The Financial Reporting Council has published its annual review of corporate governance reporting based on the disclosures of a sample of 100 FTSE 350 and Small Cap companies in relation to the 2018 UK Corporate Governance Code.
This year, the FRC paid particular attention to concise reporting, good explanations and better outcomes reporting. Its annual review also includes insights to help companies to prepare for the declaration of effectiveness of material controls which will apply to financial years commencing on or after 1 January 2026 as well as other changes which take effect a year earlier under the UK Corporate Governance Code 2024.
Main findings
- Companies should aim for more concise reports: This year, the FRC looked at the length of the stakeholder engagement sections of annual reports to identify opportunities for companies to reduce the length of their reports. Among other things, it recommends that companies:
- focus on board actions and outcomes;
- consider whether information is useful before including it;
- eliminate boilerplate language;
- consolidate related content (or use appropriate cross-referencing to avoid duplication); and
- focus on how the Code’s principles are applied in practice (rather than just repeating the text of the Code).
- Explanations: the FRC continues to emphasise the importance of disclosures on how companies apply the principles of the Code and on clear and meaningful explanations of how they have been implemented. The FRC found that many of the 25 companies that departed from the Code provided comprehensive explanations that outlined the rationale and described the alternative governance arrangements that were in place. However, some companies’ explanations were less informative. To make improvements, companies needed to consider whether their chosen corporate governance approach was clearly articulated and appropriately justified, the duration and nature of the departure, how the explanation demonstrated continued alignment with the principles of the Code and the clarity and usefulness of explanation for stakeholders.
- Outcomes-based reporting: the FRC found that reporting would be more effective if companies focused less on the description of policies and more on the actions they had taken during the year, and their impact. For example, in relation to shareholder engagement, companies needed to provide a concise summary of the engagement activities undertaken by the board, including objectives, a summary of issues, participants, progress of the dialogue, and the outcome of the engagement. In relation to stakeholder engagement, it would be helpful to provide a summary of board engagement activities and any outcomes from these.
- Over-boarding: Most companies in the FRC’s sample explained how they assessed directors’ time commitments, but their disclosures would have been more valuable if they had explained the specific factors considered and had moved away from a purely numerical approach to over-boarding.
- Diversity: The FRC continues to see strong disclosure of diversity and inclusion policies, with 98 companies out of 100 clearly stating their approach. One company reported that it would no longer have a board-level D&I policy.
- Audit tendering: The FRC encourages companies to provide clear and comprehensive disclosures on audit tendering, including the criteria used and process followed.
- Audit Quality Review results: There remains room for improvement, particularly around including the scope of the review and how findings were addressed.
- Risk management and internal control: The FRC found that companies often repeated information on risk management and internal controls in their strategic and corporate governance reports. It encourages companies to consolidate their reporting on risk and internal controls into one section of the report and use cross references.
- Cyber and AI: The FRC found that 66% of companies highlighted board-level oversight of cyber risks, 85% included cybersecurity as a principal risk and 12% outlined it within their operational principal risks. In addition, 20 FTSE 350 companies disclosed AI as an emerging risk and three FTSE 350 companies disclosed it as principal risk.
- Remuneration: Disclosures were often of a high standard. The FRC noted that the 2024 Code is prompting a few companies to revisit malus and clawback disclosures.
How companies are preparing for the 2024 Code
Of particular interest, is the FRC’s focus on companies’ preparations for the implementation of new Provision 29 on risk management and internal controls. Provision 29 comes into force for financial years starting on or after 1 January 2026. More than half of the companies in the FRC’s sample mentioned the new provision, with many providing details on their preparation activities. Examples of this included:
- updating the board and its committees on the changes;
- enhancing/updating internal control frameworks;
- identifying material controls;
- reviewing the development of new frameworks;
- changing the scope of the audit committee’s responsibilities; and
- carrying out a dry run of the process intended to support the internal control declaration.
Examples of good reporting are included in the annual review.
The FRC also considered early reporting in relation to the Minimum Standard on Audit Committees and the External Audit. The 2024 Code recommendation for audit committees to follow the minimum standard applies to financial years commencing on or after 1 January 2025, so is not yet in effect but 63% of FTSE 100 and 51% of FTSE 250 companies in the FRC’s sample referenced the minimum standard in their audit committee reports. While most simply stated their compliance, a few disclosed the action they had taken (or would be taking) to meet the Minimum Standard, such as updating the audit committee terms of reference or incorporating relevant criteria into future auditor tendering processes.
The FRC’s annual review of corporate governance reporting can be found here and the press release is here.
For further information, please contact:
Judy Pink, Linklaters
judy.pink@linklaters.com
