The UK government has published its final proposals for far-reaching reforms to the UK's audit and corporate governance regimes, with significant consequences for the UK's largest companies and their directors and auditors, as well as for audit firms and the audit regulator.
The proposals follow on from the government's consultation paper published in March 2021, which in turn was the culmination of a series of independent reviews, including the Kingman review into the UK's audit regulator, the Brydon audit regime review and a market study by the Competition and Markets Authority on the audit of FTSE 350 companies. These in part were triggered by a series of high-profile corporate failures, and ongoing concerns about the lack of competition and resilience in the audit market for the UK's largest companies.
Most of the changes are targeted at UK 'public interest entities' (PIEs), a category that currently comprises listed companies, banks and insurance companies, but which will be expanded to include large companies and LLPs that have 750 or more employees globally and an annual turnover of £750 million or more (750:750 PIEs) – higher thresholds than those proposed in the consultation paper. In addition, AIM-quoted and AQSE Growth Market-quoted companies will now only become PIEs if they meet these size-based tests.
The government is in the process of preparing a draft bill for those changes requiring legislation, which it will introduce when the parliamentary timetable allows. However, it intends to phase in the changes over a period of several years, with those that do not directly impact businesses (for example, establishing the new regulator) likely to come in earlier than those having a significant effect on wider business.
The final proposals
The government's final proposals are wide-ranging and detailed, but key impacts on companies and their directors include:
- New audit regulator. A new Audit, Reporting and Governance Authority (ARGA) will replace the Financial Reporting Council (FRC) and be given a broader remit and expanded powers. These powers will include the ability to impose an operational split on the audit and non-audit functions of the larger accountancy firms. As proposed in the consultation paper, ARGA will also have wider powers in relation to companies and corporate reporting (covering the entire contents of annual reports and accounts), together with new investigatory powers (coupled with the power to direct changes to reports and accounts or, in exceptional circumstances, to commission an expert review paid for by the company). It will also have oversight of audit committees and new powers to enforce breaches of directors' corporate reporting and audit-related duties with fines and other sanctions.
- Reporting and attesting internal controls. As has been widely reported, the government's final proposals in this area do not go as far as the measures originally under consideration. For the time being, the government proposes that the UK Corporate Governance Code (which, as now, will only automatically apply to premium listed PIEs) should be strengthened to provide for an explicit directors' statement on the effectiveness of the company's internal controls, and the basis for this assessment. However, obtaining external assurance on this statement will not be mandatory. Instead the government will invite the regulator to develop guidance on the circumstances when external assurance of internal control statements would be appropriate.
- Dividends and capital maintenance. To give greater clarity on a company's ability to pay dividends, the government proposes to require 750:750 PIEs to disclose their total amount of distributable reserves and to explain the board's long-term approach to the amount and timing of dividends and other shareholder returns (and the application of this policy during the relevant financial year). However, following feedback, the government has decided not to require directors to make a two-year solvency statement when proposing a dividend. Instead, directors will have to make an explicit statement in the annual report confirming the legality of interim and final dividends for the relevant financial year.
- Reporting on resilience. Directors of 750:750 PIEs will be required to make an annual resilience statement (incorporating existing going concern and viability statements), which reports on matters that they consider a material challenge to the company's resilience over the short, medium and long term, and includes an explanation of how they arrived at this judgement of materiality. In response to feedback, the government will allow companies to choose and explain the length of the assessment period for the medium-term section (and to perform at least one reverse stress test, rather than a minimum of two).
- Audit and assurance policy. 750:750 PIEs will be required to publish an audit and assurance policy every three years, together with an annual implementation report. The government will no longer require a shareholder advisory vote on the policy, but the policy will need to disclose how shareholder views have been taken into account. Matters to be addressed will include the company's internal auditing and assurance process, its policy on the tendering for external audit and non-audit services and its approach to seeking external assurance on the information reported to shareholders, including in relation to the resilience statement and the company's internal controls.
- Fraud detection. As proposed in the consultation paper, the government intends to require directors of 750:750 PIEs to report on the actions they have taken to prevent and detect fraud. However, beyond their existing obligations in relation to directors' reporting, auditors will not now be required to report specifically on this statement, or on their own steps to detect material fraud and assess the relevant internal controls. For the time being, the government will invite the regulator to consider whether audit reports should disclose more information on the auditor's work in relation to the company's internal controls and financial reporting, but it intends to keep this area under review, and to make further changes if necessary.
- New sanctions for director wrongdoing. As expected, ARGA will have new powers to investigate breaches by PIE directors of their corporate reporting and audit-related statutory duties, and to impose civil sanctions. These may include fines, reprimands, orders to mitigate, declarations of non-compliance and temporary suspensions from acting as a director of a PIE. Where appropriate, the regulator's enforcement powers may be adapted to apply to PIEs that are not companies. The government will also invite the regulator to consult on how the existing withholding (malus) and recovery (clawback) provisions in the UK Corporate Governance Code can be developed to deliver greater transparency and to encourage the inclusion of a broader range of conditions in which executive remuneration could be withheld or recovered. The proposed expansion in the overall liability regime for directors highlights the need for clear guidance for boards on the regulator's expectations (which the government acknowledges).
- Audit committee and the managed shared audit regime. To lessen the new burdens for entities that become PIEs purely because of the new size-based thresholds, the government does not intend to apply the existing requirements to have an audit committee, to retender the audit every 10 years and to rotate the auditor every 20 years to these entities. As proposed in the consultation paper, FTSE 350 companies will be required to appoint a 'challenger' audit firm to conduct a 'meaningful proportion' of the statutory audit in conjunction with a larger firm. ARGA will be able to exempt some companies with large or complex audits in limited circumstances. The regulator will also have the powers to apply a 'market share cap', if further intervention is needed once the managed share audit regime is in place, or in the event of a significant audit firm collapse. ARGA will also be able to monitor and enforce the obligations on FTSE 350 audit committees regarding the appointment and oversight of auditors, and to take action against directors for breaches. The regulator will also consult on measures to enable shareholders to engage with the audit committee in relation to the audit plan and the risk report. On leaving office, PIE auditors will be required to make additional disclosures about their recent relationship with the company and its audit committee.
- Audit profession. The government has chosen not to require the establishment of a new, stand-alone audit profession supervised by ARGA. Instead, professional bodies will be required to make substantial improvements to the qualification, skills and training of auditors so as to create 'a more effective and distinctive audit profession'. The government intends to create the conditions for the market to develop wider external assurance services, including through the new obligation on PIEs to publish an audit and assurance policy.
Although the government has stepped back from some of the more significant reforms under consideration, concerns will still remain about the additional compliance costs the changes will impose on businesses during increasingly challenging times. Companies will need clear guidance on the new requirements and, as acknowledged by the government, a phased implementation timetable that allows them to adapt and put in place new procedures well in advance of the new regime taking effect. The government intends to review the effectiveness of the new measures five years after the legislation first comes into force.
Originally published 10 June 2022
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.