On 19 July 2023, the Department for Business & Trade published draft regulations (the “Regulations”) which will introduce the new corporate reporting reforms that the Government promised with the conclusion of its Restoring Trust in Audit and Corporate Governance review. An explanatory memorandum on the regulations was also published and the Department has set out some detailed and helpful (but non-legal) guidance on the regulations on its website. Later this year, the FRC intends to publish its own draft guidance on the new reporting requirements and, in preparation for that, it is hosting a number of roundtable discussions on the requirements in September (details can be found in the FRC’s website as well, when available, a recording of a webinar the FRC held on the reporting requirements on 27 July 2023).
This new reporting will require inclusion in the annual report of a resilience statement, a distribution policy (and statement of distributable profits), an audit assurance policy and a material fraud statement.
When do the new requirements take effect?
The requirements will apply to financial years starting on or after 1 January 2025 for listed companies and on or after 1 January 2026 for all other "large" companies, including those traded on AIM.
Which companies are in scope?
The requirements will apply to "large" UK-incorporated companies, whether they are listed, traded on AIM or another MTF, or are entirely private ("in scope companies"). And so will not apply to LLPs or partnerships, etc.
The test of being "large" has a dual threshold - the company (or group - see below) must have at least 750 employees (where ever employed) and its turnover must be at least £750 million. The employee threshold is calculated by aggregating monthly totals and dividing that by 12. The turnover calculation must include net income from interest, trading, fees and commissions (in the case of a banking company) and revenue or earned net premiums (in the case of an insurance company). (See Part 2, Reg. 4 of the Regulations which inserts a definition of a "company with a high level of employees and turnover" into the Companies Act 2006 (the "Act") that defines the UK companies that will be "in scope" for these new corporate requirements).
There will be no "smoothing" provisions such as apply to certain other statutory reporting requirements whereby the requirement continues to apply for a reporting year or more after the relevant thresholds for it are no longer met in (or is delayed in (re)applying, even when relevant thresholds are met, when the requirement has not previously applied or ceased to apply).
Reporting in a group context
In the case of a group containing UK subsidiaries, where there is a UK parent company which prepares group accounts, meeting the dual threshold will be assessed on an aggregated group-wide basis. The UK parent will make the required disclosures in place of any UK subsidiary that also qualifies as a "large company" and group disclosures will be required even if there is no single UK company in the group which by itself meets the dual threshold.
Where there is no UK parent (but a foreign parent instead), disclosures will only be required from each of those UK subsidiaries that themselves, separately, meet the dual threshold.
Where group reporting applies, the disclosures will appear in the UK parent's group strategic report or group directors' report (as applicable - see below).
Resilience Statement
Unlike all the other new corporate disclosures, this disclosure will appear in the reporting company's annual strategic report (or, if the company prepares group accounts, in its group strategic report) (see Reg. 4, Part 2 of the Regulations which inserts a new section 414CD into the Act). It is designed to provide more information about the risks faced by the company, how they are being addressed and mitigated (including the role of directors in this), and their likelihood, timing and potential impact. With prescribed content, the statements are intended to ensure that this risk management analysis will be presented in a consistent way and on a comparable basis for all in scope companies.
Short, medium and long-term reporting
The Resilience Statement must summarise the company's strategic approach to managing risk over the "short" and "medium" term (to be defined in the company's statement) and over the "long-term" (which need not be defined in the statement but must cover long-term trends and factors likely to continue or occur beyond the medium-term and which could represent a significant threat in the future to the company's business model or operations). The short-term period must equal the period covered by the company's going concern statement (which must be at least 12 months from when the accounts are approved by the board). There is no specific time period set for the medium term but the company must explain how the period it has chosen for this reporting aligns with the company's strategy, business planning and investment cycle. This is likely to be the period that companies choose for making their "viability statements" under the existing UK Corporate Governance Code (the "Code").
Principal risks reporting
The statement must disclose principal risks that could threaten the company's business model, operations, future performance, solvency or liquidity, and certain specifically listed risks, but only to the extent that the directors consider those specific risks constitute a principal risk in themselves or are relevant to the company's management of principal risks. These specific risks include financial liabilities and refinancing needs, preparedness for a significant and prolonged disruption to normal business trading, digital security risks, business dependency and concentration and the impact of climate-related and sustainability-related risks.
Going concern reporting
The statement must also contain a summary of matters relevant to the company's going concern status, including why the directors have (or have not) adopted the going concern basis for its accounting reporting and any material uncertainties that may cast significant doubt on the company continuing to operate as a going concern.
Reverse stress testing
The statement must include an assessment of the company's prospects and the likelihood that it will continue in operation and remain solvent over the medium term and confirm that at least one reverse stress test has been carried out and summarise its results. This reverse stress test must involve the directors identifying a combination of adverse circumstances which could cause the company's business plan to become unviable, the likelihood of that occurrence and mitigating action that might be taken to avoid or reduce the impact of that occurrence.
"Sensitive information" disclosures
The statement need not contain: (i) any information about impending developments or negotiations underway, and (ii) disclosures in relation to the reverse stress test (to the extent they summarise the test or describe the elements of the test), if, in the opinion of the directors, that would be seriously prejudicial to the interests of the company.
Interaction with Code reporting requirements
In our briefing about the review the FRC is currently conducting on the Code, we noted the proposal that companies which report under the Code and must also produce Resilience Statements, will be excused from making what would be overlapping disclosures in their annual reports under the Code's "viability statement" and "going concern" provisions.
Distributable Profits and the Distribution Policy
The Regulations introduce two new reporting requirements with respect to distributions by in scope companies.
Distributable profits note
The first requirement - see Reg. 2, Part 2 of the Regulations inserting a new section 413A in the Act - is to include in the notes to the accounts:
- the amount of the company's distributable profits (i.e., available for distribution under section 830 of the Act),
- changes in that amount that have taken place during the year due to distributions or share buybacks,
- for PLCs, how the "nest asset restriction" on distributions by PLCs - no distribution can be made if the PLC's net assets are less (or would be reduced to less) than its called-up share capital and undistributable reserves - applies to distributions by the company, and
- for investment companies, further disclosures taking account of the Act's additional requirements with respect to such companies' distributions.
Companies are permitted to give a "minimum" figure instead of the actual amount of the distributable profits, if calculating that "actual" amount would involve unreasonable expense or delay. Where a "minimum" figure is given, an explanation must also be given of why there would be an unreasonable expense or delay in disclosing an "actual" amount and how the minimum figure was calculated.
Distribution Policy Statement
The second requirement - see Reg. 6, Part 3 of the Regulations inserting a new section 416C in the Act - will call for in scope companies to include in their directors' report (or, if the company prepares group accounts, in its group directors' report) a statement which describes, in relation to the financial year being reported on:
- the directors' approach to capital allocation, covering investment, capex, R&D, distributions, share buybacks and any other matters they consider relevant,
- the policy towards the timing and amount of distributions and share buybacks over the short and medium term (as defined in the Resilience Statement),
- the factors considered material to making distributions and share buybacks, including the profits and cash available to fund these,
- key risks and constraints (including legal) considered relevant to implementing and sustaining those distributions and share buybacks, and
- how the directors have implemented the distribution/share buyback policy and have taken into account the above factors and constraints, including the amount of disclosed distributable profits, and other matters relevant to distributions and share buybacks.
This builds on existing dividend policy disclosures that companies may make as required by accounting standards or guidance in relation to capital management and profit realisation (see the Financial Reporting Lab's report on Disclosure of dividends - policy and practice, published in November 2015 and updated in October 2017, and will set out prescribed content for all in scope company dividend policy disclosures.
Distributable profits and Distribution Policies in a group context
In the case of a UK group, only the UK parent company that is "in scope" will have to disclose the (minimum) amount of its own - not the aggregate of the group's - distributable profits. The UK subsidiaries in the group, even if they are in scope, will be exempted from this disclosure requirement.
Investors will, however, be given a picture of the distribution policy of the group as a whole (including, as noted above, the timing and amount of distributions) by a requirement that where the reporting company produces a group directors' report, the Distribution Policy Statement must be made on a consolidated basis. This will therefore take account of the availability for distribution of profits in the subsidiaries making up the group.
Audit Assurance Policy Statement ("Policy") (and updates)
This disclosure will appear in the company's directors' report or, if it is a UK parent company preparing group accounts, in its group directors' report. A new section 416A of the Act (inserted by Reg. 6, Part 3 of the Regulations) will require the statement to be made on a three-yearly basis and to be updated on an annual basis in the intervening years.
Although the Policy will not be subject to any shareholder vote - advisory or binding (and assuming no shareholders decide to requisition a vote on the Policy) - it will have to explain to what extent shareholder, employee and other stakeholder views have been taken into account in developing the Policy.
The statement is intended to help investors and others (e.g., creditors, employees, etc.) understand how the company obtains internal and any external assurance (beyond the statutory audit of the accounts) of both its financial and non-financial or narrative annual reporting.
Internal assurance
The Policy must describe the company's:
- internal auditing and assurance processes, including how management conclusions and judgments disclosed in the annual report (including accounts) may be challenged within the company, and
- plans for obtaining internal assurance over the annual report over the next three years.
External assurance
The Policy must also disclose what external assurance, if any, the company intends to seek:
- in the next three years in relation to the annual report (in addition to the statutory audit and auditor's non-financial information confirmations)
- over its Resilience Statement and its controls over financial reporting.
Annual update
During intervening years when no new Policy needs to be issued, an in scope company will have to include in its directors' report a short update for the financial year in question, disclosing how the company has implemented its Policy, whether and how the Policy has been amended, what external assurance has been sought and whether and how any external assurance reports may be accessed.
Material Fraud Statement
This disclosure will also appear in the directors report (or, where applicable, group director's report) and is designed to give investors and other readers of the annual report an understanding of: (i) the steps that the company (or group) has taken to assess the susceptibility of the company to material fraud, and (ii) the measures in place to prevent and detect material fraud, including new measures proposed to be put in place in the next financial year.
Fraud
for these purposes means behaviour falling within sections 2 to 8 of the Fraud Act 2006 (and so includes, false representations, failures to disclose information that must be disclosed, and dishonest abuse of a position of (essentially) financial trust). The reporting will capture fraud committed by the company as well as fraud where the company is the victim.
Material
means when the nature or size of the fraud could reasonably be expected to influence a reasonable shareholder's decisions in connection with its shareholding in the company. This seems to bear some similarities to the "reasonable investor" test under the Market Abuse Regulation.
Similar to the exemption applying to the Resilience Statement, no disclosure in the statement is required of information which, in the directors' opinion, would be seriously prejudicial to the interests of the company.
Final comment
The Regulations will introduce demanding and, at least for investors and other stakeholders, welcome new corporate reporting disclosures in two principal areas. The first concerns risk management and internal controls (in the broadest sense). In this area, the Resilience, Audit Assurance Policy and Material Fraud Statements will require much more focused, rigorous, informative and forward looking disclosures than companies have previously been required to include in their annual reports under the Code. The second concerns dividend and other distributions. The requirement to give a figure for the amount of distributable profits finally addresses what has been seen for a long time as a key missing financial metric in accounts. The additional disclosures in the Distribution Policy Statement will also help focus the minds of boards and their companies' stakeholders on how profits earned by the company are to be deployed, whether internally or by way of returns to investors. It will also require them to acknowledge publicly in the annual report any material factors and constraints relevant to implementing and sustaining the company's chosen distribution policy.