Technical
5 Jun 2018 04:25pm

Practice Q&A: IES 8, GDPR, and payment services regulations

ICAEW experts tackle questions on the required changes due to IES 8, the GDPR and the Payment Services Regulations 2017

https://economia.icaew.com:443/-/media/economia/images/article-images/630-technicalmag-practice-2-min.ashx
Caption: Illustration: Andrea Manzati

Q: I’ve heard about education standard IES 8. Does this affect me, and if so, how?

A: International Education Standard 8 (IES 8) has been issued by IFAC’s International Accountancy Education Standards Board (IAESB). It came into force on 1 July 2016.

IES 8 applies to you if you are working in audit or thinking of doing so. This is because it sets professional competence requirements for audit engagement partners. These are detailed in Table A in the Standard itself and it is expected that anyone operating as an audit engagement partner must have these attributes.

IES 8 builds on the existing focus on professional competence that is already a requirement of legislation, professional body licensing requirements and registered auditors’ internal due diligence. IES 8 is complementary to firms’ current procedures and practices but it is important to be aware of IES 8 and to take appropriate compliance steps.

ICAEW amended the application process for responsible individuals (RIs) following the introduction of IES 8 in order to require those applying to demonstrate that they have acquired the technical competence, professional skills, and values, ethics and attitudes detailed in IES 8. All applicants and their firms must now confirm that those proposed as RIs have achieved all this through their work experience and CPD.

The RI application form requires examples. Similarly, through ICAEW’s monitoring reviews of audit firms, we check that firms have appropriate procedures in place to meet the requirements of IES 8 and that selected engagement partners and other RIs are using a planned programme of CPD to ensure they are maintaining the competencies required by IES 8. IES 8 can be found on IFAC’s website together with webcasts to explain more about it.
Jonathan Jones, director, policy and strategy, ICAEW

Q: What amendments do I need to make to my letters of engagement or terms of business for GDPR?

A: Existing engagement letters continued to be valid until the General Data Protection Regulation (GDPR) came into force (25 May 2018). The Data Protection Act 2018 (DPA 2018), replacing the Data Protection Act 1998 (DPA 1998), was expected to be in force from the same date.

Depending on your specific engagements, you may choose to update the engagement letter in its entirety, or issue an amendment. Any letters issued before 25 May 2018 must state that the DPA 1998 is still the applicable legislation.

GDPR and DPA 2018 impose additional requirements and responsibilities on data controllers and processors. You should clearly understand your responsibilities and those of your client and the lawful basis for your processing of any personal data. The latter can be disclosed in a privacy statement, which should be referenced in or attached to the engagement letter. Engagements that provide several services or involve several parties may benefit from separate letters.

Members should be aware that they must not include a clause stating that by agreeing to the terms of an engagement letter for a specified professional service this means that they (the client) are also consenting to receive marketing materials or any other service.

The nature of accountancy services means that it is very likely you will be processing personal data. Terms of business will need to be updated and should include a privacy statement. ICAEW has issued guidance and sample wording for engagement letters and privacy notices available at icaew.com/gdpr
Jane Berney, manager, business law, ICAEW

Q: we offer payroll services to clients. Do We have to register with the FCA?

A: The Payment Services Regulations 2017 (PSRs) implement the Second Payment Services Directive (2015/2366/EC) in the UK. The regulations came into force on 23 January 2018. The relevant payment services are listed in Part 1 of Schedule 1 of PSRs 2017.

If a business provides payment services as described in the PSRs in the UK as a regular occupation or business activity it will be subject to the PSRs and must be appropriately authorised or registered and subject to supervision by the FCA.

The key words here are regular occupation or business. Just because payment services are provided as part of a business does not necessarily mean that it requires authorisation or registration. The payment services have to be a regular occupation or business to fall within the scope of the regulations, as set out in regulation 2 of the PSRs. The FCA’s view as stated in Chapter 15 of the Perimeter Guidance is that this means that the services must be provided as a regular occupation or business activity in their own right and not merely as ancillary to another business activity.

ICAEW is currently in dialogue with the FCA to try to establish a definitive position on how the PSRs may apply to accountancy practices, in particular in the context of payroll.
Tracy Stanhope, regulatory policy manager, professional standards, ICAEW

“IES 8 is complementary to firms’ current procedures but it is important to be aware of IES 8 and take appropriate compliance steps”
Jonathan Jones, director, policy and strategy, ICAEW

 Five in brief

01 Auditor liability to third parties
New ICAEW guidance clarifies where the “Bannerman paragraph” should be placed in audit reports. This is the clause under which auditors disclaim liability in respect of audit reports to third parties. Look out for our feature on this in the July/August issue.
icaew.com

02 Management representation letters
Updated technical release provides the latest guidance and emphasises the importance of obtaining written management representation letters in the audit process.
icaew.com

03 Modern Slavery Act
The Business & Human Rights Resource Centre has published a new briefing that considers best practice in reporting under the UK Modern Slavery Act and provides case studies of modern slavery disclosures.
business-humanrights.org

04 Payment practices
July 2018 is the deadline for large businesses with December year-ends to make their first payment practices report. Guidance on who needs to report and what should be included has been published.
publish-payment-practices.service.gov.uk

05 Profit warnings
A new ESMA Q&A helps businesses identify profit forecasts in the context of prospectuses and provides examples of what may or not constitute a profits warning.
esma.europa.eu

Topics