This month, beyond Brexit, in-house lawyers should be keeping track of developments in audit, executive remuneration reform, cyber security and artificial intelligence.
Brexit planning
With the House of Commons only returning from its Easter recess on 23 April 2019, Brexit developments have been thin on the ground. The final week before the recess saw a flurry of activity. On 11 April 2019, after lengthy discussions, the EU27 leaders and UK government agreed a further extension of the Article 50 period to 31 October 2019 (the Prime Minister had initially requested an extension to 30 June 2019). The “flextension” includes a rolling monthly option of an earlier exit if the withdrawal agreement can be ratified sooner. However, if by 22 May 2019 the UK has not held elections to the European Parliament and not ratified the agreement, the extension will last only until 31 May 2019.
Practical Law has published a note by Richard Tapp on resourcing the in-house legal team for Brexit and beyond.
The future of audit
There has been some noteworthy progress on the future of audit. On 18 April 2019, the Competition and Markets Authority (CMA) published the final report on its market study into the statutory audit market. Although the CMA report does not propose to make a market investigation reference, it does recommend the operational separation of audit from consulting services. It also recommends:
- Mandatory joint audit to enable firms outside the ‘Big Four’ to develop capacity and experience (together with a supporting system of peer review).
- The regulation of audit committees.
- A new regulator with the power of oversight, investigation, enforcement and five-year review of measures imposed.
BEIS published a call for views by the Sir Donald Brydon Independent Review on the quality and effectiveness of audit earlier in April. The review will examine the current statutory audit framework in the UK and make recommendations on improvements that will better meet the needs of users and serve the public interest, as well as the changes (including to company law) that may be needed to facilitate those improvements. The deadline for responses is 7 June 2019.
The House of Commons BEIS Committee has also published The Future of Audit report, which includes wide-ranging and significant conclusions and recommendations about the current state of corporate audits. The report endorses the CMA’s proposed operational split between “audit” and “non-audit” functions in the “big four” accounting firms but argues in favour of a structural break up.
Executive remuneration reform
A BEIS Select Committee report has made several recommendations on reforming executive remuneration. These include that:
- Companies be required to appoint at least one employee representative to the remuneration committee.
- Pay ratio reporting requirements be expanded to include all organisations with over 250 employees.
- A requirement be introduced to publish the ratio between CEO and the lowest pay band, as well as the bottom quartile.
Draft regulations on directors’ remuneration (the draft Companies (Directors’ Remuneration Policy and Directors Remuneration Report) Regulations 2019) have also been published. If approved in their current form, the draft regulations will come into force on 10 June 2019.
Cyber security breaches
A government survey highlights the continued upward trajectory of cyber security as both a risk and near-universal concern for organisations. The Cyber Security Breaches Survey 2019 is a quantitative and qualitative analysis of how UK businesses and charities respond to cyber security threats and the impact of these threats on their operations. This blog post discusses the key takeaways from the survey.
Artificial intelligence auditing
The Information Commissioner’s Office (ICO) has published details of the proposed structure, core components and areas of focus of its new auditing framework for artificial intelligence (AI). The ICO has identified raising organisations’ understanding of good governance and accountability practice and their awareness of key data protection risk areas specific to AI, as the key components of its auditing framework. This blog post explores why in-house lawyers need to be aware of, and even participate in, the evolving framework.
Auditing compliance with modern slavery statements
The government has put out a tender seeking an organisation to support it in undertaking an audit of compliance with section 54 of the Modern Slavery Act 2015. The government had previously contacted the chief executives of over 17,000 UK companies regarding their duty to comply with section 54 and warning that a list of non-compliant companies would be published following an audit of the required statements. According to a summary of the contract terms placed on the gov.uk website, the contract concludes on 24 May 2019.
Dates for your diary
7 May 2019
Deadline for BEIS’s call for evidence on the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013.
8 May 2019
EUIPO consultation on common practice for assessing online disclosure of designs ends.
24 May 2019
- Closing date of the consultation on preventing abuse of the payable R&D tax credit for SMEs.
- Applications for the ICO’s beta phase of its sandbox close.
- Closing date for comments on the European Data Protection Board’s guidelines on processing personal data in the context of online services.
27 May 2019
Closing date for comments on the European Commission’s consultation on the vertical agreements block exemption.
28 May 2019
Closing date for HMRC consultation on extending the off-payroll working rules to the private sector from 6 April 2020.
29 May 2019
- Regulation (EU) 2018/1807 on a framework for free flow of non-personal data in the EU begins to apply.
- Deadline for the European Commission to publish guidance on the Regulation on the free flow of non-personal data and the GDPR.