11
Is the UK model working?
S I M O N L OW E
The evolution of UK corporate governance
To find evidence of the first statutory recognition of the importance of internal controls we must look at US law. During the 1970s, the Foreign Corrupt Practices Act 1977 (FCPA) was enacted as a result of investigations by the Securities and Exchange Commission (SEC), which found that over 400 US companies admitted to making questionable or illegal payments in excess of $300 million to foreign government officials, politicians and political parties.
The FCPA set out anti-bribery laws, but also considered the requirement for maintaining books and records, and a sufficient system of internal controls.1 In 1988, US Congress believed that US companies were at a disadvantage in international markets as elements of bribery appeared to be routine practice in other countries. US Congress contacted the Organisation for Economic Cooperation and Development (OECD), highlighting these concerns. However, it took almost ten years for member states to sign the OECD convention on Combating Bribery of Foreign Public Officials in International Business Transactions 1997. The convention drew on recommendations taken directly from the FCPA for accounting requirements, independent external audit and internal company controls.
In the UK, statute and case law in relation to company and director responsibilities and internal controls were also being established. The requirements for the management and structure of companies in the UK were being strengthened through Acts of Parliament (primarily in the Companies Act 1985), case law (such as directors exercising care and skill in carrying out duties2) and regulations. However, at the time there was little guidance specifically on corporate governance. As a consequence, in May 1991 the Financial Reporting
1The FCPA prohibits both United States and foreign corporations and nationals from offering or paying, or authorising the offer or payment, of anything of value to a foreign government official, foreign political party, party official, or candidate for foreign public office, or to an official of a public international organisation in order to obtain or retain business. In addition, the FCPA requires publicly held United States companies to make and keep books and records which, in reasonable detail, accurately reflect the disposition of company assets and to devise and maintain a system of internal accounting controls sufficient to reasonably assure that transactions are authorised, recorded accurately, and periodically reviewed. From www.usdoj.gov/criminal/ fraud/fcpa/fcpastat.htm.
2Dorchester Finance Co. v. Stebbing (1977).
222
Is the UK model working?
Council (FRC), the London Stock Exchange (LSE) and the UK accountancy profession set up a committee to consider the Financial Aspects of Corporate Governance. The result of this review was the Cadbury Report (1992), which started to establish best practice on financial reporting and accountability for public companies.
Later that year, the final framework for the Committee of Sponsoring Organisations (COSO) model was released. It provided companies with a framework for governance, covering a spectrum of internal control environments, including strategic, operating, reporting and compliance.
The Cadbury Report’s conclusions are now recognised as the starting point from which all other UK and much international corporate governance guidance has been developed. Many of the recommendations within the Cadbury Report were subsequently adopted into the Principles of Corporate Governance issued by the OECD in 1999 (revised in 2003). These Principles have now passed into other national corporate governance codes and guidance.
Throughout the 1990s, a series of reviews was produced to address particular areas. The Rutteman Report in 1994 addressed the subject of internal financial control; the Greenbury Report in 1995 looked at the area of directors’ emoluments and, in 1998, the Hampel Report incorporated the principles discussed within the Cadbury Report and explored the effectiveness of internal control. In that same year, the Combined Code on corporate governance was introduced, pulling all these reports into one code of governance which, while not mandatory, was appended to the London Stock Exchange listing rules. In 1999, Nigel Turnbull issued his report entitled ‘Internal Controls – Guidance for Directors on the Combined Code’.
Following the introduction in the US of the Sarbanes-Oxley Act 2002 (SOX), the Turnbull guidance was accepted by the SEC as an approved governance framework to help management comply with section 404 of the SOX Act.3 In the UK, Higgs (2003) and Smith (2003) provided additional guidance on non-executive directors’ roles and audit committees respectively. These were then incorporated into the 2003 revised Combined Code (the Code).
Then in 2004, in response to the impact of SOX, the FRC asked Douglas Flint, the Finance Director of HSBC, to revisit the adequacy and relevance of the Turnbull guidance. Over 100 companies responded to his review, including 56 per cent of the total market capitalisation of the LSE.
The Flint review, published in 2005, concluded that:
the Turnbull guidance continues to provide an appropriate framework for risk management and internal control. Its relative lack of prescription is considered to have been a major factor contributing to the successful way it has been implemented, and we have therefore decided against recommending substantial changes.4
3www.icaew.co.uk/index.cfm?route=112276.
4Quote from Douglas Flint, www.frc.org.uk/press/pub0822.html.
223
Simon Lowe
It is notable that the key guidance on corporate governance in the UK has been written by individuals (Cadbury, Greenbury, Hampel, Turnbull, Higgs and Smith) active in the private sector, with experience of finance, banking and directorships. In comparison, US regulations have been created by federal lawmakers.
Other governance principles
Underpinning the effectiveness of the Code has been the principle of comply-or- explain, which, while putting the emphasis on compliance, does acknowledge that there are circumstances where an alternate approach may be more appropriate for a company’s position. In such a situation, the alternative to compliance is clear explanation. It is this principle, which is introduced in the preamble to the Code rather than in the body, which has, together with a requirement for clear guidance, enabled companies to develop appropriate corporate governance practices.
In January 2006, the FRC published the report on their review of the implementation of the Code. This review was conducted in response to questions as to whether a SOX-type regulatory environment was needed in the UK. Fundamentally, should the UK move towards a more financially focused, rules-based approach when assessing the effectiveness of internal controls?
The key message from respondents to the consultation was that the Code was having a positive impact on the quality of corporate governance practice among listed companies. There were some concerns over the increased time commitments needed for directors to satisfy aspects of the Code, and some difficulties were noted in relation to recruiting non-executive members of the audit committee with ‘recent and relevant financial experience’.
The 2006 Grant Thornton Corporate Governance Review (the fifth detailed study of disclosures produced by 314 of the FTSE 350 and their compliance with the terms of the UK Combined Code) confirmed that inroads are being made in the area of relevant financial expertise, but with 20 per cent (27 per cent in 2005) of FTSE 350 companies still not identifying the relevant individual, finding these persons still represents a challenge. However, the FRC review concluded that major changes to the Code were not required.
There remain conflicting views as to whether the Code has improved dialogue between shareholders and company boards. The Association of Investment Trust Companies (AITC), in their response to the 2005 FRC review, considered that there had not yet been any added value for shareholders from the introduction of the Code. The FRC, in April 2007, announced further consultation and review of the Code, in particular to address the perception of box-ticking and boilerplating and also the impact and application of the Code to the smaller cap companies. In October, the FRC announced that only two changes were proposed to the Code: to remove the limit on more than one FTSE 100 chairmanship, and to allow the Chairman of a small company to be a
224