What The Future Holds For UK Auditing Reform

By Paul Brehony & Kate Gee

Partner Paul Brehony and Senior Associate Kate Gee examine whether replacing the Financial Reporting Council (FRC) with a new regulator is necessary, given that it now appears to be doing a good job, or whether it would have been better simply to enhance the FRC’s powers and overhaul rules as planned, in Law360.

Paul and Kate’s article was published in Law360, 17 September 2021, and can be found here.

The Financial Reporting Council (FRC) is shortly due to be replaced by a new regulator, the Audit, Reporting and Governance Authority (ARGA). Nevertheless, even in its twilight, the FRC is turning up the heat on the Big Four accountancy firms in particular – often in the context of concerns around audit.

The FRC recently fined accounting firm EY £2.2 million for “extensive” failings in its audit of Stagecoach. It also said that auditing giant KPMG had fallen short of standards expected in the sector for the third year running, a result that the regulator described as “unacceptable.”

Of course, the risk for firms subject to regulatory criticism goes far beyond the fines, disruption, cost and reputational damage which adverse regulatory findings inevitably bring. The underlying conduct that generated such criticism can serve as a springboard for civil claims in fraud or negligence against the auditors themselves, which can be more costly still. The courts have seen an uptick in high profile litigation against auditors in recent years.

This increased regulatory focus on the audit profession is not happening in a vacuum.  It is clear that the government – rightly or wrongly – is determined to address what it sees as deep-seated issues in the audit profession. ARGA has a specific mission to “change the culture” of audit, together with the powers to significantly impact the way audit is done in the UK.

Creation of ARGA

The creation of ARGA came out of a 2018 independent review into the FRC conducted by Legal & General Chairman, Sir John Kingman. The review was prompted by factors including inadequate regulation and accounting / audit practices and concerns arising from a number of high profile collapses in recent years. The audit profession itself has acknowledged the need for better regulation, with the Chartered Institute of Internal Auditors calling for radical change.

The review recommended that the FRC be replaced by a new independent regulator with clear statutory powers and objectives. The review also recommended that the new regulator have a strategic objective to protect the interests of users of financial information and the wider public interest by setting high standards of statutory audit, corporate reporting and corporate governance. It follows that the new regulator will hold to account the companies and professional advisers responsible for meeting those standards.

What powers is ARGA likely to have?

The enhanced investigatory and enforcement powers which ARGA looks set to wield are proposed in a government white paper, “Restoring trust in audit and corporate governance” which was published in March 2021. The consultation closed on 8 July 2021, and there is as yet no clear timeline as to the implementation of the proposals. However, the likely shape of the future regulatory regime seems reasonably clear from the white paper itself.

  • ARGA is likely to have the power to impose sanctions on all directors of public interest companies for breaches of their duties as set out by the Companies Act 2006. Currently, the FRC can only investigate directors who are chartered accountants.
  • It is proposed that the definition of public interest companies be widened to include larger private companies and AIM listed companies with a capitalisation of over £200 million.
  • The proposed penalties which could be imposed on directors include fines, reprimands, bans from acting as a director and orders to do certain things.
  • Directors may be penalised for breaches of specific audit and accounting rules. In addition, the white paper proposes creating a general requirement for directors to “act with honesty and integrity” in respect of accounting and auditing.
  • The proposals look set to require that all directors should be held responsible for compliance with audit requirements, instead of just one or two specific directors. Directors may be required to make an annual financial reporting statement which acknowledges their responsibility for this. Such proposals also include requirements for the directors to carry out an annual review of the effectiveness of the company’s internal controls and to disclose the benchmark system used.

In addition, the auditing profession is set to be governed by an enforceable set of principles of corporate auditing, as recommended by the Brydon review. The recent white paper notes that, “The Brydon Review found that auditors’ mindset and skillset needed to change if public expectations regarding their role in detecting fraud were to be reconciled with their performance in practice. It recommended that fraud awareness and forensic accounting training form part of the qualification and continuous learning process for financial statement auditors”. Interestingly, the white paper makes clear that auditors could be sanctioned for failing to comply with the new principles even where they have fully complied with the relevant auditing standards. The white paper states that, “the Government interprets the Review’s intention as giving the principles a form of priority over other existing requirements. For example, an auditor who has met the letter of auditing standards but has not done so in a way that is compatible with the principles would be subject to sanction”.

How will this affect the interplay with audit fraud?

Notably, the white paper also contains significant proposals as regards auditors’ obligations in terms of reporting on fraud and compliance more generally. The Government intends to legislate to require auditors of Public Interest Entities, as part of their statutory audit, to report on the work they performed to conclude whether the proposed directors’ statement regarding actions taken to prevent and detect material fraud is factually accurate. Such reporting is to refer to the evidence obtained by the auditors relating to the actions which the directors state they have taken. Auditors are also set to be required to report on the steps they took to detect any material fraud and assess the effectiveness of relevant controls.

These requirements veer towards requiring auditors to investigate and to police the actions of directors. If implemented, such new requirements could have a knock-on impact in terms of civil litigation. If auditors are expected to prevent fraud by directors and to evidence the veracity of every statement by a company director, it is possible that a less than perfect audit could in future result in an audit firm becoming held liable for failing to detect the fraudulent actions of an unscrupulous director.

What does the future hold for professional negligence claims against auditors?

For a professional negligence claim to be defended in England and Wales, the defendant must show that the professional services were provided with reasonable care and skill, defined in case law as “the standard of the ordinary skilled [person] exercising and professing to have that special skill”. This standard is often calibrated with reference to the regulatory and legal context within which the professional is operating. Therefore, raising the bar in terms of regulation will inevitably have a similar effect in terms of increasing risk in terms of civil liability.

Civil litigation claims against auditors have historically been seen as challenging for claimants to bring, but recent developments have altered the position. A recent decision of the UK Supreme Court in Manchester Building Society (MBS) v Grant Thornton UK LLP [2021] UKSC 20 was widely seen as broadening the scope for cases alleging professional negligence by bringing more types of loss within the scope of losses for which liability may arise. The Supreme Court held that, when assessing whether a particular loss comes within the scope of the duty of care, “in our view, in the case of negligent advice given by a professional adviser one looks to see what risk the duty was supposed to guard against and then looks to see whether the loss suffered represented the fruition of that risk.”

The Supreme Court judgement held that, “The purpose of an audit report for a company is for the shareholders to know that the accounts present a true picture of the financial state of the company so that, for example, any mismanagement by the directors can be exposed and decisions can be made as to whether it is appropriate to pay, and the value of, dividends to the shareholders. In the light of that purpose, it is fair and reasonable that the risk of loss by incorrectly paying out dividends should be borne by the auditor.” Of course, many classes of plaintiff might rely upon an audit report. In this particular case, Grant Thornton was ordered to pay £13.4 million in damages on foot of its advice to use hedge accounting.

Such developments in case law, along with the rise of group litigation in the UK, in tandem with new and increased regulatory requirements for the audit profession, combine to significantly increase the likelihood of civil claims being brought against auditors.

What next?

These recent developments come in the wake of the FRC’s decision to order the Big Four accountancy firms to split off their audit functions into separate entities by 2024. Notably, ever since the decision was taken in 2018 to wind up the FRC, it has shown itself to be an increasingly effective and proactive regulator. One might even speculate whether there is now any real need to replace it at this point.

Nonetheless, it is clear the government has made its decision to create a new regulator with greater powers in the form of ARGA. At least, the FRC’s final flurry of activity has helped the audit profession to take note, and to become accustomed to a more stringent regulatory regime, before the launch of ARGA with its more wide-reaching powers. After a number of years of reviews, proposals, consultations and discussions, the regulation of the UK corporations in general, and the audit profession in particular, is undoubtedly moving in to a brave new era. This regulatory tightening, together with the recent legal developments, are likely to cause the audit profession to radically reassess and protect against the risks it faces. However, for some companies  it may be too late, and litigation may prove inevitable.

Recent examples of claims arising out of the increased scrutiny on the audit profession include the administrators of JD Classics, a racing car dealership, suing PwC for allegedly failing to spot fraud that resulted in losses of over £41m, the potential £1bn claim against EY for its audits of NMC Health, the recently-collapsed FTSE 100 hospital operator, and an action by Carillion’s liquidators against KPMG for which funding has now been obtained.  We anticipate seeing more of these types of claims in the months to come.

Latest news

All news