More "Modernizing" of Auditor Independence, Part 3
More SEC auditor independence enforcement actions but many more potential enforcement actions that will likely not be brought.
|Francine McKenna||Jan 10, 2020||1|
I told you that Sprankle is the kind of Big 4 partner that investors, the public, and journalists never know anything about unless he breaks the law and gets caught. That’s because partners like Sprankle have responsibility for significant portions of multiple audits each year, and/or have sold and delivered non-audit software and services to audit and non-audit clients but are not lead engagement partners.
Unless assigned as lead partner for a public company client, the one who officially “signs” the audit opinion and now shows up on Form AP, they fly under a public accountability radar.
One reader emailed last night asking why I wrote that Deloitte, in particular, may be crossing the auditor independence line with regard to non-audit software and service sales and implementation as often PwC has in recent years.
I think that’s an educated opinion, because the sheer size of Deloitte’s consulting practice. It’s one that never stopped growing because it was the only one of the Big 4 not to sell the consulting arm under pressure from 2000-2002 period. Add in the the lack of overall enforcement of auditor independence rules by the SEC and PCAOB, I would suggest Deloitte must be challenged to follow the rules every single day.
In addition, Deloitte led the way, for some business reason, in lobbying to “modernize independence,” as I described in Part 1.
Since Deloitte has the preeminent Big 4 consulting firm, especially in the ERP/systems integration world, and after its acquisition of the North American public service practice of BearingPoint, acquisition of substantially all of the strategy consulting firm founded by Harvard Business School professor Michael Porter, and acquisition of many other non-audit consulting, data analytics and strategy firms all over the world, it just makes sense.
More than that, the SEC and PCAOB still take no responsibility for reining in the consulting businesses of the Big 4 firms unless violations directly affect an audit or an issuer’s financial statements.
In April 2012, I wrote a column for American Banker, “The Little We Know About Foreclosure Reviews Is Troubling” that was mentioned by then-Congressman Brad Miller during a House Financial Services Subcommittee hearing on issues facing the accounting and auditing industry.
Miller asked the PCAOB Chairman at the time, Jim Doty, and the SEC Chief Accountant, Jim Kroeker (now FASB Vice Chairman), about conflicts of interest at JP Morgan’s foreclosure review project:
“The Deloitte partner in charge of the JPMorgan engagement, Ann Kenyon, was a partner on Deloitte’s audit of Washington Mutual. So it would not be in her interest for Deloitte’s consultants to turn up any auditing errors the firm made with that mortgage originator, particularly since Deloitte is still a defendant in shareholder litigation related to Washington Mutual’s collapse. In addition, Deloitte audited Bear Stearns, now owned by JP Morgan, and is going to trial as a defendant in Bear Stearns EMC investor litigation related, in large part, to EMC. So the consultants wouldn’t have a strong incentive to find any auditing goofs there, either.
If that’s not enough conflict to disqualify a firm, I don’t know what is.”
Kenyon, a banking audit partner who turned to governance/risk/compliance consulting after the crisis resulted in Deloitte audit clients like WaMu, Bear Stearns, and Merrill Lynch going belly-up or getting forcibly acquired, kept the assignment. The foreclosure reviews ended early and PwC, Deloitte , EY and Promontory billed billions while consumers who lost their houses or were charged illegal fees recovered a pittance.
In June of 2013, the New York State Department of Financial Services—not the SEC or PCAOB— issued an enforcement order against Deloitte’s Financial Advisory Services business unit, and only that unit because it is a separate legal entity within Deloitte LLP. DFS fined the firm $10 million and banned Deloitte from accepting new consulting engagements at financial institutions regulated by NYDFS.
Deloitte’s violations at Standard Chartered occurred while acting on behalf of the regulator as a “monitor.” The original Deloitte engagement was the result of a 2004 joint written agreement between Standard Chartered and the New York State Banking Department – a DFS predecessor agency - and the Federal Reserve Bank of New York which identified several compliance and risk management deficiencies in the anti-money laundering and Bank Secrecy Act controls.
The enforcement order said Deloitte's consulting arm had engaged in "misconduct, violations of law, and lack of autonomy during its consulting work" on those anti-money laundering (AML) issues at Standard Chartered Bank.
And, so it goes, that Deloitte is not above losing its independence and objectivity and the lines between audit and consulting are blurred there, too.
A PwC consulting unit also got in trouble with NYDFS , not with the SEC or PCAOB, in a similar case at Bank of Tokyo Mitsubishi, in Aug 2014.
NYDFS suspended PwC’s Regulatory Advisory Services for 24 months from accepting consulting engagements at financial institutions regulated by NYDFS and fined the firm $25 million for improperly altering a report submitted to regulators regarding sanctions and anti-money laundering compliance at Bank of Tokyo Mitsubishi.
NYDFS said, “Under pressure from BTMU executives, PwC removed a warning in an ostensibly "objective" report to regulators surrounding the Bank's scheme to falsify wire transfer information for Iran, Sudan, and other sanctioned entities.”
It’s especially hard to keep an eye on what the Big 4 firms’ international member firms may be doing that might impact the reputation of the U.S. audit firms and the integrity of U.S. listed clients’ audits.
Just last year, in February of 2019, the SEC fined Deloitte Touche Tohmatsu LLC, Deloitte’s Japanese firm, $2 million to settle charges that it allegedly issued audit reports for audit client Mitsubishi UFJ Financial Group, Inc. when dozens of its employees also maintained bank accounts at the bank's subsidiary. Deloitte Japan's former CEO Futomichi Amano and its former reputation and risk leader and director of independence Yuji Itagaki settled charges. Under the SEC’s longstanding, pre-Sarbanes-Oxley rules, auditors are not considered to be independent if they maintain bank accounts with an audit client with balances greater than FDIC or similar depositary insurance limits.
The SEC’s September 2019 auditor independence action against PwC came shortly after an action against a next-tier audit firm, RSM, in August 2019, for providing a variety of non-audit services prohibited by the Sarbanes-Oxley Act of 2002 to audit clients between 2014 and at least 2016, a period which overlaps the PwC violations.
According to the SEC, RSM provided non-audit services to audit clients that included corporate secretarial services, payment facilitation, payroll outsourcing, loaned staff, financial information system design or implementation, bookkeeping, internal audit outsourcing, and investment adviser services. The clients affected by the auditor independence violations included funds of registered investment advisors, employee benefit plans, broker-dealers, and public companies.
RSM, like PwC and Sprankle, did not admit or deny the findings, was fined $950,000 and agreed to undertake a number of remedial actions and engage an independent consultant. RSM also claimed that many of its violations came out of the obscure area of the SEC’s auditor independence rules related to loans or debtor-creditor relationships.
RSM said at the time that other firms were facing the same problems. So, to fix those potential problems, in June 2019 the SEC relaxed the loan-related auditor independence rules.
“Prior to the amendments, Rule 2-01(c)(1)(ii)(A), more commonly referred to as the “Loan Provision”, prohibited a firm from auditing a fund while also borrowing money from a lender that owns a stake of 10% or more in the same fund.
The amendment replaced the previous 10% threshold with a different form of appraisal referred to as a “significant influence test” after the rule seemed to capture relationships that did not pose threats to an auditor’s objectivity and impartiality.”
The issue had come up a few times, in relation to auditors of investment company complexes like Fidelity. A question arose at Fidelity whether its auditor was independent when it had a lending relationship with certain shareholders of the audit client.
(A related issue had come up before, back in 1999 when Fidelity Management and Research found out two of its consulting partners owned shares in its top mutual funds and sought to drop the firm as its auditor.)
In 2016, SEC staff had raised concerns that certain lending relationships among fund shareholders and audit firms could impair auditor independence. Fidelity Management and Research Company asked for a “no action” letter for the SEC to stave off any enforcement action as a result and the staff provided temporary relief to the entire fund industry via a letter to Fidelity that was set to expire 18 months from the date of its issuance, but was extended until the SEC amended the Loan Rule in June 2019.
The issue came up again in October of 2017 when Grant’s Interest Rate Observer wrote:
"Bridgewater lends money to its auditor, KPMG, LLC."
Matt Levine of Bloomberg thought it was a “misreading of the -- admittedly dense -- language of Bridgewater's Form ADV.”
That was true, but I think Levine was wrong when he said “Fidelity has the same issue, and the SEC has approved it,” linking to a no-action letter. The SEC’s no-action letter applied to “registered investment companies,” and “their affiliates for the purposes of the Loan Provision include all of the other entities within the investment company complex…”
Bridgewater is not an investment company complex. Its ADV, the registration filing it made to the SEC, says it’s a “commodity pool operator or commodity trading advisor.”
The SEC’s new auditor independence proposal says “several commenters have suggested that we revisit the scope of the current application of the independence rules to entities under “common control,” referring to its proposed amendments to “Affiliate of the Audit Client and the Investment Company Complex.”
In a footnote it says the commenters requesting the amendment are the AICPA and its lobbying organization the Center for Audit Quality, PwC, a next-tier audit firm, BDO USA, LLP, and the trade association for the private equity business, the American Investment Council, not investors.
Auditor Analytics says that there were 7 SEC enforcement actions in 2019 related to related to auditor independence, documented as financial reporting related administrative proceedings and civil lawsuits called Accounting and Auditing Enforcement Releases or AAERs. That’s compared to 3 AAERs in 2018. Of all the AAERs since 2000, there have been 97 related to auditor independence.
The SEC’s enforcement action against PwC’s for auditor independence violations, interestingly enough, didn’t happen until its Chief Accountant, Wes Bricker, rejoined PwC in July 2019 to take over as a Vice Chair and the U.S. and Mexico Assurance (Audit) Leader.
There was no “cooling off” period.
PwC’s auditor independence violations overlap Bricker’s tenure at both the SEC and PwC. Bricker was a PwC partner from September 2011 to May 2015, according to his LinkedIn profile, and then served as Deputy SEC Chief Accountant from May 2015 to June 2016. He became interim SEC Chief Accountant in July 2016 and then Chief Accountant in November 2016 where he served until June 2019.
Bricker’s responsible now for the partners and business at PwC he had been regulating since 2015. He also brings with him knowledge of all of the accounting scrutiny and enforcement actions against his Big 4 and other audit firm competitors that he participated in or signed off on during his tenure at the SEC.
You have to wonder what Bricker can do as leader of PwC’s audit business in U.S. and Mexico if he plans to recuse himself from any discussions with the SEC or PCAOB—which he supervised while Chief Accountant— about matters regarding PwC’s prior audits or any of his competitors’ audits that he was responsible for as a regulator.
Until the most recent enforcement activity, there had not been much in the auditor independence arena since Mary Jo White, appointed SEC Chair by Barack Obama in April of 2013, brought a renewed focus on auditor independence in 2014 by bringing enforcement actions against “gatekeepers” that enabled corporate fraud.
In January 2014 the Securities and Exchange Commission announced an $8.2 million settlement with KPMG over violations of auditor-independence rules. The SEC said KPMG had loaned staff to multiple public company audit clients from at least 2007 through 2011. That’s prohibited by SEC rules.
White’s SEC then went on a bit of a tear, compared to a dearth of activity in the immediate post-Sarbanes-Oxley era.
· On July 14, 2014, Ernst & Young was sanctioned by the SEC for lobbying on behalf of two of its audit clients.
· In July of 2015, the SEC announced a $1 million settlement with Deloitte & Touche LLP for violations of auditor independence rules.
· In September of 2016, the SEC fined EY $9.3 million to settle charges it violated pre-SOX independence rules when two of the firm’s audit partners got too close to their clients on a personal level.
· The PCAOB publicized sixteen cases involving auditor independence during 2016, most alleging audit firms had prepared financial statements or accounting records for a client.
What other potential independence violations has the SEC, and PCAOB, ignored during White’s tenure from 2103 to 2017 and since then under her successor Jay Clayton?
Let’s look, for example, at just PwC.
In November of 2014, the International Consortium of Investigative Journalists (ICIJ) and its media partners released 28,000 Luxembourg tax-ruling documents prepared by PricewaterhouseCoopers for 340 corporate clients, including a very large number of PwC audit clients. PwC had sold, and client audit committees had approved, non-audit tax services for “transaction[s] initially recommended by the accountant, the sole business purpose of which may be tax avoidance and the tax treatment of which may be not supported in the Internal Revenue Code and related regulations.”
That’s prohibited by the Sarbanes-Oxley Act of 2002.
On August 26, 2016, PwC reached a confidential settlement mid-trial in the $5.5 billion negligence case brought against the firm by the Taylor, Bean & Whitaker Plan Trust in 2012. Taylor, Bean & Whitaker and Colonial Bank, its partner in fraud, both went bankrupt as a result and executives were jailed.
During the trial Lynn Turner, a former chief accountant for the Securities and Exchange Commission and a witness for the plaintiffs, told the jury that PwC had violated auditor independence standards three times. One of the PwC senior managers, T. Brent Hicks, was hired by Colonial in a top financial oversight position. Turner testified that as a result, PwC was not independent in 2005 and 2006. PwC tried to suppress Turner’s testimony, but the court denied the motion.
The court also determined pre-trial that PwC was not independent, “as a matter of law,” for 2004 because a contract between PwC and a Colonial subsidiary included prohibited indemnification language, a violation of SEC rules.
Finally, after PwC objected, the judge prevented testimony about a third potential independence violation for the 2008 audit.
A federal judge’s decision that global audit firm PricewaterhouseCoopers LLP must pay $625 million to the Federal Deposit Insurance Corporation provided a rare look into the typically secret settlements between global audit firms and bankruptcy trustees.
In March of 2019 the Federal Deposit Insurance Corporation decided to settle for $335 million with PricewaterhouseCoopers LLP, a little more than half what the judge awarded, for the professional negligence claims it brought related to the audits of Colonial Bank which failed in 2009. Colonial Bank, at the time had $25.5 billion in assets and a loss to the Deposit Insurance Fund was estimated at $2.958 billion. PwC had said it planned to appeal the verdict.
The Justice Department also settled with Deloitte, but not any individual partners, for its role in the TBW failure. The amount, a fairly large fine of $149.5 million, was made public but barely caused a ripple. There was no formal complaint, no indictment charges, just a pre-indictment settlement.
Neither the SEC nor the PCAOB have ever sanctioned the firms or partners of PwC, or Deloitte, over their roles in the failure due to frauds at TBW or Colonial Bank or sanctioned PwC or its partners over their role in the failure of MF Global.
Here’s a few more I highlighted for the SEC and PCAOB back in November of 2013 that no one did anything about:
December 1, 2012, Deloitte, HP And Autonomy: You Lose Some But You Win Some More, Much More Big, big story at the end of 2012 that involves all four of the Big Four audit firms and is a prime example of the growing influence – and the threat to auditor independence – of the reestablished consulting practices in the firms. It also highlights the media confusion about the all roles audit firms are playing these days. Often they are not audit-related and yet the media often does not know for sure how to refer to the firms or their specific responsibilities and potential legal liabilities.
December 26, 2012, PwC and Thomson Reuters: Too Close For Comfort
February 18, 2013, Tax Pays: HP Pays Ernst & Young Two Million To Testify
September 3, 2013, Broker-Dealer Audits Still Badly Broken
September 29, 2013, Pershing Square’s Bill Ackman Tells PwC, “Herbalife Is Your Problem Now”
Next up… More potential violations ignored despite whistleblowers coming forward. The SEC can’t keep up with the lobbying and tax-related violations. Are more auditor independence rules going to get the “modernization” treatment instead of regulators enforcing violations for laws long on the books? What’s the solution?