Warning

The content on this page has been converted from PDF to HTML format using an artificial intelligence (AI) tool as part of our ongoing efforts to improve accessibility and usability of our publications. Note:

  • No human verification has been conducted of the converted content.
  • While we strive for accuracy errors or omissions may exist.
  • This content is provided for informational purposes only and should not be relied upon as a definitive or authoritative source.
  • For the official and verified version of the publication, refer to the original PDF document.

If you identify any inaccuracies or have concerns about the content, please contact us at [email protected].

Sanctions Policy (AEP) January 2022

The FRC's mission is to serve the public interest by setting high standards of corporate governance, reporting and audit and by holding to account those responsible for delivering them. The FRC sets the UK Corporate Governance and Stewardship Codes and UK standards for accounting and actuarial work; monitors and takes action to promote the quality of corporate reporting; and operates independent enforcement arrangements for accountants and actuaries. We also represent UK interests in international standard-setting. As the Competent Authority for audit in the UK the FRC sets auditing and ethical standards and monitors and enforces audit quality.

The FRC (which includes the FRC's officers, appointees, employees and agents) does not accept any liability to any party for any loss, damage or costs howsoever arising, whether directly or indirectly, whether in contract, tort or otherwise from any action or decision taken (or not taken) as a result of any person relying on or otherwise using this document or arising from any omission from it.

The Financial Reporting Council Limited 2022 The Financial Reporting Council Limited is a company limited by guarantee. Registered in England number 2486368. Registered Office: 8th Floor, 125 London Wall, London EC2Y 5AS

Introduction

1This document provides guidance for Executive Counsel, Tribunals and Appeal Tribunals (Decision Makers) when considering the imposition of sanctions on Respondents, under the Audit Enforcement Procedure (“AEP”).

2Although expressed as guidance for Decision Makers, this guidance will also be relevant to others discharging their respective responsibilities under the AEP.

3Terms defined in the AEP shall have the same meaning in this policy.

4This policy has been approved by the Conduct Committee of the FRC.

5This policy is intended to:

  1. promote proportionality, clarity, consistency and transparency in decision-making;
  2. ensure that all parties are aware from the outset of the approach which might be taken by Decision Makers when determining what sanction to impose.

6It is important to emphasise that the guidance in this policy is advisory - and is not binding on Decision Makers. It is for each Decision Maker to decide what, if any, sanction to impose given the findings it makes in the case that it has considered. Where a Decision Maker decides to depart from the guidance, it should explain its reasons for the departure.

7Nothing in the policy is intended to be inconsistent with the AEP and Decision Makers must proceed in accordance with the overriding requirements of fairness and natural justice.

8This policy is a public document. Periodically, it will be reviewed and (where appropriate) revised in the light of experience. The guidance in this policy cannot deal with every single situation and exceptions will sometimes arise. The guidance should be considered alongside any principles emerging from cases decided by previous Decision Makers under the AEP. Decision Makers may have regard to sanctions imposed in other cases. They must, however, determine the sanction which they think appropriate on the facts and circumstances of the case before them and should not feel constrained by the sanctions imposed (or not imposed) in earlier cases to impose a sanction which they do not think appropriate.

Aims and Objectives of the FRC's AEP

9The AEP has been developed to comply with the Statutory Auditor and Third Country Auditor Regulations 2016 (SATCAR 2016) implementing Regulation (EU) No 537/2014 (EU Audit Regulation) and Directive 2014/56/EU, which require that there are effective systems of investigations and sanctions to "detect, correct and prevent inadequate execution of the statutory audit".

10Sanctions are intended to be effective, proportionate and dissuasive in respect of Statutory Auditors and Statutory Audit Firms, where there has been a breach of the Relevant Requirements.

11In determining the appropriate sanction, a Decision Maker should have regard to the reasons for imposing sanctions for a breach of the Relevant Requirements in the context of the AEP. Sanctions are imposed to achieve a number of purposes, namely:

  1. to declare and uphold proper standards of conduct amongst Statutory Auditors and Statutory Audit Firms and to maintain and enhance the quality and reliability of future audits;
  2. to maintain and promote public and market confidence in Statutory Auditors and Statutory Audit Firms and the quality of their audits and in the regulation of the accountancy profession;
  3. to protect the public from Statutory Auditors and Statutory Audit Firms whose conduct has fallen short of the Relevant Requirements; and
  4. to deter Statutory Auditors and Statutory Audit Firms from breaching the Relevant Requirements relating to statutory audit.

12The primary purpose of imposing sanctions for breaches of the Relevant Requirements is not to punish, but to protect the public and the wider public interest.

13This guidance has been developed to help Decision Makers achieve these objectives by imposing sanctions which:

  1. improve the behaviour or performance of the Statutory Auditor or Statutory Audit Firm concerned;
  2. are tailored to the facts of the particular case and take into account the nature of the breach of the Relevant Requirements and the circumstances of the Statutory Auditor or Statutory Audit Firm concerned;
  3. are proportionate to the nature of the breach of the Relevant Requirements and the harm or potential harm caused;
  4. eliminate any financial gain or benefit derived as a result of the breach of the Relevant Requirements;
  5. deter breaches of the Relevant Requirements by the Statutory Auditor, Statutory Audit Firm or others.

14In connection with 13(a) above, Decision Makers should consider whether, and, if so, to what extent, the sanctions proposed would be likely to lead to improvements in respect of the matters which give rise to the proceedings and in the quality of work of the Statutory Auditor or Statutory Audit Firm concerned.

15Decision Makers should also consider whether the sanction or combination of sanctions, financial and/or non-financial, achieve the objectives of the AEP. There may be circumstances where the objectives can be achieved without a financial penalty.

Determination of Sanction

16A Decision Maker should consider the full circumstances of each case and the seriousness of the breaches involved before determining which sanction or combination of sanctions to impose on the Statutory Auditor or Statutory Audit Firm. This policy considers those factors that may be relevant to a Decision Maker's consideration. The factors are not listed in any kind of hierarchy and it is for a Decision Maker to decide on the weight to be allocated to each factor. The factors listed are not exhaustive; not all of the factors may be applicable in a particular case, and there may be other factors, not listed, that are relevant.

17In deciding which sanction or combination of sanctions to impose, a Decision Maker should have regard to the principle of proportionality. In assessing proportionality, a Decision Maker should consider whether a particular sanction is commensurate with the circumstances of the case, including the seriousness of the breach of the Relevant Requirements found and the circumstances of the Statutory Auditor or Statutory Audit Firm concerned. The seriousness of the breaches found should be determined by reference to a number of factors. These include the nature of the breach, the level of responsibility of the Statutory Auditor or Statutory Audit Firm in the breach of the Relevant Requirements and the actual or potential loss, financial detriment or harm caused by the breach, including harm to investor, market and public confidence in the truth and fairness of the financial statements published by Statutory Auditors and Statutory Audit Firms. The extent to which intent, recklessness, knowledge of the risks or likely consequences, negligence or incompetence are involved will vary.

18The sanctions available to Decision Makers are set out in Rule 136 of the AEP and are reproduced below for convenience:

  1. a notice requiring the Respondent to cease or abstain from repetition of the conduct giving rise to the breach of the Relevant Requirement(s);
  2. publish a statement (which may take the form of a reprimand or severe reprimand) to the effect that the Respondent has contravened a Relevant Requirement;
  3. order the Respondent to take action to mitigate the effect or prevent the recurrence of the breach of the Relevant Requirement(s);
  4. a prohibition banning the Respondent, either permanently or for a specified period, from carrying out Statutory Audits and/or signing audit reports;
  5. a declaration that the audit report does not satisfy the Audit Reporting Requirements;
  6. a declaration that the audit report does not satisfy the requirement in Regulation 4(1) of SATCAR 2016;
  7. where a declaration is made pursuant to sub-paragraph (e) or (f), order that the Respondent waives client fees payable, or repays client fees paid, to the Respondent in connection with the carrying out of the Statutory Audit;
  8. a temporary prohibition of up to three years' duration banning the Respondent from being a member of the management body of a firm that is eligible for appointment as a Statutory Auditor;
  9. a temporary prohibition of up to three years' duration banning the Respondent from acting as a director of or being otherwise concerned in the management of a Public Interest Entity;
  10. a financial penalty of such amount as is considered appropriate; and
  11. exclusion as a member of one or more Recognised Supervisory Bodies.

19[This paragraph has been deleted].

Combination of Sanctions

20Sanctions may be imposed singly or in combination. When imposing a combination, Decision Makers should assess, in the light of all the circumstances of the matter, the appropriateness of the proposed sanctions both individually and in combination. Set out below are some of the considerations that a Decision Maker should have regard to when imposing sanctions in combination:

  1. in addition to the mandatory announcement issued in all cases (which will include the fact that a sanction has been applied and the type of sanction in accordance with the Publication Policy), the Decision Maker can publish a statement pursuant to Rule 136(b) of the AEP which may take the form of a reprimand or severe reprimand;
  2. a financial penalty can be ordered in conjunction with any another sanction(s);
  3. a sanction requiring the waiver or repayment of client fees is unlikely to be appropriate if it is the only sanction imposed by a Decision Maker because such a sanction (on its own) is unlikely to be sufficient to reflect the nature and seriousness of the breach of the Relevant Requirements and achieve the purpose of imposing sanctions (see paragraph 11 above);
  4. dependent upon the circumstances of the particular Statutory Auditor or Statutory Audit Firm, it may be appropriate to order prohibition from carrying out Statutory Audits, signing audit reports and/or exercising functions in a Statutory Audit Firm or Public Interest Entity;
  5. exclusion as a member of one or more Recognised Supervisory Bodies is only available as a sanction in relation to individual Statutory Auditors. It can be imposed in a number of different combinations, together with a financial penalty, a waiver or repayment of client fees and/or prohibition as outlined above.

Summary of Approach to Determining Sanction

21It follows, therefore, that the normal approach to determining the sanction to be imposed in a particular case should be to:

  1. assess the nature and seriousness, gravity and duration of the breach found by the Decision Maker and the degree of responsibility of the Respondent for the breach (paragraphs 23 to 26);
  2. identify the sanction or combination of sanctions that the Decision Maker considers potentially appropriate having regard to the breach identified in a) above (paragraphs 27 to 65);
  3. consider any relevant aggravating or mitigating circumstances and how those circumstances affect the level, nature or combination of sanctions under consideration (paragraph 66 to 71);
  4. consider any further adjustment necessary to achieve the appropriate deterrent effect (paragraphs 72 and 73);
  5. consider whether a discount for admissions or early disposal is appropriate (paragraphs 80 to 89); and
  6. decide which sanction(s) to order and the level/duration of the sanction(s) where appropriate.

22Decision Makers should ensure that their decisions give reasons which indicate what view they have reached on the matters above and why.

Undertaking the initial assessment of the potential sanctions to impose

23In assessing the nature and seriousness of the breach of the Relevant Requirements and in determining which sanction(s) might be appropriate, a Decision Maker will normally consider the factors summarised in the next paragraph. This list is not exhaustive and not all factors will be applicable in a particular case. A Decision Maker should also consider carefully whether there may be other factors, not listed, that are relevant. Having identified the factors that it regards as relevant, a Decision Maker should decide the relative weight to ascribe to each relevant factor.

Factors which may be considered include:

24Factors which may be considered include:

  1. the nature, extent and importance of the Relevant Requirements;
  2. the gravity and the duration of the breach;
  3. the financial benefit derived or intended to be derived from the breach (the amounts of the profits gained or losses avoided by the Respondent, in so far as they can be determined). This may include any loss avoided or intended to be avoided where it is practicable to quantify this (for example, this could be quantified in appropriate cases by the fees received by the Statutory Auditor or Statutory Audit Firm, or by performance related pay, bonuses, or share options received by the Statutory Auditor). A Decision Maker may also allocate an amount in respect of interest on the benefit obtained;
  4. whether the breach caused or risked the loss of significant sums of money (for example, this could be quantified in appropriate cases by reference to the reduction in market value or loss to creditors);
  5. the financial strength of the Statutory Auditor or Statutory Audit Firm, for example as indicated by the total turnover of the responsible undertaking or the annual income of the responsible person, if that person is a natural person;
  6. whether the breach of the Relevant Requirements was intentional or unintentional;
  7. whether the breach was dishonest, deliberate or reckless (paragraphs 63 to 65);
  8. whether the breach of the Relevant Requirements adversely affected, or potentially adversely affected, a significant number of people in the United Kingdom (such as the public, investors or other market users, consumers, clients, employees, pensioners or creditors);
  9. whether the breach of the Relevant Requirements was isolated, or repeated or ongoing;
  10. if repeated or ongoing, the length of time over which the breaches occurred;
  11. whether similar breaches of Relevant Requirements have been identified in previous Audit Quality Review reports;
  12. whether steps had been taken to address any similar breaches previously identified;
  13. previous breaches by the Statutory Auditor or Statutory Audit Firm;
  14. whether the Statutory Auditor or Statutory Audit Firm has failed to comply with any previous written undertakings, notice to cease or abstain, or direction or Decision Notice relevant to this breach;
  15. whether it is likely that the same type of breach will recur;
  16. whether the breach of the Relevant Requirements undermines the purpose or effectiveness of the AEP;
  17. whether the breach could harm investor, market and public confidence in the truth and fairness of the financial statements published by Statutory Auditors or Statutory Audit Firms;
  18. whether the breach could undermine confidence in the standards of conduct in general of Statutory Auditors and Statutory Audit Firms, and/or in statutory audit in European Union Member States;
  19. in the case of a Statutory Audit Firm, the effectiveness of its relevant procedures, systems or internal controls and/or its implementation of the International Standard on Quality Control 1 ("ISQC 1") (or its equivalent);
  20. in the case of a Statutory Audit Firm, when the Statutory Audit Firm's senior management became aware of the breach of the Relevant Requirements and what action was taken at that point;
  21. whether the Statutory Auditor caused or encouraged other individuals to breach the Relevant Requirements.

25When considering a sanction to be imposed for a failure by a Statutory Auditor or a Statutory Audit Firm to comply with any of his or its obligations to co-operate with, and comply with directions of the Decision Makers appointed under the AEP, a Decision Maker should consider the reason(s) for and the significance of the failure to comply. Where the non-compliance is continuing, a Decision Maker should consider whether to impose a financial penalty that would promote compliance, such as a financial penalty calculated on a daily or other periodic basis.

26When determining the sanction to be imposed, a Decision Maker will have due regard to the fact that sanctions have been, or may be, imposed by another regulator or other authority in respect of the breach of the Relevant Requirements or the events related to that breach to ensure that consideration is given to the need to be proportionate, where other sanctions may address the purposes set out at paragraph 11 above.

27The following sections provide guidance on the factors that a Decision Maker may take into account when considering whether to impose a particular sanction, whether individually or in combination.

A notice to cease or abstain from conduct

28A Decision Maker may address a private notice to the Respondent requiring a Respondent to cease and/or abstain from conduct where it considers, in its absolute discretion, such a notice would be appropriate.

29This is subject to the mandatory announcement, as set out in the Publication Policy, which requires the FRC to publish details of the sanctions it imposes. This announcement will include the fact that a sanction has been imposed and the type of sanction.

30This sanction may be used by Decision Makers alone, when other sanctions available are not considered to be proportionate to a finding of a breach of Relevant Requirements taking into consideration all the circumstances such as significant mitigating circumstances. This sanction may also be used by Decision Makers in conjunction with other sanctions in the Decision Makers' absolute discretion.

Publication of a statement

31A Decision Maker may publish a statement (which may take the form of a reprimand or severe reprimand) to the effect that the Respondent has contravened a Relevant Requirement.

32[This paragraph has been deleted].

33A reprimand may be appropriate in cases where conduct is considered less serious, but the Decision Maker wishes to make clear that the behaviour was unacceptable. It may be considered appropriate in cases where there is no significant risk or damage to the public interest. A severe reprimand may be appropriate where the breach of the Relevant Requirements is of a serious nature.

34[This paragraph has been deleted].

35The statement may be issued in conjunction with the imposition of wider sanctions.

Order to take action to mitigate the effect or prevent recurrence of the breach

36A Decision Maker may order a Respondent to take action to mitigate the effect or prevent the recurrence of the breach of the Relevant Requirements, where it considers, in its absolute discretion, such an order would be justified.

37An order to mitigate the effect of the breach is intended to be used by Decision Makers where there are ongoing adverse effects of the conduct and specific, measurable, achievable and realistic steps can be identified which would or might mitigate these effects.

38In addition, where there is a reason to believe there may be a risk of recurrence of the breach, the Decision Maker may identify steps that could be ordered to prevent the recurrence or reduce the likelihood of recurrence of the breach and may order the Respondent to take such steps.

39Orders should specify timelines for compliance and may address mitigation. They may be made in conjunction with other sanctions.

A declaration that the audit report does not satisfy the relevant requirements

40Where the Decision Maker has made findings that an audit report (or reports) does/do not satisfy the Audit Reporting Requirements and/or the requirement in Regulation 4(1) of SATCAR 2016 and in order to protect the public and the wider public interest, they may make a public declaration to this effect.

41[This paragraph has been deleted].

42[This paragraph has been deleted].

43[This paragraph has been deleted].

Financial penalties

Introduction

44A financial penalty may be ordered either alone or in combination with one or more other sanctions. Given that it will normally be in the public interest for any breach of the Relevant Requirements warranting the imposition of a financial penalty to be accompanied by some degree of censure, a Decision Maker should not impose a financial penalty in isolation (i.e. without any other sanction) without satisfying itself that that is the appropriate course and providing reasons for that decision.

Ordering a financial penalty

45In order to determine whether a financial penalty is appropriate the factors to be considered will normally include whether:

  1. deterrence can be achieved by publication of a public statement alone (or with a notice to cease or abstain);
  2. the Statutory Auditor or Statutory Audit Firm has derived any financial gain or benefit (including avoidance of loss) as a result of the breach;
  3. the breach of the Relevant Requirements involved, caused or risked the loss of significant sums of money;
  4. a financial penalty was ordered in similar previous cases.

Determining the amount of a financial penalty

46In cases where a Decision Maker considers that a financial penalty is appropriate, it should aim to impose a financial penalty that:

  1. is proportionate to the breach of the Relevant Requirements and all the circumstances of the case;
  2. will act as an effective deterrent to future breaches of the Relevant Requirements;
  3. will promote public confidence in the regulation of statutory audit and in the way in which breaches of the Relevant Requirements are addressed.

47In undertaking this assessment, a Decision Maker will normally take into consideration:

  1. the nature, extent and importance of the Relevant Requirements;
  2. the seriousness of the breach of the Relevant Requirements;
  3. in the case of a Statutory Audit Firm, its size/financial resources and financial strength, for example as indicated by the total turnover of the Statutory Audit Firm and the effect of a financial penalty on its business;
  4. in the case of a Statutory Auditor, his financial resources and annual income and the effect of a financial penalty on that Statutory Auditor and his future employment;
  5. the factors set out in paragraph 24.

f) There is no upper limit on the financial penalty that the Decision Maker can impose.

Firms

48In the majority of cases involving the imposition of a financial penalty on a Statutory Audit Firm, the amount of revenue generated by the firm or the business unit(s) involved in the breach of the Relevant Requirements will be a factor to be taken into account when assessing the size of financial penalty which would be necessary, in the circumstances of the particular case, to act as a credible deterrent.

49Where revenue is not an appropriate indicator of financial means, a Decision Maker should seek an appropriate alternative measure. Other indicators of financial means include the level of profitability per partner, market share, the number of audit and non-audit clients and the respective size of those clients, and the number of principals 1, partners and registered individuals.

Individuals

50Having assessed the seriousness of the breach of the Relevant Requirements involved when considering the amount of any financial penalty, a Decision Maker will have regard to the Statutory Auditor's financial resources (including his income and assets) and employment prospects.

51A Statutory Auditor's remuneration is likely to be an appropriate starting point when considering the level of financial penalty that would: (i) be appropriate to reflect the breach of the Relevant Requirements involved; and (ii) be necessary to act as a credible deterrent and which will serve to correct and prevent inadequate execution of statutory audit. The calculation of a Statutory Auditor's financial resources should take account of his annual gross income together with any benefits he derives from his current employment, including any bonus, pension contribution, share options and share schemes, and/or distributions of profit. Employment includes both employment and self-employment as an adviser, employee, director, partner or contractor or in any other capacity.

52Where the Statutory Auditor concerned is no longer in employment, for example because he has left the Statutory Audit Firm, a Decision Maker will need to obtain information about the Statutory Auditors existing financial resources and future employment prospects.

Other considerations

53When deciding the level of financial penalty to impose, a Decision Maker should:

  1. when considering a Statutory Auditor or Statutory Audit Firm's financial resources, establish whether there are any arrangements that would result in part or all of any financial penalty being paid or indemnified by insurers, or by a Statutory Auditor's firm, partnership, company or employer. The existence of any such arrangements should not be a ground for increasing any financial penalty beyond the level that would otherwise be considered appropriate by the Decision Maker; and
  2. disregard the possibility that the Statutory Auditor or Statutory Audit Firm may be liable for the costs of the case. (The approach to any award of costs is considered in paragraphs 90 to 91).

54Having arrived at a figure for the financial penalty based on the nature and seriousness of the breach of the Relevant Requirements, a Decision Maker should consider whether the amount of the financial penalty should be adjusted:

  1. to take account of any aggravating and mitigating factors (paragraphs 66 to 68);
  2. to ensure the financial penalty has the necessary deterrent effect (paragraphs 72 to 73); and/or
  3. to reflect any discount for admissions and/or early disposal (paragraphs 80 to 89).

Waiver/repayment of client fees

Introduction

55If the Statutory Auditor or Statutory Audit Firm has gained financially from the breach of the Relevant Requirements, in particular as a result of receipt of client fees, a Decision Maker may consider ordering a waiver or repayment of the client fees paid or payable in connection with the carrying out of the statutory audit. Any such order will normally be in addition to another sanction or sanctions.

56The circumstances in which a waiver or repayment of client fees may be appropriate include where a declaration is made pursuant to paragraph 40 or the Statutory Auditor or Statutory Audit Firm has acted dishonestly, recklessly, or incompetently and there is no evidence to suggest that the client was complicit in the breach of the Relevant Requirements or otherwise culpable for the breach at the time it was committed.

Ordering waiver/repayment of client fees

57In order to determine whether waiver/repayment of client fees is appropriate, the factors to be considered include:

  1. whether the breach of the Relevant Requirements has caused the client to suffer loss, or has risked the loss of money by the client, through no fault of its own;
  2. whether the client has obtained value for the services contracted and/or paid for from the Statutory Auditor or Statutory Audit Firm;
  3. whether the Statutory Auditor or Statutory Audit Firm has voluntarily repaid fees to the client concerned.

Temporary or permanent prohibition/exclusion from carrying out statutory audits and/or signing audit reports and/or exercising functions in audit firms or Public Interest Entities/Exclusion as a member of a Recognised Supervisory Body

Introduction

58The ability to prohibit a Statutory Auditor or Statutory Audit Firm from carrying out Statutory Audits and/or signing audit reports, or to prohibit members of a Statutory Audit Firm from exercising functions in audit firms or public interest entities, or to exclude a Statutory Auditor from membership with one or more Recognised Supervisory Bodies exists because certain breaches of the Relevant Requirements are so damaging to the wider public and market confidence in the standards of conduct of Statutory Auditors and the quality of statutory audit in the UK, that removal of the Statutory Auditor's statutory audit role and/or professional status is the appropriate outcome in order to protect the public or otherwise safeguard the public interest.

59Prior to imposing an order excluding a Statutory Auditor from membership of a Recognised Supervisory Body, all other available sanctions should be considered to ensure that the prohibition or exclusion is the most appropriate sanction (either on its own or in conjunction with another sanction or sanctions) and is proportionate taking into account all the circumstances of the case.

Ordering Prohibition / Exclusion

60Where the breach of the Relevant Requirements is fundamentally incompatible with continued membership of a Recognised Supervisory Body, exclusion is likely to be the appropriate sanction. The factors set out in paragraphs 62 - 68 will normally be relevant considerations when a Decision Maker is considering whether to order prohibition/exclusion.

61Where a Statutory Auditor has been found to have been dishonest the recommendation should normally be that he be excluded from membership of a Recognised Supervisory Body for at least 10 years.

Other factors to be taken into account when determining the sanction to be imposed

62In the course of this guidance reference has been made to various factors that Decision Makers should consider when determining the level of sanction to impose. The characteristics of those factors are discussed below.

Intent

63Whether a Decision Maker concludes that the breach of the Relevant Requirements was intentional will be a material factor when determining any sanction to be imposed.

64Factors tending to show that the breach of the Relevant Requirements was intentional include where:

  1. the Statutory Auditor involved or the Statutory Audit Firm's senior management or a Responsible Individual intended or foresaw that the likely or actual consequences of their actions or inaction would amount to a breach of the Relevant Requirements;
  2. the Statutory Auditor involved or the Statutory Audit Firm's senior management or a Responsible Individual permitted the breach of the Relevant Requirements to continue notwithstanding that they knew that their actions breached the relevant rules, standards or procedures or the Statutory Audit Firm's management or internal control systems;
  3. the Statutory Auditor involved or the Statutory Audit Firm's senior management or a Responsible Individual was influenced to commit the breach of the Relevant Requirements by the belief that it would be difficult to detect;
  4. the Statutory Auditor deliberately took decisions relating to the breach knowing that he was acting outside his field of competence;
  5. the Statutory Auditor or Statutory Audit Firm intended to benefit financially from the breach of the Relevant Requirements, either directly or indirectly;
  6. the Statutory Auditor repeated the breach notwithstanding being aware that to do so would involve breaching the relevant rules, standards, or procedures.

Recklessness

65A Decision Maker may conclude that a Statutory Auditor or Statutory Audit Firm acted recklessly if the Statutory Auditor or the Statutory Audit Firm's senior management: (i) knew or ought to have known that a proposed course of action or inaction might involve a breach of the Relevant Requirements; and (ii) proceeded nevertheless.

Aggravating and Mitigating Factors

66Having assessed the seriousness of the breach of the Relevant Requirements and reached a view on the sanction that would be appropriate, a Decision Maker should consider whether to adjust that sanction to reflect any aggravating or mitigating factors that may exist (to the extent those factors have not already been taken into account in the Decision Maker's assessment of the seriousness of the breach).

67Examples of events or behaviour that a Decision Maker may conclude aggravated the breach of the Relevant Requirements, and so should be taken into account when deciding the sanction or combination of sanctions to be imposed, include where:

  1. the Statutory Auditor or Statutory Audit Firm failed to bring the breach of the Relevant Requirements to the attention of the FRC (or to the attention of another appropriate regulatory, disciplinary or enforcement authority) quickly, effectively or completely;
  2. the Statutory Auditor or Statutory Audit Firm failed to cooperate with, or hindered, the investigation of the breach of the Relevant Requirements by the FRC, or by another regulatory, disciplinary or enforcement authority (especially if the investigation was prejudiced or delayed thereby);
  3. in the case of a Statutory Audit Firm, that Statutory Audit Firm's senior management were aware of the breach, or that such a breach was likely to occur, but failed to take steps to stop or otherwise prevent the Misconduct;
  4. the Statutory Auditor involved or the Statutory Audit Firm's senior management, or a responsible individual, sought to conceal the breach or reduce the risk that the breach of the Relevant Requirements would be discovered;
  5. no remedial steps have been taken since the breach of the Relevant Requirements was identified, either on the Statutory Auditor's or Statutory Audit Firm's own initiative or as directed by the FRC or another regulatory authority;
  6. the breach of the Relevant Requirements involved an abuse of a position of trust, such as where a Statutory Auditor owed a fiduciary duty or was responsible for public funds;
  7. the breach of the Relevant Requirements was repeated and/or occurred over an extended period of time;
  8. the breach of the Relevant Requirements was committed with a view to profit (or avoidance of loss);
  9. the Statutory Auditor or Statutory Audit Firm facilitated wrongdoing by a third party or collusion with a client;
  10. the Statutory Auditor or Statutory Audit Firm was acting without the necessary authorisations, licences or registrations;
  11. the Statutory Auditor or Statutory Audit Firm has a poor disciplinary record (for example, where an adverse finding has previously been handed down against the Statutory Auditor or Statutory Audit Firm by the FRC or another disciplinary or regulatory body). The more serious and/or similar the previous breach(es), the greater the aggravating factor. The fact that a sanction has previously been imposed will not automatically be regarded as a significant aggravating factor. Much will depend on the degree of similarity, the time that has elapsed since the earlier sanction was imposed, the changes that have taken place since then, and the response (or lack of it) to any previous finding or sanction imposed;
  12. the FRC (or another disciplinary or regulatory body) has previously brought to the Statutory Auditor or Statutory Audit Firm's attention, including by way of a private advice or warning, issues similar or related to the conduct that gave rise to the finding of breach of the Relevant Requirements in respect of which the sanction is to be imposed;
  13. similar breaches of Relevant Requirements have been identified in previous Audit Quality Review reports;
  14. the Statutory Auditor or Statutory Audit Firm has failed to comply with any previous written undertakings, notice to cease or abstain, or direction or Decision Notice relevant to this breach;
  15. in the case of a Statutory Auditor, if that Statutory Auditor held a senior position and/or supervisory responsibilities.

68Examples of events or behaviour that a Decision Maker may conclude mitigate the breach of the Relevant Requirements, and so should be taken into account when deciding the sanction or combination of sanctions to be imposed, include where:

  1. the Statutory Auditor or Statutory Audit Firm brought the breach to the attention of the FRC (or to the attention of another appropriate regulatory, disciplinary or enforcement authorities) quickly, effectively and completely; 2
  2. the Statutory Auditor or Statutory Audit Firm provided an exceptional level of cooperation during the investigation of the breach by the FRC, or another appropriate regulatory, disciplinary or enforcement authority;
  3. in the case of a Statutory Audit Firm, that Statutory Audit Firm's senior management were aware of the breach of the Relevant Requirements or that such breach was likely to occur, and took appropriate steps to try to stop or prevent the breach;
  4. appropriate remedial steps were taken once the breach was identified, irrespective of whether such steps were taken on the Statutory Auditor's or Statutory Audit Firm's own initiative or that of the FRC or another regulatory authority; 3
  5. the Statutory Auditor or Statutory Audit Firm was deliberately misled by a third party;
  6. the breach of the Relevant Requirements was an isolated event that is most unlikely to be repeated;
  7. neither the Statutory Auditor nor Statutory Audit Firm stood to gain any profit or benefit beyond the fee chargeable from the breach of the Relevant Requirements;
  8. the Statutory Auditor or Statutory Audit Firm was subject to duress;
  9. the Statutory Auditor or Statutory Audit Firm has a good compliance history and disciplinary record;
  10. in the case of a Statutory Auditor, that Statutory Auditor held a junior position;
  11. in the case of a Statutory Auditor, personal mitigating circumstances;
  12. the Statutory Auditor or Statutory Audit Firm has demonstrated contrition and/or apologised for the breach of the Relevant Requirements.

Cooperation

69It is a requirement that Statutory Auditors and Statutory Audit Firms will cooperate with an investigation conducted under the AEP. In order for cooperation to be considered as a mitigating factor at the point of determining appropriate sanction it will therefore be necessary for the Statutory Auditors and Statutory Audit Firms to have provided an exceptional level of cooperation. Non-exhaustive examples of conduct which may constitute such cooperation include:

  1. self-reporting to the FRC and/or bringing to the attention of the FRC any facts and/or matters which may constitute an allegation of a breach of the Relevant Requirements; and
  2. volunteering information or documentation not specifically requested but which the Statutory Auditor/Audit Firm nevertheless considers may assist the investigation.

70Conversely, a failure to provide the level of cooperation required will be considered as an aggravating factor at the point of determining appropriate sanction. Non-exhaustive examples of such failures would include:

  1. incomplete provision of documents and information in response to Notices and requests;
  2. failure to provide adequate explanation of information provided;
  3. failure to comply with deadlines specified in Notices under the AEP and other written requests;
  4. failure to prepare properly for interviews conducted under the AEP (including failure to review material provided by the Executive Counsel in advance of such interviews); and
  5. failure to conduct an adequate search for documents and information.

71It is important to recognise that the examples at paragraphs 69 and 70 above are merely illustrative and that the relevant Decision Maker will consider the overall level of cooperation provided during the course of the investigation and enforcement process at the point of determining sanction.

Adjustment for deterrence

72If the Decision Maker considers that the sanction or combination of sanctions arrived at, after making any adjustment to reflect any aggravating and mitigating factors, is insufficient to deter the Statutory Auditor or Statutory Audit Firm who committed the breach of the Relevant Requirements, or other Statutory Auditors or Statutory Audit Firms, from committing further or similar breaches, the Decision Maker may adjust the sanction(s) to ensure that the intended deterrent effect will be achieved. Decision Makers should have regard to the need to impose effective, proportionate and dissuasive sanctions in respect of Statutory Auditors and Statutory Audit Firms.

73Examples of the circumstances where a Decision Maker may consider it appropriate to make such an adjustment include where a Decision Maker considers that:

  1. the Statutory Auditor or Statutory Audit Firm already has a disciplinary record for breaches of the Relevant Requirements of a similar nature;
  2. sanctions imposed or agreed previously in respect of similar breaches of the Relevant Requirements have failed to achieve an improvement in the relevant standards of Statutory Auditors or Statutory Audit Firms;
  3. there is a risk of similar breach of the Relevant Requirements in the future, whether by the Statutory Auditor or Statutory Audit Firm, or by other Statutory Auditors or Statutory Audit Firms, in the absence of a sufficient deterrent; and
  4. the sanction is too small to meet the objective of credible deterrence.

74[This paragraph has been deleted].

75[This paragraph has been deleted].

76[This paragraph has been deleted].

77[This paragraph has been deleted].

78[This paragraph has been deleted].

79[This paragraph has been deleted].

Discount for Admissions and Early Disposal

Admissions

80Where Statutory Auditors or Statutory Audit Firms admit some or all of the facts of a case, it is appropriate that any financial penalty and/or other sanction that might otherwise be imposed should be adjusted to reflect the extent, significance and timing of those admissions.

81However, no discount should be applied to the amount of any financial penalty that equates to the disgorgement of any benefit gained or loss avoided, or to an order for the waiver/repayment of client fees.

Acceptance of Decision Notices or pre-decision notice resolution

82Unless the parties have agreed that a matter should proceed straight to the Tribunal stage, Executive Counsel may issue a Proposed Settlement Decision Notice, proposing a sanction. In recognition of the benefits of early disposal of matters under the AEP, where the Respondent agrees a Final Settlement Decision Notice proposed by Executive Counsel, it is appropriate to adjust the amount of any financial penalty and/or other sanction that might otherwise have been imposed.

83Normally, it will be inappropriate to reduce the period during which a Statutory Auditor or Statutory Audit Firm is to be prohibited to reflect early disposal or resolution because the primary purpose of such a sanction is to protect the public. Therefore, any adjustment will generally apply only to any financial penalty to be imposed.

84For the purpose of providing guidance on the scale of any adjustment for early disposal, the FRC recommends that a case should be divided into four stages and a range of reductions applied to each stage:

  1. Stage (1) - the period from receipt by the Statutory Auditor or Statutory Audit Firm of a Notice of Investigation in accordance with Rule 11 of the AEP within 28 days (or such other period as Executive Counsel has agreed) after issuance of Executive Counsel's Proposed Decision Notice in accordance with Rule 21 a reduction of between 20 and 35%;
  2. Stage (2) - the period from 29 days (or from the day after the final day of the period that Executive Counsel has agreed within the meaning of Rule 22(d)) after issuance of Executive Counsel's Proposed Decision Notice in accordance with Rule 21, up to and including 29 days prior to the commencement of a Liability Hearing - a reduction of up to 10%;
  3. Stage (3) - the period from 28 days prior to the commencement of a Liability Hearing up to and including the day prior to the commencement of the Liability Hearing - a reduction of up to 5%.
  4. Stage (4) - the period from the commencement of the Liability Hearing until the final conclusion of the case, including any appeals - no reduction.

85The exercise of any discount is within the discretion of the relevant Decision Maker.

Partial Admissions

86A Statutory Auditor or Statutory Audit firm may make partial admissions to the findings outlined in the Executive Counsel's Proposed Decision Notice. Such admissions may relate to factual matters and as to whether the facts amount to a breach or breaches of the Relevant Requirements.

87In the absence of early disposal, such admissions will still necessitate the matter proceeding through the enforcement procedure. However, partial admissions may assist to reduce the disputed issues and achieve savings of time in the process.

88Where the parties agree the Tribunal will be informed of any partial admissions and will adjudicate on the remaining disputed Allegations.

89Partial admissions may be relevant to the factors considered by the Tribunal at the point it determines sanction but there is no formal adjustment of sanction to be applied in cases where there has not been early disposal. Nevertheless, where the Statutory Auditor or Statutory Audit Firm agrees the facts and liability, but not the level of financial penalty or the appropriate discount, the Tribunal or Appeal Tribunal should allow such discount as is thought appropriate having regard to all the circumstances and in particular the time when that was agreed. In addition, Respondents who are ordered to pay costs may benefit from lower costs where partial admissions have enabled investigation, presentation and Tribunal time to be reduced.

Costs

90When issuing a Proposed Decision Notice, a Final Decision Notice, a Proposed Settlement Decision Notice or a Final Settlement Decision Notice under the Audit Enforcement Procedure, Executive Counsel shall set out an amount payable in respect of Executive Counsel's costs of the matter.

91Having determined the sanction to be imposed, a Tribunal or an Appeal Tribunal considers whether to make any award in respect of the costs incurred by the FRC. When doing so, a Decision Maker may take account of:

  1. a Statutory Auditor or Statutory Audit Firm's financial position and the impact of any financial penalty that forms part of the proposed sanction;
  2. the Party's ability to pay;
  3. the Tribunal's decision on the facts and, if appropriate, the Sanction or the Appeal Tribunal's decision on the Appeal;
  4. whether it is it fair and equitable in all the circumstances;
  5. any arrangements that would result in part or all of any award of costs being paid or indemnified by insurers, or by a Statutory Auditor's firm, partnership, company or employer.

92[This paragraph has been deleted].

93[This paragraph has been deleted].

94[This paragraph has been deleted].

95[This paragraph has been deleted].

96[This paragraph has been deleted].

97[This paragraph has been deleted].

98[This paragraph has been deleted].

99[This paragraph has been deleted].

100[This paragraph has been deleted].

Publication of the outcome of Enforcement Action

101The FRC is required by law to publish details of any Sanction that imposed. Such publication will be on the FRC website and should be in accordance with the Publication Policy of the FRC.

Issued by the Conduct Committee with effect from 5 January 2022

Financial Reporting Council 8th Floor 125 London Wall London EC2Y 5AS

+44 (0)20 7492 2300

www.frc.org.uk

Footnotes

  1. A principal is a partner in an LLP. 

  2. Self-reporting breaches to the relevant regulatory, disciplinary or enforcement authorities will attract greater credit than co-operation with an investigation which has been prompted by someone or something else. 

  3. Examples include establishing whether the Statutory Auditor or Statutory Audit Firm's client or others have suffered loss and voluntarily compensating them; correcting any misleading statement or impression; taking disciplinary action against staff involved, if appropriate; and taking steps to prevent similar breaches of the Relevant Requirements from arising in the future. 

File

Name Sanctions Policy (AEP) January 2022
Publication date 27 September 2023
Format PDF, 1.3 MB
Download original
Back to top