Corporate governance | Key legal developments | January 2024

This article provides an overview of key corporate governance updates since October 2023 to date, including:

• 18 October 2023 – FRC launches consultation on International Standard on Auditing (UK) 250

• 19 October 2023 – ESG: Government launches review of Scope 3 emissions report under the Streamlined Energy and Carbon Reporting (SECR) framework

• 26 October 2023 – The Economic Crime and Corporate Transparency Bill received Royal Assent  

• 7 November 2023 – Financial Reporting Council (FRC) publishes policy update regarding UK Corporate Governance Code (UKCG Code)  

• 16 November 2023 – FRC published the 2023 Review of Corporate Governance Reporting

• 7 December – FRC Lab published Report: Structured digital reporting

• 10 January 2024 – The Government publishes draft regulations to extend the UK invoices payment practices reporting regulations

FRC consults on consideration of laws and regulations in an audit of Financial Statements

On 18 October 2023, the Financial Reporting Council (FRC) published the Proposed International Standard on Auditing (UK) 250 (Revised).

Currently, under Section A (Consideration of laws and regulations in an audit of financial statements), auditor's work relating to an entity's compliance with laws and regulations depends on whether those laws and regulations affect the determination of material amounts and disclosures in the financial statements. Under the proposed amendments, auditors will be required to identify those laws and regulations with which non-compliance may have a material effect on the financial statements.

The FRC is proposing to move to a risk-based approach, with the risk assessment driving the identification of laws and regulations with which non-compliance may have a material effect on both the financial statements and the work effort required. This moves away from the current rules-based categories of "direct laws and regulations" which have a direct effect on the determination of material amounts and disclosures in the financial statements and "other laws and regulations", which have an indirect effect on the determination of material amounts and disclosures in the financial statements.

To summarise, under the new risk-based approach, auditors will be required to:

• design and perform risk assessment procedures to obtain audit evidence that provides an appropriate basis for the identification of laws and regulations with which non-compliance may have a material effect on the financial statements.
• identify, assess and respond to risks of material misstatement due to fraud or error relating to non-compliance with laws and regulations.
• assess whether they have obtained sufficient appropriate audit evidence regarding whether there is a material misstatement of the financial statements relating to non-compliance with laws and regulations.
• conclude whether non-compliance or suspected non-compliance has resulted in a material misstatement of the financial statements.

The FRC proposes to replace Section B (The auditor's statutory right and duty to report to regulators of public interest entities and regulators of other entities in the financial sector) with a principles-based standard that will apply to public interest entities (after consultation, this may be extended to include other regulated, or all entities) which will introduce:

• A new definition of reportable matters, to also include information that is of such significance that it is in the public interest to report it to an appropriate authority outside the entity even where law, regulation or ethical requirements do not require it.
• A requirement that, where a reportable matter exists but no law, regulation or relevant ethical requirements are identified, the auditor must still consider whether the information is of such significance that it is in the public interest to report to an appropriate authority.

Certain existing requirements that are focused on the financial sector would also be replaced with more principles-based requirements which could be applied to any entity, irrespective of whether it is in a regulated industry.

The definition of a public interest entity is currently under review, but it is expected that the revised ISA will apply to all entities caught by the future definition.

The FRS proposes an effective date for audits of financial statements for a period beginning on or after 15 December 2024 (with earlier adoption permitted).

The consultation closed on 12 January 2024.

What does this mean?

In-house lawyers need to keep developments under review to try and anticipate threats and pressures on their business's governance function.

Assessing laws and regulations that may apply to complex or international groups and determining whether they have a potential impact on the financial statements will increase the need for local and international legal advisors, increasing costs for both auditors and preparers. In turn, this may have an impact on the availability of auditors to listed companies.

These proposed amendments are aimed at strengthening audits, a positive outcome for companies and shareholders, but the changes can be far-reaching and costly.

It remains to be seen whether audit reforms will lead to increased investor confidence in the audit process and company reporting.

UK government consults on Scope 3 emissions reporting

On 19 October 2023, the Department for Energy Security and Net Zero (DESNZ) published a Call for Evidence on the Scope 3 emissions reporting to seek opinions on:

• the costs, benefits, and practicalities of Scope 3 greenhouse gas emissions reporting; and
• the effectiveness and impact of the SECR framework, which came into force on 1 April 2019.

Under the current SECR rules, listed companies, large unquoted companies or large limited liability partnerships are required to disclose Scope 1 and Scope 2 greenhouse gas emissions in their annual reports, while obligations to disclose Scope 3 emissions, which account for indirect emissions that occur in a company's value chain, are voluntary. The DESNZ acknowledges that Scope 3 greenhouse gas emissions reporting can account for 80-95% of the total value chain of a company's footprint.

There are two activity types, upstream and downstream, which highlight 15 distinct reporting categories in Scope 3:

1. Upstream activities are (i) Purchased goods and services; (ii) Capital goods including extraction, production and transportation of capital goods purchased or acquired; (iii) Fuel and energy related activities (not already accounted for under Scope 1 or Scope 2); (iv) Upstream transportation and distribution; (v) Waste generated in operations; (vi) Business travel; (vii) Employee commuting; (viii) Upstream leased assets.
2. Downstream activities are (i) Downstream transportation and distribution; (ii) Processing of sold products; (iii) Use of sold products; (iv) End-of-life treatment of sold products; (v) Downstream leased assets; (vi) Franchises; and (vii) Investments.

The Call for Evidence was in response to the first global IFRS sustainability disclosure standards published earlier in 2023 which would extend the mandatory reporting to include Scope 3 emissions under IFRS S2. Thus, the DESNZ wish to gather opinions to facilitate the government's decisions on the appropriateness of whether to include a requirement to report any Scope 3 disclosures within the UK-endorsed version of IFRS S2, ISSB's climate-related standard. 

The Call for Evidence closed on 14 December 2023, with the aim of publishing the results gathered within 12 weeks of the closing date.

The government aims to make endorsement decisions by July 2024.

What does this mean?

The Call for Evidence reaffirms that the development of international standards for the disclosure of sustainability-related information is significant to the Government, and highlights a desire to ensure that UK standards remain globally comparable to sustainability-related information to ensure the effective functioning of capital markets.

The responses are under consideration and the DESNZ has yet to provide a further statement addressing the responses made. However, it can be deduced that the responses will be used to inform the Post-Implementation Review of the existing SECR reporting requirements; inform the UK's endorsement of the ISSB standards; and further the assessment on if and how the Environmental Reporting Guidelines are updated.

If the Government decides to endorse the IFRS standards, disclosing Scope 3 emissions will no longer be optional for reporting entities. This may have an impact on investment potentials as Scope 3 disclosures have become increasingly important for investors and stakeholders when considering the willingness of companies to adapt to a low-carbon economy. Therefore, bridging the potential information gap will allow investors to fully assess the climate-related risks and opportunities.

The Economic Crime and Corporate Transparency Bill received Royal Assent

On 26 October 2023, the Economic Crime and Corporate Transparency Bill received Royal Assent and became law under the Economic Crime and Corporate Transparency Act 2023 (the ECCTA 2023).

The legalisation provides a widened and comprehensive framework, aimed at tackling various issues which threaten the United Kingdom's risk management credibility.

Therefore, the ECCTA 2023 came into play to build a governing structure to facilitate aims to promote credibility by tackling economic crime and improving transparency over corporate entities by expanding the role and powers of the Registrar of Companies and modernise Companies House operations.

The following key reforms have been enacted:

• Corporate criminal liability – the amendment of the "identification" principle will make it easier to prosecute a company for criminal conduct by focusing on the role and responsibilities of the "senior manager" who has committed the relevant crime against the list of offences set out in Schedule 12 of the Act, ranging from theft, tax offences, bribery offences, money laundering offences to financing terrorist activity.
• Additionally, there is now a strict liability offence for the failure to prevent fraud (FTP) for large corporates, LLPs, and partnerships (including those incorporated outside the UK). There is a total defence against the FTP offence if an organisation within scope can demonstrate it had in place reasonable procedures at the time of the offending.
• Modernises role and powers for Companies House – Companies House will have the power to query any filings, the power to remove information from the register and impose requirements that all information be filled electronically.
• Companies House will have more effective investigation and enforcement powers and be able to better cross-check data with other public and private bodies. In addition, Companies House will be able to proactively share information with law enforcement bodies if they have evidence of anomalous filings or suspicious behaviour.
• Identity verification – all new and existing directors, people with significant control and those filing information will be required to verify their identity.
• Limited partnerships – there will be registration and transparency requirements for limited partnerships.

In addition to the above, we have an article covering the ECCTA and its function in a deeper context – please click the link here.

What does this mean?

The ECCTA 2023 aims to reinforce the importance of effective risk management by widening the scope of corporate liability with an emphasis on decreasing fraud and establishing corporate economic crime by placing a burden on companies to tackle misconduct.

The updated identification doctrine for corporate criminal liability now captures any individual who plays a significant role in decision-making, management or organisation of some or all of the activities of a company or partnership (of any size).

Companies will need to reform their internal policies and procedures in order to ensure compliance with the new regime. SMEs are currently exempt from the new FTP offence but these organisations should still consider how the updated legislation will affect them.

In addition, organisations will need to consider their current practices relating to company secretarial tasks and ensure that there are functions in place to align with the modernisation of Companies House and the prioritisation of identity verification.

FCR's update to the UKCG

On 7 November 2023, the FCR issued a policy update to its consultation with stakeholders on the proposed changes to the UKCG which was published in May 2023.

The FCR after considering its own policy objectives alongside the feedback to the consultation on the proposed revisions to the UKCG Code.

In response to the above, the FRC has revised its initial consultation of 18 proposals and has decided to only proceed with a small number of these proposals; specifically, it will revise its original proposal regarding internal controls and there will be a small number of changes that streamline and reduce duplication associated with the Code.

However, the FRC will not take forward the following proposals:

• those relating the role of audit committees in relation to ESG reporting;
• modifications to the existing Code concerning diversity, over-boarding, and engagement by Committee Chairs with shareholders; and
• those affected by the government's decision to withdraw the draft Statutory Instrument relating to an audit and assurance policy, reporting on distributable profits and resilience statement requirements: Companies (Strategic Report and Directors' Report) (Amendment) Regulations 2023.

The updated version consultation of the UKCG Code is due for publication in January 2024. 

What does this mean?

The FRC continues to ensure it considers and protects public interest by enhancing the quality, trust and confidence in audit and corporate reporting and governance. However, the FRC also recognises the importance of supporting economic growth and international competitiveness of the UK business market.

The FRC is conscious of the ongoing debate regarding business reporting requirements and burdens on organisations. The FRC therefore considers that by narrowing the scope of their proposed changes to the UKCG, the guidance will be more targeted and proportionate which will avoid unintended effects on businesses, investors, and their advisers.

FCR published 2023 Review of Corporate Governance Reporting

The FRC published its fourth annual Review of Corporate Governance Reporting 2023, which discusses the quality of reporting against the UKCG in 2023 and its expectations for companies reporting in 2024.

The report highlights key findings from an analysis of FTSE 350 and Small Cap companies.

It was noted that, overall, the quality of companies' reporting against the UKCG improved, highlighting a growth trend as identified in previous years.

The key findings include were:

• Application of Code Principles – the FRC recognised the improvements in how companies reported their application of the Code Principles; however, the FRC continues to encourage companies to report clearly and accurately on how adopting the Principles have affected their board's decision making instead of reliance on a 'Principle by Principle' approach.

• Compliance with the Code – the FRC found that companies continued to be transparent in reporting on their non-compliance with at least one of the Code Provision. Notwithstanding the above, the FRC highlights that explanations for non-compliance could be significantly improved and that companies are expected to provide more meaningful explanations for non-compliance.

• Stakeholder engagement – positively, the majority of companies in the sample displayed an active engagement with their stakeholders. However, the FRC encourages that the engagement extents further than surface level and progresses further in addressing issues raised by stakeholders. To add more value to the report, companies should report on shareholders' key priorities and, in relation to workforce engagement, why it considers the chosen engagement method to be effective.

• Environment, TCFD disclosures and ESG reporting – the FRC noted the companies within its sample took positive steps to improve their reporting and strengthen their governance of climate-related issues.

• Diversity – companies have improved in disclosing certain aspects of diversity reporting within annual reports and have developed diverse boards and senior management. However, companies should ensure there is a link between business strategy and their diversity objectives.

• Board evaluation – an effective valuation should provide insight into the areas of board strengths and areas of focus for the following year.

• Effectiveness of risk assessment and internal controls – slight improvement was seen by the FRC in the quality of reporting in risk assessment and internal controls so the FRC emphasises that companies must undertake more work to demonstrate extensive governance of these areas.

• Remuneration – quality of remuneration reporting has improved since the introduction of the 2018 Code and FRC encourages companies to report clearly on remuneration in relation to company strategy. FRC identified that disclosures should include whether there were any windfall gains, the use of discretionary powers and how companies engage with the workforce on remuneration.

• Cyber security – boards should be comfortable understanding cyber risks within the organisation and how they are managed.

What does this mean?

Good corporate governance disclosures build trust and understanding and highlights why the UK is an attractive investment market.

Despite the overall positive improvements noted by the FRC in the report, there is an emphasis on its expectation of companies to provide strong, clear, informative and detailed explanations in the reporting of governance outcomes and related actions. The FRC notes that companies can demonstrate good governance through the right behaviours and culture, therefore companies should focus on actual practices rather than policies and procedures.  

FCR Lab published structured digital reporting

Under DTR 4.1.15, UK listed companies are required to publish their annual reports in a structured electronic format.

Thus, the FCR published its latest FRC Lab insight report on structured digital reporting, based on a review of 50 annual reports filed to the FCA's National Storage Mechanism. It sets out recommendations for UK listed companies to optimise reporting requirements to cater to the needs of investors and other users.

In consideration of its review, the FRC made the following comments and recommendations:

• tagging, to use standard tags and create custom tags only when necessary;
• design and usability, including the use of text-block tags; and
• process, including whether to seek voluntary assurance of the tagging process.

The report also summarises the findings on the use of structured digital reports by investors, finding that over a third now use XBRL-format reports as a source of company financial data, as well as more established sources such as data aggregator services and PDFs from company websites.

90% of tagged report rejections in the FCA submission system are due to basic errors including incorrect file format, naming convention or structure.

What does this mean?

It is clear that structured digital reports are becoming more important to support investor decision-making. FRC recommends that companies provide an FCA-validated version of their structured report on their website in order to reach more investors and professionals.

The FRC Lab’s report recommendations recognises that companies may not be able to implement processes that facilitate the structured digital reporting with immediate effect, but aims to nudge companies into transitioning to the new format by being proactive and adopting practice in order to save costs, be more time efficient and utilise resources appropriately.

Draft regulations published to extend payment practices reporting regulations

On 10 January 2024, the Government suggested draft Reporting on Payment Practices and Performance (Amendment) Regulations 2024.

Under the current framework, Reporting on Payment Practices and Performance Regulations 2017 and the Limited Liability Partnerships (Reporting on Payment Practices and Performance) Regulations 2017,  which is due to expire on 6 April 2024, larger UK companies and limited liability partnerships (LLPs) (regardless of whether they are private public or quoted) must publish a bi-annual report establishing their payment practices for payment of supplier invoices, as well as data for the performance in paying invoices over the preceding year and submit the report to a government-hosted website for publication.

The Government previously stated that the current framework and its attached obligations would be extended; however, in November 2023, it confirmed an expansion of the current form, to account for a period of seven years and widen the scope of the companies' reporting obligations. Amendments under the January 2024 Regulations include:

• Amends to the Schedule to the Principal Regulations which sets out the information required to publish in relation to each reporting period;

• Amends to the Principal Regulations so companies will be required to report the proportion of invoices that are disputed which result in payments being made outside the agreed payment terms;

• Requirement to report on the percentage of payments that were paid in 30 days or fewer, between 31 and 60 days, and in 61 days or longer, and the percentage of payments due within the reporting period which were not paid within agreed terms; and

• A new definition of "finance provider" and provisions to provide clearer instruction as to how payments should be reported when third party ‘supply chain’ finance provider is involved.

If implemented, the regulations are expected to come into force on 5 April 2024 and will expire on 6 April 2031.

What does this mean?

Approval of the draft regulations will extend the UK's payment and reporting practices which may have a profound impact on:

• the internal operations of larger companies and LLPs as the extended requirement to disclose new information, the existing reporting requirement as to the volume of invoices, and a requirement to report on the proportion of invoices that are disputed and disclose the percentage of payments that were not paid within agreed terms, will place an additional burden on administrative and company secretarial functions to ensure compliance;
• transparency and public scrutiny of large businesses’ payment practices and their performance;
• continued reductions in payment times to suppliers, reducing the need to raise external finance to cover cash flow shortages or diverting administrative time chasing late payment; and
• decision making on business suppliers, particularly small business suppliers, as to who they should trade with, negotiate fairer terms, and challenge overdue payments by providing extensive financial information.

If the approval is not granted, the current framework will be renewed.