The SEC proposes to "modernize" auditor independence rules
However, examples of actions taken, and not taken, suggest "modernize" is doublespeak for capitulating to the Big 4's dominance
Back in June 28, 2016, in a speech entitled, “Auditor Independence and the Role of the PCAOB in Investor Protection,” PCAOB member Steven B. Harris told an audience at the International Corporate Governance Network Annual Conference that he believed,
“…investors should be concerned about the emerging threats to auditor independence from the evolving firm business model.”
Auditor independence issues have been in the news in recent years in the U.S. and the U.K. Investors wonder how they can trust auditors’ opinions when there is so much corporate fraud, conflict of interest and other malfeasance the audit firms seem to be missing.
Barbara Roper, the director of investor protection for the Consumer Federation of America, told me in an interview this week:
“Investors value audit opinions only if the auditors are independent. But audit firms have time and again shown they are either unwilling or unable to meet that most basic of standards.”
The big difference between Trump’s SEC and the regulators in the U.K. is that Jay Clayton’s SEC has recently proposed loosening auditor independence rules, while in the U.K., the Financial Reporting Council, FRC, has been issuing revised auditing standards aimed at strengthening auditor independence.
This analysis of where we’ve been and where we are now on this issue will cover a lot of ground and add new information to the discussion.
Today is Part 1.
The PCAOB’s Steve Harris had noted that in the five years prior to 2016, the Big 4 global audit firms — Deloitte, Ernst & Young, KPMG, and PwC — had acquired more than 160 consulting businesses, including over 50 in 2015 alone.
“As a result, said Harris, “the Big Four in the U.S. now dominate the consulting market.”
In April of 2018, The Wall Street Journal’s Michael Rapoport wrote that the potential conflict between audit and the firms’ consulting businesses had escalated substantially.
“Since 2012, the firms' combined global revenue from consulting and other advisory work has risen 44%, compared with just 3% growth from auditing.
The result is that the bulk of the firms' revenue now comes from consulting and advisory, $56 billion last year, compared with $47 billion from auditing. Five years earlier, auditing pulled in roughly the same amount -- $46 billion -- while consulting and advisory's haul was only $39 billion.”
At the same time, between 2016 and the end of 2019, all of the global network firms and their foreign member firms settled multiple enforcement actions related to auditor independence violations and were forced to resign from client engagements because they provided prohibited services to a client or its affiliates.
Last year’s big SEC auditor independence enforcement actions, against PwC, RSM and Deloitte in Japan, all suggest that the violations occurred because the largest global audit firms have insufficient governance and internal controls, policies and procedures to prevent years-long, blatant violations of the post-Enron, Sarbanes-Oxley auditor independence rules.
An enforcement action by the PCAOB in 2019 against a regional firm that focuses on startups, especially in China, highlighted an auditor independence issue related to its chronic, years-long promotion of audit clients as investments, a blatant independence violation.
The Public Company Accounting Oversight Board today announced the settlement of disciplinary proceedings against Marcum LLP and Marcum Bernstein & Pinchuk LLP, as well as Alfonse Gregory Giugliano, CPA.
This is the first time the Board has: (1) sanctioned a registered public accounting firm for publicly advocating its audit clients as investment opportunities—a violation of auditor independence requirements; (2) sanctioned an annually inspected firm’s head of independence for substantially contributing to the firm’s independence violations; and (3) mandated the retention of an independent consultant.
The matters concern auditor independence violations over multiple years in connection with the firms’ annual Microcap Conference and China Conference, which were designed to bring together investors and companies looking for investment. In addition to violating independence requirements, both firms violated quality control standards by failing to appropriately design, implement, and monitor their independence policies and procedures.
The enforcement action highlights a program eerily similar to the longstanding EY Entrepreneur of the Year Award program, which has spotlighted EY audit clients in the past.
This past year, EY named Brad Keywell its EY World Entrepreneur of the Year 2019. Keywell founded or co-founded six companies including e-commerce site Groupon, the EY audit client which famously had a bad IPO due to internal control weaknesses.
Barbara Roper told me:
“Instead of acknowledging ongoing violations as a sign that the audit firms are willfully ignoring the law, in the absence of strong deterrent-level sanctions and individual punishments, and stepping up enforcement to provide that deterrent, the SEC and PCAOB propose to weaken the auditor independence rules.”
“If audit firms aren’t willing to maintain their independence, and regulators aren’t willing to hold them accountable, at a certain point investors are going to start asking whether it is really worth paying for the not-so-independent audit.”
Because the audit firms insist on re-establishing a business model that presents ongoing threats to independence and one that results in ongoing violations by the firms and their partners, the Big 4 and lobbyists/allies have been advocating for "modernizing" or, in other words, relaxing the auditor independence rules.
That language should sound familiar.
On December 9, 2019, SEC Chairman Jay Clayton told an audience of audit professionals, regulators and interested public company officials at a conference hosted by the auditor trade association, the American Institute of Certified Public Accountants, that he expected more auditor independence rule changes calling the plans, “stage two” after changes enacted in June.
Three weeks later, while everyone else was getting ready for the dawn of the new year, an SEC press release on Monday December 30, 2019, announced, “SEC Proposes to Codify Certain Consultations and Modernize Auditor Independence Rules.”
The SEC’s proposal says that it’s been a while since auditor independence rules have been updated and that a lot has changed since then.
“Since the initial adoption of the auditor independence framework in 2000 and revisions in 2003, there have been significant changes in the capital markets and those who participate in them.”
“The proposed amendments would update select aspects of the nearly two-decade-old auditor independence rule set to more effectively structure the independence rules and analysis so that relationships and services that would not pose threats to an auditor’s objectivity and impartiality do not trigger non-substantive rule breaches or potentially time consuming audit committee review of non-substantive matters.”
The last time the Securities and Exchange Commission sought to “modernize” auditor independence rules in 2000, even before the Enron failure and Arthur Andersen’s demise, came as a result of the last time there was a growing concern that firms’ increasing focus on consulting was distracting them from their core purpose: auditing.
Audit firms then became concerned about the growing regulatory and public criticism and two of the four firms sold their consulting practices. A third sold shortly after. Deloitte Consulting, however, never separated from Deloitte & Touche, but instead went on an acquisition spree and continued to grow its consulting arm.
Barbara Roper told me:
“When Congress was drafting the Sarbanes-Oxley Act, they didn’t go as far as they could have, or should have, to strengthen the auditor independence rules, in part because they put their faith in the new PCAOB to address the problem through enforcement and oversight.
But the PCAOB has never been as tough as it should be on enforcement, and now things appear to have reached a new low. Not only do independence violations go unpunished, in many cases, but PCAOB is making it easier for issuers and audit firms to hide those violations from the investing public.”
And now the Big 4 global audit firms have been lobbying to go back in time, before Enron, when the industry was self-regulated and mostly left alone.
The Big Four’s congressional lobbying activity between the first quarter of 2017 and the third quarter of 2019 shows the auditors and the AICPA, their trade association, have been attempting to roll back Sarbanes-Oxley’s auditor independence reforms during the window of opportunity provided by the Trump administration’s deregulation initiatives. Those efforts include chipping away at the SOx law’s auditor prohibited services provisions.
Since the beginning of 2017, the largest four global firms have spent $25.28 million lobbying Congress using their own in-firm lobbying arms. The AICPA, the industry’s trade association, spent $14.18 million more lobbying on the industry’s behalf on many of the same issues the firms lobby for on their own.
The industry has been targeting the strict SOX auditor independence rules—specifically the prohibited services list — and strongly challenging the authority of the Public Company Accounting Oversight Board, the industry regulator established after Enron and its auditor, Arthur Andersen, collapsed. In particular, the Big 4 have closely monitored repeat legislative efforts to make PCAOB enforcement actions against auditors available to the public earlier.
Deloitte LLP led the lobbying efforts, spending $560,000 in the first quarter of 2017 to lobby legislators for the “modernization of independence requirements.”
A specific mention of “modernization of auditor independence requirements” hasn’t appeared again since the first quarter of 2017, but every one of the Big 4 disclosures and the AICPA’s consistently mention a focus on PCAOB “enforcement transparency,” in particular when specific bills such as the PCAOB Enforcement Transparency Act of 2017 and 2019 were in play.
For example, KPMG paid The Velasquez Group, LLC an additional $640,000 during 2017 and 2018 to watch for any expansion of the PCAOB’s regulatory authority and any change in legislative language “attempting to require the Public Company Accounting Oversight Board to hold its disciplinary proceedings in public, and any other provisions pertaining to the PCAOB or its oversight.” The lobbying firm was also looking, on KPMG’s behalf for any legislation related to regulatory agency information sharing between the PCAOB and other agencies.
In April of 2017 KPMG fired six employees, including the partner who led its U.S. audit practice for using confidential advance notice of planned audit inspections by its regulator, the Public Company Accounting Oversight Board.
The Securities and Exchange Commission later fined KPMG $50 million in mid-June 2019 for using stolen PCAOB inspection information to cheat on audit inspections. Five of the former KPMG officials — David Middendorf, Thomas Whittle, and David Britt, along with Brian Sweet and Cynthia Holder who came to KPMG from the PCAOB and one former PCAOB official, Wada — have either been found guilty or pleaded guilty of criminal charges in the case.
In 2016 and 2017, KPMG was also monitoring any legislative activity related to its audit client Wells Fargo where it has faithfully served for 87 years. That’s because Wells Fargo has been continuously under siege from legislators for a number of scandals beginning in 2016 when Wells Fargo admitting to a fraudulent account opening scandal, the first of many violations that harmed retail and wealth management customers.
KPMG had also been hit by the SEC with a big auditor independence violations case in 2014 related to tax services.
Given the turnover of the House of Representatives from Republican to Democratic majority after mid-term elections in 2018, the global audit firms may have decided that lobbying the SEC for auditor independence rules changes would be more productive than hoping for a wholesale reversal of Sarbanes-Oxley legislation.
The SEC’s proposal said that the catalyst for “modernizing” auditor independence rules was a change made in June 2019 to an arcane rule related to whether an auditor is independent when it has a lending relationship with certain shareholders of an audit client at any time during an audit or professional engagement period.
The SEC’s actions suggest I was likely right when I wrote for the University of Chicago Booth Business School’s Stigler Center Pro-Market blog in 2017:
“Perhaps it’s the fear of more auditor independence violations that haven’t yet hit regulators’ radar that may be driving the Big Four to lobby to get rid of the rules.”
Next up… The SEC sanctions PwC for a multi-year, multi-engagement batch of independence violations that the regulator says were primarily caused by one partner!