Broker-Dealer Audit and Reporting Updates: PCAOB Report and New SEC Rules Address Audit, Financial Reporting, Internal Control and Risk Management Issues Relating to Broker-Dealers; These Developments May Be Relevant for Audit Committees of Public Companies that Own Broker-DealersSullivan & Cromwell LLP - September 12, 2013
The Public Company Accounting Oversight Board and the Securities and Exchange Commission have recently issued reports and taken other steps to strengthen the audit, financial reporting and risk management functions relating to broker-dealers. Broker-dealers, as well as audit committees of public parent companies that own broker-dealers significant to the parent company on a consolidated basis, should be aware of these developments as they may affect firm practices and procedures relating to the preparation of financial statements, internal controls and risk management relating to broker-dealers and, indirectly, to their public parent companies.
PCAOB Inspection Report. On August 19, 2013, the PCAOB issued its second progress report on its interim inspection program for auditors of broker-dealers. Of the portions of the 60 audits inspected, covering 43 audit firms, deficiencies were noted for all audit firms inspected and for 95% of the audits selected for inspection. Deficiencies were most frequently noted with respect to (1) the risk of material misstatements in broker-dealer financial statements due to fraud, revenue recognition, related-party transactions, financial statement disclosures and the procedures for relying on records and reports provided by service organizations; and (2) audit procedures related to the net capital and customer protection rules under the Securities Exchange Act of 1934. The PCAOB also noted that, contrary to SEC auditor independence rules, some auditors of broker-dealers were involved in the preparation of the financial statements or supporting schedules that they audited (including in cases where the auditor also audited a public parent company).
New SEC Broker-Dealer Audit, Reporting and Notification Rules. On July 30, 2013, the SEC adopted amendments to its broker-dealer audit, reporting and notification rules. The rules now require that:
- broker-dealer audits be conducted in accordance with PCAOB standards;
- carrying broker-dealers file an annual compliance report confirming, among other things, the effectiveness of their internal control over compliance and compliance with the net capital and customer protection rules;
- broker-dealers claiming an exemption from the customer protection rule (e.g., non-carrying broker-dealers) file an annual exemption report confirming their compliance with the exemption requirements throughout the most recent fiscal year;
- broker-dealers file an annual auditor’s report covering the compliance report or exemption report, as applicable;
- broker-dealers file a new Form Custody with their designated examining authority describing their practices relating to custody of customer securities and funds;
- carrying and clearing broker-dealers agree to allow the SEC and their respective DEAs to review their independent auditors’ audit documentation and allow their auditors to discuss their findings with the SEC and DEAs; and
- broker-dealers document their credit, market and liquidity risk management controls.
The new rules, other than the requirements to file Form Custody and document broker-dealer risk management controls, are effective June 1, 2014. The requirement to file Form Custody is effective December 31, 2013, and the requirement for broker-dealers to document their risk management controls is effective October 21, 2013.
Implications for Broker-Dealer Management and Parent Company Audit Committees. Management of a broker-dealer should be aware of the PCAOB’s findings when communicating with the firm’s outside auditor about the audit process and should evaluate the impact of the new SEC rules, particularly if the broker-dealer carries customer accounts or clears transactions, on the firm’s internal controls, risk management procedures and expectations with regards to the broker-dealer audit. In particular, management of a broker-dealer should consider taking the following actions:
- review the PCAOB’s results with the outside auditor and inquire whether any deficiencies might be present in the audits it performs, and discuss with the auditor whether the auditor should take any action to detect, prevent or correct deficiencies;
- confirm the auditor’s independence on an ongoing, periodic basis; and
- review the firm’s internal controls and procedures to ensure it is appropriately determining whether or not it is a carrying broker-dealer and its compliance with the net capital, customer protection and quarterly security count rules under the Exchange Act and applicable DEA rules (collectively, the “financial responsibility rules”).
Audit committees of public companies that own broker-dealers that are significant to the parent on a consolidated basis should also be aware of the PCAOB’s findings and new SEC rules. These parent company audit committees should consider taking the following actions:
- discuss with the broker-dealer’s management any issues relating to the accuracy and completeness of the broker-dealer’s financial statements and to the adequacy of its internal controls, as the financial statements of the broker-dealer will be included in the parent’s consolidated financial statements filed with the SEC (and its controls may affect the adequacy of the parent’s internal control over financial reporting);
- inquire of the outside auditor (including any separate auditor of the broker-dealer) whether any of the deficiencies noted in the PCAOB report may be present in the audits it performs and what audit procedures are used to detect, prevent or correct deficiencies;
- verify that risk management controls at the broker-dealer are appropriately documented and consistent with the parent company’s policies; and
- confirm that management is properly overseeing and planning the work of the independent auditor with regard to the broker-dealer.