The role of external audit in the BSP's prudential banking framework
Speech of MBM Ignacio R. Bunye before the Association of Certified Public Accountants
in Public Practice (ACPAPP)
(Hotel Intercontinental, Makati, 25 August 2009)
A pleasant afternoon to everyone. Let me begin by expressing my appreciation for the opportunity to participate in the General Membership Meeting of the Association of Certified Public Accountants in Public Practice (ACPAPP). As CPAs, your contribution to the financial system is a major one that we, in the BSP, continue to recognize in our risk-focused policies and capital adequacy approaches.
I am going to spend the next 30 minutes discussing four main issues pertaining to the role of external audit in the BSP's prudential banking framework.
- First, I will provide an overview of the functions and responsibilities of the BSP and the external auditor.
- Second, I will cover convergence in our roles.
- Third, I will share a recent initiative which we have undertaken with the SEC, Insurance Commission (IC) and Professional Regulatory Board of Accountancy on the selection and accreditation of external auditors, in particular for BSP-supervised financial institutions.- Lastly, I will conclude by offering a few remarks on the challenges we face ahead.
II. OVERVIEW OF THE FUNCTIONS/RESPONSIBILITIES OF THE BSP AND THE EXTERNAL AUDITOR
A. The BSP's Supervisory Mandate
The authority of the BSP to exercise supervision over banks is explicitly provided
in Section 3 of Republic Act 7653, which states that the BSP shall be responsible
for supervising the operations of banks. This mandate is primarily aimed at
ensuring the safety and soundness of individual banks (micro-prudential surveillance)
and the financial system (macro-prudential surveillance).
B. Primary Objective of the External Auditor
The primary objective of an external audit, on the other hand, is to enable
the auditor to express an opinion as to whether the audited financial statements
of a bank "present fairly" its financial position and the results
of its operations during the period for which such statements are prepared.
C. Common Objective
Despite the seeming disparity in our respective goals, the roles assumed
by both external auditors and the BSP lead to a common objective, i.e. transparency,
fairness and comparability in financial reporting. Sound accounting policies
and meaningful public disclosures promote market discipline and contribute to
stable and efficient markets. Enhanced disclosures reduce information asymmetry
and allow market participants to properly evaluate and price counterparty risks.
It also enables markets to reward banks which manage risks effectively and penalize
those which are deemed imprudent.
III. CONVERGENCE IN THE EXTERNAL AUDIT AND BSP SUPERVISORY FUNCTIONS
A. Legal Basis
The external auditor's role as a contributor to the BSP's supervisory process
is embodied in national legislation. Under Section 58 of Republic.Act 8791,
the Monetary Board is given the authority to require banks to engage the services
of an independent auditor to be chosen by the bank concerned from a list of
Certified Public Accountants acceptable to the Monetary Board, which may either
be on a continuing basis or on the basis of special engagements.
B. Services Rendered by External Auditors to Banks
The importance of independent audit reviews and assessments to the BSP's
prudential banking framework is reflected in various policy issuances. As a
means to supplement the BSP's off-site surveillance, external auditors have
increasingly been called upon to provide risk-focused assessments of bank management
systems, some of which require training and experience in highly-specialized
fields.
1. Financial Audit
a. External auditors render an annual financial audit on the financial statements
of the bank proper (regular and FCDU books) and the trust department. External
auditors are required to report material weaknesses or breach in internal control
or risk management systems of the bank which were noted in the course of their
audit. (Subsection X166.1 of the MORB)
b. External auditors are also required to report to the BSP any matter adversely affecting the soundness or condition of the bank such as, but not limited to, serious irregularity involving fraud or dishonesty. (Subsection X166.3 of the MORB)
2. Internal Audit/Internal Control Assessment
Banks are allowed to outsource internal audit functions with prior BSP approval
to an independent external auditor, provided that the board of directors and
senior management of the bank remain responsible for maintaining an effective
system of internal control and for providing active oversight of the outsourced
internal audit activities/functions (Subsection X169.3 of the MORB)
3. Risk Management System Assessments
a. Credit risk - Internal credit risk rating system and credit risk control
function UBs and KBs are required to subject their internal credit risk rating
system for the underwriting and ongoing administration of corporate credit exposures
to an annual review by an internal and external auditor. (Subsection 1301.1
of the MORB).
b. Market risk - Banks with complex risk exposures should have their measurement, monitoring and control functions reviewed on a regular basis by an independent party (internal or external auditor). In such cases, reviews made by an external auditor should include the accuracy and completeness of the data inputs, reasonableness and validity of scenarios and assumptions, and validity of risk measurement calculations (Appendix 73 of the MORB)
4. Highly-Specialized Risk Assessments
a. Derivatives Activities - Banks are expected to implement sound risk management
practices for derivatives. Internal evaluations of the risk management system
may be supplemented by external auditors or other qualified outside parties.
(Appendix 25 of the MORB)
b. E-banking Transactions/IT Security Audit - An external auditor may be tasked to review activity reports documenting the security administrator's actions to provide the necessary checks and balances for managing system security for e-banking transactions. (Appendix 70 of the MORB)
5. Model Validation
UBs and KBs applying for BSP recognition of their internal models for purposes
of calculating market risk are required to submit the validation reports of
their external auditor on the internal models.
(Appendix 46e of the MORB).
6. Other Services
a. Tax compliance services - An auditor may provide tax compliance services
to a bank, provided that he is not currently engaged as the bank's external
auditor. (Subsection X169.3 of the MORB).
b. Third Party Certifications - External auditors issue special certifications attesting that licensing conditions and/or application requirements have been complied with. Being independent and objective in nature, these certifications provide the BSP with a higher level of assurance as regards bank management's representations.
IV. RECENT DEVELOPMENTS - ACCREDITATION PROCESS FOR EXTERNAL AUDITORS
In recognition of the reliance placed by regulators on the work of external auditors, the BSP, Securities and Exchange Commission (SEC), Insurance Commission (IC), and the Professional Regulatory Board of Accountancy (BOA) entered into a Memorandum of Agreement (MOA) last August 12, 2009 to simplify and synchronize the accreditation requirements and/or selection guidelines of auditing firms and external auditors amongst the different regulators.
The BSP, SEC and IC have until December 31, 2009 to issue their revised rules on the accreditation of external auditors to pave the way for the implementation of the provisions of the MOA.
The MOA provides for the following:
A. Pre-qualification Requirements
1. Primary requirement. The primary requirement for accreditation of the SEC, BSP and IC shall be the BOA accreditation as a public practitioner. In case of applications of auditing firms or partnerships, the BOA shall register only the firm or partnership.
2. Basic requirements. The BOA shall adopt basic requirements in accrediting
a public practitioner. Such documents and qualifications shall no longer be
required from the applicant by the other regulators
a. Individual BOA Accreditation Requirements - A CPA of good moral character,
registered as a professional with the PRC, has had at least 3 years of meaningful
experience in the practice of public accountancy and internal quality review
process, has attended relevant training/seminars, and has earned a minimum of
60 CPE credit units in various accounting topics for 3 years.
b. Firm/Partnership - Must be registered with the SEC, in good standing and, at the time of accreditation, must have at least one signing practitioner who is registered or who is qualified and already applying for accreditation with the BOA.
3. Common accreditation/selection requirements. The SEC, BSP and the IC shall
prescribe common accreditation/selection requirements for external auditors.
These shall comprise of the following:
a. Accredited by the BOA,
b. Has had 5 years of audit experience, and
c. For practitioners covering certain companies, they must
have adequate established quality assurance procedures:
i. Insurance companies and mutual benefit associations,
ii. Group A & B companies of the SEC, and
iii. Category A & B companies of the BSP.
4. Special requirements. In addition to the common accreditation requirements,
the regulators shall prescribe a different set of requirements which are peculiar
only to the external auditors of regulated entities within their respective
jurisdiction.
The BSP provides for the following categories on the selection of external auditors:
a. Category A - UBs, KBs, foreign banks, branches or subsidiaries
of foreign banks, and other banks and trust institutions with additional derivatives
authority,
b. Category B - TBs, QBs, Trust Institutions and National Coop Banks [AMS: Example:
National Teachers and Employees Cooperative Bank. ] , and
c. Category C - RBs, NSSLAs, Local Coop Banks [AMS: Examples include --- Coop
Bank of Agusan del Sur, Coop Bank of Cavite. The difference lies on the scope
of operations -- Local Coop may only operate within the specified area.] and
Pawnshops.
The categories shall include their subsidiaries and affiliates engaged in allied activities and other financial institutions which are subject to BSP's risk-based and consolidated supervision.
The BSP's specific requirements are as follows:
a. Individual external auditor
i. At least 5 years experience in external audits as an associate, partner,
lead partner, concurring partner or auditor-in-charge,
ii. Track record
" Category A - At least 5 corporate clients with total assets of at least
P50M each,
" Category B - At least 3 corporate clients with total assets of at least
P25M each, and
" Category C - At least 3 corporate clients with total assets of at least
P5M each, andiii. Has established quality assurance procedures, such as consultation
policies and stringent quality control, for auditors of banks and related companies
covered under Category A and B
b. Auditing firms
i. At least one signing practitioner/partner who is already accredited or who
is qualified and is applying for accreditation, and
ii. Track record
" Category A - At least 20 corporate clients with total assets of at least
P50M each,
" Category B - At least 5 corporate clients with total assets of at least
P20M each, and
" Category C - At least 5 corporate clients with total assets of at least
P5M each.
iii. Has established quality assurance procedures, such as consultation policies
and stringent quality control, for auditors of banks and related companies covered
under Category A and B
c. Submission of the following documentary requirements
i. Quality Assurance Manual for applicant auditors/firms of banks under Category
A and B, and
ii. Copy of the AFS of the applicant's 2 largest clients in terms of total assets
for the immediately 2 preceding years.
5. Mutual recognition policy. The SEC, IC and the BSP shall mutually recognize
the accreditation granted by any of them for the following categories, subject
to the condition that only one (1) external auditor shall audit the individual
and consolidated financial statements of BSP-supervised financial institutions:
a. SEC - Groups C (financing companies and transfer agents)
and D (i.e., corporate bank borrowers other than those which are publicly-listed,
issuers of registered securities, brokers of government securities and UBs which
are registered as underwriters)
b. BSP - Categories B and C
c. IC - Insurance brokers
6. Other requirements. BSP-supervised financial institutions which are required
to submit financial statements to different regulators and are not covered by
the mutual recognition policy of the MOA shall observe the following guidelines:
a. The external auditors of UBs which are listed in the Exchange
should be accredited by both the BSP and the SEC, and
b. External auditors of other Category A banks/FIs must be accredited by the
BSP.
B. Accreditation Procedures
The regulators shall adopt similar procedures to the extent applicable on the following:
1. Grant of conditional approval as a transition process,
2. Renewal of accreditation, and
3. Imposition of monetary and/or non-monetary penalties such as suspension or
revocation/delisting.
V. CHALLENGES AND NEXT STEPS
1. Developments in financial reporting and accounting standards. The recent financial market turmoil has triggered the substantial overhaul of IAS 39 Financial Instruments: Recognition and Measurement. In light of these developments, auditors and BSP supervisors will be faced with the enormous task of:
a. Developing implementation guidance and handling implementation
issues that could primarily affect BSP's supervised institutions, and
b. Determining compliance with the new standards and the tremendous amount of
disclosures required.
2. Complex financial instruments. The creation of complex financial instruments, e.g., structured products and exotic derivatives , places extensive demand on both the BSP's and the auditor's ability to check the validity and reasonableness of management estimates and key assumptions used in their valuation. Often, these instruments are non-traded/illiquid; thus, their valuation is based on non-market based inputs and limited data.
The challenges ahead may be difficult, but I am confident that
through active collaboration we can continue working towards our common objective
of fostering market confidence through transparency, fairness and comparability
in financial reporting.