In a recent Risk Coalition CRO Forum roundtable discussion, senior risk professionals explored the potential impact of the proposed revisions to the UK Corporate Governance Code (Code) proposed by the Financial Reporting Council (FRC).

The Code has long been recognised as a benchmark for corporate governance standards, not only in the UK but also across the globe.  It sets the tone for best practice and often serves as an influential reference point for other regulatory bodies.  Recently, the FRC has been under some pressure to refresh the Code to introduce what has previously been described as ‘UK SOX’. 

The FRC's motivation

The conversation began with an acknowledgment of the UK government's push to position the country as an attractive destination for businesses and listed companies.  In this context, ensuring robust corporate governance becomes paramount.  The Code, which focuses on listed companies, plays a pivotal role in this endeavour.  It was suggested that similar corporate governance systems around the world might follow suit if the UK successfully implements these changes.

However, the challenge lies in reconciling principles-based governance, favoured by the UK, with rules-based governance, which is more common in the US and the EU.  Striking a balance between these two approaches becomes crucial in the international arena.

Comply or explain: the essence of UK corporate governance

One distinctive feature of the UK's corporate governance approach is the ’comply or explain’ principle.  This approach emphasises that boards are in control and should have the freedom to make decisions about governance, explaining their structures, risks, and actions to stakeholders. The FRC reiterated its commitment, but has re-emphasised that Code principles are requirements, and that only the provisions are comply or explain. 

Potential Challenges

The discussion participants highlighted several challenges that organisations might face if the revised Code is implemented as proposed. These challenges include:

• Scope expansion - The Code's scope is set to extend beyond financial risks and controls to include organisations' strategic, operational, reporting, and compliance activities.  This broadening of scope could significantly increase documentation, testing and reporting requirements.

• Identification and testing of material controls - Organisations will need to identify and prioritise material controls, a process that may require extensive scoping exercises.  This could be particularly challenging for non-financial services organisations new to more structured risk management.

• Reporting of material weaknesses - the proposed Code changes also mandate the reporting of material weaknesses that occur throughout the year, adding an additional layer of reporting complexity (but greater transparency) in the annual report and accounts.

• Resource constraints - Many organisations, especially those outside the financial sector, may lack the experience and resources to handle the proposed changes effectively.  This could result in increased costs and a steep learning curve.

The discussion touched upon the urgent need for guidance to navigate this complexity. The FRC has indicated its intention to provide further guidance, but the details remain unclear.

Impact on risk management

The revised Code's focus on risk management and internal control systems prompted discussions about the potential consequences for the risk profession.  Participants speculated that the Code might lead to the creation of more senior risk positions in non-financial sector organisations.  They also noted that organisations will need to adopt a more mature approach to risk management, moving away from the old-fashioned perception that formal risk management processes increase bureaucracy and hinders business progress.

Planning for compliance

The impending changes to the Code signify a significant transformation in corporate governance practices.  Organisations must consider several factors:

• Resource allocation - Implementing the revised Code will likely require additional resources. A thorough scoping exercise to identify material controls is crucial to managing costs and complexity.

• Collaboration - The relationship between internal audit and risk management functions needs re-evaluation.  Effective collaboration will be key to meeting the Code's requirements efficiently.

• Governance culture - Organisations must move away from viewing risk management as a hindrance and adopt a culture that sees it as a business enabler.

• Timely action - With the Code set to take effect in January 2025, organisations should start planning and conducting gap assessments now to ensure readiness.

Preparing for change

In conclusion, it is evident that the UK’s changing corporate governance landscape presents both opportunities and challenges for organisations.  While the UK's commitment to robust governance is commendable, careful planning and consideration of the practical implications of the proposed changes are essential.  Organisations should start having planning conversations and conduct gap assessments early to bridge the divide between current practices and the proposed standards set by the FRC.

As the details become clearer and guidance is provided, companies will need to adapt swiftly to ensure compliance while minimising unnecessary costs and bureaucracy.  The journey ahead may be complex, but with proactive planning and a commitment to good governance, organisations can navigate these changes successfully.

Chris Burt is a co-founder of the Risk Coalition. This blog summarises a Chatham House Rule discussion held on 8 June, hosted and organised by the Chief Risk Officer Forum (CRO Forum). This was established by the Risk Coalition to provide an opportunity for risk leaders to exchange views and discuss matters of common concern. To find out more about the Risk Coalition and its CRO Forum, please contact the Risk Coalition Team.