2024 UK Corporate Governance Code Issued Following Consultation Period

Download

The Financial Reporting Council (FRC) has issued the final updates to the 2024 UK Corporate Governance Code following a 12-week consultation period. The initiative is part of the 'Restoring Trust in Audit and Corporate Governance' reform package and is the first major update to the Code since 2018.

As reported in November 2023’s FRC Policy Update, after receiving feedback, much of the existing Code remains the same. This includes the principle of the Board’s ability to “comply or explain” and applies to premium listed companies (PLCs), whether incorporated in the UK or elsewhere.

Most of the updates will take effect from 1 January 2025. Only Provision 29 of Section 4, which pertains to the enhanced responsibility of boards in overseeing risk management and internal controls, will become applicable from 1 January 2026.

The FRC has posted updated guidance to the Code on 29 January 2024, not as part of the Code but context and application for organisations to leverage when implementing programmes.

Download

Topics

Internal Audit and Corporate Governance Risk Management and Regulatory Compliance

Summary of Key Changes from the 2018 Code:

Section 1: Board Leadership and Company Purpose

A newly introduced Principle underscores the importance for companies to disclose both 'activities and outcomes', alongside the establishment of governance policies and practices. This means that reporting should illustrate the tangible changes brought about by effective governance.
There is a heightened emphasis on the integration of company culture.

Section 2: Composition, Succession and Evaluation

It's essential to broaden the scope of diversity within the board and senior leadership, looking beyond gender and ethnicity to promote greater inclusion and equality within the company.
There should be an enhancement in the disclosure of diversity policies, objectives, and strategies, particularly when detailing board nomination procedures and the evaluation of the board's performance.

Section 3: Audit, Risk and Internal Controls

Boards are expected to ‘establish and maintain’ effective risk management and internal controls vs. ‘establish.’
There has been a simplification of detailed requirements with additional guidance referred to the FRCs Audit Committee Minimum Standard, which provides specific guidance for audit committees and their annual reporting.

Provision 29 – Applies 1 January 2026

The board’s responsibility extends to continual oversight of the company’s risk management and internal controls, with reviews now expected to encompass material reporting. This includes financial, operational, reporting and compliance controls.

New stipulations for the Annual Report require the board to:
Outline their approach to monitoring and reviewing the effectiveness of the risk management and internal control framework.
Include a Declaration of Effectiveness of internal controls as of the balance sheet date.

Describe any material controls which have not operated as at the balance sheet date with actions taken or proposed.

Section 4: Remuneration

Improved transparency regarding directors' malus and clawback provisions in their contracts, including the specific conditions under which these measures can and have been enacted.

Establish Programme Leadership and Ownership

Implement a strong leadership framework for the programme with defined ownership, roles and responsibility
Ensure executive sponsorship is clearly defined.

Improve Stakeholder Engagement

Foster active engagement with all pivotal stakeholders including the Board, Executive Committee, Technology divisions, Business Units, Risk & Compliance, and Internal Audit
Ensure all are aligned with the programme's objectives.

Implement Change Management Integration

Establish a thorough change management strategy by appointing dedicated change champions in each critical business sector to secure endorsement
Strategise for effective training and communication.

Adopt a Proactive Approach

Have a 'No regrets' stance that transcends the routine compliance tick-box exercise
Promote a culture where control measures are embraced as a strategic advantage to enhance performance.

Ensure Assurance Alignment

Implement of a comprehensive, company-wide Enterprise Risk Management (ERM) framework that synchronised across all lines of defence
Maintain a clear delineation and assessment of material / principal risks, both financial and non-financial.

Refine Risk Scope and Management

Enhance risk parameters by concentrating on material aspects.
Initiate an enterprise-wide risk assessment to determine material financial, operational, reporting and compliance risks.
Prioritise the most critical areas first.
Progress through a tiered approach, starting with financial risks and gradually encompassing non-financial risks.

Assess IT and Technology systems and risks

Understand and consider key IT systems that support critical business and reporting, and related controls.
Evaluate controls addressing key pervasive IT risks (e.g. Cyber and Resilience).
Aim for optimal control automation. Exploit data and technology to embed control and related assurance improvements, including automated testing and reporting.

Proactively Review Control Design

Approach control measures proactively, not as a secondary consideration.
Target long-term cost savings and heightened efficiency by establishing a fundamental suite of controls to mitigate significant business risks.
Optimise results from the outset with a streamlined and intelligent control framework that prioritises standardisation, optimisation, and the reduction of redundancies.