New draft UK regulation will require large organizations to produce an Annual Resilience Statement

• 20 Jul 2023

• News
• 0

  Comment

On the same week that the Australian Prudential Regulation Authority launched its new operational risk management standard, the UK Government today laid down new draft regulations concerning new corporate reporting requirements for large organizations (those with 750 employees or more, and an annual turnover of £750m or more).

According to the UK Government website, the new regulations will require large organizations to report more effectively on business resilience and assurance by:

• Explaining how they are managing significant risks and building or maintaining resilience.
• Demonstrating that they have enough realised profits to pay any dividend (or make any other distribution of profit) and explaining their approach to making dividend and other profit distributions over the short and medium term.
• Describing the actions taken by the directors to prevent or detect major fraud.
• Explaining how the company assures the quality and reliability of its corporate reporting.

The new measures are in response to major corporate collapses over the past few years, such as the compulsory liquidation of Carillion in 2018, which have had wide reaching business, economic, and social impacts to society.

The draft regulations include the requirement for large organizations to produce an Annual Resilience Statement as part of their strategic report. Organizations will have to explain the steps they are taking to build or maintain their business resilience over the short, medium, and long-term. 

The movement to consider long-term risk alongside short-term risk is one that BCI members report is already now happening within their organizations, according to the BCI Continuity & Resilience Report 2022. For those business continuity (BC) professionals who had been more reactive in their processes, they were now finding themselves increasingly involved in management conversations about longer term risks to their organizations and were offering advice on how to build resilience to ensure that the business is protected. The UK’s new corporate reporting regulations will see the expanded remit of BC being cemented in organizations.

Interviews for the BCI Operational Resilience Report 2023 showed that members were broadly in favour of new resilience regulations to ensure management buy-in, whilst 70% of respondents in the survey for the BCI Severe Weather & Climate Change Report 2022 said that they would welcome regulation being introduced around climate resilience. Regulation ensures that boards are mandated to follow guidance around resilience which, in turn, will allow resilience and/or BC departments to attract more funding and talent.

The new corporate reporting regulation encompasses a wide range of considerations for boards to make, but the Annual Resilience Statement is seen as a key component. The draft regulation will ensure that organizations build and maintain their business resilience by:

• Summarising the organization’s strategic approach to managing risk and building or maintaining business resilience: This will include how risk and resilience are considered within the company’s business planning and investment cycle and within relevant internal governance processes.
• Describing the principal risks that the directors consider could provide a threat to the company’s operational or financial resilience: The draft regulation says this will only apply to the short to medium term risks and involves explaining how these are being managed. Given the long-term theme of the regulation, it would be expected that longer term risks will also need to be applied in future.
• Summarising why the directors have decided to adopt the going concern basis of accounting: This means ensuring the company will be able to meet its liabilities as they fall due over an assessment period of 12 months or more, including any significant judgements or mitigating action taken to reach this conclusion.
• Providing a directors’ assessment of the company’s prospects over the medium term: The “medium term” will be defined and explained by the company and the assessment will include consideration of the likelihood that the company will be able to continue in operation and meet its liabilities as they fall due over that period.
• Reporting on an annual reverse stress test: This will identify a combination of adverse circumstances that could cause the company’s business plan to become unviable, and identifies any mitigating action put in place in light of the exercise. For those financial services organizations which are already performing this as part of FCA/PRA/Bank of England regulation, there will be no need to perform additional testing.
• Summarising any long-term trends or factors which could threaten the company’s business model or operations: These should include any plans the directors may have in place, or be considering, in response to these threats.

Adapted from The Draft Companies (Strategic Report and Directors’ Report) (Amendment) Regulations 2023

Currently, the new legislation is penned to be discussed in Parliament “in due course”, with draft guidance for consultation to be launched by early 2024. However, the BCI would encourage professionals to raise awareness of this potential new regulation with senior management to not only ensure that organizations are ready for when the legislation is brought in but, also, to demonstrate that the UK government now views corporate resilience as a priority. 

More on

• Resilience/ Organizational Resilience