Corporate Governance Code: a missed opportunity?

Corporate regulators have proposed an overhaul of the UK Corporate Governance Code aimed at increasing company boards’ responsibility for accurate accounts and strengthening directors’ accountability for misconduct. The Financial Reporting Council’s (FRC) planned changes are intended to strengthen and modernise the UK’s corporate governance regimes following high-profile scandals in recent years, which saw the collapse of a raft of household name companies, including BHS, Carillion and Patisserie Valerie.

As a result, the consultation is, in effect, the latest iteration of a process started in 2021 by the government’s undertaking to "restore faith in audit and corporate governance”. Many commentators hold the view that the decision to water down the original proposals - especially when it comes to directors’ personal accountability – has diluted what the government’s project was intended to achieve.

The corporate governance code regime operates under a system of ‘comply or explain’, and although it is capable of embarrassing company directors as well as potentially affecting the share prices of non-compliant listed companies, ultimately it is still a voluntary arrangement in most cases. Even for those companies who are bound to adhere to the code due to their premium listings, directors are still able to opt out of compliance by explaining their reasons for not doing so.

Further, a key component of the original proposed reforms was to require all company directors to assess and report annually on the effectiveness of their internal controls and financial reporting procedures, echoing the US Sarbanes-Oxley Act of 2002, which was passed into law following the Enron scandal. These envisaged mandatory measures have now been dialled down, following intense lobbying from corporates, resulting in what the government believes to be a more ‘business-friendly’ stance.    

There is a fairly well-established symbiosis between corporate failure and the payment of excessive dividends from highly questionable distributable profits, such as in the case of failed conglomerate Carillion, which famously imploded into bankruptcy in 2018. Rules to deal with this subject have been avoided by the FRC, despite all of the inherent risks of not tightening the regulations for such a key area of corporate governance.

In its proposals, the FRC suggested the inclusion of a duty for audit committees to develop, implement and maintain companies’ audit and assurance policies, with the aim of setting out what independent assurance companies intend to obtain over a three-year timeframe. While the overall code is only mandatory for ‘public interest entities’, the audit and assurance policy would be obligatory for all companies to whom the code applies, including overseas premium-listed companies as well as AIM-listed companies in the UK. The FRC itself has referenced a lack of professional scepticism as being at the heart of most audit failures in combination with a control imbalance between boards and auditors.    

A new addition to the code would require companies to list all significant director appointments in their annual reports, as well as to explain how each director has sufficient time to effectively perform their role in light of their other commitments. However, the FRC’s proposals do not include a cap on how many outside commitments a company director may have, to the disappointment of critics who believe directors are less able to focus on their work for a company when concurrently performing numerous roles elsewhere.

Far from taking a radical approach to shaking up corporate governance and the duties imposed on directors and boards, the FRC’s consultation is ultimately a victory for pragmatism given the parlous state of the UK economy and the necessity of presenting a ‘business-friendly’ regulatory environment. However, this is perhaps a case of regulatory mixed messaging. Removing the penalty of personal liability for directors to vouch effectively for their own anti-fraud systems is not easy to reconcile with the Economic Crime Bill, which proposes a new criminal offence for failure to prevent fraud, or indeed the House of Lords’ recent report ‘Fighting fraud – breaking the chain’.

The Corporate Governance Code consultation has stolen most of the headlines, but the FRC has also published an updated list of signatories to the UK Stewardship Code, following its spring 2022 assessment. The FRC added 43 new signatories, taking the total number of signatories to 236. The code sets out what the FRC considers best practice for institutional asset owners and asset managers when exercising their stewardship responsibilities. Like the Corporate Governance Code, the Stewardship Code also operates on a ‘comply or explain’ basis. Certain asset managers are required to report against the code under the Financial Conduct Authority’s Conduct of Business Sourcebook. Other institutional investors can apply to become ‘signatories’ to the code and adopt it voluntarily.

Proposals which probably do play to the gallery of public opinion concern so-called ‘malus/clawback arrangements’ in the context of board renumeration. The proposed changes would place an expectation on companies to include such provisions in directors’ employment contracts.  Companies would be expected to disclose in annual reports the minimum circumstances in which these provisions could be triggered and whether they have been used in the most recent financial year.

The changes to the code would also impose additional responsibilities on boards and audit committees relating to reporting about environmental, social and governance issues. Companies would be required to have an audit and assurance policy dealing with whether and how they seek external assurance over their internal controls or the environmental, social and governance metrics published in annual reports.

One of the major perceived victories for business is the failure to deploy primary legislation to address director accountability, by using the code to introduce requirements based on the US Sarbanes-Oxley Act. However, these changes are not just window dressing and include a proposal that the directors should make a declaration that their companies’ internal controls have been effective.

The proposed enhanced reporting requirements include rules that a board must give (i) a declaration of whether it can reasonably conclude that the company’s risk management and internal control systems have been effective throughout the reporting period up to the date of the annual report; (ii) an explanation of the basis of its declaration (including how it has monitored and reviewed the effectiveness of these systems); and (iii) a description of any material weaknesses or failures identified and the remedial action being taken.

The controls are meant to ensure that companies are in a position to produce reliable financial reporting as well as to comply with relevant laws. Under the revised corporate governance code, directors would be expected to disclose ‘material weaknesses or failures’ in these controls. In the current climate, any enhanced corporate reporting comes with enhanced litigation risk. The proposals include new reporting obligations on how companies report on how environmental and social matters are taken into account in the delivery of their strategy (including their climate ambitions and transition planning) and on the outcomes of any engagement with their shareholders which has taken place during the reporting period. The recent, albeit possibly mis-formulated, ClientEarth v Shell litigation illustrates both the determination and creativity of climate change activists to hold companies to account.

This risk is not confined solely to ESG cases. Section 90 and 90A of the Financial Services and Markets Act (FSMA) provide a remedy for shareholders who acquire securities and who suffer loss as a result of untrue or misleading statements in, or omissions of necessary information from, prospectuses or listing particulars relating to those securities. There has certainly been no shortage of cases based on allegations of false reporting to the market, including the Tesco £250m accounting error in 2014, the BT £225m accounting error in 2017, the Petrofac bribery controversy in 2017, allegations of misleading financial reporting by Carillion in the years and months leading to its collapse in 2017, and the Patisserie Valerie £40m accounting error in 2018.

There has, however, been a dearth of reported decisions based on section 90 and there remains a perception that it is an underused remedy. A likely reason for this is that section 90A claims require the claimant to prove that a so-called ‘person discharging managerial responsibilities’ of the defendant has acted dishonestly, ie that he or she knew that the relevant statement was untrue or was reckless as to the same.

One would think that any parallel reporting requirements on the effectiveness of a company’s risk management and internal control systems would have a potentially significant impact on both these species of claim and more widely. However, the problem remains that as matters stand, the code applies to public interest entities (so-called PIEs) such as entities with a premium London listing and is ultimately voluntary – board directors can choose not to comply so long as they explain their reasons.

David Styles, FRC director of corporate governance and stewardship, said that including internal controls rules in the code rather than legislation “makes clear the board’s accountability for this issue, yet reflects the need for flexibility, proportionality and consideration of the particular circumstances of individual companies”. Asked whether the government still expects to publish draft legislation during the current parliamentary session, a spokesperson said: “The government remains committed to driving significant improvements to audit and corporate governance in the UK, in line with the ambitious plans set out last year. Reform is under way and we will legislate when parliamentary time allows.”

The FRC’s consultation will run until September of this year, with the intention of a new code taking effect for financial years beginning on or after 1 January 2025. In the absence of industry pressure for a stricter approach to governance, it is likely that the new code will be enacted in, or close to, the format set out in the FRC’s proposals. As a result, its implementation will once again result in a missed opportunity to tighten up scrutiny of companies and stamp out the poor corporate practice that has been the basis for so many costly failures for UK plc in recent years.

Paul Brehony is a partner at Signature Litigation.