Legal development

Overview of the UK Corporate Governance Code 2024

Overview of the UK Corporate Governance Code 2024

    1. Introduction 

    On 22 January 2024, the Financial Reporting Council published the much-anticipated UK Corporate Governance Code 2024 (2024 Code). This follows the government scaling back its Audit and Corporate Governance reform package (see AGC Update, Issue 43) and the FRC's response to that and the feedback it received on its consultation on proposed changes to the current 2018 iteration of the Code (2018 Code).

    2.  What are the headline changes?

    The key revision in the 2024 Code focuses on internal controls, where the FRC has introduced additional disclosure requirements for annual report and accounts and the need for a declaration by the board as to the effectiveness of those controls. 

    There are also changes which:

    • require governance reporting to focus on board decisions and their outcomes in the context of a company's strategy and objectives;
    • underscore the need for clear explanations for departures from the 2024 Code;
    • expand reporting on corporate culture to include how it has been embedded;
    • reflect the wide-ranging nature of diversity policies and other initiatives;
    • streamline Audit Committee responsibilities and reporting requirements by reference to the Minimum Standard: Audit Committees and the External Audit (Minimum Standard); and
    • bolster malus and clawback arrangements and disclosures.

    The FRC has also taken the opportunity in its accompanying press release to affirm its support for the 'comply or explain' regime.

    3.  When do the changes apply?

    The 2024 Code will apply to accounting periods beginning on or after 1 January 2025, with the exception of Provision 29 on internal controls which will apply to accounting periods beginning on or after 1 January 2026. In the intervening period, Provision 29 of the 2018 Code will continue to apply.

    4.  Has the FRC published any guidance?

    The FRC has issued a summary of the principal 2024 Code changes and a 2024 Code mythbuster.  

    The FRC has stated that it intends to issue accompanying guidance to the 2024 Code on 29 January 2024. This will be "digitally accessible guidance associated with the Code" aimed at providing helpful context to boards as they consider how they comply with the Code. In preparing the guidance, the FRC has drawn on the advice of its Stakeholder Insight Group which represents a cross-section of preparers of annual reports, investors and others. It is expected that this guidance will replace the FRC's Guidance on Board Effectiveness and its Guidance on Risk Management, Internal Controls and Related Financial and Business Reporting.

    5.  The headline changes in more detail

    The 2024 Code revisions are considerably more limited than as originally consulted on. The FRC states that the changes are intended to be targeted, proportionate and keep burdens on business to a minimum. The amendments seek to enhance transparency and accountability at the same time as helping support the growth and competitiveness of the UK and its attractiveness as a place to invest.  

    Risk management and internal controls and their effectiveness

    The changes relating to internal controls remain significant. Provision 29 has been considerably expanded (the words in bold and italics are new to the 2024 Code) and now reads: 

    "The board should monitor the company's risk management and internal control framework and, at least annually, carry out a review of its effectiveness. The monitoring and review should cover all material controls, including financial, operational, reporting and compliance controls. The board should provide in the annual report:

    A description of how the board has monitored and reviewed the effectiveness of the framework;

    A declaration of effectiveness of the material controls as at the balance sheet date; and

    A description of any material controls which have not operated effectively as at the balance sheet date, the action taken, or proposed, to improve them and any action taken to address previously reported issues."

    Principle O has been revised to make it clear that boards should not only establish but also maintain an effective risk management and internal control framework. In addition, Provision 28 has been revised to specify that as regards emerging risks, boards need to explain what procedures are in place to identify and manage them, again pointing to the requirement for a formalised risk management framework. 

    On the FRC's UK Corporate Governance Code landing page, the FRC talks of these changes as being driven by investor and other stakeholder feedback on the lack of improvement in the quality of reporting on risk management and internal controls, and the need for more work by most companies to demonstrate the existence of robust systems, governance and oversight. The FRC also states that its approach on internal controls relies on boards to make their own judgments on which controls are 'material' and that it regards this approach is better suited to the UK than a more "intrusive and prescriptive" approach required in other jurisdictions – i.e. the Sarbanes-Oxley regime in the US.

    While companies may have various processes in place for monitoring and reviewing their risk management and internal control systems, all companies will need to consider, in the light of revised Provision 29, what enhancements may be needed to their risk management and assurance practices. In particular, boards will need to consider whether they have the necessary supporting framework and processes which create resulting evidence to enable them to:

    • Describe in their annual report how they have both "monitored" on an ongoing basis and then "reviewed" at least annually the effectiveness of their risk management and internal controls framework (noting that the controls to be reviewed and monitored must include financial, operational, reporting and compliance controls).
    • Determine which of their financial, reporting, operational and compliance controls are "material", (based on a reasonably self-established criteria), so as to be able to make a declaration on the effectiveness of material controls as at the relevant balance sheet date. The FRC states that "material controls" will be company-specific and therefore different for every company depending on their features and circumstances, including for example a company's size, business model, strategy, operations, structure and complexity.
    • Determine which, if any, material controls have not operated effectively as at the relevant balance sheet, in order to provide the required disclosures.
    • Report details of the action plans which have been put in place, or those which are proposed, to improve controls deemed to be ineffective, and provide an update on the status of actions taken to address previously reported issues.

    In relation to the debate many companies may have on internal versus external assurance whether it be for the ongoing "monitoring" or annual "review" components of Provision 29, the FRC states that "an effective risk management and internal controls framework will include monitoring and review components,". In other words, to a certain extent the FRC believe it is possible for information to be collected internally and relied upon. Notwithstanding this, the FRC are clear that "it is for individual boards to decide whether external assurance is required over controls, and to what degree" and companies may well reflect on the significance and breadth of required disclosures and consider some degree of external assurance a prerequisite to making them.

    Taking account of some of the feedback received during the consultation which highlighted that many companies will have significant work to do on the design of their risk management and internal control frameworks, which will then be followed by more work to operationalise those frameworks, the FRC has deferred the application of Provision 29 of the 2024 Code to accounting periods beginning on or after 1 January 2026. There still remains the question of whether companies will have knowledge of what a good risk management and internal framework might look like. This feedback was provided to the FRC by a number respondents during the consultation. To find out how this might be addressed, we await the revised the guidance to be issued next week. 

    Going concern

    Provision 30 of the 2024 Code has been amended such that the board is now expected to state in all interim financial statements that it considers it appropriate to adopt the going concern basis of accounting, identifying material uncertainties to do so over a period of at least 12 months from the date of the approval of the financial statements. The 2018 Code currently requires this in relation to annual and half-yearly financial statements only.

    Governance reporting to focus on board decisions and outcomes

    Principle C of the 2024 Code is new. It states:

    "Governance reporting should focus on board decisions and their outcomes in the context of the company's strategy and objectives.  Where the board reports on departures from the Code provisions, it should provide a clear explanation."

    The push to report on 'outcomes' is not new. For many years the FRC, in its annual corporate governance monitoring reports, has encouraged companies to report on actions taken in respect of governance and the outcomes of those actions.  

    However, as a new Principle, companies will need to state how they have applied it - i.e. how they have ensured that their corporate reporting focusses on outcomes in the context of the company's strategy and objectives. In its 2024 mythbuster, the FRC states – "Outcomes-based reporting means providing your stakeholders with information on how decisions taken by the board have, and will, impact the company's strategy, objectives and long-term viability.

    Underscoring the concept and expectations of the 'comply or explain' regime

    Inadequate (or, in some cases, any) explanations for departures from Code Provisions have long been an area of focus and annoyance for the FRC. Failing to do so undermines the 'comply or explain' regime as a whole. To that end, new Principle C states:

    "Where the board reports on departures to the Code provisions, it should provide clear explanation.

    In its press release accompanying the 2024 Code, the FRC is at pains to underscore its support for the concept of 'comply or explain'. At its recent webinar, it stressed that it does not agree with suggestions that the Code operates on a 'comply or else' basis. In its 2024 mythbuster, it states: "The FRC encourages high-quality explanations that demonstrate good governance practices.  The 'comply or explain' regime gives companies the scope to communicate salient and pertinent information to stakeholders, whilst recognising that there is no one size fits all approach for companies…". 

    Embedding culture

    Provision 2 of the 2024 Code now reads (words in bold and italics are new):

    "The board should assess and monitor culture and how the desired culture has been embedded."

    Reporting on the assessment and monitoring of culture under the 2018 Code has been underwhelming. Reflecting this and the sharper focus on reporting on outcomes, the 2024 Code drives a description of the day to day processes around corporate culture. It will be interesting to see how the revised accompanying guidance reflects this change.  

    Diversity and inclusion

    Changes have been made to Principle J to promote diversity, inclusion and equal opportunity but without referencing specific groups. The list of diversity characteristics (gender, ethnic background, cognitive and personal strengths) has been removed to indicate that diversity policies can be wide ranging. The concluding lines of Principle L now read (words in bold and italics are new to the 2024 Code):

    "Both appointments and succession plans should be based on merit and objective criteria. They should promote diversity, inclusion and equal opportunity."

    Changes have also been made to Provision 23 which sets out diversity-related disclosure requirements for nomination committee (words in bold and italics are new to the 2024 Code). Disclosures should include: 

    "the policy and any initiatives on diversity and inclusion, their objectives and link to company strategy, how they have been implemented and progress on achieving the objectives:"

    The changes recognise that additional initiatives which exist alongside DE&I policies are important contextual disclosures.

    Audit Committee reporting

    Provisions 25 and 26 have been updated to reflect the Minimum Standard and to remove unnecessary duplication with it. For instance, Provision 25 now states that a main role and responsibility of the audit committee is to follow the Standard. Provision 26 now states that – 

    "The annual report should describe the work of the audit committee including matters set out in the Audit Committees and External Audit: Minimum Standard; and …."

    We discussed the draft and final Standard in AGC Updates, Issues 29 and 37. By way or reminder, the Minimum Standard applies to audit committees of premium listed companies included in the FTSE 350. The Minimum Standard states that once primary legislation is passed to bring the Audit, Reporting and Governance Authority (ARGA) into being, the Minimum Standard would, subject to the appropriate powers being provided in the legislation, become mandatory, and that companies within scope are encouraged to begin to apply the Minimum Standard on a 'comply or explain' basis in the meantime.  

    Although the creation of ARGA is no longer imminent, by virtue of the Minimum Standard being included at Provision 26 of the 2024 Code, it seems that reporting on the "matters set out in" it is required on a 'comply or explain' basis by all companies subject to the 2024 Code and not just those in the FTSE 350. 

    Remuneration - malus and clawback

    Provision 37 has been amended to provide that "directors' contracts and/or other agreements" should include malus and clawback provisions. This is intended to strengthen the enforceability of malus and clawback by ensuring such provisions are contained in legally binding contracts (not just in remuneration policies and share plan rules).  

    The 2024 Code strengthens further reporting of malus and clawback provisions in directors' remuneration reports by requiring a description of:

    • the circumstances in which malus and clawback provisions could be used;
    • the period for malus and clawback and why the selected period is best suited to the organisation; and
    • whether the provisions were used in the last reporting period. If so, a clear explanation of the reason should be provided in the annual report.

    By way of reminder, Provision 37 of the 2018 Code already requires companies to include clawback provisions and specify the circumstances for their application in remuneration policies. The 2024 Code simply enhances the current disclosure obligations.

    Finally, Provision 40 of the 2018 Code lists six factors for remuneration committees to consider in setting executive remuneration: clarity, simplicity, risk, predictability, proportionality and alignment to culture. Provision 41 of the 2018 Code expects a description, with examples, of how the remuneration committee has addressed these factors. In practice, companies have taken the approach of listing these factors, and noting they have been considered, adding little content or explanation. Against that background, Provision 40 and the related elements of Provision 41 have been dropped from the 2024 Code. Despite this, remuneration committees should continue to consider these factors, amongst others, to ensure that remuneration outcomes do not reward poor performance. 

    6. Which proposals have not been taken forward? 

    As alluded to in the FRC's policy statement, the 2024 Code does not contain a number of the significant proposals included in the original consultation.  These include those relating to the remit of audit committees on sustainability matters; director time commitment; engagement with shareholders by committee chairs; and more detailed changes to Provisions dealing with diversity and inclusion.  The proposals which related to the reporting requirements for 'large' public interest entities – e.g. resilience statements and audit and assurance policies, contained in the draft regulations withdrawn by the government in October 2023 (see AGC Update, Issue 42) have also not been taken forward.

    7.  What happens next?

    All eyes on the accompanying guidance which will be published early next week.  We will publish a further AGC Update reflecting on that guidance and expanding on the actions companies should consider in readiness for the implementation of the 2024 Code.


    Stay ahead with our business insights, updates and podcasts

    Sign-up to select your areas of interest