Decoding the Updated UK Corporate Governance Code: Navigating Risk Management

#riskmanagement, #governance, #technologyrisk, #InternalControls #EmergingTechnologies, #DigitalTrust, #Blockchain, #StrategicPlanning, #DecentralisedIdentity, #LegacyIT??

The Financial Reporting Council (FRC) in the UK has issued the updated UK Corporate Governance Codefollowing a consultation last year as part of the 'Restoring trust in audit and corporate governance' reform package. The Code applies to all companies with a premium listing, whether incorporated in the UK or elsewhere. The 2024 Code applies to accounting periods beginning on or after 1 January 2025, except for Provision 29, which applies from 1 January 2026.

But Who is the FRC?

The FRC regulates auditors, accountants, and actuaries and sets the UK's Corporate Governance and Stewardship Codes. It promotes transparency and integrity in business. Its work is aimed at investors and others who rely on company reports, audits, and high-quality risk management (https://www.frc.org.uk/about-us/).

The government requested the FRC adopt a code-based strategy to enhance focus on internal control issues within boardrooms, selecting this approach over a legislative framework. This shift, in response to changes in government policy on various reform agenda elements, stands as the most significant adjustment in the new Code. Furthermore, revisions have been made to the proposal initially consulted on.

Emerging Risks and Technologies

The revised Code emphasises emerging risks and technologies - requesting that the boards should explain what procedures are in place to identify and manage emerging risks - such as artificial intelligence (AI), decentralised identity, digital trust, blockchain, etc. These advancements present opportunities and challenges, particularly in the financial services industry, which is already accustomed to stringent risk management and internal control requirements.

These emerging technologies underline boards' need to understand the current threat landscape, including cyber threats and data privacy concerns and anticipate future risks. Legacy IT systems and technology burdens can exacerbate these challenges, making it critical for companies to evaluate and update their technological infrastructure and risk management practices to prevent vulnerabilities and ensure compliance.

Implications for the Industry

For businesses already at the forefront of adopting comprehensive risk management and internal controls, the updated Code reinforces the need for continuous progression in response to technological advancements. Firms must assess how emerging technologies and associated risks can be integrated into their strategic planning and operational processes. Such activity requires a forward-looking approach to risk management, emphasising not only financial risks but also operational, technological, and reputational risks.

By expanding the scope of risk management to include these emerging technologies, the Code encourages companies to develop more dynamic and resilient risk management frameworks. These should address current risks and adapt to the rapidly changing digital landscape. In an ever-evolving business landscape, the ability to remain agile and open to change is vital, ensuring that governance practices can swiftly adapt to new challenges and opportunities.

Leveraging Technology for Strategic Advantage

Proactive companies with well-established risk management frameworks are positioned to leverage these updates for strategic advantage. By incorporating advanced technologies such as AI and blockchain leveraging automation into their risk management and internal control systems, firms can boost efficiency, transparency, and trustworthiness. This aligns with the Code's expectations and sets a benchmark for governance excellence in the digital age.

Moreover, the emphasis on digital trust and integrating technology into corporate governance frameworks highlight the importance of addressing the legacy technology burden. Corporations are encouraged to modernise their IT and technology infrastructure, which can significantly reduce risks associated with outdated systems and improve their overall risk management capabilities in a pragmatic and effective manner.

What we've learnt?

The updated UK Corporate Governance Code marks a significant shift towards a more holistic and future-oriented approach to risk management. By incorporating emerging technologies and addressing the evolving threat landscape, the Code challenges businesses to improve their governance practices, ensuring they are comprehensive, strategically integrated, and capable of adapting to new challenges. This alignment fosters compliance, optimises risk management, and positions firms as leaders in governance best practices in an increasingly digital world.