Governance Watch
‘Governance Watch’ is the podcast from the news and intelligence resource, Board Agenda, which immerses its listeners in the intricate world of corporate governance and the burning issues confronting boards and leadership teams today.
The magazine style show is hosted by Board Agenda's editorial team and includes interviews with guests including board members and C-suite executives from across industry, governance leaders and the investor community.
Each episode provides a wealth of knowledge and strategic insights to navigate the complexities of leading and governing companies in the modern business landscape.
Governance Watch is for informed opinion, discussion, and enlightenment as to how organisations are being governed. We invite you to join us as we explore the leadership of business.
Governance Watch
Four compliance shifts boards need to know:- regulatory briefing with Ashurst:-
In this episode of Governance Watch, we explore four major regulatory and compliance developments that UK companies and governance professionals need to act on now.
🔹 Failure to Prevent Fraud
A new corporate criminal offence under the Economic Crime and Corporate Transparency Act 2023 came into force on September 1st. Companies can now be held liable for fraud committed by employees or agents unless they have a robust fraud prevention framework in place.
🔹 Sustainability Reporting Overhaul
The UK is moving toward adopting ISSB standards (S1 and S2), with UK Sustainability Reporting Standards (UK SRS) expected by year-end. Meanwhile, the EU is revising its ESRS to reduce complexity—impacting UK companies with European operations.
🔹 Director Identity Verification
From November 18th, Companies House will require identity verification for all new directors, LLP members, and persons with significant control (PSCs), with a 12-month transition period for existing individuals. This aims to improve transparency and reduce fraud.
🔹 Modern Slavery Reporting Guidance
New government guidance introduces a two-tier framework to help companies benchmark and improve their modern slavery compliance. While not mandatory, it’s a valuable tool for risk management and reputational protection.
🎙️ Featuring expert insights from Neil Donovan, Becky Clissmann, and Will Chalk of Ashurst, this episode offers practical advice and strategic context to help boards, compliance teams, and governance professionals navigate evolving regulatory landscapes.
Hello, and welcome to governance watch, your essential update on all things governance from board agenda. In this edition, we are looking at four key governance and compliance issues. We'll be looking at developments around the failure to prevent fraud laws. We'll report on sustainability reporting rules in the UK and briefly in the EU.
We'll tackle the gnarly subject of directors verifying their identities for the company's house. And lastly, we'll navigate new guidance for modern slavery reporting. With me to explore all of this is a trio of experts from the city law firm, Ashurst. They are Neil Donovan, Becky Klisman, and Will Chalk.
Hello, all of you. Hello.
Hi. Hi, Gavin.
Now to you first, Neil, if you don't mind. Two years ago, the government introduced the failure to prevent fraud laws, creating an an offense, of course, as it described on the tin, to prevent fraudulent wrongdoing, but there's now new guidance, around that, possibly making it easier for authorities to take action using the law.
Yes. Absolutely, Gavin.
So from the first of September this year, a new corporate criminal offense of failing to prevent fraud came into force. As you mentioned, this offense was introduced under the Economic Crime and Corporate Transparency Act, in twenty twenty three. But this is really the first notable expansion of UK corporate criminal liability really since the introduction of other failure to prevent offenses, the failure to prevent facilitation of tax evasion in twenty seventeen and the failure to prevent bribery, which came into force in twenty eleven. So quite quite a significant change in terms of corporate criminal laws.
Okay. So what's happening now then, Neil? What's the latest?
So, this essentially creates a new offense, Gavin, and and the offense applies where an associated person of of a large organization commits fraud with the intention of benefiting the organization or one or one of its clients.
So this offense really, what's changed at this expense really focuses on fraud for the benefits of the company or for the benefits of the clients. In the past, fraud, quite often been through the lens of where the company is the victim, and that's quite often how it's managed by companies at present. This is looking at it through a slightly different lens. And what this does is it creates a corporate level offense. So the corporate will itself will be criminally liable where an associated person, that's a very board group, employees, agents, third parties acting on behalf the company commit a fraud for the benefit of the company.
And so what how do boards and directors need to act upon this right now?
Well, this is a significant development for boards and directors because there is a defense to this criminal offense, and the defense is if at the time the fraud, occurs, you can demonstrate that you had a reasonable fraud prevention framework in place. So what boards and, senior management within companies have been doing over the past few months is is making sure that they've got those procedures policies and procedures in place that they're, really communicating very clear expectation from the top in terms of zero tolerance of fraud, that there's training in place for employees, and that there there's been work done to really understand and assess the risks of fraud across the business so that they can be mitigated accordingly.
Do we get the impression that everyone's on top of preparing for that, putting that kind of framework in place, or are people a little bit behind where they should be?
It it's a mix, I'd say, Gavin. There's been a ten month implementation period since the guidance you mentioned that the, outset was published.
So companies have been working during that time, to enhance and uplift existing procedures really that are already in place.
But, of course, there there are a few who have had other business priorities in that time and and just still have some work to do. That's that's not a major problem because the offense only applies to conduct since the first of September.
But, obviously, it would be prudent now, and it should be a priority now for those companies to, to close off any remaining gaps and ensure their procedures are fit for purpose.
Okay. And what what, I'm kind of interested. Where who owns this, framework inside the company, and what are the risks of failing to act to put something in place?
Yeah. It's it's been very interesting actually in terms of who has ownership of the risk internally.
Traditionally, of course, these types of financial primary do sit within compliance or legal teams. This risk, we've seen operational risk taking quite a lead role actually here.
And so it's really but this approach, this this offense has actually been quite unique in terms of the approach of companies because what you've had is a multidisciplinary team, cross function team internally who have actually been owning it. I guess, ultimately, the fraud risk sits with the front line with the front office, but we've seen really, quite a mix of teams, legal compliance, finance, tax, and and risk teams all working together to prepare for the offense.
In terms of the consequences, well, in in addition to the risk of criminal liability, the potential penalties are the companies are in a limited fine, and we've obviously seen very significant fines, but for the failing to prevent bribery offense.
And then there's all the associated consequences, of course, potential prosecution of individuals for all offenses, and the reputational risks, of course, that come with that.
So a lot to think about there and take on board.
Now let's turn to sustainability reporting. Lots going on here all the time. We've got movements in the UK and in Europe. Becky, can you tell us a bit about what's happening in the UK?
So well, it's it's been a bit really like, buses. You know, you wait for one and then three come along at once. So early this summer, we had a trio of consultations published by the government on adopting the ISSB sustainability re reporting standards. They're known in the in the business as S1 on sustainability and S2 on climate.
And then also there was a consultation on whether or not transition plans should be mandated, some, you know, general sort of discussion around that. And then there was also a consultation on an oversight regime for assurance of sustainability disclosures.
So all of those consultations are closing this week, which brings them back into focus, I guess, for a number of people. And what we're expecting is that following the the first one in the the consultation on, adopting the ISSB standards, the government will make a decision on endorsing those to create the UK's, sustainability reporting standards or UK SRS as they're known. And then we're also expecting a follow-up consultation on the transition plans, consultation. So lots more to come, but certainly a lot going on right now.
And what's the time horizon for UK SRS? When are companies likely to be told they've got to get on and implement them?
Yeah. Good question. So the it it's a sort of slightly complicated and staged process. So the SRS should be available, by the end of this year. So they will be standards that companies can choose to, report to voluntarily.
But following that government decision that I just mentioned, the government will then consult on what, which companies should be obliged to report using those standards. And, also, the FCA will be, consulting on how they will, adopt those within their listing rules. So there's, again, lots going on and lots of sort of nuances for different depends what reporting regime you currently fall under as to when things might bite. So not a straightforward answer, I'm afraid.
Not a straightforward answer. You could just take them off the shelf and use them, I I guess.
You you could. And to be honest, the the UK versions are not looking radically different to what the ISSB published a couple of years ago. So there are some companies that have done that, and they are reporting using them. And so we'll already be familiar, but I think for for most people, they're they're not doing that. So this will be a change, and they will need to sort of take a look at them.
It's always a big job adjusting to a new reporting regime. Is it worth familiarizing yourself now if you if you're not familiar with what those standards look like?
Absolutely. I think that they it's it's definitely worth starting to think about them, you know, perhaps do a bit of training, upskilling people internally so that you're you're familiar with what they require. And because and they wanna look radically different to a lot of people because they have, TCFD as their backbone, that's where they're based on.
They will seem perhaps reassuringly familiar but at the same time there is additional information that's needed.
It it makes sense to start looking now because, you know, it's pretty much a foregone conclusion that they'll be adopted in the version that that that's been put out as an exposure draft.
Now over in Europe, they are deeply into implementing, sustainability reporting standards. In fact, they started doing it, and they've since, in February, started reviewing it and trying to soften the blow of those standards. We're now at a new phase. The, one of the European organizations have adjusted their sustainability reporting standards to make them much less onerous, it looks like, on paper.
That's right. So the it's EFRAG, and they have they have published exposure drafts of the ESRS as their own European reporting sustainability reporting standards.
And they have cut back on a number of disclosures and they've tried to make it clearer.
Some of the voluntary ones have gone, they've tried to make it clearer, they've streamlined the double materiality assessment. They are looking a lot smaller and hopefully a lot more manageable.
But for people who've already started looking at them, obviously, there's a somewhat painful exercise of them having to sort of go back and review and see what has changed. So, yeah, not still lots of work to do, unfortunately.
And if you're a UK company with European operations, that that's gonna be a priority to get that right, presumably?
So that again, that's going to be, slightly challenging because as part of the sort of package of of you you mentioned the EU's rollback, It's something that we've been calling the first omnibus package.
There were proposals to not only amend the ESRS, which is part of that, but also what's known as the content directive. They will be changing the companies that are in scope of the requirements and changing the time frames from which the they originally had to comply. So the and we don't know, by the way, at the moment, which way the legislatures are going to fall. There's been there's been sort of quite a large, amount of amendments proposed by the EU parliament. The council has its negotiating position now.
It's the sort of EU horse trading process is now operating.
We should end up with something by the end of the year with probably legislation coming into force early twenty twenty six.
But, yes, for companies who who do have significant EU operations, they will need to have a look and see or keep keep on top of those changes so that as soon as they come in, they know where they're they're placed and know when they'll need to report.
And just very quickly to illustrate the horse trading on the scope issue, it could be companies of five hundred employees. It could be companies of three thousand employees. There's a lot of to ing and fro ing over that threshold right now.
Yes. I mean, you know, it it has been quite sort of extraordinary to see the the sort of the reopening of that and the and the sort of range of options that have been offered up by various members of the parliament. I think it people just need to reflect that in the intervening time since the CSRD was originally parliament has changed dramatically and and leans much more to the right. So the the sort of, the the range of views has shifted and in terms of which companies should be covered, and there tends to be a sort of preponderance of of views on the right that that that that it should really only be the very largest of large companies rather than the sort of the the sort of middle ranking ones that were originally included within the scope of the directive.
Well, much still to play out there in those debates in Brussels.
Will, coming to you next, director identity verification. Tell us about that. It's a new rule coming in at Companies House.
Yeah. We've been talking about this for a while, obviously, through our updates, which you obviously have on on your website.
It's it's another key blank in what what Neil was talking about earlier, the the Economic Crime and Corporate Transparency Act. I mean, the headline the latest headline is that for those running businesses, the Companies House has announced that with effect from the eighteenth of November this year, identity verification will be compulsory for all new directors, new LLP members, and new persons with significant control, PSCs, as we know.
And they'll they'll and from that date, there'll be a twelve month transition period starting for existing directors and PSCs to to verify their identity.
So what what is the verification going to look like? How do how do directors do that?
Well, since April, existing directors and those anticipating that they might be a director have had the opportunity to voluntarily, get that process going. And there's one of two ways you can go about doing that. You can do so directly with Companies House, using various electronic ID checks or through what are now known as authorized corporate services providers who will likely charge you a fee unless they're in house.
And to be honest with you, I mean, being a bit of a a governance geek as you know and as a director of other other companies, I had a go at doing it back in April to get my personal code, and it didn't take very long. It wasn't that an arduous a process as you as you might expect, and there's there's more and more and more helpful guidance that sits around that process.
So that's so so, ultimately, you will if you're an existing director, get your personal code, and you can do that now. And then from the eighteenth of November, existing directors will need to verify their identity. So if they haven't got the personal code, they'll need to do it. Or if they have, they'll need to deploy it as part of their company's next annual confirmation statement.
And so and what's driven this change?
Well, again, it goes back to the to the aims of this this this act, which are broadly, trying to make the UK a more attractive and safer place to set up, run, and crucially, invest in businesses.
So Neil's, failure to prevent fraud effect offense being a key part of that. Another key part of it, focus more on corporate entities, is just improving the quality of information, the reliability, the accuracy of information on the Companies House register. But ultimately, given Companies House, making it a proper and fully fledged regulator with proper powers of investigation and enforcement.
And to the issue that you and I are talking about now, so verification, it's it's about preventing fraudulent, fictitious appointments, going back to what I said about improving the reliability of information on the company's house register.
But fundamentally increasing transparency on who owns, who controls companies, which in turn promotes that trust that I referred to earlier, but also, facilitates the enforcement facilitates enforcement should that be needed.
And is this different from any other jurisdiction?
There there there's nothing new under the sun, is there? I mean, there are a number of jurisdictions who actually, unfortunately, I guess, for us, have have taken the lead on this. Australia being one, for example, who have had a director verification requirement for a number of years. You get your, your code. You deploy your one code as you will have to here across all of the companies of which you're a director. And, frankly, once you've gone through it once, there's, it's it's relatively straightforward. But, no, there's there are other jurisdictions that have gone down this route for understandable reasons.
So we're playing catch up there. Directors have got to get their code. What are the risks if they don't? What if they don't verify their identity?
Oh, well, simply stated, if if if you're an existing director who doesn't, during the transition period, they won't be able to act as a director, commit potentially commit a criminal offense, punishable by a fine, potentially commit a civil offense, also punishable through enforcement action through Companies House. And the register could be annotated to reflect that a director is not verified. So, and and let's be clear, Companies House is already, as as Neil and our, from a corporate crime perspective will attest, is already flexing its muscles with new powers that it's got in other areas.
So this is to be taken seriously. But put another way, if you're a counterparty wanting to do business with a company, you start checking out their accounts or their filings at Companies House, and you see that directors aren't verified, well, in a year or so, then that will raise an alarm bell, I would have thought.
And thereafter, after the transition period, I think companies will start to, I would imagine, quite gently write to people and remind people they need to verify their identity quickly, and that will morph into some more serious enforcement action being taken fairly fairly swiftly against an individual.
So not an issue to be taken lightly there. Thanks for that, Will.
Neil, if I can come to you now for our last topic of this podcast, modern slavery reporting.
It's it's become a feature of UK corporate reporting. Everyone puts their report up on their website, but there's a new template out from the government. Tell us about that, and what is it its objective?
Yes. Absolutely, Gavin. So what we're talking, about here is is section fifty four of the Modern Slavery Act, which requires businesses to publish, annual statements, really detailing their efforts to prevent modern slavery within their operations and supply chains, and the government have published, updated guidance on on their expectations for those statements. But the guidance is is quite a comprehensive document, and it it goes beyond that and then really offers practical advice, in terms of managing modern slavery risk within supply chains and, sets out from less lessons from the field over the past ten years since the legislation has been enforced.
Now is that is that a aim to try and, deal with some of the inconsistency, across slavery reporting?
I think so. I think that's right, and I think it's also to reflect the fact that, certain companies in scope have invested a lot in this over the past decade and are now just at a different stage in terms of the evolution of their modern slavery compliance framework. And what the guidance does is that it splits the expectations into two levels, level one and two. Level one being those who have perhaps a more nascent, compliance measures for this particular risk area. It may be because it's not at high, higher risk for their business. But then level two are those who have developed these more sophisticated frameworks, and it sets out, a a more enhanced level of expectation.
So but this is guidance. It's not mandatory. So I I what what do companies do now with this guidance?
It it is just guidance. It's not mandatory. But, of course, it's it's published, by the government, and it it it it's it's certainly a very useful resource, I think, in terms of understanding where a company should be focusing their efforts. First step, obviously, is to review the guidance and then benchmark it against what companies are currently doing.
But I I think companies will be reassured, that that they are focusing on the right areas. So, for example, the guidance underscores the importance of having a very clear policy suite that that demonstrates a commitment to preventing modern slavery. It talks about having processes due diligence processes to assess and manage risk across particular supply chains. It references training, which many companies were already doing in this area.
And then also, I think important from a governance perspective, talks about setting goals and KPIs, to monitor progress in terms of tackling modern slavery. So it is actually a very useful resource. I think the company's focused on managing this risk.
What are the risks of not using the template?
I suppose it's also a useful document for campaign groups and observers to hold companies to account in some way.
It is. Absolutely. So that's right. If you're not benchmarking your business against this, then others will be.
And it it does perform it it does provide a reference point, essentially, I guess, to to measure the effectiveness of, of these types of compliance programs.
The the risks of, failing to publish a statement, there can be legal, liability flowing from that, and, there can be civil action taken to essentially, compel companies to publish their statement. I mean, one of the weaknesses of the modern slavery regime is that it it lacks teeth at the moment in terms of, direct enforcement.
But, of course, the the the reputational risk and and damage that can flow from, having any kind of modern slavery, risk crystallized across the supply chain is very significant.
Thank you for that, Neil. Much to digest there for those involved in modern slavery reporting. Well, thank you all for taking part.
Much to think about. The horizon is full of governance and compliance issues to manage. Neil Donovan, Becky Klisman, Will Chalk, thanks very much for joining us today. Thanks for all of you out there who are listening. We'll be back again soon.