On 31 May 2022, the UK Government published the outcome of the consultation on “restoring trust in audit and corporate governance” white paper. The consultation received 600 responses and took more than a year to be published.
Financial services firms should prepare now to respond to the intentions set out by the UK Government. It is important to understand and appreciate both the letter and the spirit of the Government’s response to the White Paper. This will help the FS firms to meet the expectations from the regulators, investors, and other key stakeholders. It is a golden opportunity for the financial services sector to set a positive tone and lead by example for other industries.
The key intentions set out in the white paper consultation outcome will have three key impacts:
Below is a summary of the key points impacting the financial services firms from the outcome of the white paper.
The full report from the BEIS can be accessed here.
Based on the experience with US SOX, the implementation time for an effective programme to design and embed new controls and enhance existing controls in line with the requirements can take around 2 to 3 years. This is not a significant time to digest and implement all the changes as noted when US SOX was introduced for US Banks.
So, how can financial services firms prepare for these future legislations now?Align Directors’ accountability for internal controls, dividends, and capital maintenance to the expectations of the investors and other stakeholders.
The Directors’ accountability will increase and expand based on the expectations of the investors and other stakeholders. This will also extend to confirming legality of dividends and determining distributable reserves.
Directors who will be involved in providing this assessment need to be identified and develop an approach to assess the effectiveness of the internal control framework. A current gap assessment should be conducted by firms to assess if any changes are needed in the company’s internal control framework particularly around management information monitoring and reporting. Discussions on whether external assurance will be undertaken or not should begin now giving ample time to determine which firm one would like to appoint for this external assurance.
Directors should also evaluate if additional information will be required to back up the statement around distributable reserves and dividends in the annual report. This may be needed to provide additional comfort to the investors and shareholders.
An early assessment of the current environment to help firms get ahead of regulatory expectations. A gap analysis provides an opportunity to mobilise early, understand any control weaknesses and proactively engage with the Board, investors and shareholders on company plans. Regulatory expectations around the internal control environment are constantly increasing especially as the regulators are working hard to keep the UK markets attractive.
The Government has clearly laid out its intentions with the new requirements. This will be agame changer in bringing transparency in the market and will hold companies to a higher standard. The publication of the new Resilience Statement and the Audit and Assurance Policy will require significant background work to be completed to ensure the new corporate reporting requirements are accurate and fact based.
Firms should think about the length of the assessment period for the medium-term section of the new resilience statements and determine reasons for choosing such an assessment period. Firms should also define what the material challenges to resiliency are and what approach will the firm take to maintain or enhance the company’s operational and financial resilience.
Regarding AAP, the Directors should evaluate how they will evidence that AAP is working in practice. The investors, the auditors and the other stakeholders should be engaged now to share the approach under the AAP.
Following the new 750:750 rule, companies should assess if they would be classified as PIEs under this new definition. The newly identified PIEs should assess if their current control environment is robust enough to meet new regulatory expectations.
Holding early discussions with investors and stakeholders will also benefit the PIEs and help them in setting up new teams and processes that may be required once they qualify as PIEs. This is a new area for the industry, and around 600 new entities are expected to come under scope.
The Government will carry out its Post-Implementation Review five years after its reform legislation comes into force, as set out in the Government’s response. This will assess the effectiveness both of regulation and of non-regulatory measures in tackling the issues highlighted by the White Paper.Although the government has not laid out the timelines for these intentions to come into place, it is evident that a lot of preparatory work is needed to get ahead of the Regulator’s expectations. Public attestation by Directors puts additional pressure on the firms to carry out work to meet investor and Board expectations. It is time to act now to be ready for the new UK Audit, Corporate Reporting and Corporate Governance System.