Overview of the other important changes to the UK Corporate Governance Code


The recent changes to the UK Corporate Governance Code (the Code) are intended to strike a balance between ensuring UK competitiveness and achieving positive governance outcomes for companies, investors and the wider public.

The 2024 Code maintains the flexibility of ‘comply or explain’ reporting and continues to be split into five sections: Board Leadership and Company Purpose; Division of Responsibilities; Composition, Succession and Evaluation; Audit, Risk and Internal Control; and Remuneration.

Within those sections there are detailed changes to some of the principles and provisions.
 

Key changes: Risk Management and Internal Controls Framework (Principle O and Provision 29)

Effective risk management empowers an organisation to achieve its strategic objectives, manage uncertainties and understand the threats and opportunities it faces. A robust control environment improves quality, efficiency and insight into the business processes through increased risk visibility, control awareness and management information.

The board should review the effectiveness of the risk management and internal control framework at least annually. The review should identify strengths, gaps, deficiencies and areas for improvement and should be followed up by an action plan.

The review by the board should consider the risk management and internal control framework of the company as a whole. It should also evaluate the effectiveness of ongoing monitoring of the framework. A set of criteria for the effectiveness of the individual controls, the relevance of these controls and the broader framework itself may be beneficial when conducting a review.

Provision 29 requires the board to provide the following information in the annual report:

  • A description of how the board has monitored and reviewed the effectiveness of the framework   
  • A declaration of effectiveness of the material controls as at the balance sheet date 
  • A description of any material controls which have not operated effectively as at the balance sheet date as well as the action taken or proposed to improve them, and any action taken to address previously reported issues 

These proposed changes will require substantial consideration and work by boards and management to implement and to ensure that these elements are appropriately captured within their reports. This is reflected in the later implementation date of 1 January 2026.

The FRC has issued guidance to support the new Code which can be accessed via their website.

Other changes:

Provision 2 has been amended to require boards to not only assess and monitor culture, but to disclose how the desired culture has been embedded. The Annual Report should explain the board’s activities and any actions taken around all these matters. 

Provisions 25 and 26 of the Code have been updated to reflect the ‘Audit Committees and the External Audit: Minimum Standard’, which focuses on the relationship with external audit, including tendering and oversight. Provision 26 now requires reporting on the work of the Audit Committee to be in line with the ‘Audit Committees and the External Audit: Minimum Standard’ reporting requirements. 

The Code’s wording to references board ‘performance’ rather than board ‘effectiveness’, drawing attention to how the board goes about its business and how the execution of its tasks and function affect the success of the business. 

The wording of the Code no longer references specific groups when promoting diversity and inclusion. Provision 23 sets out reporting requirements, including disclosure of policies and initiatives in place on diversity and inclusion in the Board nomination processes. 

In the context of remuneration, the key change to the Code is a toughening of the position relating to the insertion of Malus and Clawback provisions in directors’ contracts and related agreements (Provision 37). This is accompanied by an increased disclosure and reporting obligation related to the adoption and use of such provisions (Provision 38). Such policies and disclosures are common amongst listed companies so, for many companies, these changes will merely formalise current approaches. 

There is no change to the expectation that companies ‘comply or explain’. The FRC stresses that this gives companies the opportunity to communicate salient and pertinent information to their stakeholders. ‘Boilerplate’ statements are not useful in decision-making whereas describing the impact or outcome of activities and answering the ‘So what?’ question adds insight and value for stakeholders. This is captured by the new ‘Principle C’ which refers to companies’ reporting focusing on board decisions and outcomes in the context of the company’s strategic objectives. 

Conclusion

This new Code creates an expectation that directors will have to take on increased responsibility for stronger internal controls, including annual reviews of risk management and internal controls.

Some of the updates will require fundamental changes in how companies are governed. Demonstrably effective risk management and internal control systems will take time, and cultural change is typically achieved by evolution not revolution. However, the changes are also about giving stakeholders information that is useful in supporting decision-making, including information about the effective governance practices needed to achieve sustainable success.

The FRC has published additional guidance to support the revised Code. The guidance is not prescriptive or mandatory but will support boards in implementing the new Code

If you would like to discuss how we can help support your business through the transition to the new Code, please get in touch with Anthony Appleton, Corporate Reporting Partner.