In addition to the general election on 12 December 2019, this month in-house lawyers should also be keeping an eye on developments in corporate governance and climate change reporting, data protection and cyber security.
Corporate governance and climate change reporting
There is increasing momentum for UK companies to disclose their climate-related risks and opportunities in their annual report in line with the voluntary Task Force on Climate-related Financial Disclosures (TCFD) recommendations. As a result, Practical Law has published a note of the TCFD recommendations with links to guidance for their implementation and details of proposals to make reporting in line with the recommendations mandatory for certain organisations by 2022.
The recently-published UK Stewardship Code 2020 will apply from 1 January 2020. It sets out good practice for institutional investors when engaging with investee companies. The revised Code has a greater focus on environmental, social and governance (ESG) (including climate change) matters than the previous version. For example, signatories are expected to take ESG matters into account and to ensure their investment decisions are aligned with their clients’ needs.
The FRC has also published its annual review of corporate governance and reporting for 2018/2019. Among other things, the review suggests that companies should, where relevant, report on the effects of climate change on their business (both direct and indirect), covering how the board has taken account of the resilience of the company’s business model and its risks, uncertainties and viability in the immediate and longer term in light of climate change.
On 8 November 2019, Practical Law hosted The Chancery Lane Project’s first climate hackathon. The Project aims to bring legal professionals together to collaborate and rewrite contracts and laws, to support communities and businesses in fighting climate change and achieving net zero carbon emissions. Over 120 lawyers from 50 organisations attended the event, including law firms, chambers, in-house, central government, local authorities, non-governmental organisations and universities. Ten Practical Law editors worked with participants to draft over 20 proposals including extending the FCA’s prescribed responsibilities to incorporate responsibility for climate change.
Other recent corporate governance developments of note include the publication of:
- A letter by the House of Commons’ BEIS Committee outlining its recommendations on corporate governance, audit reform and executive pay and bonuses following its inquiry into the collapse of Thomas Cook.
- Glass Lewis’ 2020 proxy paper guidelines for the UK, which make changes to the 2019 version in the areas of board skills and audit committee meetings, among others.
- Institutional Shareholder Services’ updates to its UK proxy voting guidelines for 2020, including changes to policies on remuneration and board and committee composition.
- The United Nations’ Global Compact Guide for General Counsel on Corporate Sustainability Version 2.0.
Women on boards
On 13 November 2019, the Hampton-Alexander Review published its fourth annual report on improving gender balance in FTSE leadership, confirming the strongest year of progress for women on boards since targets were set, but also that a step-change is needed for women in senior leadership roles. While the FTSE 100 is on track to meet the 33% target for women on boards in 2020 and the FTSE 250 may do so, half of all FTSE 350 appointments to senior leadership roles below board level need to go to women next year to meet the 2020 target for women in leadership positions.
The Information Commissioner’s Office (ICO) is developing a toolkit to help organisations comply with their accountability obligations under the General Data Protection Regulation ((EU) 2016/679) (GDPR). The toolkit is intended to be launched in 2020 and controllers are invited to submit their views and suggestions to the ICO on its initial proposals for its scope, structure and design.
Practical Law has published a summary of the results of a poll conducted among the GC100 to find out how FTSE100 companies are dealing with the compliance challenges of GDPR.
Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems
The AG opinion of the much-anticipated “Schrems 2” case is due to come out in December 2019. Following case 362/14, “Schrems I”, where the Safe Harbor Framework was invalidated by the CJEU, Mr Schrems has returned to challenge data transfers between EEA and non-EEA countries on the basis of the European Commission adopted standard contract clauses (SCCs). The judgment is due out in early 2020. Businesses and their legal advisers are keeping a watchful eye on this case as many organisations rely on SCCs for data transfers from within the EU to third countries outside the EEA.
The DCMS has published a call for evidence as part of its review of cyber security incentives and regulation for 2020. The review aims to:
- Identify the barriers that prevent organisations from improving cyber security.
- Understand the effectiveness of existing intervention, including regulations like GDPR.
- Develop a range of policy proposals to address identified gaps.
The call for evidence closes on 20 December 2019.
By 31 December 2019 the co-operation group that was established under Article 11(1) of the Cybersecurity Directive (2006/1148) will identify best practices used at national level and create a toolbox of risk management measures that can be applied at national and EU level. This will be used to advise the European Commission on the development of minimum requirements for the security of 5G networks across the EU.
Artificial intelligence ethics guidelines
In June 2019 the European Commission’s expert group on artificial intelligence (AI) published high-level policy recommendations. This coincided with the Commission’s launch of the pilot phase of its ethics guidelines for trustworthy AI. Under the pilot scheme, organisations can test the assessment list developed by independent experts. The online survey is open for comments until 1 December 2019.
In addition, the Commission will evaluate all feedback on its communication on building trust in human-centric artificial intelligence by 31 December 2019.
Dates for your diary
1 December 2019
Final, updated guidelines by ESMA on risk factors under the New Prospectus Regulation come into force.
5 December 2019
Closing date for CAP’s call for evidence on children’s recognition of online ads.
6 December 2019
ICO consultation on it being granted access to investigation and other associated powers under the Proceeds of Crime Act 2002 closes.
12 December 2012
21 December 2019
The Directive establishing a European Electronic Communications Code must be implemented by EU member states by this date.