SEC Modernizes Auditor Independence Rules
The current audit independence rules were created in 2000 and amended in 2003 in response to the financial crisis facilitated by the downfall of Enron, WorldCom and auditing giant Arthur Andersen, and despite evolving circumstances have remained unchanged since that time. The regulatory structure lays out governing principles and describes certain specific financial, employment, business, and non-audit service relationships that would cause an auditor not to be independent. Like most SEC rules, the auditor independence rules require an examination of all relevant facts and circumstances. Under Rule 2-01(b), an auditor is not independent if that auditor, in light of all facts and circumstances, could not reasonably be capable of exercising objective and impartial judgment on all issues encompassed within the audit duties. Rule 2-01(c) provides a non-exclusive list of circumstances which the SEC would consider inconsistent with independence.
The underlying theory to Rule 2-01, the auditor independence rule, is that if an auditor is not independent, investors will have less confidence in their report and the financial statements of a company. The more confidence an investor and the capital markets participants have in audited financial statements, the more a company will enjoy better access to liquidity and capital finance in the public markets. Rule 2-01 requires that an auditor be independent of their audit clients in “fact and appearance.” However, under the old rules, technical violations that would not result in a lack of integrity were swept into the regulatory structure, causing unnecessary burdens and expenses associated with the client-auditor relationship.
The final amendments reflect updates based on recurring fact patterns that the SEC staff observed over years of consultations in which certain relationships and services triggered technical independence rule violations without necessarily impairing an auditor’s objectivity and impartiality. Accordingly, the new rules are meant to ease restrictions such that relationships and services that would not pose threats to an auditor’s objectivity and impartiality do not trigger non-substantive rule breaches or potentially time-consuming audit committee review of non-substantive matters.
The SEC adopting release provides examples of the types of concerns the new rules are designed to address, including one related to student loans and one related to a portfolio company. The student loan example is very straightforward, involving the technical independence violation where an auditor in an audit firm is still paying student loans to a large student loan lender and the audit firm audits the lender. Under the new rules, this would no longer create an independence violation.
The second example is more complicated but, in essence, involves a fund with multiple (could be hundreds) of portfolio companies and an audit firm with multiple global network affiliates. Under the prior rules, it was very complicated to sort out to make sure that the audit firm was not providing audit services to more than one portfolio company even though the only relationship between the companies was a common investor. Furthermore, a scenario could result where no qualified large audit firm could be independent due to the widespread investing activing of the fund.
Although the SEC doesn’t name names, this scenario could be fairly common. The three largest asset management firms, BlackRock, Vanguard and State Street, manage over $15 trillion in combined global assets, which is equivalent to more than three-quarters of the U.S. gross domestic product. Under the current rules, if one of their portfolio companies wanted to complete an IPO, it is very likely that the best audit firms would fail an independence test. The result would be that the company would be required to either: (i) replace their audit firm with another audit firm if one could be found; (ii) to wait to register with the SEC for up to three years after termination of the services provided to another portfolio company; or (iii) to make a determination, likely in consultation with SEC staff and/or the audit committee, that the rule violation did not impair the auditor’s objectivity and impartiality. The amended rules would eliminate the need for a company’s audit committee and their auditors to seek SEC staff guidance in these scenarios.
The amendments will be effective 180 days after publication in the Federal Register, but voluntary compliance is permitted for new relationships once published in the Federal Register. However, auditors cannot retroactively apply the final amendments to relationships in existence prior to the effective date.
Definitions of Affiliate of the Audit Client and Investment Company Complex
The SEC has amended the definitions of an “affiliate of the audit client” and “investment company complex” with a focus on decreasing the number of sister or affiliated entities that could come within the current definition but that may be immaterial or far removed from the entity actually being audited. Currently an audit client includes not only the entity being audited but also affiliates of the audit client. Affiliates is broadly defined and includes entities under common control of the audit client, such as sister entities. Moreover, the current definition of investment company complex (“ICC”) includes not just the investment companies that share an investment adviser or sponsor with an investment company audit client, but also any investment company advised by a sister investment adviser or which has a sister sponsor.
The SEC recognizes challenges in identifying and applying the common control element of independence, especially where the sister entity is immaterial and/or part of a complex group of investment funds and their portfolio companies. In the private equity and investment company context, where there potentially is a significant volume of acquisitions and dispositions of unrelated portfolio companies, the definition of affiliate of the audit client may result in an expansive and constantly changing list of entities that are considered to be affiliates of the audit client.
Monitoring the relationships results in increased compliance costs, even where there is not a likely threat to the auditor’s objectivity and impartiality. In addition, the pool of available auditors for sister or private equity portfolio companies can be negatively impacted where audit firms provide services to sister or related entities that currently technically would violate the independence rules.
The SEC has amended the definition of affiliate and ICC as relates to an audit client to include materiality qualifiers in the common control provisions and to provide distinctions for when an auditor is auditing a portfolio company, an investment company, or an investment advisor or sponsor. In reviewing materiality, the audit firm will need to consider both whether the sister entity and/or the audit client is material to the controlling entity. The amendment to the definition does not alter the general requirement that an auditor review all facts and circumstances to confirm independence. The changes are expected to make it easier to identify conflicts and to increase choices and competition for audit services.
Audit and Professional Engagement Period
Currently the definition of audit engagement period is different for foreign private issuers (FPIs) and domestic companies. For a domestic company, the audit engagement period begins when the auditor is first engaged to audit or review financial statements that will be filed with the SEC. For an FPI, the audit engagement period begins on the first day of the last fiscal year before the FPI first filed, or was required to file, a registration statement or report with the SEC. That is, if a domestic company conducts an IPO requiring two years of financial statements, the auditor must be independent for both of those years; however, if an FPI conducts an IPO, the auditor only has to be independent during the most recently completed fiscal year.
The SEC believes this disparity puts domestic issuers at a disadvantage in entering the US capital markets when compared to an FPI. The SEC, and commenters, believe shortening the look-back period may encourage capital formation for domestic companies contemplating an IPO. Accordingly, the SEC has amended the rules such that an audit engagement period for domestic issuers will match that for FPIs aligning both with a one-year look-back for first-time filers.
Loans and Debtor-Creditor Relationships
Currently an auditor is not independent if the firm, any covered person in the firm, or any of their immediate family members has any loans (including a margin loan) to or from an audit client or certain entities related to the audit client. The Rule contains specific exceptions where the following loans are given from a financial institution under normal procedures: (i) automobile loans and leases; (ii) insurance policy loans; (iii) loans fully collateralized by cash deposits at the same financial institution; (iv) primary residence mortgage loans that were not obtained while the covered person was a covered person; (v) credit card balances that are reduced to $10,000 or less on a current basis.
The SEC has amended the rule to add student loans that are not obtained while the covered person was a covered person, to the list of exceptions. In addition, the SEC has added language to the mortgage loan exception so that it is clear that all loans on a primary residence, including second mortgages and equity lines of credit, are included in the exception.
The SEC has also revised the credit card rule to refer to “consumer loans” to encompass any consumer loan balance owed to a lender that is an audit client that is not reduced to $10,000 or less on a current basis taking into consideration the payment due date and available grace period.
Business Relationship Rule
The current rules prohibit the audit firm, or any covered person, from having any direct or material indirect business relationship with the audit client or affiliate, including the audit client’s officers, directors or substantial stockholders. The SEC has replaced the term “substantial stockholders” in the business relationships rule with the phrase “beneficial owners (known through reasonable inquiry) of the audit client’s equity securities where such beneficial owner has significant influence over the audit client.”
As additional guidance, the SEC clarifies that the business relationships analysis should be on persons with decision-making authority over the audit client and not affiliates of the audit client.
Inadvertent Violations for Mergers and Acquisitions
An independence violation can arise as a result of a corporate event, such as a merger or acquisition, where the services or relationships that are the basis for the violation were not prohibited by applicable independence standards before the consummation of transaction. The SEC has added a transition framework for mergers and acquisitions to address inadvertent violations related to such transactions so the auditor and its audit client can transition out of prohibited services and relationships in an orderly manner. Under the new rule, an auditor will need to correct the independence violations as promptly as possible considering all relevant facts and circumstances. Audit firms will also need to effectuate quality control standards that anticipate and provide for procedures in the event of a merger or acquisition.