Skip to main content
main content, press tab to continue
Article | Managing Risk

Corporate Governance Code 2024: Compliance and competitive advantage

By Sobia Sheikh | August 29, 2024

The UK Corporate Governance Code is changing. What will you need to do to comply and how you can harness transparency and accountability to add business value.
Crisis Management||Direct and Facultative|Enterprise Risk Management Consulting|ESG and Sustainability|Risk Management Consulting
Directors and Officers risk insights

Changes to the UK Corporate Governance Code this year will apply to businesses as early as January 2025. To support you in complying with the changes and maximising the opportunities the updated code represents, in a series of two Q&A articles, we take a look at what’s changing and how your organisation can respond.

In this article, we answer some key questions on the updated code, ahead of providing further details on how you can address specific requirements in the second Q&A.

Below we look at:

The UK Corporate Governance Code 2024, released by the Financial Reporting Council (FRC) in January this year, introduces several key changes aimed at enhancing transparency and accountability while minimising burdens on businesses. The key updates are around:

  • Risk management and internal controls, the most significant change being the requirement for boards to include a declaration in their annual reports about the effectiveness of the company's ‘material controls,’ including financial, operational, reporting and compliance controls (see below), which will apply to accounting periods starting on or after January 1, 2026
  • Audit committee responsibilities, streamlining responsibilities and reporting requirements of audit committees, with reference to the FRC’s Minimum Standard: Audit Committees and the External Audit, which aims to enhance performance and ensure a consistent approach across audit committees
  • Greater focus on governance reporting, focusing on board decisions in relation to companies’ strategy and goals, including more detailed explanations for any departures from the code
  • More emphasis on how companies are run and their culture, with expanded scope of diversity policies and related initiatives
  • Bolstered malus and clawback arrangements, requiring more comprehensive disclosures around malus (a financial penalty which results in the reduction of 'at risk' remuneration, such as a bonus) and clawback (the cancellation of unvested or pending incentives and the recovery of incentives and bonuses already paid)
  • Reaffirmed comply or explain principle, allowing an organisation to continue to either follow the provisions or provide a justified explanation for non-compliance, tailored to the specific circumstances.

When does the Corporate Governance Code 2024 apply?

The new code applies to years starting on or after January 1, 2025, except for the requirement to report risk management and internal controls, which starts from January 1, 2026.

How can you identify the risks requiring ‘material controls’?

There are a number of practical steps you can take, including the following:

  • Carry out a full risk assessment to find possible risks in all parts of your organisation and determining their likelihood and potential impact on the organisation using both qualitative and quantitative assessments to prioritise risks based on their significance
  • Establish criteria for what constitutes a material risk, setting thresholds for financial loss, operational disruption, regulatory non-compliance and reputational damage. Ensure your criteria align with your organisation’s strategic objectives and risk appetite. Material risks are those that could significantly affect the business achieving these objectives
  • Involve the board of directors and senior management in the risk management strategy process, their insights and experiences are crucial in understanding strategic and operational risks. Engage employees across different levels and departments. They often have firsthand knowledge of operational risks and control weaknesses
  • Assess the effectiveness of existing controls in mitigating identified risks, testing controls and evaluating their design and operational effectiveness. Also, find any gaps or weaknesses in the current control system that could let big risks affect your organisation. It’s important to create and put in place controls that are meant to reduce material risks.

How can you to adhere to the Corporate Governance Code 2024 requirements on monitoring 'material controls'?

The Corporate Governance Code 2024 requires boards to monitor and review all material controls’ which include financial, operational, reporting and compliance controls. Your organisation may need to implement several specific changes, including:

  • Creating a complete internal controls system, clearly grouping controls into financial, operational, reporting and compliance, defining the goals, processes and key controls for each category
  • Carrying out regular risk assessments covering all material controls, including identifying key risks, assessing their impact and likelihood and determining the controls in place to mitigate these risks
  • Create risk registers that list all the risks, controls and any problems or improvements needed
  • Using standards and frameworks, such as those from the Committee of Sponsoring Organizations (COSO) or International Organization for Standardization (ISO) to develop and maintain your company’s risk management and internal controls framework
  • Strengthening the internal audit function to ensure it covers all material controls and conducting periodic audits and control testing to verify the effectiveness of your financial, operational, reporting and compliance controls
  • Implementing control testing procedures to evaluate the design and operating effectiveness of controls across all categories
  • Establishing a risk committee dedicated to overseeing risk management and internal controls, which meets at least quarterly to review and discuss the company’s risk profile, emerging risks and the effectiveness of existing controls
  • Developing comprehensive board reports covering the status of all material controls and including findings from internal audits, risk assessments and control testing, as well as any significant control failures and remediation plans
  • Conducting annual effectiveness reviewing the effectiveness of all material controls, involving both internal and external auditors if necessary, documenting and presenting the results to the board
  • Providing ongoing board and senior management training on risk management and internal control frameworks
  • Ensuring employee awareness so they understand their roles in maintaining and monitoring controls through regular training sessions and clearly communicating policies and procedures.

What are the implications for your organisation if you don’t comply with the Corporate Governance Code 2024?

If you fail to adhere to the code, it can lead to negative perceptions among investors, customers and other stakeholders, eroding trust and damaging your organisation's reputation. Your organisation could face loss of business and market value.

Non-compliance can also attract scrutiny from regulatory bodies, leading to investigations, fines and other penalties, diverting both financial and time resources away from your core business activities.

Investors may also view non-compliance as a sign of poor governance and risk management, losing confidence and prompting potential divestment.

Non-compliance also indicates a lack of clear processes and communication channels for risk management and internal controls, which can lead to inefficiencies, duplication of effort and gaps in risk coverage, weakening your organisation’s overall governance structure. If you fail to comply, you may also fall behind competitors with stronger governance practices, impacting your organisation’s ability to attract top talent, form strategic partnerships and compete effectively in the market.

In the second article in this series, we'll provide further detail on how you can address the specific requirements of the amended code with a view to supporting competitive advantage.

For expert support and smarter ways to meet the Corporate Governance Code 2024 requirements, get in touch with our specialists.

Author

Director of Enterprise Risk Consulting and Transition Risk

Contact us