Critiquing the code

Twenty years after the introduction of the Cadbury Code, what is its legacy and is it still fit for purpose? Helen Yates writes

After every major corporate catastrophe there are inevitably lessons to be learned and new codes, rules and regulations to implement. Take the banking crisis, which came to a height in 2008. In Europe, the US and other markets regulatory authorities remain busy refining legislation they say will ensure this level of risk taking will not occur again. Go back further to the accounting scandals of WorldCom and Enron, which led to the introduction of Sarbanes-Oxley.

This reactive legislation, sometimes rules-based, sometimes principles-based, is typically designed to bring about greater transparency and standards of corporate governance. The aim is also to make organisations accountable and prevent the development of sick corporate cultures that allow rogue individuals to make bad decisions.

The Cadbury Code was no different. It was envisaged in the 1980s in the aftermath of corporate scandals including BCCI, Maxwell and controversy over directors’ pay. In 1992 Sir Adrian Cadbury published his report emphasising the importance of boards being free to drive their companies forward but also being accountable. It proposed a voluntary code, intended to achieve high standards of corporate behaviour.

Inevitably a certain amount of chest-beating has accompanied the Code’s 20th birthday at a time when good news in the City of London is thin on the ground. A series of essays to mark the 20th anniversary of the Code was published by the Financial Reporting Council and its legacy was debated at a function hosted by the FRC and London Stock Exchange.

“The ‘comply or explain’ concept has been hailed as a pragmatic tool that can improve corporate governance without the need for inflexible, burdensome and misguided rules, laws or regulation,” writes Dr Chris Gibson-Smith, chairman of the London Stock Exchange Group. “An initiative that started as a response to some, with hindsight, minor UK scandals has become a global phenomenon. Against his own wishes, the Cadbury Committee’s chairman has acquired global corporate governance iconic status.”

Comply or explain

Rather than being enshrined as law, the Code was a principles-based approach to improving levels of corporate governance. At its heart was “comply or explain”, whereby
organisations could decide either to comply with the code or explain why they had not.

“The approach was quite innovative at the time,” says Matt Taylor, a director at Protiviti. “It said, ‘Here are some broad principles and you must explain to your stakeholders how you meet those requirements, and if you don’t, explain why’.”

Many of the changes in business practice and boardroom culture that the Code has helped engender are now taken for granted. “The content of an annual report and accounts is massively different to what it was 20 years ago,” says Taylor. “Phrases such as ‘risk management’ didn’t exist 20 years ago from an institutional perspective. Looking at the risks an organisation faces, the things that could go wrong, how they are mitigate those and the risk appetite – that type of information had never been in reports before. The Cadbury Code pushed greater focus on those areas.”

It is easy to forget that before the Code was introduced it was common for a single individual to act as both chairman and chief executive. Executive directors were able to set their own pay, without the independent oversight from non-executive directors. “The roles non-executives play is to be a bridge between shareholders and management, who are running the organisation,” explains Taylor. “The non-executives’ role is to challenge the executive team about how they are running the organisation.”

The code has since gone through various revisions, covering five key areas: leadership; effectiveness; accountability; remuneration and relations with shareholders. It grew organically, with input from a string of corporate leaders including Richard Greenbury, Nigel Turnbull, Derek Higgs and Robert Smith. In its current incarnation it is known as the UK Corporate Governance Code, overseen by the FRC.

Supporters of the Code say it has changed UK corporate culture for the better and has provided a benchmark for the rest of the world. Seventy other countries have followed its example and adopted similar guidelines. “While best practice codes cannot replace all regulation, they can reduce the need for it, especially where the objective is cultural and behavioural change over time,” writes Adam Bogdanor, a corporate finance partner at Berwin Leighton Paisner in Management Today.

From a risk and insurance perspective, good standards of corporate governance significantly reduce an organisation’s exposure to litigation as a result of the actions of its directors and officers. D&O insurance was itself borne out of the financial responsibility that led to the Wall Street Crash and Depression of 1929. Insurers select organisations that adhere to the principles of governance, providing broader cover and more competitive premiums.

“Those companies that evidence tight control of remuneration, rotation of impartial non-executives and oversight committees present better risks,” explains broker Arthur J. Gallagher in its D&O guide for risk managers. “Those accounts which evidence ‘strong/maverick’ leadership will need to work harder to convince insurers that they do indeed not present a more hazardous risk.”

Critics argue there is still a long way to go and the code’s one-size-fits-all approach
to governance is no longer fit for purpose. Writing in the Guardian, Simon Caulkin argues that the code enshrines a management theory that was “hijacked” in the 1980s, with two major consequences.

“The first was to align managers’ interests not with their own organisations but with financial outsiders – shareholders,” accuses Caulkin. “That triggered a senior management pay explosion that continues to this day. The second was that managers abandoned their previous policy of retaining and reinvesting profits in favour of large dividend and share buyback payouts to shareholders.”

“The day the FT carried the story [about the Cadbury Code’s 20th anniversary], Incomes Data Services reported that FTSE 100 boardroom pay went up by a median 10 per cent last year, a soaraway trend that the best code in the world has complacently overseen,” he continues. “Nor could it prevent the RBS meltdown, Libor or PPI mis-selling to the tune of £12bn, the biggest rip-off in financial history. It didn’t stop phone-hacking or BP taking short cuts. It has sanctioned wholesale offloading of risk, whether individual (pensions, careers) or collective (global and financial warming) on to society, while rejecting any responsibility of its own except to shareholders.”

Putting people first

In spite of the Code’s best intentions, bad corporate behaviour continues to come to light. The handling of the Deepwater Horizon disaster by BP and phone hacking scandal at News Corporation (International) are just two recent examples. In his inquiry into the culture, practices and ethics of the British press following the scandal, Lord Justice Leveson said the press had “wreaked havoc in the lives of innocent people”.

“If you look at some of the things that have gone on in the last 20 years,” says Taylor. “Barings, banking crises and issues in the financial services sector at the moment – this is a Code that puts in place some good building blocks but we still have all these issues despite it. So I guess it’s a bit like saying you can’t legislate for bad management or individuals’ actions.”

It is clear that while the spirit of the Code remains relevant and effective, it cannot prevent corporate scandals from occurring. “It is not rules and regulations alone that make good business,” points out Sir Roger Carr, chairman of Centrica and president of the Confederation of British Industry in an essay.

“It is good people – operational, advisory, executive and non-executive. A diverse board of gender, nationality, skill set and mind set. A board comprising members with integrity, enthusiasm, experience and courage – and independence of mind – up to speed on the rules and willing to stand up for their enforcement. It takes skill, knowledge but, most of all, it takes character.”

“Performance and governance must go hand in hand,” he concludes. “The Code based on ‘comply and explain’ is a valuable handbook. In business however, we should never forget: rules provide the framework – people make the difference.”



Every company should be headed by an effective board which is collectively responsible for the long-term success of the company.
There should be a clear division of responsibilities at the head of the company between the running of the board and the executive responsibility for the running of the company’s business. No one individual should have unfettered powers of decision.
The chairman is responsible for leadership of the board and ensuring its effectiveness on all aspects of its role.
As part of their role as members of a unitary board, non-executive directors should constructively challenge and help develop proposals on strategy.

The board and its committees should have the appropriate balance of skills, experience, independence and knowledge of the company to enable them to discharge their respective duties and responsibilities effectively.
There should be a formal, rigorous and transparent procedure for the appointment of new directors to the board.
All directors should be able to allocate sufficient time to the company to discharge their responsibilities effectively.
All directors should receive induction on joining the board and should regularly update and refresh their skills and knowledge.
The board should be supplied in a timely manner with information in a form and of a quality appropriate to enable it to discharge its duties. The board should undertake a formal and rigorous annual evaluation of its own performance and that of its committees and individual directors.
All directors should be submitted for re-election at regular intervals, subject to continued satisfactory performance.

The board should present a balanced and understandable assessment of the company’s position and prospects.
The board is responsible for determining the nature and extent of the significant risks it is willing to take in achieving its strategic objectives. The board should maintain sound risk management and internal control systems.
The board should establish formal and transparent arrangements for considering how they should apply the corporate reporting and risk management and internal control principles and for maintaining an appropriate relationship with the company’s auditor.

Levels of remuneration should be sufficient to attract, retain and motivate directors of the quality required to run the company successfully, but a company should avoid paying more than is necessary for this purpose. A significant proportion of executive directors’ remuneration should be structured so as to link rewards to corporate and individual performance.
There should be a formal and transparent procedure for developing policy on executive remuneration and for fixing the remuneration packages of individual directors. No director should be involved in deciding his or her own remuneration.

Relations with shareholders
There should be a dialogue with shareholders based on the mutual understanding of objectives. The board as a whole has responsibility for ensuring that a satisfactory dialogue with shareholders takes place.
The board should use the AGM to communicate with investors and to encourage their participation.

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.