Issue link: https://digital.shearman.com/i/1484098
Shearman & Sterling LLP UK Corporate Governance Developments | 48 New Corporate Reporting Disclosures The White Paper proposed three new corporate disclosures, the most controversial of which — dubbed by many critics as a SOX-lite (but still too heavy) internal controls statement — the Government has decided to drop, at least for the time being. Resilience Statement This will be a new statutory disclosure into which two existing disclosures under the U.K. Corporate Governance Code — the viability and the going concern statements — will be subsumed. The statement will require the board to explain its approach to risk management — showing how risks and resilience issues (including cyber security, supply chain resilience and business continuity) are being addressed — over the short and a medium term (to be chosen and justified by the board). It will have to include at least one reverse testing exercise, rather than a minimum of two as originally proposed, and will have to take account of a prescribed list of matters. These will include any materially significant financial liabilities, operational and financial preparedness for significant and prolonged disruption to normal business trading, the sustainability of the company's dividend policy (see Dividends below) and the impact on the company's business model of climate change. The climate change impact disclosure is likely to become linked with the new sustainability disclosures that the Government is planning to introduce as discussed below under Sustainability disclosure requirements — the U.K.'s Roadmap to Sustainable Investing. It will form part of the existing annual strategic report that listed certain other "large" U.K. companies must prepare and so will benefit from the "safe harbor" that U.K. company law extends to directors in respect of statements made in certain statutory reports that are not made knowingly or recklessly as to their untruthfulness. Audit and Assurance Policy The other big new corporate reporting requirement will be a policy statement that must be published at least every three years, covering a company's approach to assurance of the quality of its non-financial disclosures. This will also have to state whether, and if so, to what extent, external assurance will be sought over any part of its Resilience Statement or internal controls reporting, describe the internal auditing and assurance process, and disclose the policy and approach to the tendering of external audit and non-audit services and how shareholder and employee views have been taken into account in the policy statement. The annual report will have to detail how the policy has been implemented during the year under review. The Government has dropped its proposal that the policy should be subject to a shareholder advisory vote. No New Statutory "SOX-type" Internal Controls Statement — Fraud Statement Instead As already mentioned, the Government will not be taking forward the proposed introduction of a new reporting requirement for the entire board to make an explicit statement in their company's annual report about their assessment of the effectiveness of the company's internal controls and the basis for this assessment. This would have been a significantly stronger statement than that currently required by the U.K. Corporate Governance Code (UKCGC) — that they have carried out a review of the effectiveness of material risk management and internal control systems. Concerns about potential SOX-type director liability and the likelihood that external auditor assurance of this new statement would quickly default to becoming standard practice have led the Government to favoring a more incremental approach. Under this approach, the U.K.'s existing corporate governance regulator — the Financial Reporting Council (FRC), soon to be replaced by a new regulator with much greater and stronger powers (the Audit, Reporting and Governance Authority (ARGA) — will be tasked with strengthening the existing internal controls statement under the UKCGC. In addition, "size-based" PIEs will have to say whether they are seeking any external assurance on their statement. Those PIEs' directors will also have to report on the steps they have taken to prevent and detect material fraud, but at this stage no new requirements will be introduced to require auditors to report on the factual accuracy of the directors' fraud statement. The Government and the regulator will review how well this incremental approach is working as part of the post- implementation review of the package of "Restoring Trust" reforms, with the Government reserving the right to bring forward a legislative solution if necessary. Dividends As proposed in the White Paper, directors will be required to provide certain assurances and disclosures in respect of dividends and other returns to shareholders. Specifically, they will be required to disclose the minimum amount of profit their company or group has legally available for distribution and to confirm the legality of any dividends paid or proposed to be paid in the year. They will not, however, as was also proposed, be required to confirm that the dividend payment will not threaten the solvency of their company over the next two years. These new disclosures will have to be made with an explanation about the company's long-term approach to the amount and timing of shareholder returns (including by way of share buybacks, etc.).