This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.
The full functionality of our site is not supported on your browser version, or you may have 'compatibility mode' selected. Please turn off compatibility mode, upgrade your browser to at least Internet Explorer 9, or try using another browser such as Google Chrome or Mozilla Firefox.

PRA finalises rules on audit committees under the revised Statutory Audit Directive

  • PRA Image

20 May 2016

The Prudential Regulation Authority (PRA) has published its final rulebook text to implement the requirements of the revised Statutory Audit Directive (2014/56/EU). Under the previous version of the Directive, the UK had taken the member state option to exempt unlisted banks and insurance undertakings from the statutory requirement to have an audit committee. The revised Directive has no such exemption.

The final rulebook text follows an earlier PRA consultation in September 2015.  The new rules apply to the first financial year commencing on or after 17 June 2016, except as set out below.  The requirements can be grouped into four themes – Scope, Structure, Membership and Functions.

Scope 

Audit committees will be required for the following categories of PRA regulated firms:

  • CRD credit institutions (broadly UK banks and building societies but not credit unions)
  • Solvency II insurers;
  • the Society of Lloyd’s;
  • managing agents of Lloyd’s syndicates; and
  • PRA designated investment firms

A transitional provision provides that for financial years commencing prior to 17 June 2018:

  • subsidiaries of an EEA undertaking with an audit committee that meets the requirements of the Directive need not have an audit committee at all; and
  • for lower-impact firms and subsidiaries of non-EEA parents allows the board to perform equivalent functions to the audit committee.

Most of these will be public interest entities (PIEs), to which tougher auditor reporting and independence requirements will apply under the Financial Reporting Council’s (FRC’s) implementation of the revised Directive and EU Audit Regulation. However, unlisted managing agents are not themselves PIEs (just the syndicates that they are responsible for), and neither are unlisted PRA designated investment firms that are also not CRR firms. The smallest firms are invited to apply for a waiver or modification of the rules, having regard to the Directive minimum.

Structure and membership

A firm’s audit committee will in general need to be separate from any risk committee unless the firm is a lower-impact firm (in terms of prudential risk) and the members of the risk committee have the knowledge, skills and expertise required to exercise the functions of both an audit and a risk committee.

The audit committee:

  • must be a committee of the governing body of the firm;
  • must be composed only of non-executive members who together have competence relevant to the sector in which the firm operates, at least one of whom must have competence in accounting and auditing; and
  • must be suitably independent:

Transitional provisions defer some of the independence requirements for up to two years depending on the significance of the firm and whether or not it is a subsidiary, allowing time for recruitment of suitable non-executive directors.

Functions

The audit committee of a firm (or the governing body where allowed under the transitional provisions for lower-impact firms and subsidiaries of non-EEA parents) is responsible for:

  • informing the governing body of the entity of the outcome of the audit and explaining how the statutory audit contributed to the integrity of financial reporting, together with their own role in that process;
  • monitoring the financial reporting process, submitting recommendations or proposals to ensure its integrity;
  • monitoring the effectiveness of the entity’s internal quality control and risk management systems and, where applicable, its internal audit, regarding the financial reporting of the firm but without breaching the audit committee’s independence;
  • monitoring the audit of the entity’s financial statements (in the case of a syndicate, of the syndicate statutory accounts), including taking into account any findings and conclusions raised by the FRC’s Audit Quality Review Team;
  • reviewing and monitoring the independence of the external auditor under the law and the FRC’s Ethical Standard; and
  • taking responsibility for selection process for the external auditor of a PIE where a tender is required.

A firm that also has securities admitted to trading on an EEA regulated market must also apply the Financial Conduct Authority’s (FCA’s) forthcoming requirements on audit committees.  These were consulted on in September 2015.

The PRA’s Supervisory Statement SS21/15 Internal Governance has been updated to reflect these new audit committee requirements.

Click for:

Correction list for hyphenation

These words serve as exceptions. Once entered, they are only hyphenated at the specified hyphenation points. Each word should be on a separate line.