Legal development

Ashurst Governance & Compliance Update – Issue 65

By Will Chalk

30 April 2025

Share Share
Ashurst Governance & Compliance Update Issue 65
Share

    Corporate Governance

    1. Government publishes Cyber Governance Code of Practice

    The Department for Science, Innovation & Technology (DSIT) has published a final version of its Cyber Governance Code of Practice, alongside other materials, to support directors in driving greater cyber resilience. The final Code follows the previous administration's call for evidence in January 2024 (see AGC Update, Issue 48 - Item 2) and the current administration's response a year later.

    The Code has been created to support boards and directors in governing cyber security risks, particularly in medium-sized and large organisations, setting out critical governance actions for which directors are responsible. It contains five principles: Risk management; Strategy; People; Incident planning, response and recovery; and Assurance and oversight. Each have accompanying actions for boards to consider.

    The supporting materials have been produced by the National Cyber Security Centre and include: 

    • Cyber Governance Training resources. These comprise five 'interactive' training modules aligned with the Code principles and developed through insights from non-executive directors and government subject matter experts. The modules are intended to help boards and directors understand the principles and how to put recommended actions into practice.
    • The Cyber Security Toolkit for Boards, which is also aligned with the Code, explains how boards can implement the principles. It includes two introductory modules: the first on the structure of the toolkit and the second aimed at those who are new to cyber security. 'Questions for boards' briefly summarises each toolkit module and provides a series of questions, with possible answers, to allow boards to evaluate their organisation's performance.

    The Code, together with the Cyber Essentials scheme, sets out the minimum standard that the government recommends organisations should have in place to manage their cyber risk. DSIT has aso produced other Codes of Practice, including the AI Cyber Security Code of Practice (see AGC Update, Issue 62 – Item 8) which may also apply depending on a company's business model.

    The government intends to monitor uptake of the Code and evaluate its effectiveness in driving improvements in how cyber risk is governed, potentially with a view to legislating if uptake of the Code appears limited and there are not sufficient improvements.

    2. IoD establishes Commission to explore the evolving role of non-executives

    The Institute of Directors has announced the launch of a Commission to explore the evolving role of non-executive directors in the UK.

    Despite the prevalence of NEDs in both large listed companies and the not-for-profit sector, recent corporate scandals and collapses have raised concerns about their effectiveness. The Commission will investigate whether NEDs are delivering the anticipated benefits of the role and how they can better contribute to value creation, making recommendations to boards and policy makers concerning more effective deployment.

    The launch of the new Commission, which will be chaired by Baroness Natalie Evans, follows the publication in October 2024 of the IoD's voluntary code of conduct for directors (see AGC Update, Issue 58 – Item 3).

    The Commission will run until July 2025 and report its findings in the Autumn of 2025.

    3.  Insolvency Service publishes new guidance on director disqualification sanctions

    The Insolvency Service has published new guidance relating to director disqualification sanctions, which prohibit a person designated under the UK sanctions regime from being a director of a company or taking part in or being concerned in the promotion, formation or management of a company. 

    The guidance outlines the effect of director disqualification sanctions, a breach of which is an offence under the Company Directors Disqualification Act 1986 (unless a licence has been issued or an exception applies). It also explains how persons subject to these sanctions can apply for a licence to act as a director.

    4. Government undertakes research on section 172 and its effect on decision-making and value creation

    The Department for Business and Trade is conducting research into how directors and company secretaries perceive Section 172(1) of the Companies Act 2006 (duty to promote the success of the company) and its effect on decision-making and long-term value creation. The purpose of the survey is to build an evidence base to understand better the impact of Section 172 and the associated reporting obligation (for large companies) to prepare a Section 172 Statement. It will also inform the government's wide-ranging review of the non-financial reporting framework (see AGC Update, Issue 37 – Item 7).

    The survey, which it is estimated will take 15-20 minutes to complete, asks questions about:

    • awareness of Section 172(1);
    • views on the Section 172(1) duty and related disclosure requirements (where relevant); and
    • the impact of Section 172(1) on decision-making.

    Narrative and financial reporting

    5. Guidance published in relation to directors' remuneration reporting changes for UK quoted companies 

    By way of reminder, the Companies (Directors' Remuneration and Audit) (Amendment) Regulations 2025 aim to streamline directors' remuneration reporting and related requirements by repealing a number of provisions introduced in 2019 to comply with EU law that overlap with existing obligations (see AGC Update, Issue 63 – Item 4). In AGC Update, Issue 64 – Item 3, we reported that the Regulations would come into force on 11 May 2025.

    The Department of Business & Trade has now published guidance in relation to the Regulations and their application, including:

    • Directors' remuneration report (excluding remuneration policy): Changes will apply to the first remuneration report published for financial years beginning on or after 11 May 2025.
    • Directors' remuneration policy: Changes will apply to any new policies approved by shareholders on or after 11 May 2025. Any policies approved before this date will continue in force until the company receives shareholder approval for a new policy.

      Where possible, a policy prepared in accordance with the pre-11 May 2025 requirements that is not due to be put to shareholders for approval until after that date, should be amended to fit with the new Regulations before the shareholder vote.
    • Payments to directors outside of directors' remuneration policy: From 11 May 2025, any proposed payments to directors that fall outside the existing remuneration policy must be made in accordance with the revised procedure for shareholder approval of such payments set out in the Regulations – i.e. shareholders must approve the specific proposed payment (without the need for the policy itself to be first revised and approved as consistent with the payment, as has been the case under the pre-11 May requirements).
    • Reporting pay of a Deputy CEO that is not a director of the company: From 11 May 2025, any Deputy CEO who is not a director will no longer need to be paid in accordance with an approved directors' remuneration policy. However, the directors' remuneration report for a financial year beginning before 11 May 2025 will need to include the pay of any such Deputy CEO for that whole financial year. This is a temporary transition measure.
    • Comparison of percentage change in each director's pay: Changes to paragraph 19 of Schedule 8 to the Large and Medium-sized Companies and Groups (Accounts and Reports) Regulations 2008 remove the requirement to report a comparison of the annual percentage change in each director's pay with that in employee pay. Paragraphs 19A to G of Schedule 8 require equivalent and more detailed information about the relationship between CEO pay and wider employee pay.
    • Website publication of the directors' remuneration report and information about the shareholder vote on the directors' remuneration policy: These requirements will no longer apply from 11 May 2025.

    6. FRC publishes 2024/25 insights on structured digital reporting

    The Financial Reporting Council has published its annual review of structured digital reporting, highlighting key areas for improvement in how UK listed companies present their digital annual reports in accordance with FCA Handbook requirements which came into force in 2021.

    The FRC review analyses digital reports from Officially Listed companies across the market using tools developed as part of the CODEx project, such as the viewer tool for digital reporting which the FRC launched in April 2025 (see AGC Update, Issue 63 – Item 2). The analysis also includes detailed assessments of 25 annual reports filed to the FCA's National Storage Mechanism during 2024.

    The report reveals that, while basic errors identified in previous reviews have been largely resolved, companies still appear to face challenges with more complex aspects of digital reporting. Specific observations include: 

    • Use of custom tags / extensions: the FRC found that these are often being created where they are not necessary.
    • Anchoring of extensions: where extensions have been created, these are often anchored incorrectly which means it is unclear against which IFRS measure they should be compared.
    • Accounting meaning of tags: these often did not match the correct standard or the facts reported, leading to the potential for discrepancies in the analysis of financial statements.
    • Incorrect signs, balance attributes or scale: companies are often reporting amounts with an incorrect sign (i.e. that is positive or negative), balance attribute (i.e. debit or credit) or scale (e.g. pounds or pence).
    • Missing tags or granularity: there are many cases where some ‘mandatory’ tags such as ‘Principal place of business’ or ‘Domicile of entity’ are not included or where the relevant level of granularity has not been applied. This can make it difficult for investors to find information.
    • Design and Usability: design issues can still be a challenge – the FRC believes that companies are not applying the same level of attention to the design of their digital annual report as they are to their printed/pdf version. Many companies are also failing to put the file on their website or are limiting its value by delaying publication or not providing the tags in a viewable format.

    7. FRC introduces quarterly consultation schedule

    The Financial Reporting Council has announced the introduction of a quarterly consultation release schedule. This is intended to deliver greater consistency and provide clarity for stakeholders – enabling them to anticipate, prepare for and respond to regulatory developments from the FRC.

    Under the new release schedule, FRC consultations will be published once per quarter commencing in May 2025, with releases also planned for July 2025 and October 2025.

    In subsequent years, the FRC will publish its consultations at quarterly intervals.

    Equity Capital Markets

    8. FCA publishes updates to Knowledge Base 

    The FCA has published Primary Market Bulletin 55 which focuses on updates to guidance in the FCA's Knowledge Base. This continues the review process which was initiated in PMB 48 (see AGC Update Issue 52 - Item 1) and reflects the FCA's phased approach to updating its Knowledge Base, following the implementation of the new UK Listing Rules and the revised Listing Regime in July 2024.

    Overview

    In PMB 55, the FCA:

    • Provides feedback on its consultation in PMB 53 in which it proposed changes to technical and procedural notes both for the sponsor regime and non-sponsor topics, finalises 44 technical and procedural notes - mostly without any further amendments - and deletes a technical note on choice of Home Member State and a procedural note on passporting as both notes are obsolete following Brexit (see AGC Update, Issue 60 - Item 5).
    • Confirms that it is continuing to consider feedback received on its proposed changes to Technical Note 710 (Sponsor Services: Principles for Sponsors) and aims to respond on this in a future PMB.
    • Consults on revisions to four technical notes to reflect the most recent changes to the Listing Regime and to update them for historical changes; the amendments do not affect the substance of the guidance in these notes.
    • Consults on updates to Technical Note 507.1 (Structured digital reporting for annual financial statements prepared in accordance with International Financial Reporting Standards) including to reflect the fact that a new European Single Electronic Format taxonomy has been published.
    • Highlights its finalised rules to update FCA Handbook references to reflect the UK Corporate Governance Code 2024 (see AGC Update, Issue 64, Item 7).

    Next steps

    The FCA requests comments on its proposals to update the existing technical notes by 15 May 2025.

    9. FCA publishes initial responses to PISCES consultation

    The FCA has published an early update on its expected response following its consultation on the regulatory framework for the Private Intermittent Securities and Capital Exchange System (PISCES) sandbox (CP 24/29) (for further background on PISCES, see AGC Update, Issue 59 – Item 14). The update is intended to help firms get ready for PISCES, though the FCA highlights that final PISCES rules remain subject to the FCA Board’s agreement. The FCA expects to publish a Policy Statement with final rules in June 2025. The PISCES sandbox will then be open for applications from prospective operators. 

    FCA approach 

    The FCA's consultation proposals adopted a 'private-plus' approach, building on existing features of private markets – which most respondents supported. As a result, the FCA is not anticipating making material changes to its proposals, nor mandating a 'sweeper' model for additional company disclosures, which the FCA put forward as a potential alternative in its consultation and which would have required a PISCES company to disclose any other information known to it which it considered relevant to investors. The FCA does, however, intend to propose various technical changes, in response to feedback that PISCES should be more fully aligned with private market practice.

    Post-consultation changes

    The FCA is intending to make the following changes to its consultation proposals (amongst others):

    • Scaling-back various core information disclosures, including: (i) removing the requirement for forward-looking information, litigation and sustainability-related disclosures; (ii) limiting required disclosures concerning significant changes to the financial position of the PISCES company, and excluding requirements relating to significant acquisitions or disposals and significant related party transactions; (iii) narrowing disclosure requirements relating to material contracts; (iv) clarifying the required information on employee share schemes; and (v) allowing PISCES operators the discretion to set a threshold of up to 25% for identifying major shareholders, rather than the 10% threshold initially proposed.
    • Removing the requirement for post-trade disclosures on directors’ transactions and major shareholders’ positions.
    • Clarifying that PISCES companies may restrict participation in a trading event, provided the restriction is based on published, transparent and non-discriminatory rules.

    Pre-application support

    The FCA is also inviting requests from prospective PISCES operators for preliminary feedback on proposed operating models and draft rulebooks, ahead of publication of the new rules.

    Sustainability

    10. EU Omnibus 'Stop-the-Clock' Directive approved

    The Council of the EU has given formal approval to the 'Stop-the-Clock' Directive which has now been published in the Official Journal. It came into force on 17 April 2025 and Member States are required to transpose it into national law by 31 December 2025 (see EU Parliament adopts Stop-the-Clock Omnibus Proposal and process to simplify ESRS starts).

    By way of reminder, the Directive is part of an 'Omnibus' package of measures aimed at simplifying the requirements of EU sustainability-focused legislation, including the Corporate Sustainability Reporting Directive (CSRD) and Corporate Sustainability Due Diligence Directive (CS3D) (see AGC Update, Issue 63 – Item 5).

    Specifically, the Directive postpones:

    • CSRD: reporting requirements for in-scope companies that are required to report in 2026 (large EU companies) and 2027 (EU listed SMEs) by two years (non-EU companies are unaffected); and
    • CS3D: the transposition deadline by one year (to 26 July 2027) and the application of the CS3D by one year (to 26 July 2028) for the largest, first-wave companies (including non-EU companies with a net turnover of more than €1.5 billion in the EU).

    The focus will now shift to the other Directive (known as the "Content Directive") proposed in the first Omnibus Package, which covers more substantive changes to the CSRD and CS3D, and for which there is currently no timetable for discussions at the Committee stage. 

    The European Commission has also set a timetable for EFRAG to revise the EU Sustainability Reporting Standards (ESRS), which were adopted by the EU Commission in December 2023 and provide the detailed datapoints that in-scope companies must report under CSRD. The Commission has asked EFRAG to provide technical advice on the revised ESRS by 31 October 2025.

    Meanwhile, a group of sustainability NGOs including ClientEarth, Friends of the Earth, T&E (Transport & Environment) and Anti-Slavery International has lodged a formal complaint with the European Ombudsman, concerning the way in which the European Commission has developed the first Omnibus Package, which they allege was undemocratic and rushed. The Ombudsman has the power to propose a solution, make a finding of maladministration and make recommendations for improvements.

    For our podcast on the Omnibus Package and what companies should do in response, see Governance & Compliance 1: EU Omnibus impacts UK sustainability reporting.

    Authors: Will Chalk, Partner; Shan Shori, Expertise Counsel, Becky Clissmann, Sustainability Counsel; Marianna Kennedy, Senior Associate; Vanessa Marrison, Expertise Counsel

    The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
    Readers should take legal advice before applying it to specific issues or transactions.

    Key Contacts