Enhancing Internal Controls for Market Abuse Regulation Compliance: A Strategic Imperative for UK Listed Companies

In the ever-changing world of corporate governance, businesses must navigate a vast array of regulatory requirements and stakeholder expectations. In January 2024, the Financial Reporting Council (FRC) announced that that they have, “prioritised revisions to the UK Corporate Governance Code (the Code) in one significant area – Internal Controls”. The new guidance asks directors to sign-off annually on the effectiveness of their companies’ internal controls and governance.

For corporate governance and secretariat teams in a publicly listed UK company, navigating the complex regulatory landscape plays a key role in ensuring compliance, protecting shareholder interests, and fostering sustainable growth.

This article aims to provide corporate governance and secretariat teams with a framework to put the case forward for further investment in automation as part of wider improvements in internal controls.

What are internal controls?

Internal controls form the backbone of an organisation’s governance framework, encompassing policies, procedures, and practices designed to mitigate risks and ensure compliance with regulatory requirements. Beyond mere regulatory adherence, they touch every aspect of operations: influencing financial reporting accuracy, operational efficiency, risk mitigation strategies, and strategic decision-making processes.

Who do they affect?

Everyone! The impact of internal controls reverberates across all levels of an organisation. From executives responsible for setting the tone at the top to frontline employees executing daily tasks, everyone is implicated in the efficacy of internal controls. External stakeholders, including investors, regulators, suppliers and customers, place implicit trust in organisations with robust internal controls, viewing them as pillars of transparency and reliability.

Why invest in internal controls?

Enhanced internal controls offer tangible commercial benefits by streamlining processes, minimizing inefficiencies, and improving transparency. Moreover, robust measures strengthen relationships with stakeholders and investors, and bolster a company’s reputation in the marketplace. From a strategic standpoint, investment in this area not only mitigates regulatory risks but also cultivates a competitive edge, positioning the company for sustained success and long-term value creation.

This is key for corporate governance and secretariat teams. Despite its pivotal role in ensuring regulatory compliance and governance excellence, the company secretariat has perhaps been pigeon-holed as a cost centre rather than a value driver. By reframing this perception and highlighting the strategic importance of internal controls – corporate governance and secretariat teams can elevate their stature within the organisation.

Demonstrating the tangible benefits of enhanced controls, such as improved risk management, enhanced stakeholder trust, and operational efficiency gains, can position the company secretariat as a critical enabler of organisational success.

 

Key Factors for the Business Case

Time-saving efficiencies

In an era characterised by rapid digital transformation (accelerated by COVID) and evolving regulatory requirements, time efficiency is key. Effective internal controls streamline administrative processes, automate routine tasks, and facilitate seamless information exchange, enabling company secretariat teams to allocate their time and expertise efficiently. By leveraging technology solutions and standardised processes, companies can enhance agility, responsiveness, and adaptability, allowing the company secretariat to fulfill its obligations promptly and effectively.

Risk mitigation

Effective internal controls serve as a barrier against regulatory non-compliance and associated risks. With exacting regulations in place the stakes have never been higher for listed companies. Inadequate controls in managing data can expose the company to reputational damage, legal liabilities, and financial penalties. By implementing robust control mechanisms, conducting regular risk assessments, and building a culture of compliance, companies can proactively mitigate regulatory risks and safeguard shareholder interests. Particularly pertinent with the FCA announcing plans to name firms under investigation at an earlier stage.

Integration with the wider internal controls framework

Internal controls within corporate governance should be seamlessly integrated with the broader framework of the organisation. Companies should align policies, processes, and systems to ensure consistency, effectiveness, and compliance across all functional areas. By collaborating with different departments, businesses can minimise duplication of effort and optimise resource allocation. Furthermore, a cohesive internal controls framework enhances transparency, accountability, and oversight, enabling senior management and the board of directors to make informed decisions and mitigate risks effectively.

 

Stakeholders and Buy-In

Successful implementation of enhanced internal controls requires buy-in from a range of stakeholders, including:

Board of directors

As the ultimate custodians of corporate governance, the board of directors play a pivotal role in championing internal controls initiatives and allocating resources accordingly. Engaging the board in discussions around how they can help meet strategic business objectives is essential to securing their support.

Senior operational management

Executive leadership sets the tone for the organisation and shapes its risk management culture. Securing buy-in from senior management should be centred around the added value enhanced internal controls provide, such as: improved operations, mitigated risks, and increased protection of shareholder interests.

Audit committee

The audit committee provides oversight and guidance on internal controls and compliance matters. Communication here is key to assessing the adequacy and effectiveness of existing controls. Getting their input on identifying areas for improvement ensures alignment with regulatory requirements and best practices.

External stakeholders and Regulators

Suppliers look for evidence of robust internal controls that show a commitment to governance and risk. Employing the necessary controls to ensure metrics around financial stability, risk mitigation and operational efficiency are accurate and continually assessed, builds confidence with the supply chain.

Regulatory compliance is paramount for listed companies, and regulators play a key role in setting and enforcing standards. If companies engage with regulators and demonstrate a proactive approach to compliance, they can enhance their credibility and foster constructive relationships.

Internal stakeholders

Internal stakeholders, including employees and shareholders, are essential partners in the journey towards enhanced internal controls. Communicating the rationale behind internal controls initiatives, seeking feedback, and creating and encouraging a culture of compliance and accountability are crucial to gaining their trust and support.

 

Assessing Internal Control Effectiveness

Measuring the effectiveness of internal controls requires continual assessment, key performance indicators include:

Compliance with regulatory requirements

Internal controls should be designed to ensure compliance with applicable laws, regulations, and industry standards. Regular audits and assessments can help validate compliance and identify areas for improvement.

Risk mitigation

Effective internal controls should mitigate operational, financial, and regulatory risks, thereby safeguarding the organisation against potential threats. Monitoring key risk indicators and conducting scenario analyses can help assess the effectiveness of risk mitigation strategies.

Operational efficiency

Internal controls should enhance operational efficiency by streamlining processes, minimizing errors, and optimizing resource allocation. Assessing key performance metrics, such as process cycle times, error rates, and resource utilisation, can provide insights into operational effectiveness.

Stakeholder satisfaction

Internal controls should inspire confidence among stakeholders, including investors, regulators, and employees. Surveys, feedback mechanisms, and stakeholder engagement initiatives can help gauge satisfaction levels and identify areas for improvement.

 

In Conclusion

The imperative for enhancing internal controls within corporate governance and secretariat teams cannot be overstated, particularly within the wider context of organisation-wide internal controls. A compelling business case that emphasises commercial value, time efficiency, risk mitigation, and stakeholder engagement can secure buy-in from key stakeholders and position internal controls as an enabler of organisational excellence.

Compliance with the updated UK Corporate Governance Code requires a proactive review and enhancement of existing internal controls. Despite the obligation to report annually rather than periodically, ongoing controls moving to ‘as at date of balance sheet’ still need to be considered throughout the year. A quick ‘check at the end of the year’ won’t be enough. Failure to adapt not only risks reputational damage but also invites heightened regulatory scrutiny and diminished investor confidence.

This article should have helped to distill the points around improving internal controls and how best to present your case to get buy-in from the decision makers. The FRC’s emphasis on internal controls signals a shift in governance expectations for issuer companies. Corporate governance and secretariat teams deal with multiple internal processes from board and committee meetings to subsidiary governance and annual reporting and disclosures, therefore being a key-dependency in how a company aligns itself with the expectations outlined in the revised Code.

For more information on how Cytec can support you in maintaining a robust governance and compliance framework, feel free to get in contact with us or email me directly.