Malus and clawback: how effective is your policy?

Most listed companies can point to a malus and clawback paragraph in their remuneration report and maybe a line or two in their annual report. All good. All compliant. But is it grounded in reality?

I wonder whether the real challenge is operational. If you had a WH Smith-style moment tomorrow - misstated numbers, a profit warning, regulatory scrutiny and a collapsing share price - could you actually operate malus and clawback quickly, fairly and defensibly? Or would your “policy” turn out to be disclosure rather than a working control?

Because I think the market is no longer testing whether you say you can clawback. I think the market is increasingly testing whether your plan rules and documentation let you do it without a fight.

WH Smith, a live case study

WH Smith is a live case study on why these provisions exist. When performance outcomes are undermined, pay that was delivered based on the original pay story becomes part of the governance problem.

At that point, a Remco faces a simple choice:

• accept that variable pay was awarded on a faulty baseline; or

• use malus/clawback to re-align outcomes with the corrected reality and show shareholders that “pay for performance” is not just a slogan.

The mechanics matter more than the headlines. In cases like WH Smith, the decision point often arrives while the facts are still emerging. If you cannot suspend vesting, preserve evidence and keep value within the plan ecosystem, you end up debating principle after the money has left the building. That is why “operability” is the real test: deferral, holding periods and workable cancellation/offset mechanics are what convert governance intent into an executable outcome.

First principles: malus vs clawback

It is worth restating the basics, because many policies blur them.

• Malus is the ability to reduce or cancel unvested or unpaid awards before vesting or payment. It is usually the cleanest lever because it bites while value is still in flight.

• Clawback is the ability to address value after it has vested or been paid. It is often described as “recovery”, but the workable version in practice is frequently netting: cancellation of deferred/held shares, withholding unpaid amounts, or offset against future awards while there is still something on-platform to adjust.

Malus is typically the cleanest lever because it bites before vesting or payment. But if you want clawback to be more than optics, you need plan architecture that keeps value within reach after delivery - often via deferred shares and post-vesting holding periods.

What an “effective policy” actually contains

The best malus/clawback policies read like an operating model rather than a marketing statement. Three elements matter.

1) Coverage and reach: plans, people, period

The fastest way for malus/clawback to fail is scope ambiguity.

Good practice is explicit:

• which plans are covered (annual bonus, deferred bonus, LTIP and any other long-term arrangement);

• which populations are in scope (directors only, senior leadership, other senior managers); and

• the recovery window (and why it fits the risk profile).

This is not pedantry. When something goes wrong, clarity on coverage and time period is what allows a Remco to act quickly and consistently, rather than negotiating its own rules in public.

2) Triggers that reflect modern risk: outcomes integrity, not just misconduct

Historically, malus and clawback was drafted as an integrity backstop - fraud, gross misconduct, serious reputational harm. That is still necessary, but it is no longer sufficient for a UK plc. Most “live” cases are not neat misconduct narratives; they are performance narratives that later turn out to be unreliable. 

A modern trigger set therefore needs to do two things at once: (i) be broad enough to catch the real-world scenarios (misstatements, control failures, regulatory events), but (ii) be tight enough - through materiality thresholds and defined concepts - to remain enforceable and defensible.

In practice, the trigger list that tends to work best is built around the following buckets:

• Material misstatement or material error in outcomes. Any material misstatement, restatement or other material error in the financial results or any performance measure used to determine vesting/payout.

• Material error in calculation or assessment. A material error in the calculation of performance outcomes or in the assessment of whether (and to what extent) performance conditions were satisfied - including where the original decision was based on incomplete or inaccurate information.

• Material failure of risk management and internal controls. A serious or material failure of internal controls, risk management or compliance oversight that undermines confidence in the performance outcome - even if there is no formal restatement.

• Misconduct / breach of duty / failure to meet standards. Serious misconduct (including by omission), breach of fiduciary or contractual duties or behaviour falling materially below expected standards - often framed to include conduct that causes, contributes to, or fails to prevent a triggering event.

• Serious regulatory or reputational harm. Serious regulatory sanction, investigation findings, or reputational harm attributable to the participant’s conduct or oversight (with a clear materiality threshold), especially where the underlying event calls the original remuneration outcome into question.

The drafting point is simple: avoid a trigger set that is either “fraud-only” (too narrow) or “anything we dislike” (too vague). The most credible policies are explicit that these triggers are about protecting the integrity of pay outcomes - so that when the base story changes, remuneration outcomes can change too, through a process that remains consistent and defensible under scrutiny.

3) Decision architecture: calibration, accountability, evidence

Under pressure, the biggest risk is ad hoc decision-making. The strongest frameworks do three things:

• Categorise the event in a structured way (financial impact, customer impact, people/conduct, reputation), so decisions are grounded in evidence and governance discipline, rather than reacting to short-term headlines.

• Link the adjustment to the root cause (single event vs multiple events; systemic control failure; misstatement; supervisory failure).

• Map accountability. In practice, you need to distinguish between:

  • those directly culpable,

  • those directly responsible (failed to take reasonable steps), and

  • those ultimately accountable by virtue of seniority and oversight.

Why does this matter? Because in a live controversy, your biggest vulnerability is not the power to act; it is the allegation that you acted inconsistently or arbitrarily.

The legal reality check: enforceability is designed, not assumed

This is the bit that often gets lost in remuneration commentary. A malus/clawback “policy” is only as good as the legal levers underneath it.

• Policy vs contract. A statement in the annual report does not, by itself, create a recovery right. The enforceable rights sit in the LTIP rules, bonus plan terms, award agreements and (for directors) service contracts. In well-run frameworks, the plan rules and award documentation hardwire the mechanics and the policy simply reports them. If those instruments are not aligned - or if the policy purports to go further than the plan rules - Remco can be left with principles but no mechanism.

• Drafting for a remedy that works. “Repayment on demand” reads well but can be difficult in practice. The effective regimes build in mechanics: cancelling deferred shares, withholding unpaid amounts, offsetting against future awards, or adjusting vesting outcomes. If you want recoverability, draft for cancellation/withholding/offset, not just a debt claim.

• Process defensibility. Even where plan rules give broad Remco discretion, the decision has to be taken in good faith, for proper purposes and on a rational basis. The practical protection is discipline: clear triggers, evidence gathering, potentially an opportunity for representations and recording decisions taken.

• Timing and value leakage. If an investigation is ongoing, the ability to suspend vesting/payment is crucial. Otherwise, value can leak out of the plan ecosystem before Remco has the facts to act defensibly and clawback becomes an argument rather than a mechanism.

• Tax and payroll friction. Post-payment recovery rarely rewinds cleanly. Withholding, net-of-tax delivery and share sales complicate the economics. Policies that anticipate this - by preferring cancellation/offset where possible and being clear on the basis of recovery - are materially easier to operate.

Put bluntly: if you want malus and clawback to work when it matters, you have to build it like a legal remedy, not a governance sentiment.

Governance requirements and the direction of travel: now a disclosure issue

Malus/clawback is no longer just “good governance”. It is increasingly a reporting requirement.

The Financial Reporting Council updated the UK Corporate Governance Code in January 2024, and the 2024 Code applies for accounting periods beginning on or after 1 January 2025. Importantly, the Code expects the annual report on remuneration to include a description of malus and clawback arrangements, including (i) the circumstances in which they could be used, and (ii) the period for malus/clawback and why that period is appropriate.  

Overlay that with the Investment Association approach: shareholders increasingly expect trigger clarity, documentation consistency, and enforceability baked into the legal architecture, not left as a narrative aspiration.  

And where a matter escalates into regulator interest, the stakes rise again. In WH Smith’s case, the Financial Conduct Authority opened a formal investigation into potential disclosure-rule breaches connected to the accounting issues. In that environment, malus and clawback stop being “Remco housekeeping” and becomes part of the broader credibility repair job.

Closing thoughts

WH Smith shows what happens when incentive outcomes collide with corrected financial reality. Malus and clawback stop being policy prose and becomes a live governance lever.

If malus and clawback is your safety valve, it needs to be engineered, not narrated. The strategic aim is not to be punitive. It is to protect the integrity of performance pay, so that when results are revised, the remuneration story can be revised too, in a way shareholders recognise as fair, proportionate and properly governed.

At Burges Salmon, we help listed companies and Remuneration Committees design malus and clawback frameworks that are operable, not just disclosable - aligned across remuneration policy, plan rules and award documentation.