Skip to main content

New reporting regulations laid before Parliament for approval

July 2023

In the latest stage of the ‘Restoring trust in audit and corporate governance’ reform package, yesterday the Department for Business & Trade laid new reporting regulations before Parliament for approval. These will not become a formal Statutory Instrument until they have been debated by both Houses in the Autumn but the draft regulations make clear the Government’s proposed approach to these new requirements for an Audit & Assurance Policy Statement, a Resilience Statement, a Material Fraud Statement plus additional disclosures around distributions and purchase of own shares. The draft regulations are in line with the direction set out in the Government’s Response issued in June 2022.

The detail on each of these requirements (including scope and timing) are discussed in more detail below.

These new requirements are intended to apply to a new category of company referred to as a “Company with a high level of employees and turnover”.

This is defined as:

For a single entity – where the company had 750 or more employees AND the company’s turnover equals or exceeds £750 million

For a parent company – where the aggregate number of employees for the group headed by the parent equalled or exceeded 750 AND in that year the group headed by the parent had net aggregate turnover of £750 million or more

The draft regulations include clarifications for how to determine “turnover” for banking and insurance companies. Also, for the avoidance of doubt, “employees” refers to ALL persons employed by the company, not just UK employees.

Also, important to note that these regulations will amend the UK Companies Act and, therefore, only applies to UK incorporated entities. 

For in-scope companies with equity share capital admitted to trading on a UK regulated market for the whole of the financial year – periods commencing on or after 1 January 2025
For other in-scope companies, i.e. unlisted – periods commencing on or after 1 January 2026 

The Policy

For the first year of application and every third year thereafter, the Directors’ Report must include an Audit & Assurance Policy Statement which sets out the following:

1. A description of the company’s operation and governance of internal auditing and assurance, including an explanation of:
(i) how any management conclusions and judgments, which are disclosed in the annual accounts and reports, may be challenged within the company; and
(ii) whether, and if so how, the company is proposing to strengthen its internal audit and assurance capabilities over the next three years.

2. An explanation of the company’s plans for obtaining internal assurance over the annual accounts and reports, which the company will be required to produce during the next three years, together with any voluntary disclosures supplied with the annual accounts and reports.

3. What external assurance, if any, the company intends to seek in the next three years, in relation to the annual accounts and reports of the company, in addition to the statutory audit.

4. An explanation of whether, and if so how, the company intends to seek external assurance over:
(i) some or all of the company’s resilience statement; and
(ii) the effectiveness of the company’s internal controls over financial reporting.

5. An explanation of the extent to which shareholder views have been taken into account in the development of the audit and assurance policy, together with an explanation of the extent to which the views of employees and any other stakeholders have been taken into account.

6. An explanation of the company’s policies in relation to the tendering of external audit services.

In relation to any external assurance referred to as part of 3 and 4 above, the statement should make clear whether it will be reasonable or limited assurance as defined in the FRC Glossary of Terms and whether it will be carried out in accordance with ISAE 3000 or any other international standard on assurance adopted in the UK in future.

The annual update

For every year following the first year of application, companies must provide an Audit & Assurance Policy Statement update in the Directors’ Report. This must set out:

(i) how the company has implemented its audit and assurance policy;
(ii) whether, and if so how, the company amended its Audit & Assurance Policy Statement;
(iii) the extent to which external assurance has been sought; and
(iv) whether, and if so how, any reports resulting from any external assurance may be accessed on the company’s website or by alternative means. 

A statement which summarises the company’s strategic approach to managing risk and building or maintaining resilience over the short, medium and long-term must be included in the Strategic Report.

Principal risks

The statement must set out:

1. How principal risks and resilience are considered in the company’s business planning and investment cycle.

2. The company’s internal governance processes for managing its principal risks and for building or maintaining resilience, including the role of directors.

3. The principal risks that could threaten the business model, operations, future performance, solvency or liquidity of the company over the short-term or medium-term, including each of the following matters to the extent that the directors consider that they either constitute a principal risk in themselves or are relevant to the company’s management of principal risks
(i) the company’s financial liabilities or expected refinancing needs;
(ii) the company’s operational and financial preparedness for a significant and prolonged disruption to its normal business trading;
(iii) the company’s digital security risks, including cyber security threats and the risk of significant breaches of its data protection obligations;
(iv) areas of business dependency or concentration, with regard to the company’s suppliers, customers, products, contracts, services or markets; and
(v) the impact of climate-related risks and sustainability-related risks, if any, on the company’s business model, to the extent that this is not already disclosed in the non-financial and sustainability information statement or elsewhere in the strategic report.

4. For each principal risk disclosed, the statement must include:
(i) the likelihood of the risk occurring and its impact on the company’s operations or financial health if it were to occur;
(ii) the time period over which the risk is expected to continue or to occur, if known;
(iii) what mitigating action, if any, the company has put, or plans to put, in place to manage the risk; and
(iv) any significant changes since the previous resilience statement.

The short-term/going concern statement

The resilience statement must contain a summary of the matters relevant to the going concern status of the company. It must:

1. Identify and explain the time period covered by the summary of the going concern status of the company which must not be shorter than twelve months from the date on the which the company’s accounts are approved by the directors.

2. Summarise the reasons for the directors’ decision whether or not to adopt the going concern basis of accounting in the relevant period.

3. Disclose any material uncertainties that may cast significant doubt on the company’s ability to continue to operate as a going concern.

4. Where necessary to help users of the summary to understand the current position and future prospects of the business, disclose and explain any significant judgments made by the directors in connection with the company continuing to operate as a going concern, together with any mitigating action taken by the directors to enable this decision to be taken.

The medium-term statement

The resilience statement must also provide an assessment by the directors of the company’s prospects and of the likelihood that the company will continue in operation and meet its liabilities as they fall due over the medium-term taking into account the identified principal risks. The medium-term period must be defined and there must be an explanation of how the chosen period aligns with the company’s strategy, business planning and investment cycle.

In addition, this section of the resilience statement must demonstrate how the directors’ assessment has had regard to the company’s expected financing facilities and financing needs, and any related covenants, over the defined medium-term period.

This section must also confirm that at least one reverse stress test has been carried out which:

(i) identifies a combination of adverse circumstances which could cause the business plan of the company to become unviable;
(ii) assesses the likelihood of those circumstances occurring; and
(iii) identifies mitigating action which might be taken, either to avoid the occurrence of those circumstances, or to reduce their impact.

The statement must summarise any such reverse stress test and any mitigation taken as a result. The regulations also state that the directors must retain a record of any reverse stress test for at least six years from the date on which the reverse stress test is carried out.

The long-term statement

The resilience statement must also:

1. Contain a summary assessment, including estimated timings, of any long-term trends and factors that are likely to continue or occur beyond the defined medium-term assessment period, and which the directors believe could represent a significant threat in future to the company’s business model or operations.

2. Describe any plans that the company has put in place and any adaptations that the company is proposing to make to its business model or operations to manage any long-term challenges. 

The Directors’ Report must contain a Material Fraud Statement which must:

1. Summarise the directors’ assessment of the risk of material fraud to the company’s business operations, including how the directors have assessed the company’s susceptibility to material fraud and the types of material fraud considered.

2. Describe the main measures which are in place to prevent and detect the occurrence of material fraud including any new measures which are in place or proposed to be put in place during the relevant financial year or the next financial year.

For the purposes of this statement, “fraud” means behaviour falling within any of sections 2 to 4 of the Fraud Act 2006 and fraud is “material” when its nature or magnitude could reasonably be expected to influence the decisions which a reasonable shareholder would take in connection with their shareholding in the company. 

Additional information about distributable profits, distributions and purchase of own shares to be included in the Notes to the financial statements

1. The amount, at the beginning and at the end of the financial year, of the company’s profits available for distribution within the meaning of section 830(2)(2) of the Companies Act 2006 (“the Act”)(“distributable profits”).

2. A summary of the changes which have occurred to distributable profits during the financial year, including as a result of the company making distributions, in accordance with Part 23 of the Act, or purchasing its own shares, in accordance with Part 18 of the Act.

3. In the case of a public company, whether the amount which may be distributed is affected by the application of the net asset restriction, which is described in section 831 of the Act and, if so, the amount which is available for distribution after the application of the net asset restriction at the beginning and at the end of the financial year.

Where, in the opinion of the directors, the calculation and disclosure of a figure for distributable profits would involve unreasonable expense or delay (including as a result of historical trading activity) the directors may set out a minimum figure but the calculation of this minimum figure must be explained in the notes to the accounts together with the reasons why determining an actual figure would involve unreasonable expense or delay.

Policy statement concerning distributions and purchase of own shares

A distribution policy statement must be provided in the Directors’ Report which describes:

1. The directors’ approach to capital allocation including decisions on investment, capital expenditure, research and development, distributions in accordance with Part 23, the purchase of own shares in accordance with Part 18, and any other matters which the directors consider to be relevant.

2. The directors’ policy towards the amount and timing of distributions to shareholders and the purchase of own shares during the short and medium term as defined in the resilience statement.

3. The considerations and factors which the directors consider to be material to their policy governing distributions and the purchase of own shares including, where relevant, the availability of the sums described in the note to the accounts required by section 413A, cash within the company and, in the case of a parent company, its group.

4. The key risks and constraints, including legal constraints, which the directors consider to be relevant to implementing and sustaining the directors’ policy on distributions and the purchase of own shares.

5. How the directors have implemented the distribution and share purchase policy and, in implementing that policy and in recommending the amount of any dividend, considered and taken into account those matters, which are described in paragraphs 3 and 4, together with the level of distributable profits and other relevant matters which are disclosed in the notes to the accounts as described above. 

The regulations permit an exemption from each of these reporting requirements where an in-scope company was a subsidiary company and is included in a group strategic or directors’ report which is produced by the company’s parent company and satisfies the requirements of the regulations.

The regulations make clear that the information set out in these statements may be relied upon to satisfy other relevant strategic and/or directors’ report requirements without a need to duplicate.

To access the full draft regulations click here.

Our library of governance publications is available to help you at www.deloitte.co.uk/governancelibrary.

Did you find this useful?

Thanks for your feedback

If you would like to help improve Deloitte.com further, please complete a 3-minute survey