Cyber security threats are constantly evolving. We’ll work with you to develop and test robust people, process and technology defences to protect your data and information assets.
Working with borrowers and private equity financial sponsors on raising and refinancing debt. We can help you find the right lender and type of debt products.
Regulatory change, pressure on cost management and growth, and increased investment in technology and data are dominating the financial services industry.
The Government has withdrawn the proposed secondary corporate governance reform legislation it outlined in July. Emma Young explains the potential impact of this change and how you can move your internal control and fraud projects forward.
Updated to reflect the FRC announcement on 7 November 2023
Corporate reform proposals developed by the government in the wake of the Brydon, Kingman, and CMA independent reviews and high-profile corporate failures, such as Carillion, have required multiple parties to implement. The proposals cover different aspects of risk management, such as how it impacts decision-making and resilience (resilience statement), how management can ensure it's based on reliable and complete information (internal controls and fraud); and what assurance is available to have trust in the reporting (audit and assurance policy).
Some of them were intended to be implemented by legislation, others such as the internal control requirements (UK SOX) would need further consultation by the Financial Reporting Council (FRC) and will be applied through the UK Corporate Governance Code (the Code).
In a move that has surprised many, on 16 October 2023 the government announced it has withdrawn the legislation after companies and industry bodies again raised concerns about onerous reporting requirements.
On 7 November 2023 the FRC responded with a statement indicating what next steps they will take and made it clear that they had listened to the wider debate on business reporting requirements in finalising their risk and internal control revisions to the Code.
What are the changes to the current corporate governance plans?
The government has now said that they'll pursue options to streamline and simplify existing corporate reporting.
While there was no direct impact on the FRC’s proposed changes to the Code (as an independent regulator), the FRC's latest statement sets out that they will now take forward only a handful of the original 18 proposed changes. For now, they will only focus on internal control updates to the Code. They make it clear that this has been done in response to the feedback from their own consultation during the summer, wider discussions on burdensome reporting, and competitiveness of the UK. More time will now be given for implementation, and more thinking will be done to ensure the UK approach is more targeted and less intrusive than the US SOX approach. There will be a few other changes made to streamline the requirements in the Code, where the published updates are promised to be out in January 2024.
The government has indicated they still plan to debate primary legislation proposals, including setting up the FRC's replacement, the 'Audit, Reporting, and Governance Authority' (ARGA), when parliamentary time allows, and that they remain committed to streamlining corporate reporting requirements. It's not clear what this means or when proposals would apply.
The government’s planned Economic Crime and Corporate Transparency Bill, including the new failure to prevent fraud offences, is still expected in 2024.
If you've already started working on projects to get ready for the proposed changes you may be wondering what you should be doing.
To be the first to hear about our new 2023 Corporate Governance Review, sign up here
For now, the most pragmatic response for companies to take is to focus on ‘no regret’ activities until the FRC publishes the final changes to the Code. The two key areas we're seeing organisations continue to prioritise relate to internal controls and fraud risk frameworks.
Proposals
What has changed
Next steps
Resilience statement
Combines and enhances existing going concern and viability disclosures.
Must include at least one reverse stress test and outline material uncertainties.
New requirement removed
Existing going concern and viability statements will remain.
Halt work on resilience statements
Internal controls
Provision of a stronger basis for reporting on and evidencing the effectiveness of internal controls around year-end reporting.
No impact from the withdrawal
This is a requirement in the FRC's planned changes to the revised Code now expected in January 2024.
Remains to be seen if and how the scope of this internal control initiative extends from financial to operational and compliance controls as the FRC had originally suggested and what the implementation timeline will be.
Continue with ‘no regret’ activities
Companies should focus on significant financial reporting risk areas and ensure there are robust business and technology control frameworks in place.
The UK already has various well-established requirements relating to the internal control environment (for listed and large private businesses under the Companies Act and Wates Principles, and those that voluntarily align to the Code). However, in our experience, the nature and extent of these frameworks vary widely.
Are you comfortable and confident that your financial control framework is robust, value-adding, and monitored?
Fraud risk management
The onus on directors to identify, prevent and report on steps taken to mitigate/manage fraud risks. Building on the package proposed by Brydon.
The new Economic Crime and Corporate Transparency Bill is expected in the new year. Companies need to make sure they have reasonable procedures in place and have established an effective fraud risk management framework.
How mature and embedded is your fraud risk framework and what assurance do you have that it operates effectively?
Audit and assurance policy (AAP)
Outline the approach to assurance over reported information.
New requirement removed for listed and non listed businesses
Halt work
The benefits of developing an integrated assurance map remain so consider continuing this activity where not yet completed.
Capital dividend disclosures
Introducing disclosures on distributable reserves and a narrative explanation of the board's long-term approach.
New requirement removed
Halt work on new disclosures
* Subject to change when the FRC publishes its own proposals
Instrument
Government activity
FRC activity
Primary legislation
Secondary legislation
Revisions to the Code
Revisions to ethical standards
Actions
Includes setting up ARGA, expanding PIE definition, increasing director accountability and audit market competition measures.
Includes AAP, resilience statement, fraud reporting, and reporting on distributable reserves.
Changes to board and audit committee responsibilities, includes and/or incorporates internal controls, AAP and resilience statement.
Updates include the new PIE definition.
Status
Delayed
Legislation is likely to be delayed until post general election in 2024/25.
Withdrawn
The government is "still committed" to streamlining reporting requirements.
Progressing
The impact of the government withdrawing legislation is not clear. The earliest effective date is 1 January 2025.
Consultation
Consultation closes this month with planned implementation in 2024.
For the latest updates on responding to the ICFR requirements access our Controls Advisory Hub →
Uncover what you need to know about UK ICFR/SOX compliance.
Learn more about how our Controls advisory services can help you
For more insight and guidance get in touch with 
