Ashurst and Practical Law Company Q4 2022

The articles below were written by Ashurst LLP and Practical Law Corporate in Q4 2022 and first published in the company law section of PLC Magazine, the leading monthly magazine for business lawyers advising companies active in the UK.

1. Narrative reporting: FRC Lab report on digital security risk disclosure

Summary. The Financial Reporting Council has issued a report by the Financial Reporting Lab (the Lab) on company disclosure relating to digital security and strategy risk (the report).

Background. Digital security and the management of related risks and opportunities can be critical to the ability of many companies to continue operating and generating value. Reporting on these areas can provide relevant information to stakeholders to assist them in assessing a company’s ability to remain viable and resilient.

In March 2021, the Department for Business, Energy & Industrial Strategy consulted on major reforms to the UK audit industry and corporate governance regime (the consultation), which included proposals to add digital security risk into companies’ assessments and resilience disclosures, highlighting the growth in relevance of digital security risk to businesses and investors. In May 2021, the government issued a response to the consultation.

Facts. The report indicates that while many FTSE 350 companies reported at least one digital-related principal risk, mainly cyber risk, most company disclosures are not meeting investor needs, are often boilerplate and overly static. The report suggests that disclosures in this area could be improved by:

• Explaining how digital security and strategy are important to the company’s current and future business model, strategy and environment.
• Detailing the company’s governance structures, culture and processes to support digital security and strategy.
• Identifying both the current and future digital security and strategy risks faced by the company and the opportunities available to it.
• Highlighting the impact of internal and external events, and the actions and activities that respond to these.
• When determining which disclosures to provide, considering materiality for the company, potential sensitivity of the information and whether the disclosures provide sufficient information to users.

The report also includes detailed practical examples to help companies improve their digital security risk reporting, and provides a number of questions to assist boards and audit committees when assessing whether the company’s disclosures in this area meet investor needs.

Source: The Lab: Digital Security Risk Disclosure, 3 August 2022, www.frc.org.uk/getattachment/b23698f9-a587-4222-b32a-b947dd7b3300/FRC-Digital-Security-Risk-Disclosure_August-2022.pdf.

Source: The Lab: Digital Security Risk Disclosure, 3 August 2022, www.frc.org.uk/getattachment/b23698f9-a587-4222-b32a-b947dd7b3300/FRC-Digital-Security-Risk-Disclosure_August-2022.pdf.

2. Non-financial reporting: FRC Lab report on ESG data

Summary. The Financial Reporting Council (FRC) has issued a report by the Financial Reporting Lab (the Lab) on environmental, social and governance (ESG) data production by companies (the report).

Background. There is an increasing focus on how companies report on ESG issues. In July 2021, the FRC issued a statement of intent on ESG challenges that identified a number of steps towards attaining an effective system of ESG reporting.

Facts. The report sets out a recommended step-by-step approach to ESG data production, including:

• Performing a materiality assessment to understand the ESG topics and data points relevant to the company, including:
  • identifying current and future drivers for ESG data;
  • engaging internal stakeholders across all levels to understand what is needed operationally and strategically, and identifying what is already collected and what is missing;
  • engaging with key investors and other stakeholders to understand what data is important to them; and
  • reviewing regulation and framework requirements.
• Collaborating with peers through industry bodies to identify sector-relevant metrics, methods and sources.
• Identifying and encouraging internal champions to raise awareness.
• Identifying who are the data producers and owners across the company for different data sets, and the co-ordinators, reporters and validators for a joined-up approach.
• Identifying the internal and external sources for the data, and setting out the methodology and frequency for gathering the data.
• Engaging with finance and internal audit teams to apply controls over the data, including evidence trails, reviews and sign-offs.
• Assessing which data should be subject to internal and external assurance.
• Documenting responsibilities and processes for knowledge retention.
• Sharing lessons learnt with teams and subsidiaries where approaches may be historically different.
• Considering training and education for the board and across the company on why ESG data is needed and how it can be used for strategic decision making.
• Not treating ESG data just as part of an annual reporting cycle but integrating it in regular processes and embedding it in the company’s culture to understand company performance and impact.
• Reviewing whether existing data and data quality is supporting strategic decision making, and whether investment in systems and resource is needed.

Source: The Lab: Improving ESG data production, 30 August 2022, www.frc.org.uk/getattachment/f4c2877a-c782-4426-a10d-c81d7d6a1e9b/FRC-Lab-ESG-Data-Production-Report-_August-2022.pdf.

3. FRC thematic review: financial reporting for business combinations

Summary. The Financial Reporting Council (FRC) has issued a report on the findings of its first thematic review of company accounting and reporting for business combinations (the report).

Background. Business combinations are significant but infrequent transactions that give rise to issues outside of routine accounting norms and may introduce significant estimation uncertainty. These transactions can have a significant effect on an acquirer’s strategy, operations and financial performance, and often require a thorough explanation within the management commentary of an annual report, as well as having a widespread effect on the financial statements. In reporting these transactions, companies must consider the requirements of International Financial Reporting Standard 3 "Business Combinations", as well as relevant disclosure requirements in the Companies Act 2006 and the Disclosure Guidance and Transparency Rules.

Facts. The FRC analysed the annual reports of 20 companies with financial years that end between December 2021 and March 2022 that included a business combination.

Although the FRC was generally pleased with the quality of reporting, the report identifies several opportunities for improvement. The main findings include the following:

• The best examples of reporting explained the reasons for, and the effects of, the combination throughout the annual report. The FRC expects companies to explain the effects of a business combination on the group’s strategy, resources, operations and performance, using clear and concise explanations that highlight the reasons for any significant changes. Companies should provide a comprehensive understanding of the effects of the business combination, supported by consistent information throughout the annual report, allowing the reader to appreciate the full story.
• The better disclosures explained the valuation techniques applied to the acquired assets and liabilities, and the key assumptions used, and disclosed this by significant class of asset and liability. These disclosures also explained how fair value adjustments would unwind over time.
• Disclosures relating to contingent consideration could be enhanced by avoiding boilerplate explanations that do not reflect the specific circumstances, and by providing greater clarity regarding the potential variability in future amounts payable for contingent consideration.
• The requirements to determine whether share-based payments form part of the consideration or are accounted for as a post-combination expense are complex, and companies could improve their explanations of how these payments have been treated.
• When companies disclosed that there was significant estimation uncertainty, sensitivity disclosures could be improved. The FRC expects companies to provide meaningful sensitivities or ranges of reasonably possible outcomes for any significant estimates made.
• Some companies incorrectly reported cash flows for acquisition costs as investing cash flows. Companies should make sure that business combination-related cash flows are treated correctly, classifying cash flows for acquisition-related costs as operating cash flows within the consolidated accounts.
• Companies should explain how transactions not accounted for as part of the business combination have been treated and the line items in the financial statements in which they have been recognised. Contingent payments linked to continuing employment should be excluded from consideration for the business combination and accounted for as a post-acquisition employment expense.

Source: FRC: Thematic Review: Business Combinations, 29 September 2022, www.frc.org.uk/getattachment/f342bfa9-2734-46ca-81cf-4e1358d47536/IFRS-3-Business-Combinations.pdf.

4. FRC Lab report: digital reporting in annual financial report

Summary. The Financial Reporting Council (FRC) has issued a report by the Financial Reporting Lab (the Lab) on using a structured digital format to produce annual financial reports (the report).

Background. Disclosure Guidance and Transparency Rule (DTR) 4.1.14R requires companies admitted to trading on UK-regulated markets to produce their annual financial report in a machine-readable structured digital reporting format. The availability of corporate reporting in a usable and comparable format enhances transparency and supports the effective functioning of capital markets. This requirement follows on from the retained EU law version of the Commission Delegated Regulation (2018/815/EU) supplementing the Transparency Directive (2004/109/EC) with regard to regulatory technical standards on the specification of an electronic reporting format (UK Regulation).

In February 2022, the Department for Business, Energy & Industrial Strategy (BEIS) issued a white paper on corporate transparency and register reform, which included a proposal to move mandatory digital filings to Companies House.

Facts. The Lab analysed a sample of UK filings in the first year of the mandatory use of the electronic reporting format set out in the UK Regulation, as well as data from the Financial Conduct Authority (FCA) and feedback from companies and service providers.

The report highlights areas for improvement and better practice, including:

• Better naming and structure of the files submitted to the national storage mechanism, as this caused many rejected filings. The report provides practical tips for those authorised to submit documents through the FCA’s electronic submission system.
• Further engagement and education at management and board level. The report notes that the structured report should be subject to appropriate review and governance processes, as it is the official version for the DTR. The report suggests that companies should develop a review process that is suitable for a non-technical audience and draws the board’s attention to the most important aspects for their review.
• Making the validated report available on the company’s website with an inline viewer.
• For the selection of tags, focusing on the accounting meaning of their disclosures, as well as improving the selection of anchors. The report notes that while external assurance over tagging is not required, disclosure on this point is valuable.

The report also highlights upcoming changes regarding timetables and tagging. Given the deadline is reverting to four months for financial years ending on or after 28 June 2022, companies may need to speed up their processes. Also, while companies currently have a choice between the EU or UK taxonomy under the UK Regulation, as BEIS has proposed to move mandatory digital filings to Companies House, more companies may choose to use the UK taxonomy.

The report notes that for financial years starting on or after 1 January 2022, companies are also required to tag the notes, including accounting policies, with different requirements, which are set out in Annex II to the UK Regulation.

Source: The Lab: Structured digital reporting, Improving Quality and Usability, 27 September 2022, www.frc.org.uk/getattachment/5a50cd03-e209-4ac5-b95b-d91c39520acf/FRC-Structured-Digital-Reporting_September-2022.pdf.