Responding to the new non-financia reporting regulations More for companies to do in year two Recently, there's hardly been a business headline that doesn't touch on accountability, and how companies and boards should be more focused on the long term and the impact on wider stakeholders of their operations. These themes are also woven through the FRC's newly published 2018/21 strategy and have been uppermost in the government's governance reform agenda. In this context the new Non-Financial Reporting Regulations ('NFRR') had the potential to be an opportunity for companies to provide more meaningful and insightful disclosures on how they relate to their stakeholders. However, from our early conversations with companies we had the sense that NFRR had to an extent passed under the radar and awareness came late for many - maybe too late. For quoted companies, already subject to the narrative reporting regulations that cover much of the same ground, the new regulations were often deemed to have already been addressed. There was also much discussion around what the differences in regulations might mean and what others would do in year one. Few felt that the time was right to major on the new requirements. The very fact that there is a wider debate underway in the UK around stakeholders and long-term sustainability meant that the new regulations were - it might be argued - ahead of their time, making it difficult for companies to respond without having the whole context. We understand this, and our strong view is that the new regulations will continue to gain in significance as the rest of the stakeholder agenda drops into place. Their importance and broader significance really should not be understated. "...disclosure of non-financial information is vital for managing change towards a sustainable global economy by combining long-term profitability with social justice and environmental protection. In this context, disclosure of non-financial information helps the measuring, monitoring and managing of undertakings' performance and their impact on society" [Extract from recital to the EU Directive on which the new regulations are based]. With all of this in mind we reviewed a sample of the first batch of reporters caught by new regulations to see how far the spirit of the regulations and the wider agenda would be taken on board. What we found was somewhat of a mixed picture - not surprising given the messages that we heard in the lead-up to the reporting season - and leading us to believe that the new regulations have not so much been an opportunity missed as an opportunity turned down, at least in this first year. The impact areas covered by NFRR Our review_ Over the last few months we have reviewed the strategic reports of a sample of Decemberyear-end reporters in relation to the non-financial reporting regulations. These were the first batch of reports addressing the new regulations, which were effective for financial years beginning on or after 1 January 2017 for EU-PIEs with over 500 employees. Our method and results The results and statistics discussed in this document relate to 30 of the earliest reporters across the FTSE 350. We looked for both explicit inclusion of the required elements of the new regulations, and further indicators such as changes in language and quality/emphasis in existing content. This was a subjective process, with few 'hard data points', reflecting the fact that changes were being made to pre-existing disclosures in many cases. We were flexible in our approach as a result but we did look for more than a brief mention of a topic, for instance. Recommendations_ Based on our review we have set out three key areas of focus for future reporters (the Tips on the next three pages), as well as examples to illustrate how some companies have tackled the new requirements. Tip #1 - Recognise the existence of the regulations Demonstrate you are aware of the regulations and signpost where they are addressed in the annual report. Also say when you have omitted a disclosure. We found that it was often not clear whether a company had or had not responded to the new requirements. Only 30% of companies within our review included an explicit reference to NFRR -all of these claimed compliance. But the vast majority of companies made no reference at all, meaning it was down to the reader to work out whether the company had taken the regulations on board. Explicit response to NFRR Two of the companies in our review indicated that an area was immaterial (human rights in both cases), and therefore required no further development. Of those companies who did refer to NFRR, some chose to include a separate non-financial information statement (i.e. a confirmation of compliance with the regulations). Others went further and signposted across the annual report where the content could be found. For the majority however, changes were merged into existing content and required the reader to be eagle-eyed or review the prior year report if they wanted to see what - if anything- had changed. We recognise that not every user will be focused on changes but some will be, especially in the early years of the new requirements. This approach creates a reporting conundrum for us: while we encourage integration of non-financial content into the rest of the strategic report, this makes it difficult for a reader to interpret if the regulations have been addressed. Our view is that a statement of compliance and/or signposting to the detail (be it within the Annual Report or elsewhere - though all information that is necessary for compliance must be within the strategic report itself) is the approach to take. In the early years of adoption this will make it clear the company is aware of the change in legislation. This approach is sensible in itself and it also addresses the ongoing debate about whether a separate non-financial information statement is a legal requirement. Although the FRC has stated that a separate statement is not required (in their FAQ's issued in December), there has notyet been formal legal confirmation of this view. Statement of Statement of compliance No mention of compliance - with immaterial NFRR elements indicated Non-financial information statement We aim to comply with the new Non-Rnancial Reporting requirements contained in sections 414CAand 414CB of the Companies Act 2006. The below table, and information it refers to, is intended to help stakeholders understand our position on key non-financial matters. This builds on existing reporting that we already do under the following frameworks: CDP, Global Reporting Initiative, Guidance on the Stratege Report {UK Financial Reporting Council), UN Global Compact, UN Sustainable Development Goals and UN Guiding Principles. Reporting requreiner It Pdic«safidtt^dandtwhkhc>5>crriourappfoach Risk management and additional information Environmental matters O Environ mental statement Environment, pages 26-27 Environmental risk management, page 133 Employees 0 Ethics and Responsible Business Polcy1 0 Ethical PolicyStatement OColleague Policy1 O Code of Responsibi lity 0 Health and Safety Policy1 Equality, inclusion and diversity,page 21 Health, safety and wellbeing, page 22 Learning and development, page22 Responsible conduct and culture, page 24 Diversity, skills and composition, page 58 Board Diversity Policy, page 72 People risk, page 136 Governance risk, page 150 Human rights O Human Rights Policystatement Human rights, page 22 O Colleague Policy' Responsible and eth ical lending, page 24 O Pre-Employment vetting standards' Working with suppliers, page 25 O Data Privacy Policy1 O Anti-Slavery and Trafficking Statement O Information and Cyber Security Policy Social matters 0 volunteering standards' 0 Matched giving guidelines' Helping communities, page 19 Communities, page 25 Anti-corruption €>Anti-bribery Policy1 and anti-brfcery ©Anti-bribery policy statement O Anti-money laundering and counter terrorist financing Policy1 0 Fraud Risk Management Policy1 Customer privacy and data security, page 23 Responsible conduct and culture, page 24 Operational risk, pages 135-136 Policy embedding2, due diligence and outcomes Risk overview, pages 32-33 Risk management, pages 107-156 Description of principal risks and Impact of business activity External environment, pages8-9 Creating value for our stakeholders, page 11 Addressing the issues that matter most, page 21 Direct and indirect economic contribution, page 24 Risk overview, pages 32-33 Principal risks, pages 34-37 Description of the business model Our business model, pages 10-11 Our next chapter, page 14 Non-financial key performance Indicators Key performance indicators, page 7 What we have ach ieved over the past three years, page 12 Doing business responsibly, page 18 Helping Britain Prosper, pages 19-20 Running a responsible business, pages 21-25 Environment, pages 26-27 Lloyds Banking Group pic-Annual report and Accounts 2017 What we've seen so far: An explicit statement of compliance, indicating relevant policies for the five content areas and where the outcomes and risk management in place can be found in the Annual Report, or online. The statement also points to where discussion on impact can be found. Tip #2 -Explain your policies and don't forget to mention any due diligence Do more than simply list policies - explain these where they are important. Consider what assurance and due diligence is gathered - if there really is none, should there be? In a large number of cases we found that companies listed relevant information for most of the content areas, but didn't expand further. While the names of policies were included, the objective and significance of these was ultimately unclear. In ourview a meaningful summary of the more important policies is often sufficient, as long as there is adequate disclosure to allow an understanding of how they operate. However, where a policy relates to an area where the business has a significant impact on stakeholders, further discussion will often be needed. Many companies point to policies or statements on theirwebsite, such as the Modern Slavery statement. If this isn't material and/or the level of detail would clutter the report this can be appropriate. Although the regulations require reporting on the outcomes of policies, this was rarely in evidence. Outcomes relate directly to the impact of companies' activities and therefore this is a fundamental to address the aim of the regulations. Activities during the year were disclosed on most occasions, but their relation to the objective or significance of the policy was usually unclear or difficult to ascertain. By far the least commonly addressed aspect of the new regulations was any 'due diligence' carried out to ensure the effectiveness of the company's policies. Discussions we had with companies revealed a lot of confusion over what this requirement meant, leading the FRC to provide some additional guidance in its FAQs ('due diligence' can in fact cover anything from management rev ew/board oversight to external assurance) Many companies in our sample risked giving the impression that they did not have any arrangements in place to track the effectiveness of their policies. In reality this is unlikely to be the case and many at least imply the existence of these processes elsewhere in their annual report, whether in their risk management disclosures, strategic narrative or corporate governance statement. We identified a number of opportunities to consolidate, or provide clearer linkage between, existing content in this way. Response to NFRR on policies and due diligence Hfe^ 47% I Environmental Employees Social matters Anti-corruption/bribery Human rights Policies Due diligence Our policies ■ iti I i1 i 1 ■ and anti-corruption Our policy Is that all RB companies, employees and contractors must comply with the anti-bribery, anti-corruption and competition laws of the UK and all countries in which they conduct business. Directors, managers and others with supervisory responsibility must ensure-that the employees and contractors they supervise are aware of and comply with this policy. Alt employees and contractors must atso certify annually that they have complied with our Code of Conduct and the Audit Committee periodically reviews Internal Audit findings in relation to this. Employee polities RB's Code of Conduct governs standards of conduct in relation to our employees, as well a; all our other key stakeholders. In addition, RB has policies setting out our commitment to equal opportunities at work and to providing a safe and healthy working environment. We relaunched the Code of Conduct and the associated policies in 2013. Reckitt Benckiser Group pic-Annual Report andFinancial Statements 2017 Human rights Our policy on human rights and responsible business sets out our commitment to upholding the rights expressed in the International Bill of Human Rights and the International Labour Organisation's Declaration on Fundamental Prinoples and Rights at Work. RB is also committed to following the UN Guiding Principles on Business and Human Rights and the Organisation for Economic Co-operation and Development fOECD) Guidelines for Multinational Enterprises. We have established a proactive compliance monitoring programme to enable us to identify and remediate any violations within our operations and supply chain. Consumer safety policy RB's consumer safety policy covers our commitment to producing products which are safe for consumers to use. Among other things, rt requires us to comply with all relevant laws and regulations, to continually assess our products, packaging, labelling and ingredients, and potential consumer safety issues, to apply consistent global standards; and to freely disclose consumer safety information. We check our products comply with our Restricted Substances Ust(RSL) and take action where necessary to ensure compliance What we've seen so far: Policies listed for the related content areas with some development. Policies are aligned with strategic objectives with further discussion integration into the wider report, in particular on risk management. Tip #3 - Disclose your most important impacts - positive and negative Explain your choices and link them to your strategy, business model and risks where appropriate. Don't just list areas where you've reduced your impact on a quantitative basis, regardless of their significance. The addition of 'impact' as one of the indicators that an area needs to be addressed in the strategic report is one of the more challenging changes between the non-financial reporting regulations and the existing narrative reporting regulations. In the four pre-existing areas of content (environmental, employees, social matters and human rights) we were confident of finding disclosures but would they also take into account 'impact'? Our results showed that there was indeed mention of 'outcomes' and 'impact' but, to an extent, the statistics (and the chart below) are misleading. The disclosures we found were not often very insightful - few went beyond recognising that there were impacts in these areas. Content showed minor changes from the prior year, but these felt shoe-horned in rather than integrated with the narrative. Most of the companies in our review included some quantified data e.g. reduction in energy usage or activities with charities, but the wider significance of these areas (if any) was often not made clear. Generally, content didn't really discuss the actual impact of activities on key stakeholders. For example, investment in training, or average number of training days measures the input/investment but doesn't measure the actual impact of these activities - how much better qualified were employees in areas that are strategically important. No one company reported their impact on all five content areas. This is not a requirement, but there should be an explanation where this is omitted because impact is deemed material. Our review confirmed to us that companies are still grappling with what the term 'impact' means and how to deal with it. The references we saw to outcomes and impact are only the start of reporting on impact and there is a long way to go. Notably, very few companies explicitly disclosed negative impacts and what they were doing to counter them - something which potentially could add more value and insight. In an age of growing distrust in business it is narrative such as this which can combat bad press and truly demonstrate the positive actions and company is taking to make changes. We think there is scope for more guidance to be produced for companies in the area of impact. What is clear is that, with the continued push on the 'stakeholder agenda', reporting on the impact of activities is here to stay and will need to be addressed. Response to impact on content areas Environmental Employees Social matters Human rights Anti- cor ruption/ bribe ry What we've seen so far: Identifies key stakeholders, recognises the areas where activities impact on them and goes some way to quantifying this. Builds on existing disclosures, showing that some companies already reported on impact. Howdens Joinery Group pic-Annual Report and Accounts 2017 Findings from our review Conclusion In light of the growing pressure on companies to demonstrate how they consider stakeholder interests in their long-term decision-making, we believe that many companies will need to look again at the non-financial reporting regulations. Whilst the Annual Report should still be written using a 'shareholder lens', stakeholders and the non-financial measures that matter to them now need to be front and centre in company reporting. It's clear from our conversations with companies that more guidance on what is meant by some of the new terms such as 'impact' and 'due diligence' could help. However, we also believe there are some simple steps companies can take without new regulatory guidance and we hope this paper and our three key areas of focus provide a useful starting point. The reality is that this is a new type of reporting which will require quite a shift in the mindset of companies if it is to be done well. For some reporters there is still a long way to go. Further reading Navigating tht • I >>'■ >i->(. iiy.n . Ii Imklisji (Itf ((-purlin* thtilWic Coming soon - May 20IS We have developed a framework to help companies consider how stakeholders map to the different parts of the annual report, and how to engage with them in the relevant areas. The stakeholder agenda will be a focus area for reporting going forward. www.pwc.co.uk/corporatereporting Contacts Accountability in changing times Analysis of FTSE 350 reporting crends in 2017 Mark O'Sullivan Richard Haig E: mark.j.osullivan@pwc.com E: richard.t.haig@pwc.com This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors. © 2018 PricewaterhouseCoopers LLP. All rights reserved. PwC refers to the UK member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.corrVstructure for further details. 180416-174911-RH-OS