208 5 Equity and Shareholders’ Capital
nancial reports. In addition, the disclosure of risk factors is governed by Member
States’ national rules.
Disclosure of risk management policies. Section 404 of the Sarbanes-Oxley Act
contains rules on management assessment of internal controls. In the EU, rules on
the disclosure of the firm’s risk management policies can be found in IFRS, the
Accounting Directives, and many corporate governance codes. Such disclosure
rules are often substantive rules in disguise (Volume I).
5.9.6 Disclosure of Corporate Governance Matters
In the EU, a listed company must disclose certain corporate governance aspects.
Some disclosure obligations are based on stock exchange rules and corporate gov-
ernance codes. However, some disclosure rules are based on legal instruments
adopted by Community institutions.
Corporate governance statement. The Accounting Directives^352 provide that
companies must issue an annual “corporate governance statement” in their annual
report. That statement covers key issues such as whether the company complies
with a corporate governance code, information about shareholders’ meetings, and
the composition and operation of the board and its committees.^353 The provisions
concerning the corporate governance statement apply to “all companies, including
banks, insurance and reinsurance undertakings and companies which have issued
securities other than shares admitted to trading on a regulated market insofar as
they are not exempted by Member States”.^354
The duty to issue a corporate governance statement is complemented by the sta-
tutory, contractual or voluntary duty to comply with a corporate governance code.
In Germany, the Aktiengesetz lays down a “comply or explain” obligation.^355 In England,
“issuers” are required to comply with the Listing Rules (LR 1.1) which contain a reference
to the Combined Code of Corporate Governance (LR 9.8.6). The Combined Code is not
binding, but an issuer must: (a) apply the principles set out in Section 1^356 of the Combined
Code and explain how they have been applied; and (b) either comply with the provisions
set out in Section 1 of the Code provisions or give reasons for any non-compliance.
Internal controls. The consolidated accounts of a listed company must contain a
description of the main features of the group’s internal control and risk manage-
ment systems in relation to the process for preparing consolidated accounts.^357 The
(^352) Article 46a of Directive 78/660/EEC, inserted by Article 1(7) of Directive 2006/46/EC.
(^353) See recital 10 of Directive 2006/46/EC.
(^354) Recital 11 of Directive 2006/46/EC.
(^355) § 161 AktG.
(^356) Section 1 applies to companies and Section 2 to institutional shareholders. Companies
are not required to report on whether and how they have complied with the provisions
set out in Section 2 of the Code.
(^357) Article 36(2)(f) of Directive 83/349/EEC, inserted by Article 2(2) of Directive
2006/46/EC.