Malus and clawback – what should companies be doing to comply with the revised UK Corporate Governance Code?

Revised Code requirements

The UK Corporate Governance Code (the Code) has for some time stated that remuneration policies should include ‘provisions that would enable the company to recover and/or withhold sums or share awards and specify the circumstances in which it would be appropriate to do so’. Consequently, the majority of premium listed companies already have malus and clawback provisions in place, but the circumstances in which a company can use those powers vary considerably and not all companies disclose them. 

In its revised Code, published on 22 January 2024, the Financial Reporting Council (the FRC) has made clear that it wants investors to have greater visibility of mechanisms available to companies to address scenarios involving serious failings and whether and how companies are making use of them. 

Therefore, (new) Provision 38 of the Code asks companies to include in their annual report a description of their malus and clawback provisions, including: 

• the circumstances in which malus and clawback provisions could be used; 
• a description of the period for malus and clawback and why the selected period is best suited to the organisation; and 
• whether the provisions were used in the last reporting period. If so, a clear explanation of the reason should be provided in the annual report. 

In addition, Provision 37 has been amended to provide that directors’ contracts and/or other agreements or documents which cover director remuneration should include malus and clawback provisions.

It is important to note that disclosure in relation to malus and clawback has been a feature of the directors’ remuneration reporting regime, which applies to UK incorporated companies, for some time. However, the new expectations in the Code, combined with increasing pressure for listed companies across the globe to have malus and clawback arrangements with teeth, should encourage companies to review their malus and clawback policies and processes, together with their directors’ employment contracts and related agreements such as share plan rules and the directors’ remuneration policy, to ensure that they are fit for purpose. 

What should trigger malus and clawback and for how long? 

The FRC was clear that it did not think it was its role to write malus and clawback terms for companies – and that instead companies should devise their own policies that met their specific purposes. As a consequence, the Code does not prescribe either the circumstances in which malus and clawback should be used or the period for which it should apply.

So where does current market practice lie and where might it go? 

As it stands, some companies have not moved far beyond those triggers specified in the 2012 Combined Code (a predecessor to the Code), and so a minority of companies only operate malus and clawback in cases of misconduct or misstatement of results. Others have gone further, with the triggers encompassing both economic and reputational impact on both executives and the company.   And obviously, many companies may have mandatory triggers where the company is subject to additional regulatory requirements such as those adopted by the US Securities and Exchange Commission (the SEC) (see more on this below) or those applicable to certain financial institutions regulated by the Prudential Regulation Authority and/or the Financial Conduct Authority.

On time periods, again there is some variation in market practice (outside those sectors where the periods are mandated by regulatory requirements) with a common approach limiting it to three years following payment / vesting.

But what will be interesting is the consequence of the requirement to disclose triggers and time periods more consistently than has previously been the case. We expect that we will see two things: 

• a levelling up of triggers and time periods amongst companies (as companies adjust their policies to avoid being outliers); and
• scrutiny from shareholders wanting to understand not just decisions to operate malus and clawback but also why malus and clawback has not been operated. 

Where should malus and clawback be documented?

As malus and clawback arrangements have grown up piecemeal over time, it is common for companies to have provisions scattered across different documents – employment contracts, bonus rules, share plan rules and potentially even separate malus and clawback policies. There’s nothing intrinsically wrong with that but, in many cases, the terms vary between the documents and it’s not always clear what applies to whom and when.

With the new disclosure requirement shining a light on malus and clawback arrangements, now is probably a good time to review the different rules you may have in place and potentially look to harmonise them. You could potentially also go a step further and consolidate them in a single malus and clawback policy that sits alongside all incentive arrangements. That can then be coupled with a review of employment contracts (an approach expected by new Code Provision 37) to ensure that they have the right linkage into any malus and clawback policy in place from time to time.

If you do move to a consolidated malus and clawback policy, you may also want to think about whether you want to map out in that policy the process you would follow for applying malus and clawback. There can be some benefits to thinking about what that process looks like in advance and not having to devise it in the heat of the moment when you actually want to use your malus and clawback powers.

Any introduction of or amendments to malus and clawback terms is likely to be a sensitive topic and may need approval of the remuneration committee and possibly the board, so companies should start thinking about these types of issues now to make sure that they are in a position to meet the new Code requirements in time. 

Are malus and clawback terms enforceable anyway? 

The answer to this question will depend on a number of things including, importantly, where an executive is based and whether they have agreed to be subject to malus and clawback. But in the UK at least, if the right steps are taken (including appropriate consent from the employee), a company should be able to enforce its malus and clawback powers. 

What is important though is to have taken the appropriate steps in setting up the malus and clawback arrangements to ensure that they stand a good chance of being enforced. For executives based outside of the UK, remuneration committees may need to consider whether incentive arrangements need to be structured differently to achieve enforceability. For example, it may be appropriate to have longer vesting periods because malus is enforceable but clawback is not.

What if we are also listed in the US? 

The SEC recently adopted new rules on mandatory clawback of incentive pay for US listed companies that apply to non-US companies. There is no flexibility afforded to companies under that regime and the rules require companies to have a clawback policy that meets specific requirements and applies to so-called “executive officers” – and under which clawback is mandatory. That contrasts with the UK where prevailing practice is for a company to be able to choose whether or not to operate clawback.  For that reason, we expect companies to maintain a bifurcated approach – with a US-compliant clawback policy that sits as part of (but potentially distinct from) a broader based malus and clawback policy.

Conclusion

The revised Code sets a clear direction of travel when it comes to malus and clawback provisions. Reporting against the revised Code will apply to accounting periods beginning on or after 1 January 2025, so companies should use the next year to prepare. 

For more information on this topic, please speak to the authors of this blog post or your usual Freshfields contact.