Warning

The content on this page has been converted from PDF to HTML format using an artificial intelligence (AI) tool as part of our ongoing efforts to improve accessibility and usability of our publications. Note:

  • No human verification has been conducted of the converted content.
  • While we strive for accuracy errors or omissions may exist.
  • This content is provided for informational purposes only and should not be relied upon as a definitive or authoritative source.
  • For the official and verified version of the publication, refer to the original PDF document.

If you identify any inaccuracies or have concerns about the content, please contact us at [email protected].

Letter on cooperation between CPAAOB/JFSA and FRC

Page 1 of a formal letter from Japanese financial regulators to the UK Financial Reporting Council, outlining cooperation on auditor oversight, including organizational logos and introductory text.

Mr. Paul George Executive Director, Conduct Committee Financial Reporting Council 5th floor, Aldwych House 71-91 Aldwych London WC2B 4HN United Kingdom

23 May 2014

Dear Mr. George,

EXCHANGE OF LETTERS BETWEEN THE FINANCIAL SERVICES AGENCY AND CERTIFIED PUBLIC ACCOUNTANTS AND AUDITING OVERSIGHT BOARD OF JAPAN AND THE FINANCIAL REPORTING COUNCIL IN THE UNITED KINGDOM ON COOPERATION AND THE EXCHANGE OF INFORMATION RELATED TO THE OVERSIGHT OF AUDITORS

1It is recognised that exchange of information and mutual co-operation between the Financial Services Agency of Japan ("JFSA") and the Certified Public Accountants and Auditing Oversight Board ("CPAAOB") and the Financial Reporting Council ("FRC") in the area of auditor oversight would be mutually beneficial, with a view to strengthening public trust in the auditors' report and increasing investor confidence in their respective capital markets. Given increasing cross-border activities in securities transactions and the globalisation of financial markets, it is recognised in particular that there are benefits in enhancing the exchange of information between the Authorities in matters related to the oversight of the auditors of public companies with securities issued or traded on the capital markets in the jurisdictions of the Authorities.

2The purpose of this letter is to facilitate mutual cooperation between the Authorities to the extent permitted by their respective laws or regulations in the area of public oversight of such auditors.

3In this context, the Authorities :

  • Having regard to the provisions in the Companies Act 2006 ("Companies Act"), as based on Article 47 of Directive 2006/43/EC, which allows the FRC under certain conditions to transfer to the JFSA/CPAAOB information relating to Auditors that fall within the jurisdiction of both Authorities;
  • Having regard to the Certified Public Accountants Act ("CPA Act") in Japan which allows the JFSA/CPAAOB under certain conditions to transfer to the FRC information relating to auditors that fall within the jurisdiction of both Authorities;
  • Recognising that the European Commission has decided upon the adequacy referred to in Article 47, paragraph 1(c) of the Directive 2006/43/EC in respect of Japan;
  • Recognising that the European Commission has decided upon the equivalence referred to in Article 46, paragraph 1 of the Directive 2006/43/EC in respect of Japan;
  • Recognising that the transfer of personal data from the FRC to the JFSA/CPAAOB has to be in accordance with the Data Protection Act 1998 implementing Directive 95/46/EC, and in particular Chapter IV of Directive 95/46/EC; and
  • Recognising that the transfer of personal data from the JFSA/CPAAOB to the FRC has to be in accordance with the Act on the Protection of Personal Information Held by Administrative Organs.

have agreed the following.

The Authorities recognise the need for mutual cooperation in matters related to the oversight of auditors whose principal office is located in one Authority's jurisdiction and which provides an audit report concerning the annual or consolidated accounts of a company with securities issued or traded on a market1 in the other Authority's jurisdiction. The purpose of this Letter is to facilitate mutual cooperation between the Authorities to the extent permitted by their respective laws or regulations in the area of public oversight of such auditors and to improve the quality, accuracy and reliability of the audit of public companies through audit regulation and auditor oversight so as to protect investors, help strengthen public trust in the audit process and increase investor confidence in their respective capital markets.

4This Letter does not create any binding legal obligations, nor does it modify or supersede any laws, regulations or regulatory requirements in Japan or in the United Kingdom. This Letter does not give rise to a right on the part of the JFSA/CPAAOB, the FRC, or any other governmental or non-governmental entity or any private person, to challenge, directly or indirectly, the degree or manner of cooperation by the JFSA/ CPAAOB or the FRC.

5This Letter does not prohibit the JFSA/CPAAOB or the FRC from taking measures with regard to the supervision of auditors that are different from or in addition to the measures set forth in this Letter.

I. DEFINITIONS

6For the purpose of this Letter,

"auditor" means a natural person or an audit firm that is subject to an Authority's regulatory jurisdiction in accordance with the Certified Public Accountants Act ("CPA Act") or the Companies Act 2006 ("Companies Act"); "Authority" or "Authorities" means the JFSA/CPAAOB and/or the FRC; "information" refers to non-public information and/or documents and includes but is not limited to:

  1. reports on the outcome of inspections and investigations, including information on firm-wide procedures and engagement reviews provided these reports relate to auditors that fall within the regulatory jurisdiction of both Authorities; and
  2. audit working papers or other documents held by auditors provided these reports relate to auditors that fall within the regulatory jurisdiction of both Authorities;

"inspections" refers to external quality assurance reviews of auditors generally undertaken on a regular basis with the aim of enhancing audit quality; "investigations" refers to non-criminal investigations in response to a specific suspicion of infringement or violation of laws or regulations related to auditor oversight; and "laws or regulations" means any laws, rules or regulations in force in the respective jurisdictions of the Authorities.

II. COOPERATION

Scope of cooperation

7Cooperation covers the exchange of information that relates to auditor oversight, such as the outcome of inspections and investigations including firm-wide procedures, provided that this information relates to an auditor that provides an audit report concerning:

  1. the annual or consolidated accounts of a company incorporated in one Authority's jurisdiction whose transferable securities are issued or traded on markets in the other Authority's jurisdiction; or
  2. the annual accounts of a company incorporated in one Authority's jurisdiction that forms part of a group whose parent has issued or trades transferable securities on markets in the other Authority's jurisdiction.

Cooperation includes the transfer of audit working papers or other documents held by auditors in relation to the audits of companies mentioned above.

8In cases where the information requested may be maintained by, or available to, another regulatory body within the jurisdiction of the requested Authority, the requested Authority will endeavour to provide the information requested. The exchange of information between the Authorities should take place in accordance with their respective laws or regulations.

9The Authorities will use their best endeavors to notify one another, prior to or immediately after taking any significant oversight measures in respect of relevant Auditors that are registered/notified or seek registration/notification in the other's jurisdiction.

Requests for information

10Requests will be made in writing (including e-mail) and addressed to the contact person of the requested Authority.

11The requesting Authority should specify the following:

  1. the information requested;
  2. the purposes for which the information will be used;
  3. the reasons why the information is needed and, if applicable, the relevant provisions that may have been violated;
  4. an indication of the date by which the information is needed; and
  5. to the best of the knowledge of the requesting Authority, an indication of whether the information requested might be subject to further use or disclosure under paragraphs 17 to 21.

Execution of requests for information

12Each request will be assessed on a case by case basis by the requested Authority to determine whether information can be provided under the terms of this letter. Each Authority will use its best endeavours to provide a prompt and adequate response to an information request from the other Authority. In order to avoid unnecessary delays, where appropriate, the requested Authority will provide part of the requested information as it becomes available. In any case, where the request cannot be met in full within the desired time period, the requested Authority will inform the requesting Authority accordingly and will consider, where applicable, whether other relevant information or assistance can be given.

13The requested Authority may refuse to act on a request where:

  1. it concludes that the request is not in accordance with this Letter;
  2. acceding to the request would contravene the laws or regulations of the requested Authority's jurisdiction;
  3. It would burden the requested party disproportionately;
  4. it concludes that it would be contrary to the public interest of the requested Authority's jurisdiction for assistance to be given;
  5. the provision of information would adversely affect the sovereignty, security or public order of the requested Authority's jurisdiction; or
  6. judicial proceedings have already been initiated in respect of the same actions and against the same persons before the Authorities of the jurisdiction of the requested Authority.

14The requested Authority will promptly inform the requesting Authority of the reasons where it refuses to act on a request made under this Letter.

15Any document or other material provided in response to a request under this Letter and any copies thereof will be returned on request to the extent permitted by national law.

16In principle, communications between the Authorities will be in English. If the requested Authority needs to provide information and/or documents in a language other than English, the requested Authority will inform the other Authority to that effect in advance. In principle, when information and/or documents provided are in a language other than English, the requesting Authority bears the cost of translation.

III. CONFIDENTIALITY

17Each Authority will keep confidential all information received or created in the course of cooperating, to the extent consistent with its laws or regulations. Article 100 of the National Public Service Act in Japan and Section 1224A of the Companies Act in the United Kingdom respectively bind employees and the former employees of the Authorities to official secrecy or restrict the disclosure of information provided in respect of audit regulation and oversight. The confidentiality prescribed in this letter should also apply to all persons who are or have been involved in the governance of the Authorities or otherwise associated with the Authorities.

18The requesting Authority will inform the requested Authority if the safeguards, information systems, controls, laws or regulations change in a way that would weaken materially the protection of the information and/or documents provided by the other Authority.

19Any information obtained must be used only for the exercise of functions of public oversight, inspections or investigations of auditors. If any Authority intends to use information received or created in the course of cooperation for any purpose other than those stated in the request under paragraph 11, including to disclose this information to a third party other than in cases referred to in paragraph 21, must obtain the prior written and specific consent of the requested Authority. The Authority which intends to disclose this information should indicate the reasons and the purpose for which the information would be disclosed. If the requested Authority consents to the use of information for a purpose other than that stated, it may subject its consent to conditions.

20Information received should not be used in criminal proceedings carried out by a court or judge, including as evidence in a criminal court. In the case that such use is required by law, an additional request be made in accordance with procedures prescribed in the relevant law for international mutual assistance in an investigation.

21If an Authority is legally required to disclose the confidential information received from the other Authority in order to comply with its obligations under domestic laws or regulations, that Authority will consult with the other Authority before disclosing it. It will provide, wherever possible, at least fifteen working days advance written notice to the other Authority prior to its disclosure, stating the reasons as to why the Authority is required to disclose such Information. If the other Authority objects to the disclosure, the Authority will use its best efforts to resist the disclosure of the relevant information and will provide assistance to the objecting Authority in its own efforts to resist disclosure.

IV. THE TRANSFER OF PERSONAL DATA

22This Letter is subject to the maintenance of a framework (Annex attached) which provides an adequate level of protection on the transfer of personal data.

23The Authorities will only transfer personal data in accordance with their respective national laws or regulations on data protection.

V. OTHER

24The Authorities will, at the request of either Authority, consult on issues related to the matters covered by this Letter, and otherwise exchange views and share experiences and knowledge gained in the discharge of their respective duties to the extent consistent with their respective laws or regulations. The Authorities also express their willingness to hold a dialogue or exchange views about matters of common interest and concern as appropriate, with a view to deepening mutual understanding between the Authorities.

25The Authorities may consult informally, at any time, about a request or proposed request or about any information provided.

26The Authorities may consult and revise the terms of this Letter in the event of a substantial change in the laws, regulations, or practices affecting the operation of this Letter, or if the Authorities themselves wish to modify the terms of their cooperation.

27The terms and conditions set out in this Letter do not apply to publicly available information.

VI. DURATION

28The cooperation under this letter will commence from the later of the dates of signature of this letter and of the equivalent letter from the FRC to the JFSA and CPAAOB.

29The cooperation may be terminated by either Authority at any time giving at least thirty days prior written notice to the other Authority. If either Authority gives such notice, this Letter will continue to have effect with respect to all requests that were made before the effective date of notification until the requesting Authority terminates the matter for which assistance was requested. The terms and conditions concerning confidentiality and the transfer of personal data will remain in force thereafter.

Yours sincerely,

Mr. Ryutaro Hatanaka Commissioner Financial Services Agency Government of Japan 3-2-1 Kasumigaseki Chiyoda-ku, Tokyo Japan 100-8967

Dr. Kunio Chiyoda Chairman Certified Public Accountants and Auditing Oversight Board Government of Japan 3-2-1 Kasumigaseki Chiyoda-ku, Tokyo Japan 100-8967

ANNEX: FRAMEWORK BETWEEN THE FINANCIAL SERVICES AGENCY AND CERTIFIED PUBLIC ACCOUNTANTS AND AUDITING OVERSIGHT BOARD OF JAPAN AND THE FINANCIAL REPORTING COUNCIL OF THE UNITED KINGDOM ON THE TRANSFER OF CERTAIN PERSONAL DATA

The Financial Services Agency of Japan and Certified Public Accountants and Auditing Oversight Board ("JFSA" / "CPAAOB") in Japan and the Financial Reporting Council in the United Kingdom ("FRC"):

  • Recognising that the transfer of personal data from the FRC to the JFSA/CPAAOB has to be in accordance with the Data Protection Act 1998 implementing Directive 95/46/EC and in particular Chapter IV of Directive 95/46/EC; and
  • Recognising that the transfer of personal data from the JFSA/CPAAOB to the FRC has to be in accordance with the Act on the Protection of Personal Information Held by Administrative Organs;

have agreed as follows:

I. DEFINITIONS

For the purpose of this Framework:

"auditor" means a natural person or an audit firm that is subject to an Authority's regulatory jurisdiction in accordance with the Companies Act 2006 or the Certified Public Accountants Act; "Authority" or "Authorities" means the JFSA/CPAAOB and/or the FRC; "controller" means, in the case of personal data processed in the Authority of the home jurisdiction of the data subject and transferred to the other Authority, the other Authority which alone or jointly determines the purposes and means of the processing of personal data; "Data Protection Directive" means Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; "Exchange of Letters" ("EoL") means the document by that name, dated 23 May 2014 and exchanged by the Authorities to facilitate cooperation and the exchange of information; "laws or regulations" means any laws, rules or regulations in force in the respective jurisdictions of the Authorities; "personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity; "processing of personal data" ("processing") means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction; "processor" means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller; "sensitive data" means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and data concerning health or sex life and data relating to offences, criminal convictions or security measures in relation to individuals; and "third party" means any natural or legal person, public authority, agency or any other body other than the data subject, the JFSA/CPAAOB, the FRC, and the persons who, under the direct authority of the above, are authorised to process the data.

II. DATA PROCESSING PRINCIPLES

The Authorities agree that the transmission of personal data by the data providing Authority to the data requesting Authority will be governed by the following provisions:

1Purpose limitation: Personal data transmitted by the data providing Authority to the data requesting Authority may be processed by the data requesting Authority itself only for the purposes of oversight, inspections and investigations of firms and their associated persons subject to the regulatory jurisdiction of the Authorities. The onward transfer of such data which may be for other purposes is governed by paragraph 7 below.

The Authorities acknowledge that they primarily seek the names, and information relating to the professional activities of the individual persons, who were responsible for or participated in audit engagements selected for review during an inspection or who play a significant role in the firm's management and quality control. Such personal data as well as other personal data will only be used in order to assess the degree of compliance of the registered/ notified auditor and its associated persons with the applicable laws or regulations and to enforce compliance with these laws or regulations.

If the data receiving Authority intends to use information received from the data providing Authority for any purpose other than those stated in the request, it must obtain the prior written specific consent of the data providing Authority. If the data providing Authority consents to the use of the information for a purpose other than those stated, it may subject its consent to conditions.

2Data quality and proportionality: Each Authority will endeavour to ensure that it transmits to the other Authority personal data that is accurate. Each Authority will inform the other Authority if it learns that previously transmitted information was inaccurate and/or must be updated. In such a case the other Authority will make any appropriate corrections to its files.

Each Authority will endeavour to ensure that the personal data requested and transferred is adequate, relevant and not excessive in relation to the purposes for which it is transferred and further processed.

The personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed, or for such time as otherwise required by applicable laws or regulations.

3Transparency: the FRC will provide to data subjects information relating to the transfer and further processing of personal data as required by the Data Protection Directive and the Data Protection Act. The Authorities acknowledge that the purpose and use by the JFSA/ CPAAOB of the personal data are as set out in the Certified Public Accountants Act.

4Security and confidentiality: The Authorities will endeavour to ensure that they undertake appropriate technical and organisational security measures to guard against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, the personal data.

The Authorities agree to update the information if changes are made to its technical and organisational security measures that would weaken the protection provided for personal data.

Any person acting under the authority of the data controller, including a processor will not process the data except at the data controller's request.

5Rights of access, rectification or deletion: The Authorities acknowledge that the transfer of personal data would occur in the context of the exercise of regulatory functions pursuant to the relevant legislations in their home jurisdiction, and that the rights of data subjects to access personal data held by the Authority therefore may be restricted in order to safeguard the Authority's ability to monitor, inspect or otherwise exercise its regulatory functions with respect to the auditors, including associated persons and other relevant individuals, under its regulatory jurisdiction. However, a data subject whose personal data has been transferred to the data receiving Authority may request that the data providing Authority identify any personal data that has been transferred to the data receiving Authority and request that the data providing Authority confirm with the data receiving Authority that the data is complete, accurate and, if applicable, up-to date, and the processing is in accordance with the data processing principles in this Framework. If the data turns out to be incomplete, inaccurate or outdated or the processing is not in accordance with the data processing principles in this Framework, the data subject may make a request for rectification, erasure or blocking the data, through the data providing Authority.

6Sensitive data: Sensitive data will not be transferred between the Authorities except with the consent of the data subject.

7Onward transfer: In the event that the data receiving Authority intends to transfer any personal data to a third party, the data receiving Authority shall comply with the process set out in section III of the EoL. It will be the responsibility of the Authorities to provide relevant information to the data subject, if required by relevant laws or regulations in the jurisdiction of the data providing Authority. The Authorities have provided information describing the applicable laws or regulations on onward transfer of confidential information.

8Redress: The Authorities acknowledge that they have provided information describing the consequences for the unlawful disclosure of non-public or confidential information. Any violations will be reported to the data providing Authority and, if required by law, to the appropriate personal data protection Authority in each jurisdiction.

  1. In the UK this means a regulated market such as the Main Market of the London Stock Exchange. In Japan this means a regulated market such as the Tokyo Stock Exchange. 

File

Name Letter on cooperation between CPAAOB/JFSA and FRC
Publication date 27 September 2023
Format PDF, 2.9 MB
Download original
Back to top