Governance Perspective UK Audit and Corporate Governance Reform - shaping the debate

Extension of PIE

In UK rules, the current definition of PIEs primarily captures main market listed companies. The audits and auditors of PIEs are subject to a host of regulatory measures regarding the appointment of auditors, additional content that is required in the audit report and a requirement on the regulator to inspect, investigate and impose sanctions, where appropriate.

Against the backdrop of a recent spate of corporate collapses, the Proposals seek to expand the definition to include large private companies and AIM-listed companies with a market capitalisation exceeding €200 million.

Two alternative approaches are suggested which could be used to identify large companies (those with either (i) more than 2,000 employees; or a turnover of more than £200 million and a balance sheet of more than £2 billion; or (ii) over 500 employees, and a turnover of more than £500 million).

The significant public impact of certain large third sector entities (e.g. universities, charities and housing associations) is recognised and views are sought on whether these should be caught and, if so, the applicable thresholds.

The extension of the definition to large private companies will require them to take significant steps to ensure directors are properly protected in respect of their increased risk profile. This represents a continuing regulatory trend towards the increasing “professionalisation” of private companies and their directors.

Directors’ accountability for internal controls

In a move to strengthen existing rules around giving a true and fair view of a company’s financial positon in its accounts (as well as certain other rules and principles applicable to listed companies), the government wishes to introduce rules requiring directors collectively to acknowledge their responsibility for establishing and maintaining an adequate internal control structure and procedures for financial reporting. Amongst other requirements, directors would need to explain how they got comfortable in making the directors’ statement on the effectiveness of control structures. If any deficiencies were identified, these would need to be disclosed together with the remedial action being taken and applicable timetable.

Unlike the SOX rules, where external auditors must (as with SEC regulated companies) assure that the company’s internal controls are sufficient, the decision on whether the statement on internal controls should be assured by an external auditor will usually be a matter for the audit committee and shareholders. Decisions should be based on judgements about the strength of systems and controls and whether extra assurance would be proportionate and should be considered as part of the proposed new audit and assurance policy.

External assurance should only be required in limited circumstances (e.g. where there has been a serious failure of controls, or material weaknesses have persisted over several years).

ARGA will have powers to investigate the accuracy of these disclosures and to order amendments or recommend an external audit of the internal controls.

Directors could be subject to civil sanctions where they have failed to establish and maintain an adequate internal control structure and procedures for financial reporting.

The Proposals raise for the first time the prospect of ARGA being empowered to take enforcement action against non-accountant directors. They are likely to increase costs as boards seek to obtain additional evidence to support their responsibility statement, whether in the form of internal or external assurance. The impact they might have on the need for updated systems and processes, as well as audit/risk function resourcing will also need to be considered.

It is suggested that the rules be introduced in phases – first to premium listed companies and then to other PIEs after two years.

New director civil liability

It is proposed to give ARGA powers to investigate and sanction directors of PIEs for breach of directors’ duties relating to corporate reporting and audit, and for a breach of any further rules ARGA may impose on them.

In particular, ARGA will be able to supplement existing statutory directors’ duties in relation to the preparation and reporting of accounts with new rules, including conduct rules. Any such conduct standard (e.g. the requirement to “act with honesty and integrity”) would be similar to that currently imposed by the FCA on certain members of financial services firms.

Existing obligations on directors could be significantly expanded, and together with the lower civil standard of proof (compared to existing criminal offences under the Companies Act), will make  enforcement easier. This is against the backdrop of a hardening D&O insurance market.

Regulatory powers to address serious concerns

Under the Proposals, ARGA can require a rapid explanation from a PIE about reasonable concerns and that an expert review be carried out (at the company’s expense) where it has identified concerns relating to corporate reporting and audit. Exceptionally, a summary of the expert’s report could be published if in the public interest.

This regime seeks to emulate the Skilled Persons reviews that can be compelled by the PRA and FCA.  In practice, expert reviews are likely to present a similar risk for companies that they will provide the basis for enforcement investigations by the regulator, which will in turn rely on the review to build its case. In many cases, PIEs will need to approach these reviews with the same preparation and thought as an investigation.

Implementation

The consultation closes on 8 July 2021 – a reasonable period within which to respond and shape the debate. There is no set timetable yet for implementation, but measures that do not directly impact businesses (e.g. establishing ARGA) will be brought into effect most quickly.

Jaya Gupta and Sarah Thomas are Partners and Richard McGarry is Managing Associate at Addleshaw Goddard.