Skip to main content

FRC launches consultation on changes to the UK Corporate Governance Code

The much anticipated consultation on changes to the UK Corporate Governance Code (“the Code”) was issued today in the latest stage of the ‘Restoring trust in audit and corporate governance’ reform package.

Last year the Government Response to the BEIS White Paper asked the FRC to use a Code-based approach to strengthen boardroom focus on internal control matters rather than introducing a legislative requirement and that represents one of the most significant changes proposed. Other proposals which boards should focus on are:

  • Inclusion of wider responsibilities and considerations for the Board and Audit Committee in relation to ESG objectives and other sustainability matters
  • Incorporation of forthcoming new requirements for an Audit & Assurance Policy (AAP) and the Resilience Statement
  • Reflecting the publication of ‘Audit committees and the external audit: Minimum Standard’
  • Strengthened reporting on malus and clawback remuneration arrangements
  • Some other areas of reporting on governance arrangements identified as being weaker

Each of these areas are discussed in more detail below.

Declaration on the effectiveness of the risk management and internal control systems

With the ultimate aim of strengthening board accountability for the effectiveness of the risk and internal control frameworks, the first proposed amendment is to the relevant Principle: “The board should establish a framework of prudent and effective controls, which enable risk to be assessed and managed” is replaced by “The board should establish and maintain an effective risk management and internal control framework”.

This amended Principle is reinforced by an extension of the existing Code provision (Provision 29) in relation to the board’s responsibility to monitor the company’s risk management and internal control systems and, at least annually, carry out a review of their effectiveness. Building on this review and monitoring activity, it is proposed that the board provides the following disclosure in the annual report:

  • A declaration of whether the board can reasonably conclude that the company’s risk management and internal control systems have been effective throughout the reporting period and up to the date of the annual report;
  • An explanation of the basis for its declaration, including how it has monitored and reviewed the effectiveness of these systems; and
  • A description of any material weaknesses or failures identified and the remedial action being taken, and over what timeframe.

Importantly, there is also a proposal to amend what was previously considered to make up “all material controls” from “financial, operational and compliance” to “operational, reporting and compliance”. So replacing “financial” with a wider “reporting” control consideration. The paper explains that this has been done because FRC engagement with stakeholders has made clear that narrative reporting increasingly includes materially important information, in the context of each company, which is used by investors for capital allocation decisions. So this change is intended to recognise the importance of narrative reporting on for example strategy, principal risks, corporate governance and environmental and social matters in addition to financial reporting.

In relation to a description of material weaknesses or failures identified, the consultation paper states that the FRC does not envisage that companies will report on all weaknesses identified during the reporting period but that they will be transparent about those weaknesses considered by the company to be material, such as those events which could have a significant impact on a company’s strategy, operations, reporting or compliance objectives. The revised Guidance which will follow will discuss what may constitute a material weakness, but the FRC says that it will ultimately be for the board to determine which weaknesses are material to their specific situation and should be reported in the annual report.

Finally on internal controls, the paper states that the revised Code will not ask for reporting on whether the board intends to obtain external assurance over the effectiveness of the company’s risk management and internal control framework. That will be a matter for companies to determine when setting their Audit and Assurance Policy.

ESG and sustainability matters

Recognising that the Code should reflect the importance of ESG and sustainability matters and that good governance will play an essential role in assessing sustainability-related risks, opportunities and impacts, setting targets, using appropriate internal controls and commissioning assurance where necessary, the following additions to the Code are being proposed:

  • An expansion of Provision 1 to make clear that environmental and social matters (including climate ambitions and transitions plans) should be considered in assessing the basis on which the company generates and preserves value over the long-term.
  • The addition of “monitoring the integrity of narrative reporting, including sustainability matters, and reviewing any significant reporting judgements” in the list of audit committee responsibilities.
  • A requirement for the audit committee to report in the annual report on the significant issues that it considered relating to narrative reporting, including sustainability matters, and how these issues were addressed and, where commissioned by the board, the assurance of environmental, social and governance metrics and other sustainability matters.
  • A requirement that consideration of whether remuneration outcomes are clearly aligned to the successful delivery of the company’s long-term strategy includes consideration of environmental, social and governance objectives.

The Audit & Assurance Policy and the Resilience Statement

The FRC has reached the view that all companies reporting against the Code should consider producing an AAP on a ‘comply or explain’ basis, using the future legislation as a guide to what should be included. This reflects the fact that not all companies reporting against the Code will be within the scope of the new legislative requirement (UK companies with annual turnover greater than £750m and 750 or more employees).

To achieve this they have added “developing, implementing, and maintaining the audit and assurance policy” to the list of audit committee responsibilities and have cross-referenced to the future legislative requirement. In addition, the audit committee reporting requirement has been expanded to include the “approach to developing the triennial audit and assurance policy and the annual implementation report”.

In relation to the new Resilience Statement, which will also only be a legislative requirement for some companies reporting against the Code due to the size criteria, the proposed approach is to make clear that compliance with the new reporting requirement for a Resilience Statement will also mean compliance with the relevant Code provisions. The existing Code provision on going concern is retained unamended but the viability statement provision has been amended to just call for an explanation of how the board has assessed the future prospects of the company including its ability to meet its liabilities as they fall due.

So presentation of a Resilience Statement would remove the need to present separate disclosures to meet the Code provisions on going concern and future prospects. Conversely, companies below the size threshold for the Resilience Statement will still, under the Code, be required to report on an assessment of going concern and future prospects in order to meet those remaining Code provisions.

Audit committees and the external audit: Minimum Standard

A new Standard for audit committees in relation to external audit was issued on 22nd May 2023. The Standard contains several sections which are identical to existing Code Provisions, specifically where these Provisions cover the work of the audit committee in relation to external audit, and the requirement for the audit committee to report on this. To avoid duplication, the FRC is proposing that these aspects are removed, and that the new Code instead refers companies to the Standard.

The paper recognises that, as the Standard was intended to apply to FTSE 350 companies only, there will be some non-FTSE 350 companies who will be brought into the scope of the Standard because of this proposal. However, the FRC notes that non-FTSE 350 companies can approach implementation of the Standard on a ‘comply or explain’ basis.

Reporting on malus and clawback arrangements

It is proposed that the following new reporting is required in relation to malus and clawback arrangements:

  • the minimum circumstances in which malus and clawback provisions could be used;
  • a description of the minimum period for malus and clawback and why the selected period is best suited to the organisation;
  • whether the provisions have been used in the last reporting period and, if provisions have been used, a clear explanation of the reason; and
  • the use of malus and clawback provisions in the last five years.

The intention is to include further guidance on the suggested format for this disclosure in an update to the Guidance on Board Effectiveness.

Other proposed changes

The consultation includes a number of other proposed changes designed to enhance and/or clarify existing disclosure requirements where the FRC has observed weak reporting in past reviews. These include:

  • Activities and outcomes - when reporting on its governance activity the board should focus on outcomes in order to demonstrate the impact of governance practices and how the Code has been applied
  • Culture – an additional requirement to report on how effectively the desired culture has been embedded
  • Shareholder engagement – the Chair to report on the outcomes of engagement with shareholders
  • Director appointments – all significant director appointments to be listed in the annual report together with an explanation of how able to meet those commitments
  • The remuneration policy – a replacement of the existing Provision 40 characteristics with a more focused requirement that “the policy should be clear, identify and mitigate risks associated with remuneration, and ensure outcomes are proportionate and do not reward poor performance”

Supporting guidance

The revised Code will be supported by updated guidance, and the paper notes that work is currently underway to revise the Guidance on Audit Committees and Guidance on Board Effectiveness so that these can be aligned with the revised Code and Audit Committee Standard. The FRC will also be amending the Guidance on Risk Management, Internal Control and Related Financial and Business Reporting specifically to take account of changes to the principles and provisions on risk management and internal control.

Next steps

This is a 16 week consultation closing on 13th September 2023. The paper confirms that the intention is that the revised Code will apply to accounting years commencing on or after 1 January 2025 to allow sufficient time for implementation.

We are hosting a Deloitte Academy event for audit committees on 13th June 2023 and Mark Babington from the FRC will join us to discuss the Code consultation. Please see below for further details on the Deloitte Academy.

To access the full consultation paper click here.


Our library of governance publications is available to help you at

Did you find this useful?

Thanks for your feedback

If you would like to help improve further, please complete a 3-minute survey