The Financial Reporting Council (FRC) has published its annual review of corporate governance reporting for 2024, which discusses the quality of reporting against the UK Corporate Governance Code 2018. This follows the release of its annual review of corporate reporting in the 2023/2024 reporting season more generally, which was published in September (see our blog post here).
Following the publication of the revised version of the Governance Code in January this year, this is the penultimate review which will consider reporting against the 2018 version of the Code. The 2024 version of the Code will apply to financial years starting on or after 1 January 2025, except for the changes to reporting on risk management and internal controls in provision 29 which will apply to financial years beginning on or after 1 January 2026 (see our snapshot for more details).
The FRC reviewed the disclosures made by 100 FTSE 350 and Small Cap companies which follow the Code, though the sample group was expanded to 130 companies when reviewing risk management and internal controls reporting, given the more substantive changes being introduced in this area by the 2024 Code.
Overall, this year the FRC found that far fewer companies departed from the Code, which the FRC views as resulting primarily from increased compliance with the provisions of the Code relating to the alignment of pension contributions, as companies have been able to move away from non-compliant arrangements. In 2024 only 28 of the companies sampled disclosed departing from at least one Code provision, down from 63 in 2023 (and 78 in 2022).
Findings of note in the review include:
- Risk management and internal controls systems – None of the companies in the sample reported early adoption of the changes to provision 29, though a number of companies referred to on-going work in preparation for these changes. However, the FRC observed that fewer than half of the companies reviewed had reported appropriately on their review of effectiveness of these systems;
- Cyber and IT risk – 89% of companies included cyber security as a principal risk and 27% included IT as a separate standalone principal risk; and
- AI – The FRC noted a significant increase in reporting on AI, with 73% of the companies discussing AI-related matters, and 26 listing AI as an emerging risk.
As usual, the review includes specific examples of good reporting drawn by the FRC from the reports they reviewed.
Key contacts
Disclaimer
The articles published on this website, current at the dates of publication set out above, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action.