In May 2014, the EU Directive 2014/56 of 16 April 2014 was published in the official journal of the European Union. This amended Directive 2006/43/EC on statutory audits of annual accounts and consolidated accounts. The European regulators seek to further harmonise such audits and ensure that audit committees, or those undertaking that function, are sufficiently independent and technically competent in order to contribute to "high quality statutory audit". The Directive allows Member States to deviate from certain aspects and recognises that, for smaller firms, the audit function may be performed by the administrative or supervisory body as a whole. The Member States must apply the measures from 17 June 2016.
On 31 March 2016, the PRA published PS13/16 Corporate governance: Board responsibilities. This is relevant to all PRA-regulated firms and includes a final supervisory statement on board responsibilities which contains an explicit reference to the chair of risk and audit committees “safeguarding the independence, and overseeing the performance of the firm’s executive risk and audit functions respectively.”
In mid-May this year, the PRA published PS16/16. Appendix 1 of the Policy Statement sets out the final rules the PRA deem appropriate to implement the audit committee requirements in the above amending Directive. The PRA itself recognises that the approach, in particular, requiring that the audit committee is fully independent for significant firms, goes beyond the requirements in the Directive’s article. The PRA did not take the majority of the options available in the article.
These rules apply to statutory audits for “public interest entities” including Solvency II insurers* for financial years commencing on or after 17 June 2016. The rules differ depending on whether the insurer is significant or not.
The PRA’s approach to insurance supervision published in March this year covers the division of insurers it supervises into five categories of impact. Only category 1 and 2 insurers are seen as having “significant capacity to cause disruption to the interests of a substantial number of policyholders.” Category 3, 4 and 5 insurers are therefore deemed not significant.
2.2 of the “Audit Committee Instrument 2016” details the criteria to be met by the audit committee. It must be a committee of the governing body of the firm composed only of non-executive directors. At least one member of the audit committee must have competence in accounting and/or auditing with the whole membership having competences appropriate to the firm’s business environment. The chair of the audit committee must be appointed by its members and must be independent of the firm.
All members of a significant firm’s audit committee must be independent of the firm. However, if the firm is not significant, a majority of the committee members, including the chair, must be independent.
Furthermore, where not significant, the firm may combine its audit committee with its risk committee provided that the members of the combined committee have the “knowledge, skills and expertise required for the exercise of the functions” of both such committees.
The rulebook effectively copies out the minimum functions to be performed by the committee as listed in article 39 of the Directive. These include reporting to the firm’s governing body and monitoring and reviewing processes integral to providing wider confidence in financial statements.
The PRA has introduced a 2-year transition period (i.e. until the commencement of a firm’s financial year beginning on or after 17 June 2018) citing firms’ concerns around meeting the independence requirements.
During the transitional period:
- For firms that are not significant, the board may perform equivalent functions to the audit committee where there is no audit committee subject to meeting disclosure and competency requirements. Where all members of the audit committee are members of the governing body of a firm there are no independence requirements. These provisions also apply to subsidiaries of non-EEA parents.
- For significant firms, the audit committee must be a sub-committee of the board, separate from other committees and consist of a majority of independent NEDs, including the chairman.
The PRA listed certain considerations which may compromise independence in CP34/15. Some of these were challenged in feedback to the regulator. It is stated, in 2.10 of PS16/16, that “It is then for the board to determine whether a director is independent. The PRA notes that other authorities have published guidance regarding independence.”
The final rules are contained in the PRA Rulebook - CRR Firms and Solvency II Firms: Audit Committee Instrument 2016. The PRA state that “The smallest firms are invited to apply for a waiver or modification of the rules.” A successful application, using the standard waiver form, may mean that such firms do not need to have an audit committee provided that they have a board performing equivalent functions to an audit committee.
Senior Insurance Managers Regime (SIMR)
The PRA defines the Chair of the Audit Committee function as Senior Insurance Management Function 11. Other members of the audit committee will only require pre-approval if they perform certain designated non-executive senior management functions.
What should firms do now?
All firms should review the composition of their audit committee, ensuring competency and independence requirements are met and they are performing the minimum functions at, or within a short period following, the start of their next financial year.
Significant firms may wish to take advantage of the transitional provisions where currently not all members are fully independent.
The more proportionate approach to non-significant firms is welcome. A number of smaller firms operate combined audit and risk committees where the majority of the members are independent (including the chair). For such firms, this may largely be “business as usual” with no need to apply for a waiver.
Smaller firms with no audit committee who wish their board to perform equivalent functions should disclose this appropriately and, going forward, apply for a waiver suitably in advance of their financial year starting on or after 17 June 2018.
If you would like OAC to assist with any part of the implementation of these requirements, we would be delighted to hear from you.
*It is also relevant to CRD credit institutions, Lloyd’s and the Society’s agents and PRA-designated investment firms.
< Back to News & insight