SOX-Liter: Changes to the UK Corporate Governance Landscape

Skadden Publication

George Knighton Danny Tricot Adam M. Howard Louise Batty Katie Barnes Olivia Moul

Takeaway Points

  • In recent years, the UK government has unveiled a raft of reforms to the UK’s corporate governance regime.
  • Following consultation and feedback from various stakeholders, only some of the proposed reforms will be brought into force from 2024 onwards.
  • In-scope companies should prepare for upcoming changes by assessing their existing procedures and considering potential enhancements.


The UK government has proposed a number of measures — both legislative and regulatory — to restore trust in audit and corporate governance and maintain the UK’s reputation as a home of sound corporate governance. Some of these proposals are discussed in our previous briefing on the “SOX-Lite” regime. Only certain of these reforms will now take effect; others have been either abandoned or reformulated.

Tailored reforms introduced by a revised UK Corporate Governance Code (the 2024 Code) and the new corporate offence of failure to prevent fraud are key features of the UK’s changing corporate governance landscape. To aid interpretation of the 2024 Code, the Financial Reporting Council (FRC) has published accompanying guidance, consolidating its (i) Guidance on Board Effectiveness, (ii) Guidance on Audit Committees and (iii) Guidance on Risk Management Internal Controls and Related Financial Business, which provides helpful context for a board’s consideration of how to comply with the 2024 Code.

Premium-listed companies, which are subject to the UK Corporate Governance Code, must disclose in their annual reports how they have applied the overarching principles and complied with (or departed from) the detailed provisions (the Provisions) in the code. The “comply-or-explain” approach offers companies flexibility to establish and maintain their governance arrangements in a way that reflects their specific circumstances, including size, complexity, geography and ownership structure. A new Principle C encourages companies to report on outcomes and activities and to provide clear explanations for departures from the 2024 Code, including how a company’s alternative governance arrangements are more appropriate for upholding high standards of governance.

2024 Code

After recent corporate scandals and collapses (including Carillion and BHS), the FRC is prioritising effective risk management and internal controls in the 2024 Code.

The 2024 Code makes clear that the board retains ultimate responsibility for a company’s overall approach to risk management and internal controls, including:

  • Not only establishing but also maintaining an effective risk management and control framework aligned with a recognised standard (e.g., COSO, ISO or COBIT) that is suitable for the company’s particular circumstances.
  • Determining the company’s “risk appetite” (i.e., identifying the nature and extent of principal risks and the risks the company is willing to take to achieve its strategic objectives), which should be informed by the company’s individual risk profile and tolerance.
  • Agreeing how to manage or mitigate principal risks.
  • Monitoring and reviewing the risk management and internal control framework.
  • Ensuring effective external communication about risk management and internal controls.

Although the risk management and internal controls framework remains largely unchanged in the 2024 Code, the FRC expects certain new disclosures in companies’ annual reports. The framework covers all material controls, including financial, operational, compliance and, going forward, reporting controls. The board should provide (under Provision 29):

(i) A description of how the board has monitored and reviewed the effectiveness of the framework.

(ii) A declaration of effectiveness of material controls.

(iii) A description of any material controls that have not operated effectively and action taken or proposed to improve these or previously reported issues.

Intentionally principles-based, the 2024 Code ensures the board’s accountability for internal controls through the declaration of effectiveness and annual report disclosures.

Other key changes in the 2024 Code include:

  • Succession planning (Provision 23). Director appointments and the board’s succession planning should promote diversity, inclusion and equal opportunity. This Provision has been updated to provide for companies with extensive initiatives in place.
  • Culture (Provision 2). The board should assess and monitor how a company’s desired culture has been embedded, and seek corrective action if the board is not satisfied that policies, practices and behaviour align with the company’s purpose, values and strategy.
  • Malus and clawback (Provisions 37 and 38). Provision 37 now provides that directors’ contracts and/or other agreements should include malus and clawback provisions (with the intention of increasing enforceability). Provision 38 sets out a new disclosure requirement asking companies to include in their annual reports a description of the circumstances in which malus and clawback provisions could be used; why the selected clawback period is best suited to the company; and whether (and why) the provisions were used during the company’s last reporting period. In practice, most companies already reference the malus and clawback provisions applicable to their executive director incentive arrangements in their annual reports, following existing recommendations under proxy voting guidelines, albeit additional detail may be required to meet the enhanced Code requirement.
  • Deletion of factors for the remuneration committee to address (previous Provision 40). Previously, the Code required a description in the company’s annual report of how the company had addressed certain factors (namely, clarity, simplicity, risk, predictability, proportionality and alignment to culture) when determining executive director remuneration. This requirement has been removed from the 2024 Code. In practice, these factors are likely to remain relevant in remuneration committee considerations in determining remuneration outcomes, though it is no longer necessary to specifically disclose against these factors.

Provision 31 of the 2024 Code retains the requirement for the board to explain in the annual report how the board has assessed the company’s prospects and ability to continue operating and meet liabilities (known as the “viability statement”). This explanation is even more significant considering that the PIE Regulations (as defined below) — proposing that “public interest entities” (PIEs) prepare annual resilience statements addressing matters that the board considers to be a material challenge to the PIE’s financial resilience over the short and medium term — have been withdrawn.

Other than Provision 29, which will apply to financial years commencing on 1 January 2026, the 2024 Code will apply to financial years beginning on or after 1 January 2025. Companies may, however, adhere to the 2024 Code from an earlier date.

Abandoned Reforms

The UK government had previously proposed introducing further reporting requirements for PIEs via its draft Companies (Strategic Report and Directors’ Report) (Amendment) Regulations 2023 (the PIE Regulations). However, the government withdrew the PIE Regulations (which, as discussed in our SOX-Lite briefing, would have applied to UK companies with at least 750 employees and an annual turnover of £750 million or more) in October 2023, after consultation with stakeholders revealed that the proposed requirements would be overly burdensome to businesses.

The FRC’s November 2023 policy statement made clear that the FRC would not include some proposed amendments to the UK Corporate Governance Code in the final version of the 2024 Code. These include mandating audit committee oversight of ESG matters, expanding diversity and inclusion expectations, implementing provisions to limit “over-boarding”, and prescribing how committee chairs engage with shareholders.

The FRC’s withdrawal of its proposal for ESG disclosure to be within the remit of the audit committee is a response to consultation feedback rather than a deprioritisation of ESG matters. The withdrawal gives boards discretion to allocate oversight of a company’s compliance with environmental and sustainability reporting obligations in order to appropriately reflect a company’s ESG reporting function and individual board committee structure. The ability of the board to determine how the company manages ESG matters is important given an evolving regulatory landscape and considering both the applicability of the Task Force on Climate-Related Financial Disclosures to public companies in the UK and the extraterritorial reach of the Corporate Sustainability and Reporting Directive in the EU (see our Insights article).

Audit Committees and External Audit: Minimum Standard

In May 2023, the FRC published its “Audit Committees and External Audit: Minimum Standard”, which is applicable to FTSE 350 companies and their audit committees’ role in supervising the appointment and ongoing work of external auditors. Compliance with this standard is currently voluntary and is not expected to become mandatory until the FRC is replaced with the Audit, Reporting and Governance Authority (ARGA). Shifting legislative priorities and compressed timelines for a host of wider reforms intended to build the UK’s “smarter regulatory framework” mean that ARGA may not be created until 2026 or later.

Corporate Offence of Failure To Prevent Fraud

The Economic Crime and Corporate Transparency Bill received Royal Assent on 26 October 2023. The new corporate offence of failure to prevent fraud will apply to large companies across all sectors and imposes potentially unlimited fines on such companies for fraud committed by their employees. Although the offence may apply as early as Q2 2024, timing of implementation is unclear. The offence will only come into force when the UK government publishes guidance on reasonable fraud prevention procedures. In the meantime, companies should review and expand their existing anti-fraud protocols in preparation for the new offence.


Now that the 2024 Code has been finalised, companies can prepare for its requirements. The introduction of the corporate offence of failure to prevent fraud, forming part of wider measures under the Economic Crime and Corporate Transparency Act, presents an opportunity for companies to enhance their internal procedures. Despite undetermined timelines for some reforms, companies assessing their current practices and enhancing these, where required, will be well-positioned for the next era of strong corporate governance that beckons.

Knowledge strategy lawyer Sharon Jenman contributed to this article.

This memorandum is provided by Skadden, Arps, Slate, Meagher & Flom LLP and its affiliates for educational and informational purposes only and is not intended and should not be construed as legal advice. This memorandum is considered advertising under applicable state laws.