Possibility
Explore our work: what we do, how we do it, and the value we create for our clients.
Impact
Culture
Possibility
Explore our work: what we do, how we do it, and the value we create for our clients.
Global Shifts
Empowered consumers
Healthier humans
Future organisations
Business for better
Safer societies
Sustainable world
Industries
Consumer and manufacturing
Defence and security
Energy and utilities
Financial services
Government and public sector
Health
Life sciences
Transport
Services
Set growth strategy
Build brands, products, and services
Reimagine AI, digital, and data
Improve organisational performance
Deliver complex programmes
Empower your people
Impact
Culture
Insight

Are you ready for the new UK Audit, Corporate Reporting, and Corporate Governance?

By Ridhima Bhasin, Adnan Saleem

Tags

On 31 May 2022, the UK Government published the outcome of the consultation on “restoring trust in audit and corporate governance” white paper. The consultation received 600 responses and took more than a year to be published.

Financial services firms should prepare now to respond to the intentions set out by the UK Government. It is important to understand and appreciate both the letter and the spirit of the Government’s response to the White Paper. This will help the FS firms to meet the expectations from the regulators, investors, and other key stakeholders. It is a golden opportunity for the financial services sector to set a positive tone and lead by example for other industries.

The key intentions set out in the white paper consultation outcome will have three key impacts:

  1. Increase in the accountability of the Directors around internal controls with public confirmation in the annual statements on the effectiveness of the company’s internal control environment meaning staying on top of control design and performance throughout the firm.
  2. Increase in the time and effort required to support the new corporate reporting requirements putting financial services firms under pressure to provide accurate judgement of material challenges to resilience.
  3. Rise in the power of the investors as greater transparency is provided to them. With new public interest entities coming into regulatory scope regulated by a new regulator with greater powers.

Below is a summary of the key points impacting the financial services firms from the outcome of the white paper.

  • Large private companies with both 750+ employees and an annual turnover of £750m+ (750:750 rule) will be treated as Public Interest Entities (PIEs). This includes companies traded on the Alternative Investment Market (AIM) or other multilateral trading facilities, Limited Liability Partnerships (LLPs). Public bodies such as local authorities and Lloyd's syndicates will be outside its scope. New regulatory requirements for these new identified PIEs will be developed.
  • Audit, Reporting and Governance Authority (ARGA) is the new regulatory body replacing the Financial Reporting Council (FRC). ARGA can direct changes to company reports and accounts, along with powers to publish summary findings following a review. ARGA will have powers to cover the entire contents of the annual report and accounts so that it can review elements such as corporate governance statements, directors’ remuneration and audit committee reports, and the CEO's and chairman’s reports. ARGA will have authority to investigate and, if necessary, sanction directors of PIEs for breaches of their corporate reporting and audit-related duties and responsibilities.
  • The Government has made it clear that the Director’s accountability around internal controls, dividends and capital maintenance is going to increase. The Government will strengthen the UK Corporate Governance Code to provide for an explicit directors’ statement about the effectiveness of the company’s internal controls and the basis for that assessment. Guidance will be developed on what it means and lead to legislation to require directors of PIEs to report on actions they have taken to prevent and detect fraud; auditor responsibilities will be unchanged.
  • Direction will be issued on what should be treated as “realised” profits and losses for the purposes of determining distributable reserves. PIEs will need to disclose their distributable reserves and explain the board’s long-term approach to the amount and timing of shareholder returns. The directors will likely be asked to make an explicit statement confirming the legality of proposed dividends and any dividends paid in-year.
  • The Government will also introduce a new statutory Resilience Statement and a new statutory Audit and Assurance Policy (AAP). The legislation will require companies to report on matters that they consider a material challenge to resilience over the short and medium term, together with an explanation of how they have arrived at this judgement of materiality. Companies within scope will need to perform at least one reverse stress test and it will form part of the Strategic Report.
  • The AAP should be published every three years and will require companies to describe their internal auditing and assurance process and a description of the company’s policy in relation to the tendering of external audit services. This will be complemented by an annual implementation report, in which the directors provide a summary update of how the assurance activity outlined in the AAP is working in practice.

The full report from the BEIS can be accessed here.

Based on the experience with US SOX, the implementation time for an effective programme to design and embed new controls and enhance existing controls in line with the requirements can take around 2 to 3 years. This is not a significant time to digest and implement all the changes as noted when US SOX was introduced for US Banks.

So, how can financial services firms prepare for these future legislations now?

Align Directors’ accountability for internal controls, dividends, and capital maintenance to the expectations of the investors and other stakeholders.

The Directors’ accountability will increase and expand based on the expectations of the investors and other stakeholders. This will also extend to confirming legality of dividends and determining distributable reserves.

Directors who will be involved in providing this assessment need to be identified and develop an approach to assess the effectiveness of the internal control framework. A current gap assessment should be conducted by firms to assess if any changes are needed in the company’s internal control framework particularly around management information monitoring and reporting. Discussions on whether external assurance will be undertaken or not should begin now giving ample time to determine which firm one would like to appoint for this external assurance.

Directors should also evaluate if additional information will be required to back up the statement around distributable reserves and dividends in the annual report.  This may be needed to provide additional comfort to the investors and shareholders.

An early assessment of the current environment to help firms get ahead of regulatory expectations. A gap analysis provides an opportunity to mobilise early, understand any control weaknesses and proactively engage with the Board, investors and shareholders on company plans. Regulatory expectations around the internal control environment are constantly increasing especially as the regulators are working hard to keep the UK markets attractive.

Set up processes now for the new Corporate Reporting requirements

The Government has clearly laid out its intentions with the new requirements. This will be a game changer in bringing transparency in the market and will hold companies to a higher standard. The publication of the new Resilience Statement and the Audit and Assurance Policy will require significant background work to be completed to ensure the new corporate reporting requirements are accurate and fact based.

Firms should think about the length of the assessment period for the medium-term section of the new resilience statements and determine reasons for choosing such an assessment period. Firms should also define what the material challenges to resiliency are and what approach will the firm take to maintain or enhance the company’s operational and financial resilience.

Regarding AAP, the Directors should evaluate how they will evidence that AAP is working in practice. The investors, the auditors and the other stakeholders should be engaged now to share the approach under the AAP.

Following the new 750:750 rule, companies should assess if they would be classified as PIEs under this new definition. The newly identified PIEs should assess if their current control environment is robust enough to meet new regulatory expectations.

Holding early discussions with investors and stakeholders will also benefit the PIEs and help them in setting up new teams and processes that may be required once they qualify as PIEs. This is a new area for the industry, and around 600 new entities are expected to come under scope.

The Government will carry out its Post-Implementation Review five years after its reform legislation comes into force, as set out in the Government’s response. This will assess the effectiveness both of regulation and of non-regulatory measures in tackling the issues highlighted by the White Paper.

Although the government has not laid out the timelines for these intentions to come into place, it is evident that a lot of preparatory work is needed to get ahead of the Regulator’s expectations. Public attestation by Directors puts additional pressure on the firms to carry out work to meet investor and Board expectations. It is time to act now to be ready for the new UK Audit, Corporate Reporting and Corporate Governance System.

About the authors

Ridhima Bhasin Risk and regulation expert
Connect
Adnan Saleem PA IT controls expert

Explore more

Woman walking through cityscape at night
Insight

Control Automation: Thriving in an evolving landscape 

Organisations, facing economic challenges and rising capital costs, must embrace digital transformation to manage risk.
Woman walking through cityscape at night
UK, Scotland, Highland, A939, Highland Tourist Route
Insight

Three steps to value-adding risk management within Nordic financial services

Unlock future success by learning how Nordic financial services leaders navigate evolving landscapes.
UK, Scotland, Highland, A939, Highland Tourist Route
Looking down at contemporary stairway
Insight

Six areas of opportunity for corporate and commercial banks

The outlook for corporate and commercial banks.
Looking down at contemporary stairway
Man using laptop and holding credit card, close-up
Insight

Six strategic principles for the adoption of open banking in Government

Open banking transforms government operations, streamlining processes, enhancing efficiency, and elevating citizen services through strategic partnerships.
Man using laptop and holding credit card, close-up

Contact the team

We look forward to hearing from you.
Get in touch

Get actionable insight straight to your inbox via our monthly newsletter.