Keeping Up With Corporate Governance

An updated version of The matrix, which provides a comparative table of corporate governance developments in the UK, the EU and the US, can be accessed at:
http://www.linklaters.com/pdfs/publications/thematrix/Dec04.pdf. This article highlights some of the most significant developments that have taken place in the corporate governance arena since The matrix was last updated in May 2004.

At the end of 2003, the DTI launched a consultation on directors’ and auditors’ liability, reflecting the concerns arising out of the Equitable and other cases, and the increasing focus on the responsibility of directors following the collapse of Enron. Following the consultation, the DTI was able to take advantage of the passage of the Companies (Audit, Investigations and Community Enterprise) Bill through Parliament, to legislate with unaccustomed speed. The Bill, comprising a number of post-Enron measures aimed at strengthening the audit process as well as creating a new vehicle for not-for-profit enterprises, was amended at Committee stage to introduce reforms on indemnification of directors.¹ It received Royal Assent in October 2004.

The provisions on directors’ indemnification represent a significant relaxation of the current law:

• companies will be permitted to fund expenditure incurred by directors in defending themselves in civil or criminal proceedings. These funds must be repaid in circumstances where the defence is unsuccessful, unless the company is permitted to indemnify the director against the relevant liability, and chooses to do so;
• companies will be permitted to indemnify directors against liabilities in connection with "negligence, default, breach of duty or breach of trust in relation to the company", except to the extent these are liabilities to the company itself (or any associated company), or fall within a list of exclusions (eg criminal/regulatory fines or penalties, and the costs of an unsuccessful defence of criminal proceedings). The current law permits such indemnities only where judgment is given in a director’s favour; and
• the existing prohibition on exemption from, or indemnification against, liability in relation to company officers, other than directors and auditors, will be removed.

Companies wishing to take full advantage of the relaxation of the existing prohibitions are likely to need to amend their memoranda and articles of association. Although articles of association which contain a general reference to the provisions of the Companies Act will probably provide sufficient authority for companies to indemnify their directors in the terms permitted by the new Act, the ability to fund directors’ legal costs in litigation is a new concept which should be reflected in both the memorandum and articles. Making these changes will provide the opportunity to bring the indemnity provisions in the articles into line with the new legislation.

Under the new provisions a company will not be able to indemnify directors of "associated" companies (ie holding and subsidiary companies) in circumstances where the company itself would not be permitted to assume such liabilities. Guidance to the Act provided by the DTI states that existing indemnities which provide protection to directors of "associated" companies, and are now prohibited under the new legislation, will remain effective, but only if they were in existence on 28 October 2004 (the date of Royal Assent). However, reliance on this carve-out may be unwise, depending on the precision with which the matter is dealt with in the commencement order. The Act is expected to come into effect on 1 April 2005.

The Companies (Audit, Investigations and Community Enterprise) Act 2004 also contains a series of measures reinforcing the duties of directors, and the powers of auditors, in relation to company audits. In particular:

• directors’ reports must contain a statement in respect of each director that:
• so far as he is aware, there is no information needed by the auditors for the purposes of the audit, of which the auditors are unaware; and
• he has taken all steps that he ought to have taken to make himself aware of any such information and to establish that the auditors are also aware of it;
• auditors are given rights to require any officer or employee of the company or any of its subsidiary undertakings to provide them with any such information or explanation as they think necessary for the performance of their duties as auditor.

In addition, the powers of the Financial Reporting Review Panel (FRRP) will be increased with regard to the review and investigation of companies’ accounts and other published financial information.

Although the Act is expected to come into effect on 1 April 2005 the extension to the FRRP’s powers is expected to come into effect on 1 January 2005.

The final rules on OFRs are expected to be published shortly. The DTI indicated in November 2004 that the scope of the OFR in terms of content and purpose will remain as proposed in the consultation draft published last May. However, there will be no requirement for the auditors to give an opinion on whether the directors have used "due and careful enquiry" in preparing the OFR. Although there will be no safe harbour from litigation for forward-looking statements, it will be made clear that there will be no obligation to disclose specific information about impending developments or matters in the course of negotiation which would not have to be disclosed under the FSA’s Disclosure Rules. The obligation to prepare an OFR will apply to UK-incorporated companies that are UK, EU or Nasdaq/NYSE listed (but not AIM listed) for financial years commencing on or after 1 April 2005.

In preparing the OFR, directors will have to comply with a new reporting standard laid down by the Auditing Standards Board. A consultation draft of this standard was published in November 2004.

The draft standard amplifies the statutory objectives of the OFR and describes the principles that should govern disclosure in the OFR. In particular, the draft states that the OFR should:

• provide the directors’ view of the business;
• focus on matters relevant to investors (although the statutory focus of the OFR is shareholders, rather than investors at large);
• be forward-looking in orientation;
• be balanced, dealing even-handedly with good and bad aspects;
• allow comparisons to be made over time; and
• be comprehensive and understandable.

The draft standard also proposes to augment the specific items required under the statutory OFR provisions, with requirements for discussions of the market, competitive and regulatory environments and technological change. In relation to the requirement to include key performance indicators (KPIs) in OFRs, the draft standard proposes that, in addition to KPIs themselves, companies should disclose information about the definition and calculation methodology of KPIs, about the sources of underlying data and about future targets in relation to KPIs. Guidance, which will not form part of the standard, gives examples of KPIs and how they would be disclosed, covering a range of indicators such as return on capital employed, subscriber numbers, sales per square foot, pipeline products, reserves, cost per unit produced, CO₂ emissions and employee morale.

Consultation on the draft standard closes on 28 February 2005.

The FRC, through a review group chaired by Douglas Flint, is consulting on the effectiveness of the Turnbull guidance on internal controls, and on whether the guidance needs to be updated. Factors to be taken into account will include experience of using the Turnbull guidance, as well as prospective developments such as the disclosure requirements of the OFR, the EU proposals on disclosures regarding internal controls (see below) and the adoption in the UK of International Standards on Auditing from 2005.The consultation points out the comparisons to be made with the Sarbanes-Oxley rules on internal control reporting. These focus on financial reporting controls and are narrower in scope than Turnbull, which covers all aspects of internal control, including financial, operational and compliance matters. The review reopens the issue that has been debated ever since the 1992 Cadbury Report of whether there should be a requirement for the directors to report on the effectiveness of controls (as is required by the rules under Sarbanes-Oxley), as well as considering the role of the external auditor in relation to companies’ published comments on internal control.

The deadline for responses to the consultation is 2 March 2005.

These two non-binding Recommendations were finalised in October 2004. They seek to encourage Member States to introduce rules or codes requiring:

• a balance of independent directors on boards and on audit, remuneration and nomination committees; and
• disclosure of directors’ remuneration and shareholder approval of a directors’ recommendation report.

So far as UK companies are concerned these provisions should have virtually no impact, since they are broadly in line with the provisions of the Combined Code and the existing Directors’ Remuneration Report Regulations. It remains to be seen whether they will be acted upon in other EU jurisdictions where their provisions, notably on the disclosure of directors’ remuneration, are likely to encounter some resistance. If the Recommendations are not acted on throughout the EU, further legislation could follow.

The EU Commission is expected to review Member States’ progress on implementing the Recommendations after July 2006.

The EU Commission published a proposal for a directive on board responsibilities and improved financial and corporate governance information in October 2004. In addition to making a corporate governance statement (which may be a "comply or explain" statement) mandatory, this directive would require:

• greater disclosure by companies in their accounts of material related party transactions and off balance sheet arrangements; and
• annual reports to contain a description of the company’s internal control and risk management systems; details of the operation of shareholders meetings and of shareholders’ rights; and more information on the composition and operation of the board and its committees.

The implementation date for the proposed directive is 31 December 2006.

This draft EU directive is principally concerned with the regulation of the audit profession. However, it would also make it mandatory for "public interest companies" to have audit committees. These are defined as EU incorporated companies listed on an EU regulated market and credit institutions and insurance undertakings (although Member States may exempt non-listed credit institutions and insurance undertakings). The audit committee will have to include one independent member with competence in accounting and/or auditing. The committee’s functions will include monitoring the financial reporting processes and effectiveness of the company’s internal control systems and overseeing the audit process. Although most UK listed companies already have an audit committee (as required by the Combined Code) it is a very different matter to have the audit committee and its composition – including the definition of "independence" – and functions mandated by legislation at EU level.

The European Council reached political agreement on the draft directive in December 2004 and it now passes to the European Parliament under the co-decision procedure. Although a number of respondents to the DTI’s consultation on the statutory audit directive have argued that audit committees are a matter that should be left to national codes, there is a strong chance that the audit committee requirements will survive and be adopted in the final directive. The implementation date for the directive is likely to be late 2007 at the earliest.

The EU Commission launched a consultation in October 2004 on proposals to make it easier for the ultimate beneficial shareholders of listed companies to exercise their voting rights. In particular, it contemplates the possibility of measures to require companies to give legal recognition to persons entitled to control voting rights other than the registered shareholders. It also considers the requirements for disseminating information about shareholders’ meetings. The consultation addresses important issues for shareholder democracy, but also raises complex questions as to the rights of shareholders and the operation of company law. Companies will be particularly concerned to ensure that the burden of any administrative provisions that emerge as a result of the proposals should not be unduly onerous for issuers or investors. The consultation closes on 16 December 2004.

In the United States, compliance with the requirement under the US Sarbanes-Oxley Act (SOX) for a report on internal controls from both management and the auditors is taxing the resources of many public companies. Costs for compliance with this requirement are higher than originally estimated and rising. Many companies are facing a looming compliance deadline which either they or their auditors will be unable to meet. In light of this, the SEC has extended the compliance deadline (originally for financial years ending after 15 November 2004 for US companies that are "accelerated filers") for smaller accelerated filers by 45 days. For all other companies, including non-US companies, the deadline is for financial years ending after 15 July 2005. For EU companies, the timing of this requirement is particularly troublesome, given its overlap with the conversion to IFRS. Largely as a result of this requirement, US-listed EU companies are asking the SEC for relief – in the short term, for a postponement of the internal controls deadline to ease the burden on companies who also have to implement IFRS, and in the long term, for permanent relief from SOX through changes to the deregistration rules which would allow companies to exit the US markets more easily.