Financial compliance has undergone significant transformation in recent years, with organisations placing greater emphasis on identifying and quantifying risks within internal processes. Reshaping financial compliance, the UK's new corporate governance reform, commonly known as 'UK SOx' is due for implementation in 2024.
Finance teams must enhance payment and reporting to ensure compliance and protect their organisations, relying on technology and automation for efficiency and risk mitigation. Notably, Finance Directors and Audit Committees bear significant responsibility for UK SOx compliance, facing personal liability and fines or even imprisonment for non-compliance.
UK finance teams are at risk
The '2023 State of Financial Crime Report' has revealed a troubling trend: "Financial crime is poised to surge as economies face uncertainty." Economic instability can drive risk-taking behaviour, while increasingly sophisticated fraud and scams pose additional threats.
With the UK economy facing challenges from the COVID-19 pandemic and the Russia-Ukraine conflict, the government recognises the need to strengthen compliance measures to support economic recovery and safeguard financial fraud. Recent business failures have also eroded confidence in financial reporting and regulatory oversight, even among large, publicly traded companies. The famous case where Patisserie Valerie’s audit failures led to liquidation and £2.3 million fine for auditors highlights the necessity for stronger financial controls.
The UK’s approach to corporate governance
Government departments are prioritising financial fraud and security as a top concern, aiming to restore faith in financial controls. Extensive reviews have identified flaws in the current security model, impacting audit and governance committees’ credibility and causing ripple effects on other UK businesses and suppliers. The new UK corporate governance reform has been dubbed "UK SOx" for its close resemblance to the US Sarbanes-Oxley Act; emphasising accountability and transparency in financial operations; and all Public Interest Entities (PIEs) are liable.
The Legal Implications for Finance and Audit Directors
The introduction of UK SOx serves a dual purpose: rebuilding trust in the UK's financial ecosystem and emphasising accountability for finance and audit leaders. A central element of this new approach is the personal attestation required from company Finance and Audit
Directors. They are obligated to personally guarantee the accuracy of financial statements and ensure a thorough review of the accompanying controls and processes.
A recent Financial Times article titled 'UK directors to face stricter personal accountability rules' highlights that directors will bear greater personal liability due to increased scrutiny by a new state regulator, known as the Audit Reporting & Governance Authority (ARGA) which will extend beyond financial statements to include governance sections too.
This represents a significant transformation in the auditing and financial reporting landscape, as company Directors now hold personal responsibility for financial statement accuracy. It has been described as having a ‘game-changing nature of Director accountability for internal control effectiveness’ by The Institute of Chartered Accountants in England and Wales.
So, what are the first steps towards UK SOx compliance?
There are four crucial steps organisations should follow when implementing UK SOx, especially since many businesses are still in the early phases of SOx compliance and are also navigating multiple audit and risk assessments at the same time.
1. Document Preparation: Companies are required to generate several critical documents, which encompass a Director's Responsibility Statement, a Statement on Fraud, a Resilience Statement, and an Audit and Assurance Policy (AAP). These documents serve as a declaration of the company's dedication to maintaining ethical practices and safeguarding financial integrity.
2. Risk Detection and Prevention: To mitigate potential risks, businesses must establish robust systems for detecting and preventing occurrences such as fraud, cybersecurity breaches, disruptions in the supply chain, and financial anomalies. The implementation of effective measures in these domains serves as a protective shield for the organisation and its stakeholders.
3. ESG Policy and Risk Evaluation: Businesses must prioritise the development of Environmental, Social, and Governance (ESG) policies. Consistent risk assessments and thorough business continuity testing are imperative to promptly pinpoint and address potential vulnerabilities.
4. Auditing and Control Evaluation: Independent auditors hold a pivotal position in UK SOx compliance. Their role involves scrutinising the precision of financial statements issued by directors and appraising the efficiency of established controls. This process guarantees the accuracy of the information presented and offers assurance to stakeholders.
Starting your compliance journey early is crucial to success
The clock is ticking for UK SOx compliance as it’s on course to be fully implemented by late 2024. Given that projects like US SOx compliance usually take approximately two years to finalise, it's imperative to prioritise and initiate preparations now to ensure readiness.
Time is of the essence, and the sooner organisations begin, the better positioned they'll be to meet the challenges of UK SOx.