5 Mar 2015 03:12pm

What increasing bank audit requirements could mean

Given the huge level of economic and political focus on banks, it might appear somewhat surprising to a lay person that prior to 20 February 2015 – when the relevant statutory instrument came into force – the Prudential Regulation Authority (PRA) was unable to take disciplinary action against an auditor or an actuary

The PRA's consultation paper, published on 26 February 2015, sets out how the PRA intends to exercise its new disciplinary powers. The consultation paper also announces that the PRA intends to amend the existing PRA Rulebook to include rules which would require auditors of the largest UK banks and building societies to provide annual written reports to the PRA setting out information about the audit process and the basis on which the auditor has reached judgments. The PRA considers that this requirement will provide an incentive for auditors to be more robust in their audit of key areas such as valuation and risk and that this will result in better quality and more appropriate audit evidence being gathered.

Implicit in the overall wording of the consultation paper is the PRA's concern that bank auditors need to be more sceptical and challenge more robustly information provided to them by bank management. The PRA believes that the requirement for the auditor to produce a written report will not only improve the quality of the information available to the PRA as regulator, but will also improve the overall quality of the bank audit process.

It is plain from the consultation paper that the PRA will look to use its disciplinary powers in the event that bank auditors do not provide adequate written reports to the PRA. In this regard the overall message from the consultation paper is that the PRA will not be prepared to accept a 'one size fits all' boiler plate written report from bank auditors. Instead, the PRA's clear expectation is that the written reports will contain bespoke information which will enhance the PRA's understanding of the audit process. Bank auditors will therefore need to give careful consideration as to the level of information required and liaise closely with the PRA to ensure that its expectations are met.

Bank auditors will also be susceptible to disciplinary action from the PRA should they fail or be slow to communicate important information to the PRA, which they become aware of in their capacity as auditors and which they have a statutory obligation to provide, e.g. significant breaches which relate to the bank's authorisation requirements and concerns about whether a bank is a going concern. Insofar as the PRA rules are concerned, in addition to written reports, bank auditors are also subject to a general obligation to co-operate with the PRA. The PRA rules also impose specific requirements on a bank's auditor to inform the PRA promptly if the auditor is removed or resigns from office or is not re-appointed. These obligations are broadly equivalent to the auditors' obligation to communicate information to the Financial Conduct Authority (FCA), which can also pursue disciplinary action in the event of breach.

The consultation paper recognises that the PRA does not have the power to impose a financial penalty on an individual partner in circumstances where it is the audit firm which has been appointed to undertake the statutory audit. The PRA recognises that there will inevitably be some overlap between the PRA's exercise of its disciplinary powers and the exercise of the Financial Reporting Council's (FRC) disciplinary powers over audit firms and individual auditors in respect of misconduct and in respect of failings in relation to statutory audit work. In determining the amount of any fine the PRA will consider whether to deprive the auditor of any economic benefit it derived from the breach e.g. fees. The PRA will also consider the seriousness of the breach and will have regard to whether there are any aggravating or mitigating factors and whether there needs to be an uplift to the proposed fine in order to achieve deterrence.

The consultation paper says that the PRA is working with the FRC on a protocol in order to ensure co-ordination of enforcement action where both the FRC and the PRA have a mutual interest and could both take enforcement action. It remains to be seen how the PRA's disciplinary regimes will dovetail with those of other regulators. It is to be hoped that the PRA and the other relevant regulators will be mindful of the need to co-ordinate disciplinary action.

Stephen Flaherty, partner in the disputes and investigations team at international law firm Taylor Wessing


Related articles

PRA and FCA outline senior manager regime 

Co-operative Bank fails BoE test 

PRA to strengthen dialogue with bank auditors