UK Corporate Governance Code 2024 Revision

Introduction to the UK Corporate Governance Code 2024

On the 22nd January 2024, the Financial Reporting Council (FRC) published a revision to the UK Corporate Governance Code (UK CG Code), and with some of the changes having come into force for accounting periods beginning in or after the 1st January 2025, it is important to understand what is now expected of boards.

Of note is that, following the FCA’s update to the UK Listing Rules, all companies listed in the commercial companies category and those in the closed-ended investment funds category (regardless of where they are incorporated) are in scope of and will need to follow the revised UK Corporate Governance Code by either complying with or explaining against its Provisions.

The revision was motivated by a request received from Government to consider some specific areas and enhancements to the UK Corporate Governance Code, following which the FRC launched its largest ever stakeholder consultation on the Code in 2023. The aim was to support the Government’ ambition of making the UK the best place in the world to start, grow and invest in a business whilst still guarding the public interest by enhancing the quality of audit, corporate reporting, and governance.

Provision 29 of the UK Corporate Governance Code 2024

The key area of change is that of Provision 29 concerning Internal Controls, which will not take effect until January 1, 2026. Whilst pre-existing expectations remain – that the Board should monitor the company’s risk management and internal control framework, including all material controls, and, at least annually, carry out a review of its effectiveness – there is now a requirement for Boards to outline through a declaration in their Annual Reports how they have performed this monitoring and review process, and their conclusions as such.

In practice, this means that Boards will have to include within their Annual Report a specific declaration that all material controls are operating effectively at the balance sheet date (alongside noting any material controls that are not operating effectively), as well as describe how they have monitored and reviewed the organisation’s risk management and internal control framework.

With regard to the granularity required within the declaration, the FRC’s guidance suggests that the description of the monitoring and review “may include the type of information the board has received and reviewed, the units and individuals it has consulted with, any internal or external assurance received, and if relevant, the name of the recognised framework, standard or guideline the board has used to review the effectiveness”. Firms may also want to consider including a description of how scoping was undertaken and the factors that played into decisions over materiality.

The FRC is cognisant that the needs for each business may vary and that, for some, the level of maturity of non-financial controls will likely not need to be as mature as their financial controls. It is for the Board to determine the level of maturity appropriate for its business, and consequently, the composition of its material internal controls and the levels of required assurance in relation to the effectiveness of these controls.

Examples given by the FRC of material controls include controls over risks that could threaten an organisation’s business model or solvency, controls over price sensitive reporting, fraud controls, or certain IT controls, but it is ultimately for Boards to decide upon the controls required for the particular material risks they face. As stated, the UK CG Code also does not mandate external assurance of these controls but rather encourages Boards to work in conjunction with other committees and management to determine its necessity. As such, Internal Audit could play a key role in monitoring and review process of many firms, undertaking independent testing of controls and providing the assurance required.

This flexibility embodies the FRC’s “Comply or Explain” principle which, according to FRC’s CEO Richard Moriarty, allows firms to provide a “cogent and justified explanation for why a provision is not suitable in the specific circumstances for the company whilst demonstrating the principles of good governance”.
Concerning failing material controls, the revised UK CG Code expands upon its previous guidance which only required an explanation of actions that have been or are being taken to remedy any significant failing or weaknesses. Firms are now explicitly required to detail the controls that have failed, although it is at the Board’s discretion whether to disclose failings of controls that work in tandem with other well-functioning controls to address a material risk.

In essence, Provision 29 will encourage Boards to be fully informed and in control of risk oversight, embedding an enterprise-wide blueprint of strong governance at every level of risk management whilst simultaneously ensuring that risk and control frameworks are an integral part of strategic decision-making. However, with the average number of pages of a board pack for a £500m+ turnover business rising from 267 pages in 2023 to 294 pages today, it is essential that control structures are streamlined and Boards presented with material information that will allow them to efficiently evaluate and mitigate risk.

Other Changes to the UK CG Code

Other minor changes have been made to the Corporate Governance Code, focusing on streamlining expectations and clarifying language concerning provisions on malus and clawback and audit committee minimum standards.

A new Principle was also introduced, Principle C, which states that “Governance reporting should focus on board decisions and their outcomes in the context of the company’s strategy and objectives. Where the board reports on departures from the Code provisions, it should provide a clear explanation.”
Whilst the FRC has long pushed companies to report on actions and outcomes in respect of governance, Principle C now encourages this reporting to provide stakeholders with insights into how Board decisions have impact the company’s strategy, objectives and long-term viability.

Overall, the revisions to the UK CG Code are not sweeping, with the FRC conscious that the expectations for effective governance must be targeted and proportionate and consequently limiting changes to the minimum necessary. It is this approach that motivated the omission of earlier proposals for revisions to the Code related to the role of audit committees on environmental, social and governance issues; expanding diversity and inclusion expectations; over-boarding provisions, and expectations on Committee Chairs’ engagement with shareholders.

Whilst the concept of proportionality is intended by the FRC to balance investor trust with the minimum necessary burden on businesses, Boards which embrace and proactively build strong governance cultures and models rather than view them simply as a compliance exercise will be in a far better position to strengthen the resiliency of their firm.

How Can Novatus Help?

It is a must for boards and their firms’ senior management to undertake a broad framework review to ensure that Provision 29 of the FRC’s Corporate Governance Code and other upcoming changes are reflected in the oversight of the risk management and internal control environment. At Novatus, we can help you with:

• • • • The development of an appropriate monitoring and review framework to maintain accountability and ensure that risk events and control failures are mitigated.
      • Undertaking an internal control review to detail how and why material controls failed.
      • Producing the Board declaration on the effectiveness of your firm’s risk management and internal control framework as part of the Annual Report.

Contact us today or email john.gillam@novatus.global to learn more about Novatus’ Governance capabilities.