Companies with 750 or more employees and at least £750m annual turnover will become PIEs. This will mean that the new regulator will be able to scrutinise their reporting and audit and companies within scope will need to meet new transparency requirements.
Companies traded on AIM or other multilateral trading facilities, Limited Liability Partnerships and third sector entities will also be PIEs if they meet this 750:750 test. The Government also commits to allowing an adequate period between an entity exceeding the new 750:750 threshold and being subject to any new requirements.
Further the Government plans to implement a tiered approach which will mean that entities which are PIEs because the new size-based threshold will not be required to have an audit committee, to retender the audit every 10 years and to rotate auditor every 20 years to entities that are PIEs because of the new size-based threshold.
2. New regulatory regime for directors
The Government will give the new regulator, ARGA, powers to enforce all PIE directors’ statutory duties relating to corporate reporting (front half and financial statements) and audit. The new civil enforcement regime will be targeted, proportionate and transparent, and directors will only be accountable for what could reasonably be expected of a person in their position.
The Government wishes to avoid overlap or duplication of enforcement, so ARGA will work closely with other regulators to manage this. The Government will also work with the FRC to consider the best way to hold directors of PIEs to account if their conduct falls short of certain behavioural expectations, such as engaging in dishonest conduct, where this relates to their duties around corporate reporting and audit. ARGA will set out what it reasonably expects of PIE directors by way of compliance with their legal duties.
The Government will also invite the regulator to consult on changing the UK Corporate Governance Code to provide greater transparency about the malus and clawback arrangements that companies have in place so remuneration can be withheld or recovered from directors for misconduct, misstatements, and other serious failings.
3. Attestation on internal controls
The Government will invite the regulator to strengthen the UK Corporate Governance Code for premium listed companies to provide for an explicit directors’ statement about the effectiveness of the company’s internal controls and the basis for that assessment, and to work with companies, investors and auditors to develop appropriate guidance. The Government agrees that directors should be more open and accountable for operating an effective internal control system, not only for financial reporting but also for wider operational and compliance risks.
The Government expects that this would be underpinned with guidance on how boards should approach the preparation of the statement, which would be developed following a review of the FRC’s existing Guidance on Risk Management, Internal Control and Related Financial and Business Reporting. This guidance would be intended to cover the identification of acceptable standards, benchmarks or principles and address definitional issues and the circumstances in which external assurance might be considered appropriate.
The intention is that the new Audit and Assurance Policy (discussed below) will require companies to state whether or not they plan to seek external assurance of the company’s reporting on internal controls. The FRC will be asked to explore with investors and other stakeholders whether and how the content of the auditors’ report could be improved to provide more information about the work auditors have undertaken on the internal controls over financial reporting.
4. Publication of principal risks & audit plan for engagement with shareholders
The Government believes that the most appropriate way to encourage shareholder engagement with audits is to include appropriate provisions in the audit committee requirements that ARGA will have the power to put in place. Those powers will need to be somewhat wider than those proposed in the White Paper to allow the new audit committee requirements to cover the ability for shareholders to consider and respond on the audit plan and to consider the risk report. The changes would also enable greater engagement with the auditor at the AGM of the company.
5. The Resilience Statement
The Government confirms companies which are Public Interest Entities with 750 employees or more and an annual turnover of at least £750m will be required to provide a Resilience Statement
Identification of material resilience matters
Recognising that mandating a common set of risks to be addressed in every statement would cut across the directors’ responsibility to identify, manage and report on those risk and resilience issues that are most material to their business, the Government intends to legislate for companies to report on matters that they consider a material challenge to resilience over the short and medium term, together with an explanation of how they have arrived at this judgement of materiality. In doing so, companies will be required to have regard to the following:
- any materially significant financial liabilities or expected refinancing needs occurring during the assessment period of the short and medium term sections of the Resilience Statement;
- the company’s operational and financial preparedness for a significant and prolonged disruption to its normal business trading;
- significant accounting judgements or estimates contained in the company’s latest financial statements that are material to the future solvency of the company;
- the company’s ability to manage digital security risks, including cyber security threats and the risk of significant breaches of its data protection obligations;
- the sustainability of the company’s dividend policy;
- any significant areas of business dependency with regard to the company’s suppliers, customers, products, contracts, services or markets which may constitute a material risk; and
- the impact on the company’s business model of climate change, to the extent that this is not already addressed by the company in other statutory reporting.
Length of the assessment period
Following the consultation, the Government intends to replace the proposed five-year mandatory assessment period for the combined short- and medium-term sections of the Resilience Statement with an obligation on companies to choose and explain the length of the assessment period for the medium-term section.
Principal risks and uncertainties
In the interest of integrated and holistic reporting on risk and resilience, the Government intends that companies within scope be given the flexibility to report their principal risks and uncertainties within the short- and/or medium-term sections of the Resilience Statement, noting that different kinds of risk or uncertainty may crystallise or resolve over different time periods.
Reverse stress testing
The Government intends to continue with its proposal that companies within scope of the Resilience Statement should perform reverse stress testing. However, in light of the consultation feedback, companies will be required to perform at least one reverse stress test rather than a minimum of two. This means that the Resilience Statement will require a company to:
- identify annually a combination of adverse circumstances which would cause its business plan to become unviable;
- assess the likelihood of such a combination of circumstances occurring; and
- summarise within the Resilience Statement the results of this assessment and any mitigating action put in place by management as a result.
Guidance
Supporting guidance by the regulator will set out more detail of how the potential materiality of these matters should be considered as well as on the Resilience Statement as a whole.
Existing viability statement requirements under the Code
The intention is that the existing viability statement provision in the Code (Provision 31) will no longer apply after the Resilience Statement enters into force.
6. Front half assurance
The Government will leave the market – companies, directors, investors – to shape the development of an enhanced wider assurance services market in the coming years, stimulated by the requirement to publish an Audit and Assurance Policy (see below).
7. Capital maintenance
The Government intends to require qualifying companies or, in the case of a UK group, the parent company only, to disclose their distributable reserves, or a “not less than” figure if determining an exact figure would be impracticable or involve disproportionate effort. Those in scope will be PIEs with 750 or more employees and an annual turnover of at least £750m. Companies will be asked to provide a narrative explaining the board’s long-term approach to the amount and timing of returns to shareholders (including dividends, share buybacks and other capital distributions) and how this distribution policy has been applied in the reporting year. The Government also intends to require directors of such companies to make an explicit statement confirming the legality of proposed dividends and any dividends paid in-year.
Disclosing an estimate of the dividend-paying capacity of the group as a whole will be encouraged rather than a required element of reporting. The Government will task ARGA with issuing guidance on what should be treated as “realised” profits and losses for the purposes of determining distributable reserves.
The Government has decided not to proceed with the proposal for a directors’ assurance that a dividend would not be expected to jeopardise the future solvency of the company over a period of two years.
8. Directors’ obligations in relation to fraud
The Government intends to legislate to require directors of PIEs with more than 750 employees and an annual turnover of at least £750m to report on actions they have taken to prevent and detect fraud; auditor responsibilities will be unchanged whilst the regulator assesses recent changes made to relevant auditing standards.
9. Payment practices
The Government has recently completed a statutory post-implementation review of the existing Reporting on Payment Practices and Performance Regulations 2017. As confirmed in that review, the Government now intends to consult on whether these regulations should be amended to further enhance transparency and accountability in supplier payment reporting.
10. Supervision of corporate reporting
The Government intends to ensure that ARGA can direct changes to company reports and accounts, rather than having to seek a court order, along with powers to publish summary findings following a review. In addition, the Government will extend the regulator’s powers to cover the entire contents of the annual report and accounts so that it can review areas that are not currently within scope, such as corporate governance statements and directors’ remuneration and audit committee reports as well as voluntary elements such as the CEO's and chairman’s reports.