New QCA and FRC corporate governance codes – which is more current?

14 June 2024

Revised FRC corporate governance code

Prior to the revised UK Corporate Governance Code (UKCGC) publication in January 2024, the Financial Reporting Council (FRC) took the relatively unusual step of stating that it was abandoning many of its previously proposed changes to the UKCGC, ‘conscious that there is currently a much wider debate about business reporting requirements and burdens across the economy.’ 

This received mixed reactions. Some market participants were pleased that (perceived) additional burdens on businesses and their leaders, such as specific environmental, social and governance (ESG) responsibilities for audit committees, were to be avoided. Others saw it as something of a missed opportunity to maintain a world-leading corporate governance framework. They were particularly disappointed by the withdrawal from proposed provisions on ESG and equality, diversity and inclusion (EDI).

In the end, the only material change was found in Provision 29, which introduced a requirement for the annual report to contain:

  • a description of how the board has monitored and reviewed the effectiveness of the organisation’s risk management and internal controls framework; 
  • a declaration of effectiveness of the material controls as at the balance sheet date (including those over-reporting); and 
  • a description of any material controls which have not operated effectively as at the balance sheet date, the action taken, or proposed, to improve them and any action taken to address previously reported issues.

Although technically a new reporting obligation, accompanying guidance published alongside the revised UKCGC devotes approximately a third of its length to examining risk management/the internal controls framework and linked ideas – what those terms mean and how boards and committees might go about creating, monitoring and assuring those systems. It will not be possible to argue that insufficient material has been made available to inform discussions.

Towards the end of the guidance (paragraph 295), it is noted that: ‘The board should form its own view on effectiveness, based on the evidence it obtains, exercising the standard of care generally applicable to directors in the exercise of their duties.’ While this doesn’t quite undermine the statement directors are now being asked to give, the point is well made that being in a position to make the statement (ie having sufficient oversight of material controls) is a duty that directors already owe to their organisation under company law – a point also made in responses to the consultation.

In terms of practical outcomes, the FRC encourages boards to (paragraph 298): ‘…utilise the ‘comply or explain’ nature of the Code to provide an explanation where perhaps a control system is less established or mature, or the effectiveness of a new control system has not yet been proven.’ Despite this emphasis, and the flexibility ‘comply or explain’ brings, it is unlikely that companies will feel comfortable enough with their investors to set out in the annual report how key controls are not working. Compliance, then, seems inevitable. 

Perhaps of more interest is what was not included. Given the ubiquity of the ESG discourse, it is surprising that ESG issues are not mentioned at all in this context. The consultation draft saw proposed ESG-related amendments from the outset, with Provision 1 stating that the board should ‘describe in the annual report how environmental and social matters are taken into account in the delivery of its strategy, including its climate ambitions and transition planning.’ The proposed revision to Principle I, which aimed to increased focus on EDI by moving boards away from the baseline of protected characteristics to a broader suite of protected and non-protected characteristics, including cognitive and personal strengths, was also dropped.

It is not the case, of course, that the FRC considers these to be unimportant matters. In its words, it is trying to ensure that ‘any guidance is proportionate and limits burdens whilst not weakening effective governance. This is critical to the FRC’s role in supporting growth and the UK’s competitiveness.’ 

Updated QCA corporate governance code

The recently revised Quoted Companies Alliance (QCA) Code (2023) has taken a very different approach for its traditional audience of small, mid-sized and growth companies.

Among other changes, it places ESG at the heart of its revised Principle 4 (‘Stakeholder Interests’). It requires a description in the annual report of the environmental and social issues that the board has identified as being material to the company with reference to its purpose, strategy, and business model, along with associated KPIs and targets. Under the same Principle, workforce engagement is highlighted, with a link made between practices towards employees and consistency with the company’s values. This is a requirement that, with nuanced reporting, could seamlessly incorporate community work, the response to climate-change (and employee engagement on that subject), and EDI practices.

Specifically on EDI, boards are now required to reflect on their own levels of diversity, ensuring the board possesses the necessary knowledge and skillset while avoiding groupthink (Principle 6). Consideration should be given to factors such as socio-economic background, nationality, educational attainment, gender, ethnicity and age – in other words, going beyond the protected characteristics.  This is linked to succession planning (Principle 8), now acknowledged to be a key part of board activity so that ‘no member of the board…becomes indispensable’. In a similar vein, an annual evaluation of the board’s performance is now a 'should' rather than a 'may'. 

The revised QCA Code also extends risk management (Principle 5) to include a focus on internal controls and assurance. While directors are not required to make an attestation on the effectiveness of material controls, more granular disclosures are now expected about what the board does to ensure risk management and related internal controls are effective and how it receives assurance. 

On paper, one might argue that the forward-looking board that takes its social responsibility seriously, seeks at every available juncture to be more diverse, and plans for refreshing of its membership, is now a board that has adopted the QCA Code rather than the ‘gold standard’ of the UKCGC. This is an interesting turn of events that may see the QCA Code take more of a leading role in governance discussions. It also might become a real alternative for those larger companies that are not required to report against the UKCGC but want to offer market-leading, flexible, quality reporting aimed at inspiring trust in their shareholders and other stakeholders.

With the exception of Provision 29, which is delayed by a year, the revised UKCGC will apply to financial years beginning on or after 1 January 2025. The updated QCA Code applies to financial years commencing on or after 1 April 2024, with a 12-month transition period. It will be interesting to see how companies use the available transition time to adapt and rise to the challenge of providing the clear, concise, insightful, and tailored disclosures expected under the revised codes.