Getting your house in order

As we enter 2025, companies face continued pressure to maintain high governance standards. A focus on transparency continues to underpin updates to relevant legislation and regulation across the world. The UK government and regulatory bodies are introducing updated policies in several areas, including to help prevent fraud that benefits corporates, restore trust in audit quality, and ensure responsible corporate behaviour. 

Boards and in-house legal teams must stay informed and prepared, ensuring their governance structures are resilient. We explore the recent and upcoming changes in audit and corporate governance, providing guidance for companies to align with new standards and strengthen their governance structures. 

Audit and corporate governance reform

Restoring trust in audit and corporate governance has been on the political and regulatory agenda since 2018, prompted by significant corporate failures such as Carillion, Thomas Cook and BHS. At the same time, there is a desire, and a need, to position UK capital markets, domestically and internationally, as a more attractive and efficient place to do business. 

Whilst some regulations to bring in additional reporting requirements for private and public companies were withdrawn in 2024 to “cut red tape”, corporate governance reform has been brought into sharper focus again in recent months.

The Audit Reform and Corporate Governance Bill announced by the new UK government in July 2024 will establish the new regulator, the Auditing, Reporting and Governance Authority (ARGA). Although its scope remains unclear, a significant development would be the intention for ARGA to have the power to investigate and sanction company directors for serious failures in relation to their financial reporting and audit responsibilities. Currently the Financial Reporting Council (FRC) can only take action against directors who are members of an accountancy body.

The new UK Corporate Governance Code 

In January 2024, the FRC published an updated UK Corporate Governance Code (the 2024 Code) which will replace the UK Corporate Governance Code published in 2018 (the 2018 Code). The FRC scaled back its original proposals (published in March 2023), to keep changes to the “minimum that are necessary” whilst maintaining the comply or explain approach to compliance.

All changes, apart from those made to Provision 29, are effective for accounting periods beginning on or after 1 January 2025, with first reporting in 2026. The changes to Provision 29 will come into effect on 1 January 2026. There are several significant changes, included a new shift of focus, and related responsibility, to the board to maintain an effective risk management and internal control framework. 

Although boards will not have to make the new assurance declaration until the 2027 reporting season, implementing a robust corporate governance framework now can help companies adhere to standards and prevent criminal activities such as fraud. Boards must ensure the right controls, oversight mechanisms, and accountability structures are set up to reduce the potential for misconduct. 

New compliance expectations in fraud prevention 

On 6 November 2024, the UK government also published long-awaited Guidance on the new corporate offence of failure to prevent fraud. This represents a pivotal move towards holding organisations more readily accountable in the UK for economic crimes, and at the same time marks a major development in compliance expectations. Set to take effect from 1 September 2025, the new offence means that large organisations may be criminally liable if an associated person, such as an employee or subsidiary, commits fraud intended to benefit the organisation or its customers / clients. However, it will be a complete defence if an organisation can prove reasonable fraud prevention procedures were in place – emphasising the critical role of the compliance framework.

The UK government Guidance offers practical advice for organisations on designing and implementing fraud prevention procedures, building upon established principles from prior failure-to-prevent offences. However, the new Guidance reflects a more refined and comprehensive approach, reflecting over a decade of enforcement experience of what constitutes “adequate” or “reasonable” compliance programmes. The Guidance also encourages businesses to draw on a broader array of resources, including the UK Corporate Governance Code. Key expectations include conducting a risk assessment to identify unique fraud risks, designing and implementing tailored policies and procedures, and embedding these practices through training and communication.

Board engagement expectations for financial services firms and the investor community 

The quality of a firm’s governance is generally acknowledged by financial regulators as one of the most significant contributors to its legal and regulatory compliance. Faulty governance in regulated firms doesn’t always impact short-term financial success, but it can lead to other failures in the long run, including enforcement action. 

In the UK, the Senior Managers and Certification Regime is expected to remain a key priority. Policy makers are also increasingly focused on the role that accountability mechanisms play in the management of non-financial or emerging risks in regulated firms, such as artificial intelligence, as well as their interdependence with organisational culture. 

Recent enforcement action from the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA), including the 2024 fines imposed on HSBC for historic depositor failings and on Citigroup for failures in trading systems and controls, provide examples of firm failings that are considered to be grounded in inadequate governance and board oversight. One area where we might expect a conflation by regulators of perceived shortfalls in regulatory compliance and poor governance is in connection with the consumer duty, specifically, the delivery of good consumer outcomes. 

Firms can help to mitigate the risks by identifying and avoiding cultural characteristics that regulators have referred to among the root causes of systemic compliance problems.

Another integral part of holding companies to high governance standards involves the stewardship activities of the investor community. The UK Stewardship Code, which serves as the “benchmark” framework against which stewardship practices are reported, has seen considerable take up among asset managers and asset owners since its last substantial revision. However, there has also been some pushback from both the investee and investor community against the reporting burdens placed by the UK Stewardship Code. As a result, the FRC launched a comprehensive review, which culminated in the publication of its consultation on proposed changes to the UK Stewardship Code in November 2024. 

The proposals include re-defining “stewardship”, streamlining the signatory assessment process and principles in order to reduce reporting burdens and improve flexibility. Specific principles for proxy advisers and investment consultants are also being introduced, reflecting their importance in the investor and stewardship ecosystem. Whether the overhaul of the UK Stewardship Code meets the FRC’s stated aim of ensuring it continues to drive effective stewardship without imposing onerous reporting burdens on signatories remains to be seen. 

ESG governance and reporting

The rapid pace of change in ESG-related obligations offers risks and opportunities across the world and is encouraging corporates to review and update their sustainability-related governance. This pressure may drive closer self-examination of existing governance structures, helping to improve external stakeholder relations and mitigate risks associated with increased disclosures.

Reporting under the EU's Corporate Sustainability Reporting Directive (CSRD) and associated European Sustainability Reporting Standards (ESRS) begins on a phased basis from the end of 2024. Companies in scope will be obligated to consider a range of potential disclosures in respect of their sustainability governance on a “double materiality” basis. In advance of the middle of 2027, in-scope EU and non-EU companies will also need to put relevant governance and risk management policies in place to comply with the EU's Corporate Sustainability Due Diligence Directive (CS3D). This includes needing to have a strong process to identify and engage with a broader range of stakeholders and incorporate third-party views into internal governance. Longer term, the CS3D requires the European Commission to review and monitor the directive's effectiveness, including in respect of good governance, to see whether the CS3D needs to be updated and broadened. 

The global adoption of the International Sustainability Standards Board's (ISSB) sustainability and climate standards, as well as various transition plan disclosure frameworks, will also drive developments in governance reporting. In the UK, a consultation on a proposed set of Sustainability Reporting Standards based on the ISSB standards is expected in early 2025. In addition, although the UK’s Transition Plan Taskforce’s (TPT) transition plan disclosure framework is currently voluntary, it is expected to be integrated into domestic UK law in the next 2 - 5 years following the consultation planned for the first half of 2025.

Although the TPT describes its framework as the “gold standard” for transition plan disclosures, recent draft guidance from the European Financial Reporting Advisory Group states that EU undertakings will not have to be familiar with the TPT's framework when reporting in line with the ESRS. As such, some divergence may be expected.