UK Audit Reform: Impact on Directors and D&O Insurance

UK Audit Reform: Impact on Directors and D&O Insurance

August 6, 2021, Covington Alert

In a robust 200 plus page white paper on ‘Restoring Trust in Audit and Corporate Governance’ issued by the UK Department for Business, Energy and Industrial Strategy (the “White Paper”)[1], major reforms have been proposed to UK audit and corporate governance. The reforms are aimed at larger companies where the public interest in this arena lies.

As we await further proposals following the consultation period (which ended on 8 July 2021), we consider in this alert the key proposals affecting UK directors and the impact the proposed changes may have on D&O insurance.

The White Paper responds to concerns highlighted in three independent reports into: (i) the Financial Reporting Council (“FRC”); (ii) quality and effectiveness of audit; and (iii) the Competition and Markets Authority (“CMA”)’s Statutory Audit Services Market Study following a number of high-profile UK corporate collapses. The main purpose of the reforms is to address the concerns coming out of these reports to maintain and enhance the UK’s reputation for high standards of audit and corporate reporting.

The most stringent reforms and sanctions are aimed at Public Interest Entities (PIEs), predominantly main market listed companies which are already subject to additional regulatory auditing measures. The White Paper seeks to expand PIEs to large private companies and AIM-listed companies (the two proposals on the table are either those companies with more than 2,000 employees or a turnover of at least £200 million and a balance sheet of more than £2 billion; or over 500 employees and a turnover of more than £200 million). The Government also sought views on whether large third sector entities such as universities or charities should also be included in the new PIE definition.

To advance that purpose, the proposals are aimed at four key areas.

The first key proposal is the widely reported introduction of a new watch dog - the Audit, Reporting and Governance Authority (“ARGA”) - to replace the FRC. The independent report into the FRC found that it was lacking the necessary powers and clarity of purpose to sufficiently hold directors (and auditors) accountable. Among a wide array of proposed powers, ARGA will have investigation and civil enforcement powers to hold to account directors of large businesses for breaches of their duties in relation to corporate reporting and audit.

The second key set of proposals are aimed at duties on (and increased regulation of) directors. The most significant of which is a shift from collective board responsibility to personal liability of individual directors for new reporting and attestation requirements. These set of proposals are aimed at addressing the independent report into quality and effectiveness of audit which found that higher expectations should be placed on directors (and auditors) to deliver more useful information to the users of reports.

The third key proposals create a new stand-alone audit profession with wide reach and a clear public interest focus covering all forms of corporate reporting beyond a financial statements focus. There are also proposed new regulatory measures for audit firms to separate their audit and non-audit practices. These set of proposals are aimed at tackling the need for the audit report to be more forward looking and the CMA independent report findings of an “unhealthy dominance” in the audit arena of big companies by the “big four” accounting firms.

The fourth key set of proposals are aimed at improving shareholder stewardship, including proposals requiring companies to set out their approach to audit through publication of an audit assurance policy to be voted upon by shareholders. Shareholders would also have a formal opportunity to propose to the audit committee areas of emphasis to be considered within the auditor’s annual audit plan. These proposals are aimed at giving shareholders better opportunities to engage with companies on audit matters.

We delve deeper into how these proposals may affect directors and the insurance implications below.

The most notable proposals increasing directors duties are:

• to carry out an annual review of the effectiveness of the company’s internal controls over financial reporting and make a statement on their effective operation in the annual report including requiring directors to report on the steps they have taken to prevent and detect material fraud;
• to disclose on behalf of parent companies (i) the total or “known” distributable reserves that are distributable, which must be greater than any proposed dividend; and (ii) an estimate of distributable reserves across the group;
• to make a statement that any proposed dividend is within known distributable reserves and that payment of the dividend will not, in the directors’ reasonable expectation, threaten the solvency of the company over the next two years; and
• in respect of directors of PIEs:
  • to produce an annual Resilience Statement, setting out how directors are assessing the company’s prospects and addressing challenges to its business model over the short (one-two years), medium (five years) and long-term (not prescribed), including risks posed by technology and climate change; and
  • to produce an Audit and Assurance Policy, describing directors’ approach over the next three years for seeking internal and external assurance (beyond the scope of the annual statutory audit) of the information they report to shareholders.

The proposals provide the audit regulator with investigation and enforcement powers into breaches by directors of statutory duties for corporate reporting. ARGA’s proposed review powers (pre-formal investigation stage) include requiring an expert review to be conducted and published which could then be used as the basis of enforcement against the PIE. The proposals also strengthen clawback provisions within listed company directors’ remuneration arrangements including extending the grounds for clawback to serious misconduct, material misstatement of results and material failure of risk management and internal controls. Sanctions for PIE directors are proposed to include fines, orders to mitigate breach and in severe cases prohibition on acting as a PIE director.

There are a significant number of new risk exposures to UK directors in the White Paper. In a hard insurance market where D&O insurance premiums have more than doubled over the last year alone, UK directors would be well advised to review their insurance policies to ensure they have the appropriate cover in readiness to meet liability arising out of these major proposals for reforms.

For example, if proposals for directors to report on the impact of climate change on the company’s business model and financial planning in their Resilience Reporting are adopted, claims by shareholders or climate activist groups for directors’ lack of effective climate change proposals  may be on the horizon as these issues are elevated to boardroom level. Such risks are novel and unquantified and there have been recent calls by the London and International Insurance Brokers Association for brokers and the insurance sector more widely to focus efforts to quantify these risks.  

Another area of concern from an insurance perspective is the increased regulation and enforcement powers of ARGA, and notably, ARGA’s review powers pre-investigation, which has the potential to be costly for companies. D&O insurance would usually cover formal investigations but may not cover a pre-investigation phase such as the ARGA review (depending on the policy wording). In relation to ARGA’s powers to levy civil fines, whilst FCA fines are uninsurable, the position is less clear here and will ultimately be fact specific and dependant on an assessment of the public interest.

The move to holding directors personally accountable rather than the board as a whole may also have significant consequences on the application of typical exclusions in D&O insurance. Such policies usually contain conduct exclusions for deliberate or reckless conduct of a director. The reliance on such exclusions by insurers is likely to increase if directors are to be held personally liable under current proposals, although such exclusions usually require a dishonest or reckless finding made by a final binding judgment or arbitral award to bite. By the same token, companies may be able to avoid imputed liability of their directors and therefore avoid such exclusions applying to insurance claims made by the company under D&O insurance Side C coverage (providing limited securities-related cover for entities) or other relevant company liability insurance.

The White Paper proposals on internal controls adopt some elements of the regime that applies in the US under the Sarbanes-Oxley Act 2002 which are seen by some stakeholders to have led to better financial reporting.

There remains however an inevitable concern over placing one or two directors responsible over the board as a whole and holding different directors to different standards which undermines collective board responsibility and may deter director innovation and even take-up of directorship posts. There is also a concern that the proposals are applicable to non-executive directors and directors with no accounting background although the White Paper does refer to ARGA being expected to apply proportionality, taking into account a directors’ background and size of the entity. Perhaps the most significant concern is directors ensuring their D&O insurance adequately protects them for the new exposures in anticipation of the adoption of the White Paper proposals.

In that regard, to manage the impact on business, the Government is considering the scope for its measures to be introduced in stages or after a transitional period for measures with the most significant impact on directors. It is expected that they will apply to premium listed companies first and then to other PIEs after two years.