Boardroom Essential

Subsequently the Insolvency Service, acting on behalf of the Secretary of State for Business and Trade, brought disqualification proceedings against eight former directors:

• Three former executive directors: The case against two former Finance Directors was that they had dishonestly published accounts and market announcements that they knew did not represent the true financial position of the company and had caused a dividend to be paid based on misstated accounts. The case against the former CEO was that he ought to have known that the accounts were misleading given his position. In the run-up to trial, all three accepted voluntary disqualification in exchange for the proceedings against them being dropped, but without admitting dishonesty.
• Five former non-executive directors: The case rested on an argument that despite not knowing about any alleged dishonest misstatements and not being involved in the day-to-day operations of the group, they were under a legal duty to know the true financial position of the company and group at all times – effectively the Secretary of State argued a form of strict liability.  On the day before the trial was due to start the charges were dropped – perhaps indicating the prosecutors knew they had a weak case?

What are disqualification orders?

If a person has been a director of a company that has become insolvent, the court can make a disqualification order against them where it is satisfied that their conduct as director makes them unfit to be involved in the management of other companies. A disqualification order may be between 2 and 15 years. They are usually made where there has been dishonesty or serious incompetence. The threshold for a disqualification order is lower than a civil claim. The Official Receiver must show that the director is “unfit” but strictly does not have to demonstrate that the director is in breach of duty, nor that the director’s conduct has caused any loss. The government has shown it is willing to fund high-profile proceedings; the Secretary of State’s costs in Carillion are believed to have topped £11m.

The Secretary of State’s argument (as disclosed in the pre-case pleadings) is concerning and does not sit comfortably with the governance role of a non-executive director. In this way it is perhaps unfortunate that it did not come before the court for scrutiny as, were this argument to succeed, the position of most, if not all, non-executive directors would be untenable. 

Challenges for Non-executives

There is a general view that the arguments the government sought to advance against the Carillion non-executive directors were simply wrong. However, this case (and other recent high-profile corporate collapses) have brought into focus some of the challenges and risks inherent in the non-executive director role:

1. Non-executives have only limited time to do the tasks required of them. Their responsibilities can be wide-ranging, especially where the organisation is large and complex (for example, Carillion had a turnover of £5bn, with hundreds of subsidiaries in various jurisdictions). In a very large business, how do you identify what to look out for?
2. The board’s supervision of management is usually based largely on information provided by management, albeit some of that information will be provided in response to non-executive requests.
3. Oversight of management decisions poses particular challenges. For example, Carillion’s Audit Committee was expected to review accounting judgements made by executives in relation to complex construction contracts, judgements that had also been subject to external audit. It is very hard for an audit committee to second-guess such decisions, especially based on the information given. In practice, its role is focused on checking the coherence and internal consistency of the information provided and asking well-directed questions.
4. There is a risk that, following a collapse like Carillion’s, investigators act with the benefit of hindsight and lose sight of the inherent limitations of the non-executive role.
5. In particular, when deciding to declare a dividend, a board must have in mind the fact that their decisions may well be viewed with 20/20 hindsight and so come under particular scrutiny where there is, for example, an insolvency further down the line.
6. If considering the performance of a board of a UK listed company, the courts would likely have regard to the UK Corporate Governance Code (the “Code”). This can be a mixed blessing:
   
   
   1. While some parts of the Code protect non-executive directors by setting out their limited role, other provisions of the Code, if read literally, could be interpreted in a very onerous way or set a high aspiration without giving much practical guidance. For example, the responsibilities of the Audit Committee include monitoring the integrity of the financial statements of the company and reviewing significant financial reporting judgements contained in them.
   2. The Code is placing an increased emphasis on the role of board in monitoring the effectiveness of the internal risk and control framework (see elsewhere in this issue).

How can non-executives minimise their exposure?

1. Choose your company carefully. When seeking a non-executive role for the first time, it can tempting to rush in to first appointment offered. Companies like Carillion, with a complex high-turnover/low-margin business model and a prominent public profile, potentially carry more risk.
2. Try to define your role in realistic way. For most listed companies your role (as outlined in your letter of appointment) will be based on Code requirements. Make sure that your appointment avoids any language that suggests you are taking on responsibilities that are unrealistic.
3. Lay down ground rules with management about the information you need. Management must present information clearly and with an analysis of the context, to allow you to identify its importance. Push back if management are giving the board an avalanche of tangential and irrelevant information.
4. Perform your supervisory role with diligence, reading all board papers and asking pertinent questions (without eroding the collegiality of board). As a practical matter, follow up on matters that arise and monitor that decisions are being implemented.
5. Understand the processes that support financial reporting, trying to identify any inadequacies – this will take time, and you cannot be expected to identify weaknesses on your first day.
6. Ensure that adequate D&O cover is in place. Insurance should extend to claims after a company insolvency company and cover not only money claims against you but also regulatory investigations and disqualification proceedings. Cases like Carillion show that even a large D&O pot can drain quickly with many claimants and proceedings in many jurisdictions. Where things go wrong, there may be regulatory investigations and civil claims against multiple directors and management simultaneously. Therefore, consider whether there should be a “sub-pot” for non-executive directors alone.
7. Seek extra advice in acute situations. Be aware of situations where executives are conflicted. Conflicted directors may have to stand back, putting additional pressure on non-executive directors. In such situations you might look to obtain separate independent professional advice and ensure that advice is properly recorded.
8. Step up to the plate if you have been appointed to the board to bring the benefit of your particular skills or experience. However, you are a director, not a consultant and your role is not confined to areas within your expertise. You cannot escape wider responsibilities applying to the board generally. For instance, even if you are not an accountant, you still need to take reasonable steps to understand and scrutinise the financial position of the company.
9. Do not get dragged into genuinely operational matters or a quasi-executive role. The scope of your operational involvement must remain clear.
10. Work with the other directors. Where giving guidance or recommendations, do so through a committee, so you do not become detached from the board.

Overview

As expected, the FRC has significantly scaled back the changes to the Code that it consulted on. Proposals in the original consultation in May 2023 relating to the expansion of the role of audit committees on ESG matters, over-boarding, expectations relating to board committee chair engagement with shareholders and expanding diversity and inclusion provisions, have all been dropped. In addition, there are no references to the audit and assurance policy and the resilience statement following the UK Government’s withdrawal of the regulations that would have introduced these new reporting requirements (as reported in our last edition of Boardroom Essential). For more information on the wider audit and corporate governance reforms, see our briefing here.

Most of the changes will apply to financial years beginning on or after 1 January 2025 (with the first mandatory reporting therefore seen in 2026). The changes to Provision 29 (risk management and internal control framework) will apply to financial years beginning on or after 1 January 2026 (with mandatory reporting from 2027), to give companies an additional year to prepare.

Key changes

1. Changes relating to internal controls, including expanded annual report disclosure requirements and a new board declaration on the effectiveness of the risk management and internal control framework
2. Incorporation of the Minimum Standard for audit committees into the Code
3. Strengthening reporting on malus and clawback
4. Clarifying that boards may pay non-executive directors a portion of their fees in shares
5. Requiring governance reporting to focus on board decisions and their outcomes
6. Emphasising the need for clear explanations where companies depart from the Code’s provisions
7. Requiring boards to assess and monitor how the company’s desired culture has been embedded
8. Mandating that the board ensures that policies and practices are in place for the company to meet its objectives and measure performance against them
9. Removing references to specific characteristics and groups when referring to diversity
10. Combining existing guidance notes into a single condensed Code Guidance, and adding new guidance on board committees and other topics

If you are interested, we have produced a more detailed client note about these changes

1. New board declaration on the effectiveness of the risk management and internal control framework

Reporting controls

The FRC has added “reporting controls” to the list of material controls that the board should monitor and review at least annually. The FRC’s view is that this “is not an extension of the UK approach” because the requirement has always been that boards are required to monitor and review “all material controls”. However, this change makes it clear that boards will now need to expressly refer to material controls relating to reporting, both financial and non-financial, including narrative reporting, when describing how the board has monitored and reviewed the effectiveness of the framework and, more significantly, also consider these controls when making the declaration of effectiveness.

Declaration of effectiveness

A significant change is the addition of a requirement for a declaration from the board of the effectiveness of material controls as at the balance sheet date. The added wording provides that the board should provide in the annual report:

• a description of how the board has monitored and reviewed the effectiveness of the risk management and internal control framework;
• a declaration of effectiveness of the material controls as at the balance sheet date; and
• a description of any material controls which have not operated effectively as at the balance sheet date, the action taken, or proposed, to improve them and any action taken to address previously reported issues.

Key issues for boards to consider include in relation to making this declaration are:

• Meaning of ‘material controls’: These will be company-specific and will depend on the company’s principal risks. A list of examples in the Guidance includes controls over risks to the business model, fraud and cybersecurity.
• Meaning of ‘effective’: Another key question for boards will be to decide what “effective” means in the context of their material controls. The Code Guidance makes it clear that an effective framework is not intended to eliminate all risk; its role is to manage risk.
• Additional processes: Companies should consider what additional internal or external assurance processes may be required, so that the board is able to make the declaration. This may include changes to record-keeping processes to ensure that the company has sufficient evidence to make the declaration and report on how it has monitored and reviewed the framework in the annual report.
• External assurance: The FRC’s position is that it is for individual boards, in conjunction with other committees and management, to decide whether any form of external assurance is necessary, and the type and nature of such assurance. The FRC explicitly states that there is no requirement to obtain external assurance, especially where the company has an effective, appropriately resourced, internal audit function that is able to provide relevant assurance. Respondents to the Consultation raised concerns about the cost to companies of obtaining, and the capacity of the audit market to provide, external assurance. Where boards decide that external assurance is required, they will need to consider this well in advance.
• Recognised frameworks and standards: The Code Guidance suggests that a board could use a recognised framework or standard as part of its process for designing and maintaining the effectiveness of the risk management and internal control framework. The FRC includes some examples of frameworks and standards but does not make any particular recommendations.

The changes to the relevant Provision of the Code (Provision 29) are coming in a year later than the other Code changes in order to give companies more time to prepare. 

2. Incorporation of the Minimum Standard for audit committees into the Code

FTSE 350 companies have been encouraged to report against the Minimum Standard on a comply or explain basis since May 2023. Adding this requirement to the Code means all premium-listed companies (not just FTSE 350 companies) will have to report against the Minimum Standard.

For more information about the Minimum Standard, see our July 2023 edition. The FRC has promised targeted guidance to support audit committees of non-FTSE 350 companies to apply the Minimum Standard.

Companies will need to review their audit committee terms of reference, processes and procedures to ensure that they reflect the Minimum Standard before the new Code becomes effective on 1 January 2025. Any non-compliance with the Minimum Standard will need to be explained in the annual report.

3. Strengthening reporting on malus and clawback

 A new Provision requires the annual report on remuneration to include a description of its malus and clawback provisions, including:

• the circumstances in which malus and clawback provisions could be used;
• a description of the period for malus and clawback and why the selected period is best suited to the organisation; and
• whether the provisions were used in the last reporting period. If so, a clear explanation of the reason should be provided in the annual report.

The remuneration report disclosure required broadly reflects the proposals consulted on by the FRC, although the FRC has dropped the proposed requirement to disclose the use of malus and clawback provisions over the previous five years and has also made other minor tweaks to the language.

The Code Guidance does not contain any new guidance on malus and clawback, although the Technical Q&A on the FRC website states that disclosures should focus on executive directors and not all those that are subject to malus and clawback.

4. Clarification that boards may opt to pay non-executive directors a portion of their fees in shares

The Code Guidance clarifies that although share options and performance-related components should not be included in non-executive director remuneration, boards may opt to pay non-executive directors a portion of their fees in shares purchased at market price. The FRC recommends that in such cases there should be a policy describing the rationale and process for permitting such shares in director fees and any associated restrictions on the sale of such shares. While paying non-executive directors in shares is still not that common in practice, companies that do so should consider adopting a policy in line with these recommendations and disclosing the policy in their next remuneration report.

5. Requiring governance reporting to focus on board decisions and their outcomes

The new Code enshrines the Principle that “governance reporting should focus on board decisions and their outcomes in the context of the company’s strategy and objectives”.

The addition is intended to emphasise that reporting should demonstrate the result of governance activities. The FRC‘s focus on this is not new; it has previously indicated in its Review of Corporate Governance Reporting that it believes improvement is needed in this area.

Some respondents to the Consultation indicated that it was unclear what is meant by ‘outcomes’ in this context. To address this, the Code Guidance contains a new section titled ‘Outcomes’.  The FRC acknowledges that decisions may have unexpected results and the results may not be observable in the short term, with companies encouraged to reflect this in their reporting. The FRC’s aim is for companies to streamline and focus their reporting and reduce the use of ‘boilerplate’. The Guidance contains suggested questions for the board to consider, that may assist with improving their reporting.

6. Reporting on departures from the Code

Importantly, the well-established principle of a board’s having the flexibility to “comply or explain” will remain but the FRC has added a Principle to the Code providing that when a board reports on departures from the Code’s provisions, it should provide a “clear explanation”.  Some respondents to the Consultation suggested that it was unnecessary to add this wording to the Code as it would duplicate the Listing Rules, which require companies to set out which provisions of the Code the company has not complied with and the period of, and reasons for, non-compliance. However, the FRC has gone ahead with the change.

The Technical Q&A on the FRC website states that a meaningful explanation should be understandable, persuasive and “set out the background, provide a clear rationale for the action the company is taking, describe any risks and mitigating actions to address them, and set out when the company intends to comply (timescales)”. The Code Guidance also refers boards to the FRC guidance, Improving the Quality of Comply or Explain Reporting (2021).

The FRC emphasises that  a “cogent and justified explanation” can illustrate “better governance” than a board defaulting to compliance with a provision that does not suit its circumstances. Despite this renewed emphasis, concerns remain that proxy advisors and others will continue to take a tick-box approach to compliance, rather than considering reasons for non-compliance (see the FRC’s joint analytical report on the influence of proxy advisors and ESG rating agencies on voting in FTSE 350 companies, which discusses this point). 

7. Culture

The Code already required boards to assess and monitor culture. The FRC has now added a requirement to “assess and monitor how the desired culture has been embedded”. This is aimed at encouraging companies to report on embedding their culture in line with the FRC’s findings in its report Creating a Positive Culture – Opportunities and Challenges (2021). The new Code Guidance includes a section on culture, much of which replicates the existing Guidance on Board Effectiveness but which does include some additions. There are also new questions for boards on embedding culture in the Code Guidance.

8. Resources, policies and practices

The Code already required the board to ensure that the necessary resources are in place for the company to meet its objectives and measure performance against them. The FRC has now added making sure the necessary “policies and practices” are in place as well.

The implementation of this new principle will require some thought given that the majority of the board will usually comprise independent non-executive directors, who are not full-time employees, and might find it difficult to oversee the day-to-day practices of the company’s workforce.

This requirement is part of a “Principle” and therefore must be complied with (as opposed to the Provisions, where companies can choose to explain rather than comply).

9. Diversity and inclusion

The previous version of the Code provided that appointments and succession planning should promote diversity of gender, social and ethnic background, cognitive and personal strengths. The italicised wording has now been changed to simply promoting “inclusion and equal opportunity”.

This change is intended to encourage companies to think beyond gender and ethnic diversity but without referencing specific groups.

The amended provision means companies will have freedom to discuss diversity and inclusion without having to refer to a prescribed list of characteristics. The Code Guidance encourages companies to offer transparency and refer to their relationship with initiatives, accreditations and charter schemes. It also sets out examples of how companies can continually support diversity and inclusion.

10. The Code Guidance (new, condensed and digitised)

The new Code Guidance brings together existing guidance from the FRC Guidance on Board Effectiveness (2018), the FRC Guidance on Audit Committees (2016) and the FRC Guidance on Risk Management, Internal Control and Related Financial and Business Reporting (2014) into a single, condensed and digitally accessible resource. As well as including existing guidance it also includes new guidance on various matters including on:

• board committees (with new sections on risk and sustainability committees);
• outcomes-based reporting;
• the Minimum Standard for audit committees; and
• internal controls.

The Code Guidance also contains useful questions for boards to consider, many of which are taken from existing guidance, but some of which are new.

In light of the changes, boards may wish to review the terms of reference for their board committees as well as their reserved matters before the Code becomes effective in their first financial year beginning on or after 1 January 2025 (1 January 2026 for Provision 29).

UK Corporate Governance Code

The updated UK Corporate Governance Code published on 22 January 2024 introduces a new concept that boards should establish and maintain an effective risk management and internal control framework (see elsewhere in this issue). Given that, for most organisations, cyber security is either a principal risk, or is relevant to an organisation’s management of principal risks, the changes to the Corporate Governance Code squarely puts responsibility for cyber risk in the board’s court.

Guidance on the UK Corporate Governance Code was subsequently published by the Financial Reporting Council on 29 January 2024. This guidance explains, for instance, that the board should:

• determine the nature and extent of the principal risks and its risk appetite;
• agree how the principal risks should be managed or mitigated to reduce the likelihood of their incidence or their impact;
• monitor and review the risk management and internal control systems, and the management’s process for this, and satisfy itself that they are functioning effectively, and that corrective action is being taken where necessary; and
• ensure effective external communication on risk management and internal control.

Draft Cyber Governance Code of Practice

However, it is not clear that all boards currently know what good cyber governance looks like in practice, with the UK Government’s 2023 Cyber Breaches Survey noting that “there is a lack of understanding of what constitutes effective cyber risk management”.

It is therefore helpful that the Government also published a draft Cyber Governance Code of Practice (23 January 2024) on which it is seeking views. This aims to support directors to drive greater cyber resilience. 

The Code consists of five overarching principles, with each having relevant actions attributed to it. By necessity these are not unduly prescriptive to ensure that they have broad applicability and so there is still much scope for variation in their application.

These principles and actions are summarised below:

1. Risk management

Actions include ensuring that cyber risks should be addressed as part of the organisation’s broader enterprise risk management and internal control activities, and establishing ownership of risks with relevant senior managers beyond the CISO.

2. Cyber strategy

This covers monitoring the cyber resilience strategy and its delivery, and ensuring the allocation of appropriate resources.

3. People

This principle focusses on communications and training. It includes ensuring that there are effective and measurable cyber security training and awareness programmes in place, and sponsoring communications on the importance of cyber resilience.

4. Incident planning and response

The associated actions include that the board should ensure that the organisation has a cyber incident plan and that there is at least annual testing of it. Additionally, in the event of an incident, the board should support executives in critical decision making and external communications.

5. Assurance and oversight

This principle requires the board to establish a governance structure with clear roles and responsibilities and ownership of cyber at director level. It specifies that there should be formal reporting at least quarterly, with regular dialogue with the CISO and other relevant executives.

The Code is intended to reflect existing best practice and to complement existing industry and government resources, both in the UK and internationally. Many directors will already be familiar with the Cyber Security Toolkit for Boards published by the National Cyber Security Centre (see our blog), and the intention is that the Code and the Toolkit will work together to form a coherent set of guidance for boards.

Once in final form, the Government’s current intention is that the Code be launched as a voluntary tool, without its own statutory footing. However, investors are increasingly focussed on governance of cyber, with Glass Lewis (an influential proxy voting firm) having last year added a new section to its proxy voting guidelines stating that “a company’s stakeholders would benefit from clear disclosure regarding the role of the board in overseeing issues related to cybersecurity”.

It can therefore be expected that, even if the Code is voluntary, investor expectations (and concerns over individual director liability) will drive boards to follow it regardless of its voluntary nature.

The schematic below sets out key steps along this long and winding road. 

The Government published its response to the BEIS (as it was then) White Paper, “Restoring trust in audit and corporate governance” setting out its plans for reform in May 2022. This set a path to UK corporate governance reform through a combination of primary and secondary legislation and changes to the Code.

The FRC released a consultation in May 2023 setting out proposed changes to the Code, reflecting what the Government wanted the FRC to cover. New corporate reporting requirements were due to come into effect through the Companies (Strategic Report and Director’s Report) (Amendment) Regulations 2023 (SRDR Regulations), published in July. As part of the implementation plan, primary legislation was needed to transition from the FRC to the new Audit, Reporting and Governance Authority (ARGA). That transition had provisionally been targeted for April 2024.

However, a day before the SRDR Regulations were scheduled for parliamentary approval, the Government withdrew them, citing a need to "cut red tape” for business.

The decision of the Department of Business and Trade (DBT) to withdraw the SRDR Regulations encapsulates the current tension between a call from some sectors of Government to restore trust in audit and corporate governance (in the wake of perceived failings and the high-profile corporate collapses of Carillion and Thomas Cook), and the desire and focus in other quarters to (re-)position the UK, in general, and the London capital markets, in particular, internationally as a more attractive and efficient place to do business.

The SRDR Regulations contained several key reporting requirements that were part of the reform agenda. Companies in scope (public companies and private companies above certain employee and turnover thresholds) were to be subject to new annual reporting requirements, including amongst other things a “resilience statement” and annual distributable profits figure.

The FRC’s proposed amendments to the Code were mainly aimed at providing for a more robust framework of effective internal control and risk management (as requested by the Government in its response to the BEIS White Paper back in 2022). Arguably they went further than anticipated by extending audit committee responsibilities and other changes focusing on diversity, directors’ time commitments and the quality of corporate governance reporting. Importantly, several of the proposed Code changes relied on the SRDR Regulations being in effect.

The withdrawal of the SRDR Regulations therefore had an inevitable knock-on effect on the FRC’s proposals for updating the Code. On 7 November, the FRC announced that although it would still be targeting January 2024 for publication of the updated Code, it would be taking forward “only a small number” of its 18 original proposals – namely those aimed at reducing duplication across reporting standards and ensuring internal control standards are “targeted and proportionate”. This aligns with the messaging from the DBT, which following a Call for Evidence in May 2023 looking at overlap and duplication in non-financial reporting requirements, has signalled that it intends to look into streamlining existing frameworks and eliminating duplicative requirements in companies’ directors’ and strategic reports (reinforcing the view that the focus on economic competitiveness is prevailing in Government for now). 

Such pressing of the pause, if not the re-direct, button, was further evidenced in November by the absence of mention of the Audit Reform Bill in the King’s Speech. The anticipated creation of ARGA next year will now not happen. The message from Government continues to be that the relevant legislation will happen ‘when Parliamentary time allows’; however, that seems quite far away, despite the FRC gearing up for its change to ARGA for a number of years now.

The timing and extent of audit and corporate governance reform is therefore far from clear, though perhaps this should be of no surprise with the prospect of a generation-defining general election in the UK in 2024. 

The current appetite within the ruling Conservative Party is uncertain. The Labour Party has pledged support for the audit and corporate governance reform agenda, including the establishment of ARGA, but not as a priority action item. One thing that does appear certain is that it will take a back seat during the run-up to the UK general election. And it seems unlikely that any new, far-reaching reforms will be developed and implemented immediately following the election. 

The journey that started in 2018 with Sir John Kingman to reform the FRC and the UK audit and corporate governance framework is therefore set to continue through 2024. Though that may cause concern and frustration for some, if a rethink and rebalancing of the proposed reforms leads the UK to a better door at the end, this long and winding road may well have been worth it.

2018			DECEMBER Kingman review of the FRC
2019			FEBRUARY Brydon independent review of the quality and effectiveness of audit APRIL CMA report into the statutory audit market
2020
2021			MARCH BEIS White Paper “Restoring trust in audit and corporate governance” JULY White Paper consultation period concluded
2022			MAY BEIS Response to White Paper JULY FRC Position Paper setting out next steps including proposed Minimum Standard for Audit Committees NOVEMBER FRC Draft Minimum Standard for Audit Committees published for consultation
2023			FEBRUARY Draft Audit Committee Standard consultation ended MAY FRC UKCGC consultation published; response date 13 September 2023 FRC Feedback Statement confirming Audit Committee and the External Audit: Minimum Standard finalised. FTSE 350 companies expected to comply on a voluntary “comply or explain basis” immediately JULY Draft Companies (Strategic Report and Directors’ Report) (Amendment) Regulations 2023 (SRDR Regulations) published alongside DBT guidance* OCTOBER Draft SRDR Regulations withdrawn 16 October NOVEMBER King’s Speech on 7 November did not include ARGA reforms on legislative agenda** FRC statement regarding King’s Speech and withdrawal of SRDR Regulations
2024			JANUARY FRC publishes updated UK Corporate Governance Code APRIL Previously targeted date for constitution of ARGA**
2025			1 JANUARY Most of new UKCGC comes into effect
2026			1 JANUARY Provision 29 of new UKCGC comes into effect (monitoring risk management and internal control framework)

*Withdrawn
**Future implementation plans for ARGA (if any) yet to be confirmed

Yet, these developments are unlikely to slow down the pressure from investors, lenders, regulators, and sectors of society that see ESG as a priority. For this reason, in 2024 expectations on companies to create adaptable strategies and ensure that they deliver on their ESG commitments will be even higher, and many have already demonstrated resilience in meeting their commitments.

The current focus is on listed companies, public interest entities and the finance sector, but private companies (particularly large private companies) are under increasing pressure to re-evaluate their businesses, disclose more information and revisit their governance structures accordingly to cater for the risks and opportunities presented by the sustainability agenda.

To help businesses make sense of the various challenges and opportunities presented by ESG, in 2024 we have collected our thoughts around three key themes: maturity, clarity and uncertainty.

MATURITY

We have sensed from conversations with our clients a marked shift towards implementation and operationalisation of ESG, regardless of political and economic uncertainties and ongoing regulatory evolution. Whilst the political environment fluctuates (particularly with significant elections coming this year, including in the United States) stakeholder expectations are no longer focused solely on whether businesses must transition, but rather how to transition and how fast.

Those businesses plotting a path for their transition most successfully often start with their purpose, strategy and commercial proposition in mind (i.e. a sophisticated view of sustainability, opportunity and risk). They understand this will require increasingly focused sustainability leadership from the board and the senior management team. The Transition Plan Taskforce’s (TPT) framing of Ambition, Action and Accountability (see further below) captures the zeitgeist. Businesses that get ahead of the regulation on transition plans will have the prospect of differentiating themselves positively.

It is likely that 2024 will see a new language of corporate communication emerge, reflecting a focus on delivery and achievement beyond the mere articulation of ambition. This will be driven by the increasing expectation of assurance, the spotlight on delivery and the widespread focus on, and increasing negative consequences of, greenwashing.

Our sense is that, once the current suite of contemplated UK regulatory initiatives are consulted on and implementation processes are commenced (notably endorsement of the International Sustainability Standards Board (ISSB) standards, TPT, TNFD (defined below), Sustainability Disclosure Requirements and a UK Green Taxonomy), the stock of domestic transparency and reporting regulations will stabilise. The UK Government’s pillars of strategic action for green finance, being ‘greening finance’ and ‘financing green’ have been furthered, with measures to ensure that market participants have the information and data that they need to manage risks and allocate capital where there are opportunities. Climate finance, and in particular the private sector’s role in providing such finance, was also a key theme of COP28: Discussion points for business from week 1, Impacts for business. Good market practice will continue to develop, with a collaborative approach from regulators and amongst businesses.

2023 saw a consistent voice from multiple business sources, trade associations and stakeholder platforms for more meaningful regulatory intervention, ranging from calls for a comprehensive industrial strategy, to better support for particular energy transition technologies, to a more ambitious regulatory framework to incentivise transition. We expect this to continue as businesses see the opportunity that sustainability presents, the need to progress their transition and the demands of their stakeholders to do so.

CLARITY

Corporate ESG reporting frameworks will continue to evolve in 2024 and will benefit from greater clarity from regulators, albeit that it is unlikely that full clarity will emerge by the end of the year.

Regimes like the Taskforce on Climate-related Financial Disclosures (TCFD) will merge into more prescribed regulatory content via the European Sustainability Reporting Standards (ESRS), the ISSB standards, the TPT framework and such like. Despite imperfect interoperability, each new framework calls for improved transparency through more detailed disclosure requirements (including in respect of scope 3 emissions, the subject of a UK Government call for evidence that closed at the end of 2023), assurance processes and materiality assessments.

The ISSB has published its sustainability and climate change disclosure standards, which may become the global baseline for sustainability reporting in many jurisdictions, including in Brazil, Japan, South Africa and the UK. The EU has gone a step further, adopting a “double materiality” approach via the Corporate Sustainability Reporting Directive and ESRS, requiring disclosures about the impact a business has on people and planet, not just what is financially material. The US Securities and Exchange Commission (SEC) has only recently voted to approve its new climate disclosure rules, which mirror TCFD but are distinct from it, and may be subject to legal challenge. Reporting on biodiversity is also expected to develop, as companies get to grips with the recommendations of the Taskforce on Nature-related Financial Disclosures (TNFD), published in September. Human rights and supply chain integrity will also go up the reporting agenda.

Finally, disclosure of transition plans is likely to see major growth in 2024. The UK’s TPT has published its “gold standard” sector-neutral transition plan disclosure framework, which offers businesses a better sense of how wider stakeholder expectations are likely to be set, and how to satisfy or exceed them. The TPT’s guidance on legal considerations for transition plans preparers (to which Slaughter and May contributed) also offers guidance on how to account for directors’ duties and competition law when making transition plan disclosures. This will be supplemented by sector specific guidance, following closure of a consultation at the end of 2023.

We expect to see greater clarity with respect to regulating greenwashing as well. In the US, regulators including the SEC have been cracking down on greenwashing and strengthening their rules. In the UK, whilst the Advertising Standards Authority continues to closely police misleading green claims in advertising, we anticipate further guidance from the Competition and Markets Authority arising out of its sector-by-sector review of greenwashing in consumer-facing businesses and many will be closely watching how the Financial Conduct Authority enforces its newly released anti-greenwashing rule and implements its guidance (currently out for consultation) when issued.

Companies wanting to play a role in helping formulate UK ESG policy are invited to participate in various governmental and regulatory consultations, with the key upcoming consultations summarised in Table 1 below.

UNCERTAINTY

Given the breadth of sustainability, there are still areas of great uncertainty and we expect this theme to continue into 2024, best illustrated by the case of the EU’s Corporate Sustainability Due Diligence Directive (CS3D).

The future of the directive is currently uncertain, but assuming it progresses in form similar to how it looks currently, it will be ambitious, and in-scope entities need to gear up for its implementation by mapping their value chains and embedding processes into their operations to cater for the level of oversight and assurance that is needed. There will inevitably be tensions and complexities around how different member states address the directive, and indeed how different players impose requirements across their business relationships.

In the field of ligation, we are continuing to see cases against corporates and financial institutions, and expect this to continue through 2024. For example, the scope of companies’ and their boards’ duties in an ESG context remains a live issue for companies to watch closely. In 2023, in two separate climaterelated derivative claims brought by shareholders against company boards (ClientEarth v Shell (in which Slaughter and May acted for Shell and its directors) and McGaughey v USSL), the English courts emphasised their reluctance to wade into the reasonable commercial decision-making of boards, even in a climate change context. We expect these issues to play out further in 2024, with boards’ ESG strategy and decision-making staying under the spotlight, and that the use of derivative actions will remain in the playbooks of some shareholders with ESG goals.

Elsewhere, we are seeing attempts to use the courts to impose direct obligations on companies with respect to their CO2 emissions, such as in the on-going cases Lliuya v RWE in Germany and Milieudefensie v Shell in the Netherlands. We are yet to see these types of cases before the English courts, where other routes such as threatened securities claims for misleading statements or omissions in ESG material published by UK listed companies are gaining traction.