The government has published its roadmap for an extensive package of reforms to improve the UK’s audit, corporate reporting and corporate governance systems.
The planned reforms are outlined in the government's recently published response paper (the Response Paper) which sets out how the government will take forward the proposals in its 2021 consultation White Paper, Restoring Trust in Audit and Corporate Governance (the White Paper). That in turn built on three government-commissioned reviews: Sir John Kingman's Independent Review of the Financial Reporting Council (the FRC Review), the Competition and Market Authority’s Statutory Audit Services Market Study and Sir Donald Brydon’s Independent Review of the Quality and Effectiveness of Audit (the Brydon Review).
The focus of the reforms will be oversight and scrutiny of the UK's largest companies, public and private. The reforms will also address long-term concerns about the lack of competition and resilience in the statutory audit market covering the UK’s largest listed companies, and a perceived failure of the audit product to meet the growing expectations of its users.
The reforms will be implemented through a mix of legislative, regulatory and market-led changes. Underpinning them is the establishment of a new regulator, the Audit, Reporting and Governance Authority (ARGA).
In this overview, we focus on the proposals that most directly impact on companies, directors and shareholders.
Public interest entities
Key to many of the reforms will be an expanded definition of what constitutes a public interest entity (PIE). Currently, companies whose transferable securities are admitted to trading on a regulated market (e.g. the Main Market of the London Stock Exchange), credit institutions and insurance undertakings are all categorised as PIEs (and therefore subject to enhanced audit requirements).
The government intends to expand the definition of a PIE to include the following very large entities:
- private companies with both 750 or more employees and an annual turnover of £750 million or more (the 750:750 test). Where a UK parent company prepares consolidated accounts for a group and that group when aggregated meets the size threshold, the parent will become a PIE;
- public companies traded on the Alternative Investment Market or another multilateral trading facility that meet the 750:750 test, but not smaller companies on those markets;
- LLPs that meet the 750:750 test;
- third sector entities that meet the 750:750 test.
Lloyd's syndicates and public bodies will not become PIEs by virtue of the 750:750 test.
To ensure a proportionate approach to the regulation of entities that are PIEs purely because of this new size-based threshold, the government will not apply the existing PIE requirements to have an audit committee, to retender the audit every 10 years and to rotate auditor every 20 years to them.
The government will also review the existing PIE framework (which derives from EU law) more generally to remove any undue burdens.
Internal controls: Confidence in company reporting depends on the effectiveness of the internal controls and risk management processes that directors put in place and oversee. While acknowledging that the regulatory and other requirements applying to internal control arrangements in UK companies are well established, the FRC Review made the case for a strengthened internal control framework.
The government intends to take an approach based on the UK Corporate Governance Code as the most practical and proportionate way of strengthening boardroom focus on internal control matters. While the Code currently only applies to premium listed companies, it has a wider influence on other codes and best practice principles developed for different types of companies.
The government will therefore invite the FRC to consult on strengthening the internal control provisions in the UK Corporate Governance Code to provide for an explicit statement from the board about its view of the effectiveness of the internal control systems (financial, operational and compliance systems) and the basis for that assessment.
Alongside the new Code provisions, the government will ask the FRC to explore with investors and other stakeholders whether and how the content of the auditors' report could be improved to provide more information about the work auditors have undertaken on the internal controls over financial reporting.
The government also intends to require PIEs that meet the 750:750 test to state as part of the proposed minimum content for the new audit and assurance policy (see below) whether or not they plan to seek external assurance of the company's reporting on internal controls.
Dividends and capital maintenance: The White Paper noted that the legal framework for paying dividends is well established and appears generally to have operated effectively to prevent companies paying out excessive and dangerously high levels of dividends. However, high-profile examples of companies paying out significant dividends shortly before profit warnings and, in some cases, insolvency, have raised questions about the robustness of the framework. Further, many investors are also interested in more information from companies about their approach to allocating surplus capital between the competing demands of returns to shareholders and matters such as long-term investment, pension fund deficits and improving balance sheet resilience.
The government will therefore introduce the following reforms in relation to dividends and capital maintenance for PIEs that meet the 750:750 test.
- Qualifying companies (or, in the case of a UK group, the parent only) will have to disclose their distributable reserves, or a "not less than figure" if determining an exact figure would be impracticable or involve disproportionate effort. An estimate of the dividend-paying capacity of a group will not be a required element of reporting, though guidance by the regulator and institutional investors will be encouraged to improve transparency about a group's overall dividend position.
- Qualifying companies will have to provide a narrative explaining the board's long-term approach to the amount and timing of returns to shareholders (including dividends, share buybacks and other capital distributions) and how this distribution policy has been applied in the reporting year.
- Directors of qualifying companies will have to make explicit statements confirming the legality of proposed dividends and any dividends paid in the year.
ARGA will be given formal responsibility for issuing guidance on what should be treated as realised profits and losses for the purposes of section 853 of the Companies Act 2006 (in place of the current guidance issued by the accountancy bodies on a voluntary basis).
New corporate reporting
PIEs that meet the 750:750 test will be subject to two new reporting requirements.
Resilience statement: Qualifying companies will have to include an annual resilience statement as part of their strategic report. The resilience statement will require a company to report on matters that it considers a material challenge to resilience over the short and medium term, together with an explanation of how it has arrived at the judgement of materiality. In doing so, a company will have to have regards to a range of matters including, for example, the impact of climate change and digital security risks.
For qualifying companies that are also within scope of the UK Corporate Governance Code, the viability statement and going concern statement requirements of the Code will be incorporated into the new resilience statement.
Audit and assurance policy: Every three years, qualifying companies will have to publish an audit and assurance policy which sets out the company's approach to assuring the quality of the information it reports to shareholders beyond that contained in the financial statements.
The audit and assurance policy will among other matters require a company to: set out whether, and if so how, a company intends to seek independent assurance over any part of the resilience statement or over reporting on its internal control framework; describe the company's internal auditing and assurance process; and include a description of the company's policy in relation to the tendering of external audit services. It will have to include a statement as to how the company has taken into account shareholder views and whether, and if so how, it has taken account of employee views.
This triennial publication will be complemented by an annual implementation report in which the directors (typically through the audit committee) provide a summary update of how the assurance activity outlined in the policy is working in practice.
Supervision of corporate reporting
The government will extend ARGA's corporate reporting review process to the whole of the annual report and accounts to ensure that ARGA can review areas that are not currently within scope, e.g. corporate governance statements, directors’ remuneration and audit committee reports, and voluntary elements such as the CEO and chairman’s reports.
ARGA will also be given powers to direct changes to company reports and accounts, rather than having to seek a court order, which is the position at present for the FRC.
Enforcement against company directors
Although directors are ultimately responsible for a company’s accounts and reports, and have duties in relation to the auditing of those accounts and reports (e.g. the duty to approve accounts only if they give a true and fair view and to provide information or explanations at the request of the auditor), the regulator currently has no direct powers to act if those duties are breached.
The government therefore intends to give ARGA the necessary powers to investigate and sanction breaches of directors' statutory duties relating to corporate reporting and audit. This new civil enforcement regime will apply to all PIEs. It will sit alongside existing arrangements for taking action against company directors.
In order to ensure that the new enforcement regime is transparent and understandable, the government will work with the regulator on elaborating the relevant statutory duties and clarifying how directors would be expected to demonstrate compliance.
The government will also work with the regulator to consider the best way to hold directors of PIEs to account if their conduct in relation to corporate reporting and audit falls short of certain behavioural expectations e.g. in the case of dishonest conduct.
The government is considering further whether in exceptional cases ARGA should have powers to investigate and take action against directors of non-PIEs (e.g. if a large group is structured in such a way as to frustrate proper scrutiny).
Separately, in respect of companies that follow the UK Corporate Governance Code, the government will invite the FRC to consult on how the existing malus and clawback provisions in the Code can be developed to deliver greater transparency and to encourage consideration and adoption of a broader range of conditions in which executive remuneration may be withheld or recovered.
Audit purpose and scope
The government supports the Brydon Review's long-term vision of corporate auditing, i.e. audit that extends beyond the scope of financial statements to cover other areas such as cyber and ESG. However, it sees this as an area for market-led development, in which the requirement for PIEs to publish an audit and assurance policy will play a part. At this stage, the government will not seek to establish a new professional body or regulatory oversight of a new corporate auditing framework, but will look to existing professional bodies to develop audit as a profession distinct from accountancy.
The Response Paper also confirms that the government is not planning any legislative changes regarding the assurance of Alternative Performance Measures and Key Performance Indicators, and intends to retain the current "true and fair" standard for financial reporting and the current auditor liability framework.
In relation to tackling fraud, the government will proceed with the White Paper proposal that directors should report on the steps they have taken to prevent and detect material fraud. This reporting requirement will apply to PIEs that meet the 750:750 test.
Audit committee oversight and engagement with shareholders
Both audit committees and active shareholders can help to drive high-quality auditors that provide meaningful information for investors and others.
For FTSE 350 companies, the government therefore intends to give ARGA the power to set minimum requirements for audit committees in relation to the appointment and oversight of auditors. These requirements will be enforceable (unlike the present comply-or-explain approach in the UK Corporate Governance Code). ARGA will also have the power to include appropriate provisions to encourage shareholder engagement with audit planning and on audits at general meetings.
Competition, choice and resilience in the audit market
In the White Paper, the government agreed with the CMA's assessment that FTSE 350 companies face limited choice when appointing an auditor and that challenger firms face significant barriers to entering this market.
The Response Paper confirms that the government will legislate to require UK-incorporated FTSE 350 companies to appoint a challenger audit firm (i.e. not one of the "Big Four" audit firms) either:
- as sole group auditor; or
- to conduct a meaningful proportion (ARGA will be given the power to set the relevant figure) of its subsidiary audits within a shared audit.
These market-opening measures will be introduced on a phased basis as audits fall to be tendered under the existing tender cycle. In recognition of the scale and complexity of certain audits, the requirement will be subject to an exemptions regime that ARGA will operate.
In addition to pursuing these market-opening opportunities, the government intends to make powers available to introduce a market share cap regime which would require a proportion of audits to be tendered exclusively for challenger firms. Alongside these legislative measures, the government will continue to work with the regulator to identify further non-legislative opportunities to increase choice in the audit market.
It was announced in the recent Queen's Speech that the government will prepare and publish a draft Bill which will create ARGA and provide for the other measures set out in the Response Paper that require changes in primary legislation.
Other reforms can and will be taken forward without the need for primary legislation, e.g. through changes to the UK Corporate Governance Code, through secondary legislation, in codes of practice and in guidance. There is likely to be additional consultation on details of those regulations and guidance.
At this stage, there is no precise timetable, but the overall timescale for implementation is expected to stretch over several years in the case of some measures. The government will give careful consideration to the appropriate minimum lead times to apply, so that the pace of change will be measured and manageable for market participants.