What does the FRC's proposed corporate governance overhaul mean for D&O exposures?
The Financial Reporting Council (FRC) has now published the draft new UK Corporate Governance Code following the Government's requirements that it incorporate more robust internal control and prudent and effective risk management requirements. The deadline for responses to the FRC's consultation is 13 September 2023.
What is the context to this change?
The current 2018 version of the Code is mandatory for premium listed companies and voluntary for private companies, and as such acts as a guide to good board practice.
The FCA's consultation on Primary Market Effectiveness proposes a move from standard and premium listed companies to a single category for listed companies, which means that more companies will be required to follow the Code.
If implemented, the proposed new version of the Code will apply to accounting years commencing on or after 1 January 2025. A suite of guidance is expected to be published before the new Code comes into force.
What are the main proposed changes?
The format of the Code (a number of key principles supported by provisions which must either be complied with or an explanation proffered as to why not, otherwise known as "comply or explain" provisions) is not changing, but the principles have been refined and a new principle encouraging a focus on governance practices outcomes has been added. This is a result of the FRC's research which found that reporting on outcomes is generally lacking. The new principle is aimed at encouraging companies to better meet the needs and demands of stakeholders.
The proposed revisions seek to address policy issues set out by the Government's in its White Paper "Restoring Trust in Audit and Corporate Governance", which proposed major reforms to the UK audit industry and corporate governance regime, including rebranding the FRC as the Audit, Reporting and Governance Authority (ARGA).
Perhaps unsurprisingly, ESG features prominently in the reforms, with the FRC hoping that companies will embed these issues into their culture since at present reporting is fragmented and stakeholders are demanding more and more information. Provision 1 will require the annual report to describe how ESG matters, its climate ambitions and transition planning have been taken into account in the company's strategy. Greenwashing and insufficient transparency around environmental targets are specifically cited by the FRC as concerns for many investors and stakeholders.
The annual report will also need to:
- Include the views of shareholders;
- Address each director's ability to discharge their responsibilities in light of any other commitments (reflecting increased investor concern about the number of board positions held by directors);
- Describe the effectiveness of equal opportunity, inclusion and diversity in appointments and succession planning (this renewed focus is consistent with the FCA's April 2022 policy statement on diversity & inclusion for company boards and also reflects the FRC's findings that reporting on succession is often poor and reactive, as opposed to proactive);
- Identify and explain the policies and procedures in place for identifying and managing emerging risks, which are defined as those whose impact and probability are difficult to assess and quantify at present, but there is a reasonable probability of affecting the company over a longer time horizon.
Encouraging directors to realistically assess the number of positions they hold reflects the increasing complexity of trading conditions and the FRC's desire that directors give "more intensive consideration" to challenges, such as cybersecurity, AI or environmental issues. As such, this is a key part of the FRC's drive to engender more responsible governance. The Code provides that full-time executive directors should not take on more than one non-executive directorship in a FTSE 100 company or other significant appointment, to ensure that they have sufficient time to meet their responsibilities. However, the FRC has refrained from placing any further concrete limits on the number of board appointments an individual can accept, as a "one size fits all" approach is insufficiently flexible for the myriad types of business affected by the Code.
Similarly, directors will also need to provide a declaration within the annual report as to whether they can reasonably conclude that the company’s risk management and internal controls have been effective throughout the reporting period. The FRC hopes that this change will strengthen board accountability and internal controls in light of its findings that there is a general lack of reporting on risk management and internal controls operated by companies and the work done to maintain their effectiveness. The declaration must be supported by an explanation of its basis and how the board had monitored and reviewed the effectiveness of its systems, as well as a description of any material weaknesses or failures identified and the remedial action being taken.
Directors' remuneration is also a focus of the new rules, requiring remuneration to be "clearly aligned" to the company performance, purpose and values, expressly taking into account its long-term and ESG objectives and to be proportionate. The remuneration structure and the use of any clawback provisions in the past 5 years must be included in the annual remuneration report. The FRC states that it does not expect these changes to result in lower remuneration, but rather to result in greater clarity for investors about the methods available to address serious failings and whether and how companies are making use of them.
Companies' audit committees will be required to monitor the integrity of narrative reporting, including on sustainability, develop an audit & assurance policy and promote competition when seeking tenders for an external auditor. Any significant reporting issues identified by the audit committee will need to be detailed in the annual report.
More changes are on the horizon as the Government is due to publish new regulations containing its Audit and Assurance Policy and Resilience Statement requirements. Boards will also need to familiarise themselves with the FRC's new Minimum Standard for Audit Committees in relation to external audit, which was developed following a recommendation from the Competition & Markets Authority.
Open responses to the FRC's consultation have been published by the Association of Chartered Certified Accountants and the Pensions and Lifetimes Savings Association; both of which welcome the revisions to the Code and encourage the FRC to go further. As such, companies can expect continued pressure from stakeholders to demonstrate responsible governance.
What does this mean for management liability exposures?
By embedding ESG considerations, proportionate remuneration and monitoring of emerging risks into the Code, the effect of these proposed reforms is to place more responsibility on directors to ensure that companies are operated responsibly. The new declaration in particular seeks to commit directors to devoting adequate time to the business and affirming their own effectiveness (something which could easily be relied upon at a later date in any claim) and requires directors to assume a more prominent position in effectively underwriting the success of the company, both from a profits viewpoint and from a responsible-business perspective. There is not as yet any guidance on how to measure whether a company's risk governance has been "effective", which leaves open the possibility that this will simply become an exercise in semantics. There is scope for disputes here as effective governance is open to interpretation depending on one's viewpoint. The FRC has clarified that board performance reviews are crucial and hopes to encourage a "continual process of self improvement".
Similarly, whilst ESG has risen swiftly to become of key strategic importance to many businesses, it is a relatively new (having only been coined in 2004) and arguably nebulous concept that is heavily influenced by a rapidly changing society. What ESG means to us now in 2023 may be wildly different to what ESG means to us by the time the new Code comes into force, and it can be difficult for businesses, especially larger businesses, to adapt quickly; although of course the Covid-19 pandemic tested of the speed of adaptability for most.
We are already seeing shareholder activism, claims against directors from climate action groups and, together with claims of "greenwashing", these are likely to intensify and perhaps find a firmer footing once ESG considerations are embedded into the Code.
In light of the prominence afforded to inclusion, diversity and equal opportunity, we may see more employment-type claims against directors, arising from perceived discrimination, for example.
Depending on the industry in which the company operates, it may well be difficult for directors to tread the right line between operating responsibly whilst still delivering profits for shareholders, particularly given the need to incorporate shareholder views in its annual report. It is easy to see disputes between shareholders and the board concerning how shareholders' concerns have been represented and where there is a dispute over the company's governance.
Disputes concerning a director's commitment to the business are likely to become more common as the Code places a greater focus on whether directors have sufficient time, bearing in mind their other commitments, to devote to the business.
Remuneration is already a contentious area for some and we expect to see these disputes continue. In particular, we anticipate the proposed reforms will result in greater pressure on companies to exercise clawback provisions where culpability for failings can be identified and intra-company disputes around clawback and allegations of "scapegoating" to increase.
Practical tips for directors and their insurers
Directors will want to ensure that they familiarise themselves with the amendments to the Code and plan ahead to ensure that they are well on their way to having implemented the new policies required by the Code before its launch in 2025. Insurers are likely to find information about a company's plans and progress helpful on renewal or when a new risk is presented.
Companies will need to be clear on their strategy for achieving their objectives in a responsible way and on what ESG means for them and their industry; partly so that they have a clear strategy to measure against for the purposes of the declaration, and partly to guide them with day-to-day decision making. Similarly, a clear strategy is likely to reassure Insurers that careful consideration has been given to this difficult area.
Companies should carry out a risk assessment of emerging risks and keep a written record of these as well as considering whether their structure around remuneration and clawback is fit for purpose. Directors should also review their appointments and consider whether they have sufficient time to devote to each business.
Directors without adequate management liability insurance in place would be well advised to speak to their brokers about how insurance can help them manage the risks arising from the revisions to the Code.
Further reading
Find out more about:
Stay connected and subscribe to our latest insights and views
Subscribe Here