Guidance

Corporate reporting: The Draft Companies (Strategic Report and Directors’ Report) (Amendment) Regulations 2023

Updated 20 October 2023

The government withdrew these draft regulations on 16 October 2023. This press release explains why the legislation was withdrawn.

Introduction

The purpose of this document is to help companies and other interested stakeholders understand new corporate reporting requirements contained in the draft Companies (Strategic Report and Directors’ Report) (Amendment) Regulations 2023. The draft regulations were laid in Parliament on 19 July 2023 and will be debated in Parliament in due course.

This document is intended as a factual explanation of the draft legislation. It is not intended to be comprehensive and companies should not rely on it for legal guidance on how the requirements (if approved by Parliament) will affect them.

The Financial Reporting Council (FRC) plans to consult separately on detailed non-statutory guidance to companies about good practice in complying with the new reporting statements required by the regulations. The FRC is expected to publish draft guidance for consultation on its website by the end of 2023 or early 2024.

An explanatory memorandum and an impact assessment have also been laid in Parliament alongside the draft regulations.

The department welcomes feedback on this document and may add additional content in response to feedback. Please send any comments to corporategovernance@beis.gov.uk.

A. Summary of the new company reporting regulations

The regulations will, if approved by Parliament, create the following new corporate reporting requirements for very large UK companies (defined in the regulations as companies with 750 employees or more, and an annual turnover of £750 million or more):

  1. An annual resilience statement, to be included in the strategic report, in which companies in scope must explain the steps they are taking to build or maintain their business resilience over the short, medium and long term, including by:
  • summarising the company’s strategic approach to managing risk and building or maintaining business resilience, including how risk and resilience are considered within the company’s business planning and investment cycle, and within relevant internal governance processes
  • describing the principal risks that the directors consider could provide a threat to the company’s operational or financial resilience over the short to medium term, and explaining how such risks are being managed
  • summarising why the directors have decided to adopt the going concern basis of accounting (that the company will be able to meet its liabilities as they fall due over an assessment period of 12 months or more), including any significant judgements or mitigating action taken to reach this conclusion
  • providing a directors’ assessment of the company’s prospects over the medium term (with this period to be defined and explained by the company), including consideration of the likelihood that the company will be able to continue in operation and meet its liabilities as they fall due over that period
  • reporting on an annual reverse stress test[footnote 1], which identifies a combination of adverse circumstances that could cause the company’s business plan to become unviable, and identifies any mitigating action put in place in light of the exercise
  • summarising any long-term trends or factors which could threaten the company’s business model or operations, and any plans the directors may have in place, or be considering, in response

2. An annual distributable profits figure, to be included as a note to the accounts, and an annual distribution policy statement, to be included in the directors’ report, requiring the following information:

  • disclosure of distributable profits figure – this must state the company’s accumulated realised profits, or at least a minimum figure for such profits if it would involve unreasonable expense or delay to calculate the total accumulated realised profits.
  • distribution policy statement – this must explain the company’s policy on the amount and timing of distributions to shareholders over the short and medium term (including dividends and share buy-backs), and any risks or constraints to the implementation of that policy.

3. An annual material fraud statement, to be included in the directors’ report, providing a summary by the directors of:

  • their assessment of the risks of material fraud occurring at the company (that is, fraud on a scale or of a nature that could influence the investment decisions of shareholders)
  • the main measures in place and any new steps taken to prevent and detect material fraud

4. A triennial audit and assurance policy statement, to be included in the directors’ report, and to include:

  • a description of the company’s internal audit and assurance capabilities, and its plans for obtaining internal assurance over information in the company’s annual accounts and reports over the next 3 years (including any voluntary disclosures)
  • an explanation of whether the company plans any external (third party) assurance of any information in its annual accounts and reports (beyond the annual statutory audit) over the next 3 years
  • an annual update covering how the audit and assurance policy has been implemented (and potentially updated) in the year

B. Timing

The regulations will come into force, if approved by Parliament, on 1 January 2025. In the first year, the regulations will apply only to UK companies with equity share capital[footnote 2] admitted to trading on a UK regulated market[footnote 3]. The regulations will apply in respect of financial years of those companies which begin on or after 1 January 2025. Listed companies have greater existing experience of enhanced reporting on risk, audit and other relevant matters (including under the FCA’s Listing Rules and Disclosure Guidance and Transparency Rules, specific reporting requirements for quoted companies in the Companies Act 2006 and, for premium listed companies, the ‘comply or explain’ provisions of the UK Corporate Governance Code).

One year later, the regulations will extend to other companies above the threshold. So very large private companies, non-traded plcs and companies with shares admitted to trading on a multi-lateral trading facility such as AIM will need to comply with the regulations in respect of financial years which begin on or after 1 January 2026.

C. Scope

The regulations apply to all UK companies (that is, companies incorporated under the Companies Act 2006) with 750 employees or more and an annual turnover of £750 million or more.

For the avoidance of doubt, this includes all of the following companies at or above this size threshold:

  • public companies (whether admitted to trading or not)
  • private companies

But it does not include:

  • limited liability partnerships
  • charities, third sector organisations and public organisations if they are not incorporated as a company under the Companies Act 2006

Treatment of groups

The regulations take the approach to group reporting that already applies in the case of the non-financial and sustainability information statement which is included with the strategic report:

Under this approach:

  • a UK parent company which prepares consolidated (that is group) accounts will already be required to produce a group strategic report and a group directors’ report (under sections 414A and 415 of the Act, respectively), and the new reporting under the regulations will largely sit within those existing group reports[footnote 4]
  • where a group headed by such a parent company meets or exceeds the 750 employee and £750 million threshold, the parent company will be able to report under the regulations on behalf of the group, and no subsidiaries will be required to report individually under the regulations regardless of size
  • this is subject to the following (standard) conditions being met:
    • the group strategic and directors’ reports published by the parent company must relate to its undertakings as well
    • those reports must be prepared for a financial year of the parent company that ends at the same time as, or before the end of, the financial years of its subsidiaries
    • those reports must include group reporting under these regulations (such as a group resilience statement or group material fraud statement) in respect of all companies included in the parent company’s consolidation
  • by contrast, where a group of UK subsidiaries is in aggregate above the threshold, but does not have a UK parent that publishes consolidated accounts or group strategic and directors’ reports (for example, because they rely on the consolidated accounts of an overseas parent), group reporting under the regulations will not apply. Instead, any UK parent of the UK group, and any UK subsidiary within the group that is above the threshold in its own right, will be required to report individually under the regulations

Calculation of ‘turnover’ in relation to banking and insurance income

Section 474 of the Companies Act defines ‘turnover’ for the purpose of companies calculating whether their turnover is above the reporting threshold. It is based on income from the provision of goods and services. These regulations provide additionally for income from banking and insurance companies to be included in the calculation of turnover. The regulations specify that, in determining whether a company is above the threshold, any income from the activities of banking and insurance companies[footnote 5] should be included in the turnover figure and should be calculated as:

  • banking companies: net income from interest, trading, fees and commission
  • insurance companies: revenue or earned premiums net of reinsurance, depending on the accounting framework used by the company[footnote 6]

Process for companies moving in and out of scope of the regulations

If a company is above the threshold (750 employees or more and an annual turnover of £750 million or more) for a financial year, then the annual reports and accounts it subsequently publishes for that financial year must comply with the reporting requirements in the regulations.

That is subject to the commencement provisions (referenced in the Timing section above), in which companies with equities trading on a UK regulated market above the threshold will first report for financial years beginning on or after 1 January 2025 while other companies above the threshold will first report for financial years beginning on or after 1 January 2026.

For the avoidance of doubt, the regulations do not include a ‘smoothing provision’.[footnote 7]

D. Resilience statement

Purpose of resilience statement

The purpose of the resilience statement is to provide shareholders, creditors and other users of corporate reporting with greater understanding of how very large companies are managing risk, and building or maintaining business resilience.

The Companies Act currently requires only that companies provide “a description of the principal risks and uncertainties facing the company”, but without requiring information on how such risks and uncertainties are being addressed and mitigated, their likelihood and potential impact, the time period over which they are expected to last, and companies’ underpinning governance processes for risk management and developing business resilience. Many companies already provide this additional information voluntarily (or under the UK Corporate Governance Code), and the Resilience Statement will help ensure that it is provided on a consistent and comparable basis across all companies in scope of the regulations.

At the same time, the Resilience Statement will integrate risk reporting over the short, medium and long term within a single document in the annual report, including information on why the company remains a going concern, how directors have assessed its prospects over the medium term, and what challenges, if any, the directors envisage in the long term. In doing so, the Resilience Statement will, for companies in scope, replace the existing need to provide a statement on future prospects (the existing ‘viability statement’ provision) in the UK Corporate Governance Code. Companies will also not need to report separately on their “principal risks and uncertainties” if they report on their principal risks in line with the requirements of the Resilience Statement.

Definitions of ‘short-term’ and ‘medium-term’ and references to ‘long-term’

For the purposes of the Resilience Statement, the ‘short-term’ must be the same period over which the directors have assessed the ability of the company to continue to operate as a going concern (a minimum of twelve months from the date on which the company’s accounts for the relevant financial year were approved by the board of directors).

The length of the ‘medium term’ period is for the company to determine. In doing so, they must explain in the Resilience Statement how the chosen period aligns with the company’s strategy, and with its business planning and investment cycle.

The length of the ‘long term’ period is not required to be defined but must cover matters envisaged to occur or be relevant beyond the medium-term period.

Inter-action of Resilience Statement with existing Companies Act and UK Corporate Governance Code reporting on risk and future prospects

As mentioned above, the regulations provide that companies in scope of the Resilience Statement will be able to meet the existing Companies Act requirement (section 414C(2)(b)) to provide “a description of the principal risks and uncertainties facing the company” by complying with the Resilience Statement requirements in the regulations.

In May 2023 the FRC published a consultation on an updated version of the UK Corporate Governance Code. As part of this, the FRC is proposing that where a company following the Code publishes a Resilience Statement, it will be regarded as having complied with provisions in the updated Code related to going concern.

The FRC is also proposing to update the existing Code provision on future prospects (also referred to as the ‘viability statement’). Companies following the Code that are in scope of these regulations will be deemed to have met this provision, while Code companies not in scope will report on their future prospects in a similar but simplified way.

Reverse stress testing – relevance of existing reverse stress testing rules for banks, insurers and other companies

Companies in scope of the regulations that are subject to existing reverse stress testing requirements[footnote 8] may draw on that existing compliance activity in whole or part in order to comply with the Resilience Statement.

At the same time, since those existing requirements have some different provisions – including relating to disclosure – they are not exempt from the reverse stress testing requirement under these regulations. A number of companies already carry out and disclose details of reverse stress testing on a voluntary basis. Shareholders and other users of corporate reporting are interested in measures taken by a company to help ensure it could with-stand a potentially very damaging combination of adverse circumstances, including the likelihood of such a situation occurring and any mitigating action in place.

Exemption from disclosure of reverse stress testing information seriously prejudicial to a company’s interests

At the same time, in recognition of the potential sensitivity that could attach to disclosure of reverse stress testing, the regulations provide that directors may with-hold from disclosure any details which they consider could seriously damage the interests of the company.

Treatment of potential ‘principal risks’ in new section 414CD(5)(c) where a company does not consider that one or more of such matters are either a principal risk, or relevant to the management of the company’s principal risks

The regulations require that companies consider whether any of the matters covered in s.414CD(5)(c) represent a principal risk, or are relevant to the management of the company’s principal risks. If any of those matters are not considered to be a principal risk, or relevant to the management of the company’s principal risks, the company is not required to report on them in its Resilience Statement. Omission of any such matters from a company’s Resilience Statement will convey to users of the Statement that a company does not consider those matters to be either a principal risk for the company, or relevant to its management of its principal risks.

E. Additional information about distributable profits, distributions and purchase of own shares

Purpose of additional information

Distributable profits are a company’s accumulated realised profits minus its accumulated realised losses. The Companies Act 2006 requires that dividends and other distributions may only be made from distributable profits and it imposes various other restrictions on distributions. However, companies have not previously been required to disclose their distributable profits. So investors and other readers of the accounts have had no way of knowing whether companies have sufficient distributable profits to pay a dividend, nor what headroom exists between dividends paid or proposed and the available distributable profits. The new reporting will make this information available. In addition, because the figure will be a note to the accounts, it will be subject to statutory audit, providing re-assurance that it has been properly calculated.

Summarising changes to the distributable profits available

The regulations require a summary of the changes to the available distributable profits during the financial year. This information will need to include:

  • distributable profits available at the beginning of the year
  • any dividends or other distributions paid in year
  • any purchase of the company’s own shares
  • relevant profits or losses made during the year which have added to or reduced the available distributable profits
  • distributable profits available at the end of the financial year

Public companies (that is plcs) must not only have sufficient distributable profits to be able to make a distribution, but must also meet a net asset restriction test.[footnote 9] The regulations require a public company to disclose the impact of the test on the amount available for distribution.

Where distributable profits cannot be calculated without unreasonable expense or delay

New sections 413A(7) to (8) (as set out in the regulations) permit a company to disclose a minimum or “not less than” figure where an exact figure cannot be calculated without unreasonable expense or delay. It is for the directors to decide whether this is the case, but they must explain their reasoning in the notes to the accounts. It is not anticipated that directors will need to make use of this provision for distributable profits generated after the coming into force of the regulations and that, in practice, it will be used mainly in respect of historical trading activity.

Insurance and investment companies

The regulations (section 413A(3)-(5)) make provision for the special arrangements which apply to distributions by insurance companies and investment companies.

Distributable profits disclosure requirements for parent companies and subsidiaries

New section 413A generally provides that a company to which the new section applies will provide a note in its accounts about its distributable profits. However, new section 413A(6) provides an exemption for subsidiaries of companies with a high level of employees and turnover. The effect of this is that, in the case of a UK group, it is the parent company only which will be required to disclose its distributable profits. New section 413A does not apply to an overseas parent, meaning that the exemption is not available to its UK subsidiaries.

A parent company making the disclosure will not be required to disclose the distributable profits of other companies within the group, either individually or in aggregate. However, the policy statement concerning distributions and purchase of own shares required under section 416C – see Section F below – will provide readers with information about the distribution policy of the group as a whole.

F. Policy statement concerning distributions and purchase of own shares

Purpose of distribution policy statement

The policy statement will give investors and other users of the annual report and accounts an understanding of the company’s overall approach to dividends, buy backs and other uses of surplus capital. It will give readers a better understanding of the sustainability of the distribution policy, the risks and legal constraints affecting the policy and how it relates to the distributable profits shown in the notes to the accounts. It ensures that the distributable profit figure is set in a wider narrative context.

Distribution policy statement in a group context

Where the directors’ report is a group report, the distribution policy statement must be a consolidated statement relating to the companies in the consolidation. Distributable profits and distributions exist only for a company, not for a group.[footnote 10] However, the intention of new section 416C(1)(c) is that the policy statement should comment on the availability of distributable profits not just at the parent company level, but within the wider group. In this way, the statement will give readers information about the availability or future availability of distributable profits within the group which could be paid up to the parent company.

Implementation of the distribution policy

The regulations require the directors to describe how they have implemented the distribution policy in relation to the financial year. New section 416C(1)(e)(ii) will ask directors to describe how, in making decisions about paying dividends or recommending the payment of a future dividend, they have considered and taken into account the level of distributable profits disclosed in the notes to the accounts. This is intended to provide reassurance for users of the report and accounts that any distributions have been made from distributable profits.

G. Material fraud statement

Purpose of material fraud statement

The directors and management of a company are primarily responsible for the prevention and detection of fraud in the company’s business operations. The new reporting is designed to give readers an understanding of the steps that the company has taken to prevent and detect material fraud, alongside a summary of the directors’ assessment of the risk of material fraud.

Definition of “material fraud”

For the purpose of these regulations:

  • “fraud” means behaviour falling within any of sections 2 to 4 of the Fraud Act 2006 (including fraud by false representation, fraud by failing to disclose information, and fraud by abuse of position)
  • “material” means fraud of a nature or magnitude that could reasonably be expected to influence the decisions which a reasonable shareholder would make in connection with their shareholding in the company.

The definition covers both fraud perpetrated by the company on external parties and fraud where the company is the victim of the fraud.

Auditors’ responsibilities for detecting fraud

Steps have been taken separately by the Financial Reporting Council to clarify auditors’ responsibilities for detecting fraud, in particular through revisions to audit standard ISA (UK) 240 (Auditors Responsibilities Relating to Fraud). Amongst other things, it requires auditors to demonstrate more professional scepticism about potential fraud and to consider both its qualitative and quantitative aspects.

H. Audit and assurance policy statement

Purpose of Audit and Assurance Policy Statement

The purpose of the Audit and Assurance Policy Statement is to help users of corporate reporting understand:

  • how information in the annual accounts and reports is assured internally by a company
  • whether a company has plans to strengthen its internal audit and assurance capabilities over the 3 year span of the audit and assurance policy statement
  • whether a company has any plans for external (third party) assurance of any information in the in the annual accounts and reports over the next 3 years, to the extent not already covered by the statutory audit

This new requirement responds to investor and wider stakeholder interest in non-financial reporting within the annual accounts and reports, including on strategy, governance, risk and matters related to sustainability and climate change. Such reporting is of increasing interest and importance to users of corporate reporting, yet its reliability is not formally assured as part of the statutory audit. The statutory audit focuses primarily on the company’s financial statements, as explained below.

Interaction of Audit and Assurance Policy Statement with matters covered by existing statutory audit

The statutory audit provides reasonable assurance that the financial statements present a true and fair view of the company’s financial position. Financial statements are published with other information, such as a directors’ report, which collectively are referred informally to as the annual report and accounts.[footnote 11] The auditor’s responsibility in relation to this other information is to review it and consider if it is materially consistent with the financial statements and knowledge obtained during the audit. The work undertaken in relation to this other information does not provide any assurance (either limited or reasonable) to users.

The Audit and Assurance Policy statement addresses this lack of external assurance over other information included in the annual report and accounts, by requiring companies to:

  • describe their internal audit and assurance capabilities, and their plans going forward for internally assuring information in the annual accounts and reports
  • state whether they have any plans to commission external assurance of any information, to the extent not already assured or considered in the statutory audit
  • state specifically whether or not they have any plans for external assurance of some or all of the company’s Resilience Statement, or of the effectiveness of the company’s internal controls over financial reporting

Statement on any external assurance planned in respect of the Resilience Statement and/or the effectiveness of the company’s internal controls over financial reporting

Reporting on resilience and the effectiveness of internal controls over financial reporting are of common and particular importance across all kinds of large business, given that matters such as these could threaten the future of a business if not managed responsibly. The government therefore believes that companies should explain whether, and if so how, they are considering any external assurance of resilience reporting and of the effectiveness of their internal controls over financial reporting. Companies may nonetheless explain why they may consider that their internal assurance of such matters is sufficient.

Reason for focus on effectiveness of internal controls “over financial reporting”

Shareholders and other users of corporate reporting are particularly interested in the reliability of financial reporting and in the internal controls underpinning that reporting.

The government has separately asked the FRC to consider how risk and internal controls reporting could be more effectively included within the UK Corporate Governance Code (which already goes beyond financial controls in this respect) and the FRC’s current consultation on an updated Code invites proposals in this area. Since companies’ approach to internal controls relating to non-financial controls may be less developed, the provision in these regulations focuses on financial reporting.

Triennial publication of Audit and Assurance Policy Statement with annual updates

The regulations require that an Audit and Assurance Policy Statement is published every 3 years. Additionally, except for the publication of the first Statement, a company must provide a short annual update on the implementation of the existing Statement over the relevant financial year. The annual update should highlight any changes made to the Statement.

  1. Subject to directors not being required to disclose any information in respect of reverse stress testing that would, in the opinion of the directors, be seriously prejudicial the interests of the company. 

  2. As defined in section 548 of the Companies Act. 

  3. As defined in section 1173 of the Companies Act. 

  4. Except for the distributable profits figure, which will be in a note to the accounts. 

  5. As defined under section 1164 (“banking company”) and section 1165 (“insurance company”) of the Companies Act 2006. 

  6. Either IFRS 17 or FRS 103. 

  7. ‘Smoothing provisions’ - in which a company once above a reporting threshold stays there for at least 2 reporting years, and conversely stays below the threshold for at least two reporting years if it drops below after the first 2 years - are used in some, but not all, non-financial reporting under the Companies Act 2006 (such as the Companies (Miscellaneous Reporting) Regulations 2018, and the small companies qualification regime). 

  8. Such as under Prudential Regulation Authority or Financial Conduct Authority rules for banking companies, insurers and designated investment firms. 

  9. Section 831, Companies Act 2006 

  10. The rules on distributions apply to individual companies and do not treat a group as if it were a single entity. A parent company’s profits available for distribution are those resulting from its own activities and not those of its subsidiaries, except to the extent that those subsidiaries have made distributions to the parent company. 

  11. Referred to as the “Accounts and Reports” in the Companies Act.