement on the effectiveness of internal controls and had sought views in its consultation on the level of external assurance that should be required. Following opposition to US-style mandatory external assurance, the Government will ask the Financial Reporting Council ("FRC") to consult on requiring directors to provide a statement setting out their view of the effectiveness of the company's internal control systems (financial, operational and compliance) and the basis for that assessment.
Although the Corporate Governance Code ("Code") currently only applies to premium listed companies, the Response notes the Code's wider influence on other codes and best practice principles (such as the QCA's Corporate Governance Code, which is followed by many AIM companies and the Wates Principles, aimed at large private companies).
The Government also proposes to:
- require companies that are already PIEs under the current definition and are over the 750:750 threshold to state in the new Audit and Assurance Policy whether or not they plan to seek external assurance of the company's reporting on internal controls (see further section 3 below);
- require the directors of PIEs over the 750:750 threshold to report on the steps they are taking to prevent and detect fraud, which will provide an opportunity for them to comment on the effectiveness of the wider internal control system (noting however that commenting on the internal control system will not be a specific requirement of the fraud statement);
- strengthen the regulator's corporate reporting review powers to monitor the entire annual report; and
- ask the FRC to explore with investors and other stakeholders whether and how the content of the auditors' report could be improved to provide more information about the work auditors have undertaken on the internal controls over financial reporting.
Reporting on dividends and capital maintenance
The Government is proceeding with a number of proposals for strengthening the law on dividends and capital maintenance, the majority of which will only be applicable to PIEs that are above the 750:750 threshold. It decided not to proceed with the proposal for directors' assurance that a dividend would not be expected to jeopardise the future solvency of the company over a period of two years.
Measures that will be generally applicable to all companies:
- ARGA will be responsible for issuing guidance on what should be treated as "realised" profits and losses for the purposes of section 853 of the Companies Act 2006.
- Companies will be encouraged to disclose an estimate of the dividend-paying capacity of the group as a whole (but this will not be required).
Measures that will only be applicable to PIEs that are over the 750:750 threshold:
- Qualifying companies or, in the case of a UK group, the parent company only, will have to disclose their distributable reserves, or a "not less than" figure if determining an exact figure would be impracticable or involve disproportionate effort.
- The distributable reserves figure at the balance sheet date will be subject to audit.
- Companies will be required to provide narrative explaining the board's long-term approach to the amount and timing of returns to shareholders (including dividends, share buybacks and other capital distributions) and how this distribution policy has been applied in the reporting year.
- Directors will be required to make statements confirming the legality of proposed dividends and any dividends paid in year.
2. New corporate reporting
PIEs that are over the 750:750 threshold will be required to produce a new Resilience Statement: a report on matters that they consider a material challenge to resilience over the short- and medium-term, together with an explanation of how they have arrived at this judgement of materiality.
Contents of the Resilience Statement
The Response sets out a number of areas that companies will need to consider when preparing their Resilience Statements, including:
- the company's preparedness for business disruption;
- its ability to manage digital security risks; and
- the sustainability of the company's dividend policy.
In-scope entities will have to:
- perform at least one reverse stress test each year, which will involve: (i) identifying a combination of adverse circumstances that would cause a company's business plan to become unviable; (ii) assessing the likelihood of that combination of circumstances occurring; and (iii) summarising in the Resilience Statement the results of this assessment and any mitigating action put in place by management as a result; and
- identify any material uncertainties to going concern that existing prior to the taking of mitigating action or the use of significant judgement, which the directors consider are necessary for shareholder and other users of the statement to understand the current position and prospects of the business.
Interaction with existing requirements
It is intended that companies will be given the flexibility to incorporate within the Resilience Statement the existing Strategic Report requirement to describe the principal risks and uncertainties facing them by including this through their assessment of risk and resilience issues over the short- to medium-term.
The Government and the FRC are to consult on removing the viability statement and going concern provisions in the Code, on the basis that the relevant objectives will be met by the Resilience Statement. The Government is also to consider how the Resilience Statement would will fit with the proposed new Sustainability Disclosure Requirement regime.
Information provided by directors in the Resilience Statement will be covered by the existing 'safe harbour' provision in the Companies Act 2006, meaning that directors would be liable to the company for untrue or misleading information in the Resilience Statement only if they:
- knew the information was untrue or misleading (or were reckless as to whether it was so); or
- dishonestly concealed a material fact.
Audit and Assurance Policy (AAP)
PIEs that are over the 750:750 threshold will be required to publish an AAP every three years, which will be complemented by an annual implementation report, in which the directors (typically through the audit committee) provide a summary update of how the assurance activity outlined in the AAP is working in practice.
Contents of the AAP
The AAP will need to:
- state how a company has taken account of shareholder views, and also whether, and if so, how, they have taken account of employee views;
- state whether, and if so, how, a company intends to seek independent (external) assurance over any part of the Resilience Statement or over reporting on its internal control framework;
- describe the company's internal auditing and assurance process, including how management conclusions and judgements are challenged and verified internally;
- describe the company's policy in relation to the tendering of external audit services (the FRC will be consulted regarding how this new reporting requirement can work alongside existing and forthcoming requirements in the Code); and
- state the level and standard to which any independent assurance is being undertaken.
Reporting on payment practices
The Government intends to consult on the existing Reporting on Payment Practices and Performance Regulations 2017 before taking forward any proposals for PIEs to provide a summary of their payment practice policies and performance within their annual reports.
Public interest statement
The Government has confirmed that it will not legislate at this time to create a new public interest statement reporting requirement.
3. Supervision of corporate reporting
ARGA will have enhanced corporate reporting review powers, including to:
- direct changes to company reports and accounts (rather than having to seek a court order);
- publish summary findings following a review;
- publish the information necessary for it to be an effective regulator (which could allow for the publication of correspondence in exceptional circumstances); and
- require or commission an expert review to support its corporate reporting review work.
These powers will extend to the entire contents of the annual report and accounts, so will cover areas not currently within scope, such as corporate governance statements and directors' remuneration and audit committee reports as well as voluntary elements such as the CEO's and chair's reports.
It is not intended to give ARGA new powers to offer a pre-clearance service.
4. Company directors
Enforcement against directors
The Government intends to give ARGA the necessary powers to investigate and sanction breaches of corporate reporting and audit-related responsibilities by directors of PIEs, including those under the new 750:750 definition.
This regime will not replace existing arrangements, for example, in respect of offences under the Companies Act 2006 or breaches of the FCA Listing Rules, FCA Transparency Rules or Market Abuse Regulation. Care will also be taken to avoid overlap or duplication between the role of ARGA and the existing scope of powers of the FCA and other regulators where possible.
Clawback and malus provisions in directors' remuneration arrangements
Following the consultation, the Government has accepted that the proposed conditions in the White Paper relating to clawback and malus provisions could benefit from increased clarity and that a more nuanced approach may need to be taken to cater for different companies' circumstances. Therefore, the FRC will be invited to consult on how the existing malus and clawback provisions in the Code can be developed to deliver greater transparency and to encourage consideration and adoption of a broader range of conditions in which executive remuneration could be withheld or recovered.
5. Audit purpose and scope
ARGA will be responsible for driving improvements in audit as an integral part of its core objectives, rather than the Government advancing new legislation in this area. The Government will also seek improvements from existing professional bodies to auditor qualifications, skills and training. Following consultation feedback, the Government is not intending any legislative changes regarding the assurance of Alternative Performance Measures or Key Performance Indicators and intends to retain the current 'true and fair' standard and current audit liability framework.
6. Audit committee oversight and engagement with shareholders
The Government intends to proceed with giving ARGA the power to set minimum requirements on audit committees in relation to the appointment and oversight of auditors, which will include provisions around mechanisms for shareholder engagement on the audit plan. ARGA will be asked to ensure that the new requirements do not conflict with existing requirements, e.g., those set out under the Code. These requirements will initially apply only to FTSE 350 companies, although the Government has noted that it will monitor the situation after the initial implementation and consider whether the requirements should be extended to a wider community of PIEs.
The Government has determined that ARGA will not be given the power to place an independent observer on the audit committee, nor to appoint the auditor in any circumstances.
7. Competition, choice and resilience in the audit market
There are a number of proposals being taken forward with respect to competition, choice and resilience in the audit market. Notably, UK-incorporated FTSE 350 companies will be required to appoint a challenger as sole group auditor, or, alternatively, appoint a challenger firm to conduct a meaningful proportion of its subsidiary audits within a shared audit.
8. Supervision of audit quality
The Government intends to make ARGA (rather than the professional bodies to whom this task is currently delegated by the FCA) responsible for approving the statutory auditors of PIEs. It is also asking the FRC to look at non-legislative ways of improving the regulator's Audit Quality Review process.
9. A strengthened regulator
As noted above, ARGA will replace the FRC and will be given new enforcement powers. Its objectives will be to promote high quality audit, corporate reporting, corporate governance, accounting and actuarial work and to promote effective competition in the market for statutory audit work.
There will also be changes to the regulator's responsibilities, including the strengthening of existing voluntary arrangements for the oversight of professional accountancy bodies and giving ARGA statutory powers to oversee and regulate the actuarial profession.