By Simon Watkins
Twenty years ago the US introduced the Sarbanes-Oxley (Sox) rules, which make board directors personally liable for company accounts. Sox was signed into law by President George W Bush after the Enron scandal of 2001, then the largest bankruptcy reorganisation in American history.
Only British companies with dual listings in the US were affected by this radical tightening of US regulation, and for most it was an irrelevance.
Then last year the UK government debated whether to introduce a British version of Sox. It opted against new legislation but the idea is far from dead.
Sir Jon Thompson, chief executive of the Financial Reporting Council, described the government's decision as “a missed opportunity to improve internal controls in a proportionate, UK-specific manner”.
The council, however, is still free to act by itself and last month Jan du Plessis, its chair, said the FRC would review the corporate governance code. It would introduce rules comparable with Sox “to ensure that directors accept more overt responsibility for internal controls”.
The FRC is expected to publish a paper outlining its position this summer.
The Sox model has two main elements, says Roger Barker, director of policy and governance at the Institute of Directors. The first point makes specific directors responsible for internal controls and the [UK] financial reporting framework, while the second requires external assurance of auditing controls.
The IOD believes the government is right not to legislate. “The board is collectively responsible,” Barker says. “Placing that responsibility on a single person dilutes that collective responsibility.”
A requirement for third-party assurance was also too onerous, he says. “On balance, in the current challenging economic circumstances, this was the right position to take. [It] could have led to a lot of extra costs.”
The Institute of Chartered Accountants in England and Wales has a different view. “The accountability of directors for the effectiveness of internal control was one measure that had the potential to be a game changer,” says John Boulton, director of policy.
Both Boulton and Barker, however, believe that the introduction of Sox-style guidance could still be significant.
The FRC has limited powers over directors outside the accountancy profession but the corporate governance code has teeth.
The board and directors are expected to “comply or explain” – to adhere to the code’s recommendations or publicly say why these do not apply in their specific situation.
“‘Comply or explain’ is a different level of rigour to a statutory requirement but I think you've got a number of areas for optimism,” Boulton says.
As well as the creation of a framework for financial reporting, he believes that many boards will adopt a code specification for independent assurance.
“It will give audit committees the ability and opportunity to think about whether independent verification of internal control is something that would be valuable in their circumstances,” Boulton says. “It will bring a little bit more focus to that area. We feel that business has an opportunity to act.”
With regard to reporting in line with environmental, social and governance criteria, the G for governance may become more prominent for institutional investors. Companies that choose to explain rather than comply will be in the spotlight. “Directors will face questions from shareholders about that,” Barker says.
The FRC’s review of the code will be its last under its current name. By April it will be part of a new regulator called the Auditing, Reporting and Governance Authority. This will have a broader remit and powers to sanction directors, including those who as non-accountants are out of the reach of the FRC.
Arga’s remit will also extend beyond listed companies, covering those deemed to be public interest entities. This will affect firms that have more than 750 employees and sales of £750 million or more.
Many private companies, according to Barker, will feel “the biggest impact”. While there will be no new legislation to mirror Sox, the scrutiny may feel almost as intense.
“Directors will feel a greater weight of personal liability because a new state regulator [will look] at the whole financial report, not just the financial statements but also the governance sections,” Barker says.
The proposals for the corporate governance review will not be known until the FRC releases its positioning paper.
Any board that does not apply policies with effects comparable with Sox will probably face a regulator and investors asking: “Why not?”