22 Corporate governance and whistleblowing
‘The real mechanism for corporate governance is the active involvement of the owners.’
Louis Gerstner Jr, former CEO and chairman IBM
In a nutshell
Corporate governance refers to the system by which companies are ‘managed’ (i.e. directed and controlled). ‘Good’ corporate governance prevents directors from making and taking decisions that benefit themselves to the detriment of the shareholders who appoint the directors to run the business on their behalf.
The UK has developed its corporate governance guidance over 30+ years. The UK Corporate Governance Code (The Code) is written as a set of principles and supporting provisions intended to guide directors on best practice to ensure long-term sustainable business success. The Code is applicable to all companies with a premium listing on the UK Stock Exchange. The directors are required to report annually how they have applied the principles and complied with supporting provisions of the Code.
The UK Code recognises the importance and need for a company’s workforce to be able to raise concerns about the operations of the business. Whistleblowing is the reporting of wrongdoing (e.g. fraud, illegality, or unethical practice) by an employee. A whistleblower disclosing information about wrongdoing is protected (in certain circumstances) by the Public Interest Disclosure Act 1998.
Corporate Governance guidance continues to develop and evolve as new corporate failures provide additional insights and lessons on how to better manage and control business for the benefit of shareholders and stakeholders.
Need to know 
Corporate governance
Corporate governance is a critical issue whenever there is separation between a company’s ownership and control.
In public companies (plcs) it is almost always the case that the directors appointed to run a company are not the same as the shareholders who own the company. This creates an agency relationship in which shareholders, who typically are not involved in the day to day running of the business, have to rely on directors (‘agents’) to use their expertise to run the company for the benefit of the shareholders. This agency relationship creates a self-interest risk, namely that directors may take decisions that are in their own interests rather than the interests of those that they have been appointed to serve, i.e. shareholders.
The UK Code
The UK Code sets out the UK’s approach to addressing this principal-agent risk. It is applicable to premium listed companies (the highest profile listing on the UK Stock Exchange). The Code itself has been subject to many updates over the 30-years since it was first issued. The Code has been shaped in particular by large-profile company failures, including high-profile corporate collapses such as Maxwell Communications and Polly Peck in the early 1990s, Northern Rock and RBS during the financial crisis of the late 2000s and more recently BHS, the UK fashion and homeware retailer.
Principles and provisions
The Code contains principles and supporting provisions that aim to align the interests of directors with shareholders and other stakeholders (employees, customers, suppliers, pensioners etc.).
| Principles | Provisions |
|---|---|
| Listed companies are required to report to their shareholders annually on how they have applied the principles contained within the Code | Listed companies should comply with the Code’s provisions. However, a company may depart from a provision where the directors believe an alternative is justified. Where a provision is not followed, the company should explain the reasons for non-compliance and how the alternative approach adopted is nevertheless consistent with the principles. This approach is referred to as ‘comply or explain’. |
Private companies
Until 2019, corporate governance guidance was focused only on listed companies. There was no requirement for private companies to follow the UK Code. Recent history has shown the harmful impact on stakeholders of the failure, not just of listed companies, but also large private companies. For example, the collapse of BHS (a large private company) in 2016, led to many thousands of employees losing their jobs and pension benefits.
In response, new guidance known as ‘The Wates Code’ was introduced (in January 2019) specifically for large private companies. Large in this context means companies that employ significant numbers of staff (defined as more than 2,000 employees) or have a significant turnover (defined as more than £200m).
It is hoped that by extending the principles of good corporate governance to large private companies, this will further reduce the risks of company failure, while at the same time increasing confidence amongst shareholders and stakeholders that their company is being well run.
Whistleblowing
Whistleblowing is the reporting of wrongdoing (e.g. fraud, illegality, or unethical practice) by an employee.
Whistleblowers are protected under law when a disclosure is made for the public interest. This protection is designed to encourage employees to speak out if they find malpractice in their organisation. The Public Interest Disclosure Act (PIDA) 1998 protects employees from detrimental treatment or victimisation from their employer where they blow the whistle on wrongdoing.
The UK Code includes a requirement for boards to consider the adequacy of their whistleblowing procedures.
Why is this important? 
A statement of compliance by directors is intended to give investors the confidence that they are applying best practice principles and operating in the best interests of the shareholders and with due regard to wider stakeholders.
In practice 
Compliance with the principles of the Code is not a legal requirement but is required to comply with the UK Stock Exchange listing requirements. While Company directors are expected to apply the principles and explain any non-compliance with supporting principles, doing so does not ensure success. It is not a substitute for having a sound business strategy. Neither should it be assumed that non-compliance with one or more provisions indicates that the business will fail or suffer impropriety.
According to Grant Thornton (a firm of auditors and advisers), only 59% of the largest listed UK Companies (UK FTSE 350) were fully compliant with the Code during 2020. In addition, only 32% of the companies provided a meaningful explanation to shareholders of how they had applied the principles.
Nice to know 
The journey
The UK Code represents a consolidation of three decades of developments and learning in corporate governance. Numerous committees have been set up over this time to provide and evolve guidance on how a company (the board) should be directed and managed, directors’ compensation, strengthen financial reporting and audit, and improve communication with shareholders.
A principles-based approach
The UK Code is written as a set of principles, to recognise that each business is unique and a ‘one size fits all’ approach is unlikely to work. The UK Code therefore requires adherence to the ‘spirit’ rather than the letter of the Code. Companies, while expected to apply the principles of the Code, are permitted to depart from the detailed provisions, provided they explain their reasons for departure. It is believed that a principles-based approach allows for greater flexibility, while avoiding the need to be overly prescriptive.
A rules-based approach
The UK’s approach to corporate governance differs from other countries, most notably the US. There has never been a single unified corporate governance code for US listed companies. US listed companies are instead directed to follow rules contained within a number of Federal State regulations including The Securities Acts and ‘Sarbanes–Oxley’ (known as ‘Sarbox’). Unlike the UK, following these corporate governance regulations is a legal requirement.
It is argued that the requirement to follow regulations provides greater clarity and certainty over compliance. Conversely, flexibility is lost as there is no choice to apply regulations in a way that best reflects the nature of the organisation (e.g. to reflect the organisation’s size or stage of development).
Company directors
Companies are run by directors who take decisions at ‘main’ board meetings. These should be attended by all board directors (executive and non-executive). All directors must assume collective responsibility for the decisions and actions taken by the company.
The UK Code recommends that a board comprising ‘executive’ directors should be supported by ‘non-executive’ directors (NEDs). Executive directors, as their title suggests, take responsibility for the day-to-day management of the business, whereas non-executive directors have no day-to-day responsibility for the running of the business. Further, non-executive directors should preferably be independent outsiders appointed to represent the interests of shareholders and should have no recent dealings with the company. Independence can be compromised if the directors have personal or business interests in the company or if they are awarded remuneration beyond an agreed director’s fee. The purpose of non-executive directors is to act as the ‘eyes and ears’ of shareholders in the boardroom. Non-executive directors, in effect, help to bridge the ownership versus control (agency) disconnect that exists in large companies.
Non-executive directors can however hold shares in the company and be considered independent.
Board committees
The Code recommends the main board be supplemented by three committees. Each committee is granted authority by the main board to focus on certain specific aspects of corporate governance.
The main purpose of each of the three committees is summarised below:
| Committee | Main purpose | Composition |
|---|---|---|
| Nomination committee | Evaluate the balance of skills, experience, independence and knowledge on the board, and lead the process for board appointments | Majority independent non-executive directors |
| Audit committee | Ensure the integrity of the company’s financial statements | Minimum three independent non-executive directors. At least one director should have recent and relevant financial experience |
| Remuneration committee | Determine pay of executive directors | At least three independent non-executive directors |
Note that the main board is not prevented from setting up other committees it may consider necessary. For example, many companies now have a risk committee set up to assist the Board in its oversight of the effectiveness of the company’s risk management practices.
Whistleblowing
Employees are often the first to notice irregularities because they work in (and are therefore closest to) the business. Whistleblowing, i.e. the reporting of wrongdoing, is considered an important mechanism to help ensure corporate governance is maintained. However, employees are not protected in all situations of disclosure. Employees are protected only if they make what are known as qualifying disclosures in the public interest. Qualifying disclosures are disclosures of information where an employee reasonably believes that one or more of the following matters has happened, is taking place, or is likely to happen in the future:
- ■a criminal offence
- ■the breach of a legal obligation
- ■a miscarriage of justice
- ■a danger to the health and safety of any individual
- ■damage to the environment
- ■deliberate attempt to conceal any of the above.
Procedurally, an employee should make a disclosure to their employer, or if they feel unable to follow the organisation’s procedures, the disclosure should be made to a prescribed person. A prescribed person is a person (or body) included on the prescribed persons list published by the Department for Business, Energy and Industrial Strategy (BEIS). The list includes MPs, Ofsted (education services), Care Quality Commission (health and social care services) and the Information Commissioner (data protection issues).
Stewardship Code
According to the Office for National Statistics (Statistical Bulletin/Ownership of UK quotes shares, 2018), only 13.5% of FTSE shares are owned by individuals. Institutional shareholders, including asset owners and asset managers such as pension funds, insurance companies, banks and investment trusts, invest in shares on behalf of UK savers and pensioners (known as beneficiaries) and are equally significant holders of shares of UK Companies. As significant shareholders, they have an important role to play in ensuring good corporate governance by exercising their voting rights. Institutional investors have historically been criticised for being passive investors and not using their influence to look after the interests of their beneficiaries.
The Stewardship Code was established in 2010 (a new version was issued in 2020) to encourage asset owners and managers to become more active in company matters. The Stewardship Code contains a set of principles that focuses on sustainable value for beneficiaries, the economy and society, including making explicit reference to environmental, social and governance (ESG) factors.
The structure of the new version of the Code is similar to the UK Corporate Governance Code, with numbered Sections, Principles and reporting expectations accompanied by Guidance.
The new version of the Code sets expectations for how money should be invested on behalf of UK savers and pensioners and requires an engaged approach to stewardship and investment decision-making, which is aligned to the long-term investment time-horizons of beneficiaries.
Optional detail 
Selected principles and provisions
The UK Code 2018 has 18 Principles and 41 Provisions. A selection of Principles and Provisions is included below.
| Principle | Provision |
|---|---|
| The board should establish the company’s purpose, values and strategy, and satisfy itself that these and its culture are aligned. All directors must act with integrity, lead by example and promote the desired culture. (Principle B) | The board should assess and monitor culture. Where it is not satisfied that policy, practices or behaviour throughout the business are aligned with the company’s purpose, value and strategy, it should seek assurance that management has taken corrective action. (Provision 2) |
| The board should ensure that workforce policies and practices are consistent with the company’s values and support its long-term success. The workforce should be able to raise any matters of concern. (Principle E) | There should be a means for the workforce to raise concerns in confidence and – if they wish – anonymously. The board should routinely review this and the reports arising from its operation. It should ensure that arrangements are in place for the proportionate and independent investigation of such matters and follow-up action. (Provision 6) |
| The board should include an appropriate combination of executive and non-executive (and in particular, independent non-executive) directors, such that no one individual or small group of individuals dominates the board’s decision-making. There should be a clear division of responsibilities between the leadership of the board and the executive leadership of the company’s business. (Principle G) | At least half the board, excluding the chair, should be non-executive directors whom the board considers to be independent. (Provision 11) |
| The board and its committees should have a combination of skills, experience and knowledge. Consideration should be given to the length of service of the board as a whole and membership regularly refreshed. (Principle K) | All directors should be subject to annual re-election. The board should set out in the papers accompanying the resolutions to elect each director the specific reason why their contribution is, and continues to be, important to the company’s long-term sustainable success. (Provision 18) |
| The board should establish formal and transparent policies and procedures to ensure the independence and effectiveness of internal and external audit functions and satisfy itself on the integrity of financial and narrative statements. (Principle M) | The main roles and responsibilities of the audit committee should include:
(Provision 25, part) |
| The board should present a fair, balanced and understandable assessment of the company’s position and prospects. (Principle N) | Taking account of the company’s current position and principal risks, the board should explain in the annual report how it has assessed the prospects of the company, over what period it has done so and why it considers that period to be appropriate. The board should state whether it has a reasonable expectation that the company will be able to continue in operation and meet its liabilities as they fall due over the period of their assessment, drawing attention to any qualifications or assumptions as necessary. (Provision 30) (see Chapter 25 Insolvency and going concern risk) |
| A formal and transparent procedure for developing policy on executive remuneration and determining director and senior management remuneration should be established. No director should be involved in deciding their own remuneration outcome. (Principle Q) | Remuneration schemes and policies should enable the use of discretion to override formulaic outcomes. They should also include provisions that would enable the company to recover and/or withhold sums or share awards and specify the circumstances in which it would be appropriate to do so. (Provision 37) |
Reflect and embed your understanding 
- 1Explain why the UK Code continues to evolve.
- 2You are considering buying shares in a listed company. The company’s corporate governance report includes a disclosure stating that it has not complied with several provisions of the UK Code. (How) does or should this influence your decision to invest?
- 3An employee of a company is concerned about wrongful activities being carried out by their employer. How can or should they proceed?
- 4Principles-based vs rules-based. What are the merits and drawbacks of each approach to corporate governance?
- 5Tune in to business news stories covering corporate failures (e.g. BHS, Carillion). Reflect on the causes of failure, in particular the role of directors, in contributing to the demise of the business and the lessons learned to improve corporate governance.
- 6Monitor websites such as the Pensions & Investment Research Consultants (PIRC) that give an independent perspective on how well a company is complying with the Code. PIRC make recommendations on how to vote at AGMs, including whether to appoint/reappoint directors.
For the authors’ reflections on these questions, please go to financebook.co.uk
Where to spot in company accounts 
Included in the Annual Report and Accounts 2020, in the section headed Governance Report (p. 59).
I invite you to review the following pages, which set out how we have otherwise complied with the UK Corporate Governance Code (2018) across the year, and also our statement on page 51 and pages 67 to 70 describing how the Directors have fulfilled their duties to our key stakeholders under Section 172 of the Companies Act 2006.
Ian Durant
Chairman
16 March 2021
Extracts from Greggs plc 2020 Annual Report and Accounts 2020 (p. 77)
Whistle-blowing
The Company’s whistle-blowing policy is available to all colleagues via the intranet, as well as via posters displayed across the business. This gives information regarding how to raise a concern in strict confidence. No significant disclosures were made during the year, though four concerns were reported, all relating to staff behaviour in shops and production sites. All events were reported directly to the Chair of the Audit Committee. All instances have been investigated and appropriate action taken to resolve the concerns satisfactorily.
Consolidate and apply
To see how the concepts covered in this chapter have been applied within Greggs plc, review Chapter 36, p. 410.
Watch out for in practice 
- →Composition of the board and board committees.
- →Non-compliance. Explanations given for not complying with provisions of the Code.
- →Independence of non-executive directors.
- →Remuneration awarded to executive directors that does not align with company performance.
- →Description (adequacy) of whistleblower policies included within annual reports.