Regulation (EU) No 537/2014 of the European Parliament and of the Council
of 16 April 2014
on specific requirements regarding statutory audit of public-interest entities and repealing Commission Decision 2005/909/EC
(Text with EEA relevance)
Regulation (EU) No 537/2014 of the European Parliament and of the Council
of 16 April 2014
on specific requirements regarding statutory audit of public-interest entities and repealing Commission Decision 2005/909/EC
(Text with EEA relevance)
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,
Having regard to the proposal from the European Commission,
After transmission of the draft legislative act to the national parliaments,
Having regard to the opinion of the European Economic and Social Committee,
Acting in accordance with the ordinary legislative procedure,
Whereas:
- Statutory auditors and audit firms are entrusted by law to conduct statutory audits of public-interest entities with a view to enhancing the degree of confidence of the public in the annual and consolidated financial statements of such entities. The public-interest function of statutory audit means that a broad community of people and institutions rely on the quality of a statutory auditor's or an audit firm's work. Good audit quality contributes to the orderly functioning of markets by enhancing the integrity and efficiency of financial statements. Thus, statutory auditors fulfil a particularly important societal role.
- Union legislation requires that the financial statements, comprising annual financial statements or consolidated financial statements, of credit institutions, insurance undertakings, issuers of securities admitted to trading on a regulated market, payment institutions, undertakings for collective investment in transferable securities (UCITS), electronic money institutions and alternative investment funds be audited by one or more persons entitled to carry out such audits in accordance with Union law, namely: Article 1(1) of Council Directive 86/635/EEC, Article 1(1) of Council Directive 91/674/EEC, Article 4(4) of Directive 2004/109/EC of the European Parliament and of the Council, Article 15(2) of Directive 2007/64/EC of the European Parliament and of the Council, Article 73 of Directive 2009/65/EC of the European Parliament and of the Council, Article 3(1) of Directive 2009/110/EC of the European Parliament and of the Council, and Article 22(3) of Directive 2011/61/EU of the European Parliament and of the Council. Moreover, point (1) of Article 4(1) of Directive 2004/39/EC of the European Parliament and of the Council also requires that the annual financial statements of investment firms be audited when Directive 2013/34/EU of the European Parliament and of the Council is not applicable.
- The conditions for the approval of the persons responsible for carrying out the statutory audit as well as the minimum requirements for carrying out such statutory audit are laid down in Directive 2006/43/EC of the European Parliament and of the Council.
- On 13 October 2010 the Commission published a Green Paper entitled ‘Audit Policy: Lessons from the Crisis’, which launched a wide public consultation, in the general context of financial market regulatory reform, on the role and scope of audit and how the audit function could be enhanced in order to contribute to increased financial stability. That public consultation showed that the rules of Directive 2006/43/EC regarding the carrying out of the statutory audit of annual and consolidated financial statements of public-interest entities could be improved. The European Parliament issued an own-initiative report on the Green Paper on 13 September 2011. The European Economic and Social Committee also adopted a report on that Green Paper on 16 June 2011.
- It is important to lay down detailed rules with a view to ensuring that the statutory audits of public-interest entities are of adequate quality and are carried out by statutory auditors and audit firms subject to stringent requirements. A common regulatory approach should enhance the integrity, independence, objectivity, responsibility, transparency and reliability of statutory auditors and audit firms carrying out statutory audits of public-interest entities, contributing to the quality of statutory audits in the Union, thus to the smooth functioning of the internal market, while achieving a high level of consumer and investor protection. The development of a separate act for public-interest entities should also ensure consistent harmonisation and uniform application of the rules and thus contribute to a more effective functioning of the internal market. These strict requirements should be applicable to statutory auditors and audit firms only insofar as they carry out statutory audits of public-interest entities.
- The statutory audit of cooperatives and savings banks is characterised in some Member States by a system that does not allow them to choose their statutory auditor or audit firm freely. The audit association to which the cooperative or savings bank belongs as a member is obliged by law to carry out the statutory audit. Such audit associations act on a non-profit-making basis without pursuing commercial interests, as results from their legal nature. In addition, the organisational units of these associations are not associated with a common economic interest, which could jeopardise their independence. Accordingly, Member States should have the possibility to exempt cooperatives within the meaning of point (14) of Article 2 of Directive 2006/43/EC, savings banks or similar entities as referred to in Article 45 of Directive 86/635/EEC or their subsidiaries or legal successors from this Regulation provided that the principles of independence laid down in Directive 2006/43/EC are complied with.
- The level of fees received from one audited entity and the structure of fees can threaten the independence of a statutory auditor or an audit firm. Thus, it is important to ensure that audit fees are not based on any form of contingency and that, when the audit fees from a single client including its subsidiaries are significant, a specific procedure involving the audit committee is established to secure the quality of the audit. If the statutory auditor or the audit firm becomes excessively dependent on a single client, the audit committee should decide on the basis of proper grounds whether the statutory auditor or the audit firm may continue to carry out the statutory audit. When taking such decision, the audit committee should take into consideration, inter alia, the threats to independence and the consequences of such decision.
- The provision of certain services other than statutory audit (non-audit services) to audited entities by statutory auditors, audit firms or members of their networks may compromise their independence. Therefore, it is appropriate to prohibit the provision of certain non-audit services such as specific tax, consultancy and advisory services to the audited entity, to its parent undertaking and to its controlled undertakings within the Union. The services that involve playing any part in the management or decision-making of the audited entity might include working capital management, providing financial information, business process optimisation, cash management, transfer pricing, creating supply chain efficiency and the like. Services linked to the financing, capital structure and allocation, and investment strategy of the audited entity should be prohibited except the provision of services such as due diligence services, issuing comfort letters in connection with prospectuses issued by the audited entity and other assurance services.
- It should be possible for Member States to decide to allow the statutory auditors and the audit firms to provide certain tax and valuation services when such services are immaterial or have no direct effect, separately or in the aggregate, on the audited financial statements. Where such services involve aggressive tax planning, they should not be considered as immaterial. Accordingly, a statutory auditor or an audit firm should not provide such services to the audited entity. A statutory auditor or an audit firm should be able to provide non-audit services which are not prohibited under this Regulation, if the provision of those services has been approved in advance by the audit committee and if the statutory auditor or the audit firm has satisfied itself that provision of those services does not pose a threat to the independence of the statutory auditor or the audit firm that cannot be reduced to an acceptable level by the application of safeguards.
- With a view to avoiding conflicts of interest it is important that the statutory auditor or the audit firm, before accepting or continuing an engagement for a statutory audit of a public-interest entity, assess whether the independence requirements are met, and in particular whether any threats to independence arise as a result of the relationship with that entity. The statutory auditor or the audit firm should confirm its independence annually to the audit committee of the audited entity and should discuss with that committee any threat to its independence as well as the safeguards applied to mitigate those threats.
- Directive 95/46/EC of the European Parliament and of the Council should govern the processing of personal data carried out in the Member States in the context of this Regulation and such processing of personal data should be subject to the supervision of the Member States' competent authorities, in particular the public independent authorities designated by the Member States. Any exchange or transmission of information by competent authorities should comply with the rules on the transfer of personal data as laid down in Directive 95/46/EC.
- A sound engagement quality control review of the work carried out in each statutory audit engagement should be conducive to high audit quality. Therefore, the statutory auditor or the audit firm should not issue his, her or its audit report until such an engagement quality control review has been completed.
- The results of the statutory audit of a public-interest entity should be presented to the stakeholders in the audit report. In order to increase the confidence of stakeholders in the financial statements of the audited entity, it is particularly important that the audit report be well-founded and solidly substantiated. In addition to the information required to be provided under Article 28 of Directive 2006/43/EC, the audit report should in particular include sufficient information on the independence of the statutory auditor or the audit firm and on whether the statutory audit was considered capable of detecting irregularities, including fraud.
- The value of statutory audit for the audited entity would be particularly enhanced if the communication between the statutory auditor or the audit firm, on the one hand, and the audit committee, on the other hand, were reinforced. Further to the regular dialogue during the carrying out of the statutory audit, it is important that the statutory auditor or the audit firm submit to the audit committee an additional and more detailed report on the results of the statutory audit. This additional report should be submitted to the audit committee no later than the audit report. Upon request, the statutory auditor or the audit firm should discuss key matters which have been mentioned in the additional report with the audit committee. In addition, it should be possible to make such additional detailed report available to competent authorities responsible for the oversight of statutory auditors and audit firms upon their request, and to third parties where national law so provides.
- Statutory auditors or audit firms already provide competent authorities supervising public-interest entities with information on facts or decisions which could constitute a breach of the rules governing the activities of the audited entity or an impairment of the continuous functioning of the audited entity. However, supervisory tasks would be facilitated if supervisors of credit institutions and insurance undertakings and their statutory auditors and audit firms were required to establish an effective dialogue with each other.
- Regulation (EU) No 1092/2010 of the European Parliament and of the Council established the European Systemic Risk Board (ESRB). The role of the ESRB is to monitor the build-up of systemic risk in the Union. Given the information that statutory auditors and audit firms of systemically important financial institutions have access to, their experience could help the ESRB in its work. Therefore an annual forum for dialogue between statutory auditors and audit firms, on the one hand, and ESRB, on the other, on a sectoral, anonymised basis should be facilitated by this Regulation.
- In order to increase the confidence in, and the liability of, the statutory auditors and the audit firms carrying out the statutory audit of public-interest entities, it is important that the transparency reporting by statutory auditors and audit firms be increased. Therefore, statutory auditors and audit firms should be required to disclose financial information, showing in particular their total turnover divided into audit fees paid by public-interest entities, audit fees paid by other entities and fees for other services. They should also disclose financial information at the level of the network to which they belong. Statutory auditors and audit firms should provide additional supplementary information on audit fees to competent authorities with a view to facilitating their supervisory tasks.
- It is important that the role of the audit committee in the selection of a new statutory auditor or audit firm be reinforced, in the interest of a more informed decision of the general meeting of shareholders or members of the audited entity. Hence, when making a proposal to the general meeting, the administrative or supervisory body should explain whether it follows the preference of the audit committee and, if not, why. The recommendation of the audit committee should include at least two possible choices for the audit engagement and a duly justified preference for one of them, so that a real choice can be made. In order to provide a fair and proper justification in its recommendation, the audit committee should use the results of a mandatory selection procedure organised by the audited entity, under the responsibility of the audit committee. In such selection procedure, the audited entity should not restrict statutory auditors or audit firms with a low market share from presenting proposals for the audit engagement. Tender documents should contain transparent and non-discriminatory selection criteria to be used for the evaluation of proposals. Considering, however, that this selection procedure could entail disproportionate costs for undertakings with reduced market capitalisation or small and medium-sized public-interest entities having regard to their size, it is appropriate to relieve such undertakings and entities from the obligation of organising a procedure for the selection of a new statutory auditor or audit firm.
- The right of the general meeting of shareholders or members of the audited entity to choose the statutory auditor or the audit firm would be of no value if the audited entity were to enter into a contract with a third party providing for a restriction of such choice. Therefore, any clause of a contract entered into by the audited entity with a third party regarding the appointment or restricting the choice to particular statutory auditors or audit firms should be considered null and void.
- The appointment of more than one statutory auditor or audit firm by public-interest entities would reinforce the professional scepticism and help to increase audit quality. Also, this measure, combined with the presence of smaller audit firms in the audit market would facilitate the development of the capacity of such firms, thus broadening the choice of statutory auditors and audit firms for public-interest entities. Therefore, the latter should be encouraged and incentivised to appoint more than one statutory auditor or audit firm to carry out the statutory audit.
- In order to address the familiarity threat and therefore reinforce the independence of statutory auditors and audit firms, it is important to establish a maximum duration of the audit engagement of a statutory auditor or an audit firm in a particular audited entity. In addition, as a means of strengthening the independence of the statutory auditor or the audit firm, reinforcing professional scepticism, and increasing audit quality, this Regulation provides for the following alternatives for an extension of the maximum duration: regular and open mandatory retendering or the appointment of more than one statutory auditor or audit firm by public-interest entities. Also, the involvement of smaller audit firms in these measures would facilitate the development of the capacity of such firms, thus broadening the choice of statutory auditors and audit firms for public-interest entities. An appropriate gradual rotation mechanism should also be established with regard to the key audit partners carrying out the statutory audit on behalf of the audit firm. It is also important to provide for an appropriate period within which such statutory auditor or audit firm may not carry out the statutory audit of the same entity. In order to ensure a smooth transition, the former statutory auditor should transfer a handover file with relevant information to the incoming statutory auditor.
- In order to ensure a high level of investor and consumer confidence in the internal market by avoiding conflicts of interests, statutory auditors and audit firms should be subject to appropriate oversight by competent authorities which are independent from the audit profession and which have adequate capacity, expertise and resources. Member States should be able to delegate or allow their competent authorities to delegate any of the tasks of those competent authorities to other authorities or bodies except those related to the quality assurance system, investigations and disciplinary systems. However, Member States should be able to choose to delegate tasks related to disciplinary systems to other authorities and bodies provided that the majority of the persons involved in the governance of the authority or body concerned are independent from the audit profession. The national competent authorities should have the necessary powers to undertake their supervisory tasks, including the capacity to access data, obtain information and carry out inspections. They should specialise in the supervision of financial markets, in the compliance with financial reporting obligations or in statutory audit oversight. However, it should be possible for the supervision of the compliance with the obligations imposed on public-interest entities to be carried out by the competent authorities responsible for the supervision of those entities. The funding of the competent authorities should be free from any undue influence by statutory auditors or audit firms.
- The quality of supervision should improve if there is effective cooperation between authorities charged with different tasks at national level. Therefore, the authorities competent to supervise compliance with the obligations regarding statutory audit of public-interest entities should cooperate with the authorities responsible for the tasks provided for in Directive 2006/43/EC, with those supervising public-interest entities and with the financial intelligence units referred to in Directive 2005/60/EC of the European Parliament and of the Council.
- External quality assurance for the statutory audit is fundamental for high quality audit. It adds credibility to published financial information and provides better protection for shareholders, investors, creditors and other interested parties. Statutory auditors and audit firms should therefore be subject to a system of quality assurance under the responsibility of the competent authorities, thus ensuring objectivity and independence from the audit profession. Quality assurance reviews should be organised in such a manner that each statutory auditor or each audit firm carrying out audits of public-interest entities is subject to a quality assurance review on the basis of an analysis of the risks. In the case of statutory auditors and audit firms carrying out statutory audits of public-interest entities other than those defined in points (17) and (18) of Article 2 of Directive 2006/43/EC, that review should take place at least every three years and, in other cases, at least every six years. The Commission Recommendation of 6 May 2008 on external quality assurance for statutory auditors and audit firms auditing public-interest entities provides information on how inspections should be undertaken. Quality assurance reviews should be appropriate and proportionate in view of the scale and complexity of the business of the reviewed statutory auditor or audit firm.
- The market for the provision of statutory audit services to public-interest entities evolves over time. It is therefore necessary that competent authorities monitor the developments in the market, particularly as regards the risks that arise from high market concentration, including within specific sectors, and the performance of audit committees.
- The transparency of the activities of competent authorities should help to increase the confidence of investors and consumers in the internal market. Therefore, competent authorities should be required to report regularly on their activities and to publish information in aggregated form on findings and conclusions of inspections, or in individual form where Member States so provide.
- Cooperation between the competent authorities of the Member States can make an important contribution to ensuring consistently high quality of statutory audit in the Union. Therefore, the competent authorities of the Member States should cooperate with each other, where necessary, for the purpose of carrying out their supervisory duties regarding statutory audits. They should respect the principle of home-country regulation and oversight by the Member State in which the statutory auditor or the audit firm is approved and in which the audited entity has its registered office. The cooperation between competent authorities should be organised within the framework of a Committee of European Auditing Oversight Bodies (CEAOB), which should be composed of high-level representatives of the competent authorities. In order to enhance consistent application of this Regulation, the CEAOB should be able to adopt non-binding guidelines or opinions. In addition, it should facilitate the exchange of information, provide advice to the Commission and contribute to technical assessments and technical examinations. For the purpose of carrying out the technical assessment of public oversight systems of third countries and to the international cooperation between Member States and third countries in this area, the CEAOB should establish a sub-group chaired by the member appointed by the European Supervisory Authority (European Securities and Markets Authority — ESMA) and should request the assistance from ESMA, the European Supervisory Authority (European Banking Authority — EBA) or the European Supervisory Authority (European Insurance and Occupational Pensions Authority — EIOPA) insofar as its request is related to the international cooperation between Member States and third countries in the field of statutory audit of public-interest entities supervised by these European Supervisory Authorities. The Secretariat of the CEAOB should be provided by the Commission and, based on the work programme agreed by the CEAOB, should include related expenses in its estimates for the next year.
- (28) statutory audits of public-interest entities, including in cases where the conduct under investigation does not constitute an infringement of any legislative or regulatory provision in force in the Member States concerned. The detailed arrangements for cooperation between the competent authorities of the Member States should include the possibility of creating colleges of competent authorities and the delegation of tasks among themselves. The concept of a network in which statutory auditors and audit firms operate should be taken into account in such cooperation. Competent authorities should respect appropriate confidentiality and professional secrecy rules.
- The interrelation of capital markets gives rise to the need to empower competent authorities to cooperate with supervisory authorities and bodies of third countries regarding the exchange of information or quality assurance reviews. However, where the cooperation with third country authorities is related to audit working papers or other documents held by statutory auditors or audit firms, the procedures laid down by Directive 2006/43/EC should apply.
- Sustainable audit capacity and a competitive market for statutory audit services in which there is a sufficient choice of statutory auditors and audit firms capable of carrying out statutory audits of public-interest entities are required in order to ensure a smooth functioning of capital markets. The competent authorities and the European Competition Network (ECN) should report on the changes brought in the audit market structure introduced by this Regulation.
- The alignment of the procedures for the adoption of delegated acts by the Commission to the Treaty on the Functioning of the European Union and, in particular, to Article 290 and 291 thereof, should be effected on a case-by-case basis. In order to take into account the developments in auditing and in the audit profession, the power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union should be delegated to the Commission. In particular, delegated acts are necessary for the purpose of adopting international auditing standards in the area of audit practice, independence of and internal controls of statutory auditors and audit firms. The international auditing standards adopted should not amend any requirements of this Regulation or supplement any of those requirements, except for those precisely defined. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including consultations at expert level. The Commission, when preparing and drawing up delegated acts, should ensure a simultaneous, timely and appropriate transmission of relevant documents to the European Parliament and to the Council.
- In order to ensure legal certainty and the smooth transition to the regime introduced by this Regulation, it is important to introduce a transitional period regarding the entry into force of the obligation to rotate statutory auditors and audit firms and the obligation to organise a selection procedure for the choice of statutory auditors and audit firms.
- References to provisions of Directive 2006/43/EC should be understood as references to the national provisions transposing those provisions of Directive 2006/43/EC. The new European audit framework as established by this Regulation and Directive 2014/56/EU of the European Parliament and of the Council replaces existing requirements laid down in Directive 2006/43/EC and should be interpreted without referring to any preceding instruments such as Commission recommendations adopted under the previous framework.
- Since the objectives of this Regulation, namely clarifying and better defining the role of statutory audit regarding public-interest entities, improving the information that the statutory auditor or the audit firm provides to the audited entity, investors and other stakeholders, improving the communication channels between auditors and supervisors of public-interest entities, preventing any conflict of interest arising from the provision of non-audit services to public-interest entities, mitigating the risk of any potential conflict of interest due to the existing system whereby the auditee selects and pays the auditor or the familiarity threat, facilitating the switching of, and the choice of a statutory auditor or an audit firm to public-interest entities, broadening the choice of statutory auditors and audit firms for public-interest entities and improving the effectiveness, independence and consistency of the regulation and oversight of statutory auditors and audit firms providing statutory audits to public-interest entities including as regards cooperation at Union level, cannot be sufficiently achieved by the Member States but can rather, by reason of their scale, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.
- This Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union, notably the right to respect for private and family life, the right to the protection of personal data, and the freedom to conduct a business, and has to be applied in accordance with those rights and principles.
- The European Data Protection Supervisor was consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 of the European Parliament and of the Council and delivered an opinion on 23 April 2012.
- A new legal framework of statutory audit of annual and consolidated financial statements should be established by this Regulation and Directive 2014/56/EU, therefore Commission Decision 2005/909/EC should be repealed,
HAVE ADOPTED THIS REGULATION:
SUBJECT MATTER, SCOPE AND DEFINITIONS
Article 1
Subject matter
This Regulation lays down requirements for the carrying out of the statutory audit of annual and consolidated financial statements of public-interest entities, rules on the organisation and selection of statutory auditors and audit firms by public-interest entities to promote their independence and the avoidance of conflicts of interest and rules on the supervision of compliance by statutory auditors and audit firms with those requirements.
Article 2
Scope
1.This Regulation shall apply to the following:
- statutory auditors and audit firms carrying out statutory audits of public-interest entities;
- public-interest entities.
2.This Regulation shall apply without limiting–
- Part 24 of the Financial Services Act 2019;
- Part 7 of the Companies Act 2014;
- any enactment which applies Part 7 of the Companies Act 2014 to entities other than companies; or
- any subsidiary legislation made under an enactment in sub-paragraphs (a) to (c).
Definitions
For the purposes of this Regulation, the definitions in the following enactments apply–
- section 2 and Part 24 of the Financial Services Act 2019;
- Part 7 of the Companies Act 2014;
- any enactment which applies Part 7 of the Companies Act 2014 to entities other than companies; and
- any subsidiary legislation made under an enactment in sub-paragraphs (a) to (c).
TITLE II
CONDITIONS FOR CARRYING OUT STATUTORY AUDIT OF PUBLIC INTEREST ENTITIES
Article 4
Audit fees
1.Fees for the provision of statutory audits to public-interest entities shall not be contingent fees.
For the purposes of the first subparagraph, contingent fees means fees for audit engagements calculated on a predetermined basis relating to the outcome or result of a transaction or the result of the work performed. Fees shall not be regarded as being contingent if a court or the competent authority has established them.
2.When the statutory auditor or the audit firm provides to the audited entity, its parent undertaking or its controlled undertakings, for a period of three or more consecutive financial years, non-audit services other than those referred to in Article 5(1) of this Regulation, the total fees for such services shall be limited to no more than 70 % of the average of the fees paid in the last three consecutive financial years for the statutory audit(s) of the audited entity and, where applicable, of its parent undertaking, of its controlled undertakings and of the consolidated financial statements of that group of undertakings.
For the purposes of the limits specified in the first subparagraph, non-audit services, other than those referred to in Article 5(1), required by the law of Gibraltar shall be excluded.
The competent authority may, upon a request by the statutory auditor or the audit firm, on an exceptional basis, allow that statutory auditor or audit firm to be exempt from the requirements in the first subparagraph in respect of an audited entity for a period not exceeding two financial years.
3.When the total fees received from a public-interest entity in each of the last three consecutive financial years are more than 15 % of the total fees received by the statutory auditor or the audit firm or, where applicable, by the group auditor carrying out the statutory audit, in each of those financial years, such a statutory auditor or audit firm or, as the case may be, group auditor, shall disclose that fact to the audit committee and discuss with the audit committee the threats to their independence and the safeguards applied to mitigate those threats. The audit committee shall consider whether the audit engagement should be subject to an engagement quality control review by another statutory auditor or audit firm prior to the issuance of the audit report.
Where the fees received from such a public-interest entity continue to exceed 15 % of the total fees received by such a statutory auditor or audit firm or, as the case may be, by a group auditor carrying out the statutory audit, the audit committee shall decide on the basis of objective grounds whether the statutory auditor or the audit firm or the group auditor, of such an entity or group of entities may continue to carry out the statutory audit for an additional period which shall not, in any case, exceed two years.
Article 5
Prohibition of the provision of non-audit services
1.A statutory auditor or an audit firm carrying out the statutory audit of a public-interest entity, or any member of the network to which the statutory auditor or the audit firm belongs, shall not directly or indirectly provide to the audited entity, to its parent undertaking (incorporated or formed in Gibraltar) or to its controlled undertakings any prohibited non-audit services in:
- the period between the beginning of the financial year of the accounts to be audited and the issuing of the audit report; and
- the financial year immediately preceding that period in relation to the services listed in point (e) of the second subparagraph.
For the purposes of this Article, prohibited non-audit services shall mean:
- tax services relating to:
- preparation of tax forms;
- payroll tax;
- customs duties;
- identification of public subsidies and tax incentives unless support from the statutory auditor or the audit firm in respect of such services is required by law;
- support regarding tax inspections by tax authorities unless support from the statutory auditor or the audit firm in respect of such inspections is required by law;
- calculation of direct and indirect tax and deferred tax;
- provision of tax advice;
- services that involve playing any part in the management or decision-making of the audited entity;
- bookkeeping and preparing accounting records and financial statements;
- payroll services;
- designing and implementing internal control or risk management procedures related to the preparation and/or control of financial information or designing and implementing financial information technology systems;
- valuation services, including valuations performed in connection with actuarial services or litigation support services;
- legal services, with respect to:
- the provision of general counsel;
- negotiating on behalf of the audited entity; and
- acting in an advocacy role in the resolution of litigation;
- services related to the audited entity's internal audit function;
- services linked to the financing, capital structure and allocation, and investment strategy of the audited entity, except providing assurance services in relation to the financial statements, such as the issuing of comfort letters in connection with prospectuses issued by the audited entity;
- promoting, dealing in, or underwriting shares in the audited entity;
- human resources services, with respect to:
-
management in a position to exert significant influence over the preparation of the accounting records or financial statements which are the subject of the statutory audit, where such services involve:
- searching for or seeking out candidates for such position; or
- undertaking reference checks of candidates for such positions; - structuring the organisation design; and
- cost control.
-
2.Omitted
3.By way of derogation from the second subparagraph of paragraph 1, the provision of the services referred to in points (a) (i), (a) (iv) to (a) (vii) and (f) is allowed, provided that the following requirements are complied with:
- they have no direct or have immaterial effect, separately or in the aggregate on the audited financial statements;
- the estimation of the effect on the audited financial statements is comprehensively documented and explained in the additional report to the audit committee referred to in Article 11; and
- the principles of independence laid down in Part 24 of the Financial Services Act 2019 are complied with by the statutory auditor or the audit firm.
4.A statutory auditor or an audit firm carrying out statutory audits of public-interest entities and, where the statutory auditor or the audit firm belongs to a network, any member of such network, may provide to the audited entity, to its parent undertaking (incorporated or formed in Gibraltar) or to its controlled undertakings non-audit services other than the prohibited non-audit services referred to in paragraphs 1 and 2 subject to the approval of the audit committee after it has properly assessed threats to independence and the safeguards applied in accordance with section 496 of the Financial Services Act 2019. The audit committee shall, where applicable, issue guidelines with regard to the services referred to in paragraph 3.
5.When a member of a network to which the statutory auditor or the audit firm carrying out a statutory audit of a public-interest entity belongs provides any of the non-audit services, referred to in paragraphs 1 and 2 of this Article, to an undertaking incorporated in a third country which is controlled by the audited public-interest entity, the statutory auditor or the audit firm concerned shall assess whether his, her or its independence would be compromised by such provision of services by the member of the network.
If his, her or its independence is affected, the statutory auditor or the audit firm shall apply safeguards where applicable in order to mitigate the threats caused by such provision of services in a third country. The statutory auditor or the audit firm may continue to carry out the statutory audit of the public-interest entity only if he, she or it can justify, in accordance with Article 6 of this Regulation and Article 22b of Directive 2006/43/EC, that such provision of services does not affect his, her or its professional judgement and the audit report.
For the purposes of this paragraph:
- being involved in the decision-taking of the audited entity and the provision of the services referred to in points (b), (c) and (e) of the second subparagraph of paragraph 1 shall be deemed to affect such independence in all cases and to be incapable of mitigation by any safeguards.
- provision of the services referred to in the second subparagraph of paragraph 1 other than points (b), (c) and (e) thereof shall be deemed to affect such independence and therefore to require safeguards to mitigate the threats caused thereby.
Article 6
Preparation for the statutory audit and assessment of threats to independence
1.Before accepting or continuing an engagement for a statutory audit of a public- interest entity, a statutory auditor or an audit firm shall assess and document, in addition to the provisions of section 496 of the Financial Services Act 2019, the following:
- whether he, she or it complies with the requirements of Articles 4 and 5 of this Regulation;
- whether the conditions of Article 17 of this Regulation are complied with;
- without prejudice to the Proceeds of Crime Act 2015 and the Terrorism Act 2018, the integrity of the members of the supervisory, administrative and management bodies of the public-interest entity.
2.A statutory auditor or an audit firm shall:
- confirm annually in writing to the audit committee that the statutory auditor, the audit firm and partners, senior managers and managers, conducting the statutory audit are independent from the audited entity;
- discuss with the audit committee the threats to their independence and the safeguards applied to mitigate those threats, as documented by them pursuant to paragraph 1.
Article 7
Without prejudice to Article 12 of this Regulation and the Proceeds of Crime Act 2015 and the Terrorism Act 2018, when a statutory auditor or an audit firm carrying out the statutory audit of a public-interest entity suspects or has reasonable grounds to suspect that irregularities, including fraud with regard to the financial statements of the audited entity, may occur or have occurred, he, she or it shall inform the audited entity and invite it to investigate the matter and take appropriate measures to deal with such irregularities and to prevent any recurrence of such irregularities in the future.
Where the audited entity does not investigate the matter, the statutory auditor or the audit firm shall inform the authorities as designated by the Member States responsible for investigating such irregularities.
The disclosure in good faith to those authorities, by the statutory auditor or the audit firm, of any irregularities referred to in the first subparagraph shall not constitute a breach of any contractual or legal restriction on disclosure of information.
Article 8
Engagement quality control review
1.Before the reports referred to in Articles 10 and 11 are issued, an engagement quality control review (in this Article hereinafter referred to as: review) shall be performed to assess whether the statutory auditor or the key audit partner could reasonably have come to the opinion and conclusions expressed in the draft of these reports.
2.The review shall be performed by an engagement quality control reviewer (the “reviewer”)–
- who shall be–
- a statutory auditor; or
- an individual who is approved as a statutory auditor in the United Kingdom; and
- who is not involved in the performance of the statutory audit to which the review relates.
3.Where a statutory audit is carried out by–
- an audit firm, and all the statutory auditors were involved in carrying-out the statutory audit; or
- a statutory auditor who is not a partner or employee of an audit firm,
the audit firm or statutory auditor shall arrange for a review to be performed by another statutory auditor or by an individual approved as a statutory auditor in the United Kingdom. Documents or information disclosed to the reviewer for the purposes of this Article shall be subject to professional secrecy, but disclosure of documents or information to the reviewer for those purposes shall not constitute a breach.
4.When performing the review, the reviewer shall record at least the following:
- the oral and written information provided by the statutory auditor or the key audit partner to support the significant judgements as well as the main findings of the audit procedures carried out and the conclusions drawn from those findings, whether or not at the request of the reviewer;
- the opinions of the statutory auditor or the key audit partner, as expressed in the draft of the reports referred to in Articles 10 and 11;
5.The review shall at least assess the following elements:
- the independence of the statutory auditor or the audit firm from the audited entity;
- the significant risks which are relevant to the statutory audit and which the statutory auditor or the key audit partner has identified during the performance of the statutory audit and the measures that he or she has taken to adequately manage those risks;
- the reasoning of the statutory auditor or the key audit partner, in particular with regard to the level of materiality and the significant risks referred to in point (b);
- any request for advice to external experts and the implementation of such advice;
- the nature and scope of the corrected and uncorrected misstatements in the financial statements that were identified during the carrying out of the audit;
- the subjects discussed with the audit committee and the management and/or supervisory bodies of the audited entity;
- the subjects discussed with competent authorities and, where applicable, with other third parties;
- whether the documents and information selected from the file by the reviewer support the opinion of the statutory auditor or the key audit partner as expressed in the draft of the reports referred to in Articles 10 and 11.
6.The reviewer shall discuss the results of the review with the statutory auditor or the key audit partner. The audit firm shall establish procedures for determining the manner in which any disagreement between the key audit partner and the reviewer are to be resolved.
7.The statutory auditor or the audit firm and the reviewer shall keep a record of the results of the review, together with the considerations underlying those results.
Article 9
Omitted
Article 10
Audit report
1.The statutory auditor(s) or the audit firm(s) shall present the results of the statutory audit of the public-interest entity in an audit report.
2.The audit report shall be prepared in accordance with the section 505 of the Financial Services Act 2019 and in addition shall at least:
- state by whom or by which body the statutory auditor(s) or the audit firm(s) was (were) appointed;
- indicate the date of the appointment and the period of total uninterrupted engagement including previous renewals and reappointments of the statutory auditors or the audit firms;
- provide, in support of the audit opinion, the following:
- a description of the most significant assessed risks of material misstatement, including assessed risks of material misstatement due to fraud;
- a summary of the auditor's response to those risks; and
-
where relevant, key observations arising with respect to those risks.
Where relevant to the above information provided in the audit report concerning each significant assessed risk of material misstatement, the audit report shall include a clear reference to the relevant disclosures in the financial statements.
- explain to what extent the statutory audit was considered capable of detecting irregularities, including fraud;
- confirm that the audit opinion is consistent with the additional report to the audit committee referred to in Article 11;
- declare that the prohibited non-audit services referred to in Article 5(1) were not provided and that the statutory auditor(s) or the audit firm(s) remained independent of the audited entity in conducting the audit;
- indicate any services, in addition to the statutory audit, which were provided by the statutory auditor or the audit firm to the audited entity and its controlled undertaking(s), and which have not been disclosed in the management report or financial statements.
3.Except as required by point (e) of paragraph 2 the audit report shall not contain any cross-references to the additional report to the audit committee referred to in Article 11. The audit report shall be in clear and unambiguous language.
4.The statutory auditor or the audit firm shall not use the name of the competent authority in a way that would indicate or suggest endorsement or approval by that authority of the audit report.
Article 11
Additional report to the audit committee
1.Statutory auditors or audit firms carrying out statutory audits of public-interest entities shall not later than the date of submission of the audit report referred to in Article 10 submit an additional report to–
- the audit committee of the audited entity; and
- the administrative or supervisory body of the audited entity.
If the audited entity does not have an audit committee, the additional report shall be submitted to the body performing equivalent functions within the audited entity.
2.The additional report to the audit committee shall be in writing. It shall explain the results of the statutory audit carried out and shall at least:
- include the declaration of independence referred to in point (a) of Article 6(2);
- where the statutory audit was carried out by an audit firm, the report shall identify each key audit partner involved in the audit;
- where the statutory auditor or the audit firm has made arrangements for any of his, her or its activities to be conducted by another statutory auditor or audit firm that is not a member of the same network, or has used the work of external experts, the report shall indicate that fact and shall confirm that the statutory auditor or the audit firm received a confirmation from the other statutory auditor or audit firm and/or the external expert regarding their independence;
- describe the nature, frequency and extent of communication with the audit committee or the body performing equivalent functions within the audited entity, the management body and the administrative or supervisory body of the audited entity, including the dates of meetings with those bodies;
- include a description of the scope and timing of the audit;
- where more than one statutory auditor or audit firm have been appointed, describe the distribution of tasks among the statutory auditors and/or the audit firms;
- describe the methodology used, including which categories of the balance sheet have been directly verified and which categories have been verified based on system and compliance testing, including an explanation of any substantial variation in the weighting of system and compliance testing when compared to the previous year, even if the previous year's statutory audit was carried out by other statutory auditor(s) or audit firm(s);
- disclose the quantitative level of materiality applied to perform the statutory audit for the financial statements as a whole and where applicable the materiality level or levels for particular classes of transactions, account balances or disclosures, and disclose the qualitative factors which were considered when setting the level of materiality;
- report and explain judgements about events or conditions identified in the course of the audit that may cast significant doubt on the entity's ability to continue as a going concern and whether they constitute a material uncertainty, and provide a summary of all guarantees, comfort letters, undertakings of public intervention and other support measures that have been taken into account when making a going concern assessment;
- report on any significant deficiencies in the audited entity's or, in the case of consolidated financial statements, the parent undertaking's internal financial control system, and/or in the accounting system. For each such significant deficiency, the additional report shall state whether or not the deficiency in question has been resolved by the management;
- report any significant matters involving actual or suspected non-compliance with laws and regulations or articles of association which were identified in the course of the audit, in so far as they are considered to be relevant in order to enable the audit committee to fulfil its tasks;
- report and assess the valuation methods applied to the various items in the annual or consolidated financial statements including any impact of changes of such methods;
- in the case of a statutory audit of consolidated financial statements, explain the scope of consolidation and the exclusion criteria applied by the audited entity to the non-consolidated entities, if any, and whether those criteria applied are in accordance with the financial reporting framework;
- where applicable, identify any audit work performed by third-country auditor(s), statutory auditor(s), third-country audit entity(ies) or audit firm(s) in relation to a statutory audit of consolidated financial statements other than by members of the same network as to which the auditor of the consolidated financial statements belongs;
- indicate whether all requested explanations and documents were provided by the audited entity;
- report:
- any significant difficulties encountered in the course of the statutory audit;
- any significant matters arising from the statutory audit that were discussed or were the subject of correspondence with management; and
- any other matters arising from the statutory audit that in the auditor's professional judgement, are significant to the oversight of the financial reporting process.
Upon request by a statutory auditor, an audit firm or the audit committee, the statutory auditor(s) or the audit firm(s) shall discuss key matters arising from the statutory audit, referred to in the additional report to the audit committee, and in particular in point (j) of the first subparagraph, with the audit committee, administrative body or, where applicable, supervisory body of the audited entity.
3.Where more than one statutory auditor or audit firm have been engaged simultaneously, and any disagreement has arisen between them on auditing procedures, accounting rules or any other issue regarding the conduct of the statutory audit, the reasons for such disagreement shall be explained in the additional report to the audit committee.
4.The additional report to the audit committee shall be signed and dated. Where an audit firm carries out the statutory audit, the additional report to the audit committee shall be signed by the statutory auditors carrying out the statutory audit on behalf of the audit firm.
5.Upon request, the statutory auditors or the audit firms shall make available without delay the additional report to the competent authority.
Article 12
Report to supervisors of public-interest entities
1.The statutory auditor or the audit firm carrying out the statutory audit of a public-interest entity shall have a duty to report promptly to the competent authority responsible for the oversight of the statutory auditor or audit firm, any information concerning that public-interest entity of which he, she or it has become aware while carrying out that statutory audit and which may bring about any of the following:
- a material breach of the laws, regulations or administrative provisions which lay down, where appropriate, the conditions governing authorisation or which specifically govern pursuit of the activities of such public-interest entity;
- a material threat or doubt concerning the continuous functioning of the public-interest entity;
- a refusal to issue an audit opinion on the financial statements or the issuing of an adverse or qualified opinion.
Statutory auditors or audit firms shall also have a duty to report any information referred to in points (a) (b) or (c) of the first subparagraph of which they become aware in the course of carrying out the statutory audit of an undertaking having close links with the public-interest entity for which they are also carrying out the statutory audit. For the purposes of this Article, ‘close links’ shall have the meaning assigned to that term in Article 4.1(38) of the Capital Requirements Regulation.
This Article applies without limiting any duty imposed on a statutory auditor or audit firm by–
- regulation 76 of the Financial Services (Investment Services) Regulations 2020;
- regulation 99 of the Financial Services (Credit Institutions and Capital Requirements) Regulations 2020;
- regulation 85(4) of the Financial Services (Payment Services) Regulations 2020;
- regulation 124 of the Financial Services (UCITS) Regulations 2020;
- regulation 39 of the Financial Services (Electronic Money) Regulations 2020; or
- regulation 62 of the Financial Services (Insurance Companies) Regulations 2020.
2.An effective dialogue shall be established between the competent authority and the statutory auditor(s) and the audit firm(s) carrying out the statutory audit of credit institutions and insurance undertakings. The responsibility for compliance with this requirement shall rest with both parties to the dialogue.
3.The disclosure in good faith to the competent authority, by the statutory auditor or the audit firm or network, where applicable, of any information referred to in paragraph 1 or of any information emerging during the dialogue provided for in paragraph 2 shall not constitute a breach of any contractual or legal restriction on disclosure of information.
Article 13
Transparency report
1.A statutory auditor or an audit firm that carries out statutory audits of public-interest entities shall make public an annual transparency report at the latest four months after the end of each financial year. That transparency report shall be published on the website of the statutory auditor or the audit firm and shall remain available on that website for at least five years from the day of its publication on the website. If the statutory auditor is employed by an audit firm, the obligations under this Article shall be incumbent on the audit firm.
A statutory auditor or an audit firm shall be allowed to update its published annual transparency report. In such a case, the statutory auditor or the audit firm shall indicate that it is an updated version of the report and the original version of the report shall continue to remain available on the website.
Statutory auditors and audit firms shall communicate to the competent authorities that the transparency report has been published on the website of the statutory auditor or the audit firm or, as appropriate, that it has been updated.
2.The annual transparency report shall include at least the following:
- a description of the legal structure and ownership of the audit firm;
- where the statutory auditor or the audit firm is a member of a network:
- a description of the network and the legal and structural arrangements in the network;
- the name of each statutory auditor operating as a sole practitioner or audit firm that is a member of the network who is eligible to undertake statutory audits or equivalent audits in the United Kingdom or EEA States;
- for each member of the network identified under paragraph (ii),the countries in which the member is eligible for appointment as an auditor or has his, her or its registered office, central administration or principal place of business;
- the total turnover of the members of the network identified under paragraph (ii) resulting from statutory audit work or equivalent work in the United Kingdom or EEA States;
- a description of the governance structure of the audit firm;
- a description of the internal quality control system of the statutory auditor or of the audit firm and a statement by the administrative or management body on the effectiveness of its functioning;
- an indication of when the last quality assurance review referred to in Article 26 was carried out;
- a list of public-interest entities for which the statutory auditor or the audit firm carried out statutory audits during the preceding financial year;
- a statement concerning the statutory auditor's or the audit firm's independence practices which also confirms that an internal review of independence compliance has been conducted;
- a statement on the policy followed by the statutory auditor or the audit firm concerning the continuing education of statutory auditors referred to in section 486 of the Financial Services Act 2019;
- information concerning the basis for the partners' remuneration in audit firms;
- a description of the statutory auditor's or the audit firm's policy concerning the rotation of key audit partners and staff in accordance with Article 17(7);
- where not disclosed in its accounts, information about the total turnover of the statutory auditor or the audit firm, divided into the following categories:
- revenues from the statutory audit of annual and consolidated financial statements of public-interest entities and entities belonging to a group of undertakings whose parent undertaking is a public-interest entity;
- revenues from the statutory audit of annual and consolidated financial statements of other entities;
- revenues from permitted non-audit services to entities that are audited by the statutory auditor or the audit firm; and
- revenues from non-audit services to other entities.
The statutory auditor or the audit firm may, in exceptional circumstances, decide not to disclose the information required in point (f) of the first subparagraph to the extent necessary to mitigate an imminent and significant threat to the personal security of any person. The statutory auditor or the audit firm shall be able to demonstrate to the competent authority the existence of such threat.
3.The transparency report shall be signed by the statutory auditor or the audit firm.
Information for competent authorities
Statutory auditors and audit firms shall provide annually to the competent authority a list of the audited public-interest entities by revenue generated from them, dividing those revenues into:
Article 15
Record keeping
Statutory auditors and audit firms shall keep the documents and information referred to in Article 4(3), Article 6, Article 7, Article 8(4) to (7), Articles 10 and 11 Article 12(1) and (2), Article 14, Article 16(2), (3) and(5) of this Regulation, and in Articles 22b, 24a, 24b, 27 and 28 of Directive 2006/43/EC, for a period of at least five years following the creation of such documents or information.
TITLE III
THE APPOINTMENT OF STATUTORY AUDITORS OR AUDIT FIRMS BY PUBLIC-INTEREST ENTITIES
Article 16
Appointment of statutory auditors or audit firms
1.For the purposes of the application of section 529(1) of the Financial Services Act 2019, for the appointment of statutory auditors or audit firms by public-interest entities, the conditions set out in paragraphs 2 to 5 of this Article shall apply.
Paragraphs 2 to 5 of this Article shall not apply to the appointment of statutory auditors or audit firms by public-interest entities by an alternative method provided for in regulations made under section 529(2) of the Financial Services Act 2019.
2.The audit committee shall submit a recommendation to the administrative or supervisory body of the audited entity for the appointment of statutory auditors or audit firms.
Unless it concerns the renewal of an audit engagement in accordance with Article 17(1) and 17(2), the recommendation shall be justified and contain at least two choices for the audit engagement and the audit committee shall express a duly justified preference for one of them.
In its recommendation, the audit committee shall state that its recommendation is free from influence by a third party and that no clause of the kind referred to in paragraph 6 has been imposed upon it.
3.Unless it concerns the renewal of an audit engagement in accordance with Article 17(1) and 17(2), the recommendation of the audit committee referred to in paragraph 2 of this Article shall be prepared following a selection procedure organised by the audited entity respecting the following criteria:
- the audited entity shall be free to invite any statutory auditors or audit firms to submit proposals for the provision of the statutory audit service on the condition that Article 17(3) is respected and that the organisation of the tender process does not in any way preclude the participation in the selection procedure of firms which received less than 15 % of the total audit fees from public-interest entities in the previous calendar year;
- the audited entity shall prepare tender documents for the attention of the invited statutory auditors or audit firms. Those tender documents shall allow them to understand the business of the audited entity and the type of statutory audit that is to be carried out. The tender documents shall contain transparent and non-discriminatory selection criteria that shall be used by the audited entity to evaluate the proposals made by statutory auditors or audit firms;
- the audited entity shall be free to determine the selection procedure and may conduct direct negotiations with interested tenderers in the course of the procedure;
- where, in accordance with the law of Gibraltar, the competent authority requires statutory auditors and audit firms to comply with certain quality standards, those standards shall be included in the tender documents;
- the audited entity shall evaluate the proposals made by the statutory auditors or the audit firms in accordance with the selection criteria predefined in the tender documents. The audited entity shall prepare a report on the conclusions of the selection procedure, which shall be validated by the audit committee. The audited entity and the audit committee shall take into consideration any findings or conclusions of any inspection report on the applicant statutory auditor or audit firm referred to in Article 26(8) and published by the competent authority pursuant to point (d) of Article 28;
- the audited entity shall be able to demonstrate, upon request, to the competent authority that the selection procedure was conducted in a fair manner.
The audit committee shall be responsible for the selection procedure referred to in the first subparagraph.
For the purposes of point (a) of the first subparagraph, the competent authority shall make public a list of the statutory auditors and the audit firms concerned which shall be updated on an annual basis. The competent authority shall use the information provided by statutory auditors and audit firms pursuant to Article 14 to make the relevant calculations.
4.A public-interest entity shall not be required to apply the selection procedure referred to in paragraph 3 if it is a small or medium sized enterprise within the meaning of Article 2(f) of the Prospectus Regulation.
5.The proposal to the general meeting of shareholders or members of the audited entity for the appointment of statutory auditors or audit firms shall include the recommendation and preference referred to in paragraph 2 made by the audit committee or the body performing equivalent functions.
If the proposal departs from the preference of the audit committee, the proposal shall justify the reasons for not following the recommendation of the audit committee. However, the statutory auditor or audit firm recommended by the administrative or supervisory body must have participated in the selection procedure described in paragraph 3. This subparagraph shall not apply where the audit committee's functions are performed by the administrative or supervisory body.
6.Any clause of a contract entered into between a public-interest entity and a third party restricting the choice by the general meeting of shareholders or members of that entity, as referred to in section 529(3) of the Financial Services Act 2019 to certain categories or lists of statutory auditors or audit firms, as regards the appointment of a particular statutory auditor or audit firm to carry out the statutory audit of that entity shall be of no effect.
The public-interest entity shall inform the competent authority directly and without delay of any attempt by a third party to impose such a contractual clause or to otherwise improperly influence the decision of the general meeting of shareholders or members on the selection of a statutory auditor or an audit firm.
7.Omitted
8.Where the audited entity has a nomination committee in which shareholders or members have a considerable influence and which has the task of making recommendations on the selecting of auditors, that committee may perform the functions of the audit committee that are laid down in this Article and shall submit the recommendation referred to in paragraph 2 to the general meeting of shareholders or members.
Article 17
Duration of the audit engagement
1.A public-interest entity shall appoint a statutory auditor or an audit firm for an initial engagement of at least one year. The engagement may be renewed.
Neither the initial engagement of a particular statutory auditor or audit firm, nor this in combination with any renewed engagements therewith shall exceed a maximum duration of 10 years.
2.Omitted
3.After the expiry of the maximum durations of engagements referred to in the second subparagraph of paragraph 1 or after the expiry of the durations of engagements extended in accordance with paragraphs 4 or 6, neither the statutory auditor or the audit firm nor, where applicable, any members of their networks shall undertake the statutory audit of the same public-interest entity within the following four-year period.
4.The maximum duration referred to in the second sub-paragraph of paragraph 1 may be extended to a maximum of:
- 20 years, where a public tendering process for the statutory audit is conducted in accordance with paragraphs 2 to 5 of Article 16 and takes effect upon the expiry of the maximum durations referred to in the second subparagraph of paragraph 1; or
- twenty four years, where, after the expiry of the maximum durations referred to in the second subparagraph of paragraph 1, more than one statutory auditor or audit firm is simultaneously engaged, provided that the statutory audit results in the presentation of the joint audit report as referred to in section 505 of the Financial Services Act 2019.
5.The maximum durations referred to in the second subparagraph of paragraph 1 shall be extended only if, upon a recommendation of the audit committee, the administrative or supervisory body, proposes to the general meeting of shareholders or members that the engagement be renewed and that proposal is approved.
6.After the expiry of the maximum durations referred to in the second subparagraph of paragraph 1 or in paragraph 4, as appropriate, the public-interest entity may, on an exceptional basis, request that the competent authority grant an extension to re-appoint the statutory auditor or the audit firm for a further engagement where the conditions in points (a) or (b) of paragraph 4 are met. Such an additional engagement shall not exceed two years.
7.The key audit partners responsible for carrying out a statutory audit shall cease their participation in the statutory audit of the audited entity not later than seven years from the date of their appointment. They shall not participate again in the statutory audit of the audited entity before three years have elapsed following that cessation.
The statutory auditor or the audit firm shall establish an appropriate gradual rotation mechanism with regard to the most senior personnel involved in the statutory audit, including at least the persons who are registered as statutory auditors. The gradual rotation mechanism shall be applied in phases on the basis of individuals rather than of the entire engagement team. It shall be proportionate in view of the scale and the complexity of the activity of the statutory auditor or the audit firm.
The statutory auditor or the audit firm shall be able to demonstrate to the competent authority that such mechanism is effectively applied and adapted to the scale and the complexity of the activity of the statutory auditor or the audit firm.
8.For the purposes of this Article, the duration of the audit engagement shall be calculated as from the first financial year covered in the audit engagement letter in which the statutory auditor or the audit firm has been appointed for the first time for the carrying-out of consecutive statutory audits for the same public-interest entity.
For the purposes of this Article, the audit firm shall include other firms that the audit firm has acquired or that have merged with it.
If there is uncertainty as to the date on which the statutory auditor or the audit firm began carrying out consecutive statutory audits for the public-interest entity, for example due to firm mergers, acquisitions, or changes in ownership structure, the statutory auditor or the audit firm shall immediately report such uncertainties to the competent authority, which shall ultimately determine the relevant date for the purposes of the first subparagraph.
Hand-over file
Where a statutory auditor or an audit firm is replaced by another statutory auditor or audit firm, the former statutory auditor or audit firm shall comply with the requirements in section 498(3) of the Financial Services Act 2019.
Subject to Article 15, the former statutory auditor or audit firm shall also grant the incoming statutory auditor or audit firm access to the additional reports referred to in Article 11 in respect of previous years and to any information transmitted to competent authority pursuant to Articles 12 and 13.
The former statutory auditor or audit firm shall be able to demonstrate to the competent authority that such information has been provided to the incoming statutory auditor or audit firm.
Article 19
Omitted
SURVEILLANCE OF THE ACTIVITIES OF STATUTORY AUDITORS AND AUDIT FIRMS CARRYING OUT STATUTORY AUDIT OF PUBLIC-INTEREST ENTITIES
CHAPTER I
Competent authorities
Article 20
Omitted
Article 21
Conditions of independence
The competent authority shall be independent of statutory auditors and audit firms.
The competent authority may consult experts, as referred to in point (c) of Article 26(1), for the purpose of carrying out specific tasks and may also be assisted by experts when this is essential for the proper fulfilment of their tasks. In such instances, the experts shall not be involved in any decision-making.
A person shall not be a member of the the Auditors Regulatory Committee if during his or her involvement or in the course of the three previous years that person:
- has carried out statutory audits;
- held voting rights in an audit firm;
- was member of the administrative, management or supervisory body of an audit firm;
- was a partner, employee of, or otherwise contracted by, an audit firm.
The funding of the competent authority shall be secure and free from undue influence by statutory auditors and audit firms.
Article 22
Professional secrecy in relation to competent authorities
The obligation of professional secrecy shall apply to all persons who are or have been employed or independently contracted by, or involved in the governance of, competent authorities or by any authority or body to which tasks have been delegated under Article 24 of this Regulation. Information covered by professional secrecy may not be disclosed to any other person or authority except by virtue of the obligations laid down in this Regulation or the law of Gibraltar.
Article 23
Powers of competent authority
1.Without prejudice to Article 26, in carrying out the competent authority's tasks, neither the competent authority nor any other regulatory authority or body may interfere with the content of audit reports.
2.The competent authority may exercise any of its supervisory and investigatory powers under the Financial Services Act 2019 including, in particular, the powers in sections 507 to 524 of that Act, for the purpose of discharging its functions under this Regulation.
3.The competent authority may exercise the powers referred to paragraph 2 in relation to:
- statutory auditors and audit firms carrying out statutory audit of public-interest entities;
- persons involved in the activities of statutory auditors and audit firms carrying out statutory audit of public-interest entities;
- audited public-interest entities, their affiliates and related third parties;
- third parties to whom the statutory auditors and the audit firms carrying out statutory audit of public-interest entities have outsourced certain functions or activities; and
- persons otherwise related or connected to statutory auditors and audit firms carrying out statutory audit of public-interest entities.
Article 24
Delegation of tasks
1.The competent authority may, with the consent of the Minister, delegate to another body any of the competent authority’s tasks under this Regulation other than tasks related to–
- the quality assurance system referred to in Article 26;
- investigations carried out under powers in Article 23 or Part 24 of the Financial Services Act 2019 arising from that quality assurance system or from a referral by another authority; and
- the imposition of sanctions or the taking of measures under that Part related to the quality assurance reviews or investigation of statutory audits of public interest entities.
2.Any execution of tasks by other authorities or bodies shall be the subject of an express delegation by the competent authority. The delegation shall specify the delegated tasks and the conditions under which they are to be carried out.
Where the competent authority delegates tasks to other authorities or bodies, it shall be able to reclaim these competences on a case-by-case basis.
3.The authorities or bodies shall be organised in such a manner that there are no conflicts of interest. The ultimate responsibility for supervising compliance with this Regulation and with the implementing measures adopted pursuant thereto shall lie with the delegating competent authority.
Article 25
Cooperation with other authorities
The competent authority and, where appropriate, any body to which the competent authority has delegated tasks shall cooperate with the Gibraltar Financial Intelligence Unit and the supervisory authorities designated under the Proceeds of Crime Act 2015.
For the purposes of such cooperation, the obligation of professional secrecy under Article 22 of this Regulation shall apply.
CHAPTER II
Quality assurance, market monitoring, and transparency of competent authorities
Article 26
Quality assurance
1.For the purposes of this Article:
- ‘inspections’ means quality assurance reviews of statutory auditors and audit firms, which are led by an inspector and which do not constitute an investigation within the meaning of section 525(6) of the Financial Services Act 2019;
- ‘inspector’ means an individual who meets the requirements set out in point (a) of the first subparagraph of paragraph 5 of this Article and who is employed or otherwise contracted by the competent authority;
- ‘expert’ means an individual who has specific expertise in financial markets, financial reporting, auditing or other fields relevant for inspections, including practising statutory auditors.
2.The competent authority shall establish an effective system of audit quality assurance.
The competent authority shall carry out quality assurance reviews of statutory auditors and audit firms that carry out statutory audits of public-interest entities on the basis of an analysis of the risk and:
- in the case of statutory auditors and audit firms carrying out audits of public interest entities other than those which, but for being public interest entities would qualify as small or medium-sized under Schedule 9 to the Companies Act 2014 (or would so qualify if they were companies), at least every three years; and
- in cases other than those referred to in point (a), at least every six years.
3.The competent authority shall have the following responsibilities:
- approval and amendment of the inspection methodologies, including inspection and follow-up manuals, reporting methodologies and periodic inspection programmes;
- approval and amendment of inspection reports and follow-up reports;
- approval and assignment of inspectors for each inspection.
The competent authority shall allocate adequate resources to the quality assurance system.
4.The competent authority shall organise the quality assurance system in a manner that is independent of the reviewed statutory auditors and audit firms.
The competent authority shall ensure that appropriate policies and procedures related to the independence and objectivity of the staff, including inspectors, and the management of the quality assurance system are put in place.
5.The competent authority shall comply with the following criteria when appointing inspectors:
- inspectors shall have appropriate professional education and relevant experience in statutory audit and financial reporting combined with specific training on quality assurance reviews;
- a person who is a practising statutory auditor or is employed by or otherwise associated with a statutory auditor or an audit firm shall not be allowed to act as an inspector;
- a person shall not be allowed to act as an inspector in an inspection of a statutory auditor or an audit firm until at least three years have elapsed since that person ceased to be a partner or employee of that statutory auditor or of that audit firm or to be otherwise associated with that statutory auditor or audit firm;
- inspectors shall declare that there are no conflicts of interest between them and the statutory auditor and the audit firm to be inspected.
By way of derogation from point (b) of paragraph 1, the competent authority may contract experts for carrying out specific inspections when the number of inspectors within the authority is insufficient. The competent authority may also be assisted by experts when this is essential for the proper conduct of an inspection. In such instances, the competent authority and the experts shall comply with the requirements of this paragraph. Experts shall not be involved in the governance of, or employed or otherwise contracted by professional associations and bodies but may be members of such associations or bodies.
5A. In point (a) of paragraph 5, “relevant experience” means experience of–
- statutory audit work;
- equivalent work, in the case of a person appointed before IP completion day to conduct inspections on the audit of accounts under the law of the United Kingdom or an EEA State; or
- equivalent work, in the case of a person appointed to conduct inspections on the audit of accounts under the law of an equivalent third country.
6.The scope of inspections shall at least cover:
- an assessment of the design of the internal quality control system of the statutory auditor or of the audit firm;
- adequate compliance testing of procedures and a review of audit files of public-interest entities in order to verify the effectiveness of the internal quality control system;
- in the light of the findings of the inspection under points (a) and (b) of this paragraph, an assessment of the contents of the most recent annual transparency report published by a statutory auditor or an audit firm in accordance with Article 13.
7.At least the following internal quality control policies and procedures of the statutory auditor or the audit firm shall be reviewed:
- compliance by the statutory auditor or the audit firm with applicable auditing and quality control standards, and ethical and independence requirements, including the requirements of sections 493 to 502 of the Financial Services Act 2019 and Articles 4 and 5 of this Regulation;
- the quantity and quality of resources used, including compliance with continuing education requirements as set out in section 486 of the Financial Services Act 2019;
- compliance with the requirements set out in Article 4 of this Regulation on the audit fees charged.
For the purposes of testing compliance, audit files shall be selected on the basis of an analysis of the risk of a failure to carry out a statutory audit adequately.
The competent authority shall also periodically review the methodologies used by statutory auditors and audit firms to carry out statutory audits.
In addition to the inspection covered by the first subparagraph, the competent authority shall have the power to perform other inspections.
8.The findings and conclusions of inspections on which recommendations are based, including the findings and conclusions related to a transparency report, shall be communicated to and discussed with the inspected statutory auditor or audit firm before an inspection report is finalised.
Recommendations of inspections shall be implemented by the inspected statutory auditor or audit firm within a reasonable period set by the competent authority. Such period shall not exceed 12 months in the case of recommendations on the internal quality control system of the statutory auditor or of the audit firm.
9.The inspection shall be the subject of a report which shall contain the main conclusions and recommendations of the quality assurance review.
Article 27
Monitoring market quality and competition
1.The competent authority shall regularly monitor the developments in the market for providing statutory audit services to public-interest entities and shall in particular assess the following:
- the risks arising from high incidence of quality deficiencies of a statutory auditor or an audit firm, including systematic deficiencies within an audit firm network, which may lead to the demise of any audit firm, the disruption in the provision of statutory audit services whether in a specific sector or across sectors, the further accumulation of risk of audit deficiencies and the impact on the overall stability of the financial sector;
- the market concentration levels, including in specific sectors;
- the performance of audit committees;
- the need to adopt measures to mitigate the risks referred to in point (a).
2.At the Minister’s request, the competent authority shall draw up a report on developments in the market for providing statutory audit services to public-interest entities and submit it to the Minister.
Article 28
Transparency of competent authority
The competent authority shall be transparent and shall at least publish:
- annual activity reports regarding its tasks under this Regulation;
- annual work programmes regarding its tasks under this Regulation;
- a report on the overall results of the quality assurance system on an annual basis. This report shall include information on recommendations issued, follow-up on the recommendations, supervisory measures taken and sanctions imposed. It shall also include quantitative information and other key performance information on financial resources and staffing, and the efficiency and effectiveness of the quality assurance system;
- the aggregated information on the findings and conclusions of inspections referred to in the first subparagraph of Article 26(8).
Articles 29 to 44
Omitted