Good governance from within – responding to the government’s change of heart.

Recently, the government announced its U-turn on elements of its long-awaited reforms to corporate governance and reporting, designed to restore trust in our largest companies. The programme started by Sir Donald Brydon now lies in disarray. Companies, investors, regulators and stakeholders of all forms are simply confused. The explanation is, at best, weak.

The reforms to corporate governance are intended to build trust in the authenticity, transparency and reliability of the activities of our largest companies. As well as in the information they disclose to stakeholders. Within our corporate governance principles, the primary stakeholders are still investors. However, s172 of the Companies Act requires a broader range of needs to be considered.

From the outset, the question of regulation of external audit firms has been confused with the development of appropriate cultures, standards and practices within organisations. In the most recent government announcement, the question of what is to be disclosed (non-financial reporting) has been confused with the question of how that information originates within the company.

The recommendations in the BEIS consultation on Restoring Trust in Corporate Governance and Audit, broadly supported by most commentators, fall into three groups:

1. Primary legislation: recommendations requiring new legislation to create new structural expectations. These include the formation of ARGA, bringing large Public Interest Entities under the scope of the UK Corporate Governance Code requirements, and reforms to the external audit market.

2. Secondary legislation: recommendations requiring amendments to existing legislation. These include new reporting requirements designed to embed accountability and to enable stakeholders to understand how the directors are fulfilling their obligations in respect of strong sustainable businesses. They include:
• Audit and Assurance Policy which is designed to explain how the directors get confident that they are making commitments and disclosures that are supportable and responsible;
• Resilience Statement requiring an assessment of how the company would respond to significant shocks or changes in circumstances (such as those that have occurred in the last three years) to reassure stakeholders; and
• Enhanced Fraud Risk Assessment Disclosures to embed greater accountability that might avoid the situations we have seen in Carillion and Patisserie Valerie.

3. Enhancements to the UK Corporate Governance Code: requiring directors to take a judgement-based approach to assessing and reporting on the design and operating effectiveness of controls over critical financial and non-financial commitments and disclosures.

At this time the secondary legislation, which was due to have been discussed and agreed in Parliament this week, is withdrawn. There will not be enhanced reporting. The primary legislation has not been withdrawn but many believe it’s unlikely to proceed under the current government. To proceed it should be laid out in the King’s Speech in November. Many bodies continue to lobby for this to happen, but leaked reports suggest this is unlikely.

This leaves the changes to the UK Corporate Governance Code which the FRC is due to release before the end of this year, having completed their consultation in September. As with the other reforms, most commentators we have spoken to, including the Institute of Directors, are broadly supportive of these changes. Will the FRC have the courage to proceed when the government has not?

We acknowledge there are questions that need resolution particularly on the scope of controls included within the requirements. We believe including non-financial commitments and disclosures makes sense and is what most stakeholders would expect. Stakeholders want to know that when customers pay more for a product that has positive environmental credentials, the company is making these claims with conviction, underpinned by appropriate processes and controls. And that the Modern Slavery Act statement companies already make is meaningful and grounded in real actions. However, stretching this control requirement to all operational controls feels unnecessary. Will the FRC pick up on this nuance or abandon the requirement for all non-financial controls? We simply don’t know, and companies are in limbo as a result.

What does this mean for the many companies that have developed the in-house capability to meet these expectations head on? They have acted responsibly and will now feel penalised for having done so. We believe that they should rise above this and continue to do the right thing to embed good governance and accountability within their organisations. We suggest a pragmatic and proportionate approach:

1. Refocus on your purpose: there is a huge volume of scientific research indicating that companies that put purpose at the heart of their strategy perform more highly. To do this with integrity requires you to have confidence in the promises you make – your commitments to customers, suppliers, partners, regulators and investors. If these reforms would require significant work within your company, it’s an indication that you are not as comfortable as you should be.

2. Think resilience: the pandemic years evidenced that resilient companies thrive. Financial services companies have had to assess this with stress testing of their business models for some time. This is what builds trust in our financial system. To build and sustain trust in your business, think longer term and test the range of potential outcomes so you know you can respond.

3. Keep your eyes open to risk (upside and downside): there is a much-quoted analogy that racing cars succeed when there is confidence in the brakes. It’s the brakes that enable acceleration. The same is true of a sound risk management system. When you understand your risks, the range of outcomes, the nature of the risk and the factors that influence it, you are in control. You can accelerate.

4. Pilot your controls approach: the existing corporate governance requirements (including under the Wates Principles for private companies) require you to assess the effectiveness of financial controls. The FRC has expressed frustration that companies too often pay lip service to this. They urge companies to “comply or explain” and have provided guidance on what this means in practice. Building out and testing a controls approach using your financial objectives and requirements will create a prototype that can be applied in a broader context, as and when this becomes a requirement.

5. Think about the three lines: three lines does not mean spending money on big functions. It means being clear about accountability in the first line; second line monitoring against clear policies and standards; and obtaining independent and objective assurance through third line internal audit capability. If you have this in place you will be agile to emerging requirements. Many organisations have already moved in this direction as they create controls teams distinct from Internal Audit.

If this is not enough to persuade you to continue the journey that the most responsible companies have started, the future legal and regulatory position provides further reason. Opposition parties support corporate governance reform. Any changes in direction may well prove to be temporary. The timeframes for implementation may then be shorter. And the costs higher if you are not prepared.

Carolyn Clarke, Steven Brown, Michael Lucas, Carrie Stephenson
Founding Partners: Brave Within LLP
October 2023