The role of external bank auditors in banking supervision

New research examines how auditors and regulators interact

banking auditors

The financial crisis may be 10 years in the past but many of the issues it raised have yet to be resolved, not least in the field of banking supervision.
How much capital should banks have to hold? Has regulation become too strict – or is it still too lax? 

One issue that has attracted rather less attention than might have been expected is the extent, if any, to which bank auditors should play a part in bank supervision.

To some, the answer is clear-cut. Auditors share, in part, a public interest role with regulators, with duties that go beyond that owed to their client banks. They observe and provide assurance on many of the same numbers used by regulators.  Moreover, they do so, in many cases, from a better-resourced position than the regulators, with expert knowledge that may be too costly for banking supervisors to acquire.

At a time when public-sector budgets are under constant pressure, it makes no sense to shun the involvement of auditors. Indeed, there may be a case for mandating auditors to collaborate with regulators to a greater extent.

The case against auditor involvement in supervision

Others are equally adamant that auditors should have little or no role in banking supervision, for a number of reasons.

One: auditors have objectives that are different from those of regulators. While one aspect of the auditor’s job is to judge the health of the particular bank they are auditing, regulators are concerned about the health of the banking system as a whole.

Two: the effectiveness of auditors can be questionable in a regulatory context, given that they are not banking supervisors, a role requiring a very different skillset?

Three: an audit firm is a commercial enterprise, often with friendly, even cosy, links with the senior management of the bank it is auditing. It is one thing to allow such an enterprise to examine the books on behalf of the bank’s shareholders (although even this arrangement has been criticised). It is quite another to have an auditor do so on behalf of the public at large.

There is no agreement on this issue in principle, nor is there anything approaching uniformity across the EU in terms of requirements of auditors to collaborate with bank regulators.

Until now, the auditor-regulator relationship has been an under-researched area. We have sought to remedy this, at least in part, and have made contact with banking supervisors in all 28 EU member-states, all of whom have supplied answers to our key questions. We have been in contact also with the European Central Bank.

At a time when public-sector budgets are under constant pressure, it makes no sense to shun the involvement of auditors.

Types of interactions

In short, we identified three types of interactions between auditors and supervisors, whether (1)auditors provide a detailed long-form audit report to the regulator; (2) auditors provide assurances to the regulator on capital ratios, solvency ratios or any other specific item; and (3) the extent to which, if any, auditors and regulators meet regularly to discuss the bank’s performance.

The findings are highly instructive, not to say intriguing. They shine a light on the extent to which national supervisors diverge in this key area of banking regulation. They are the central feature of this article.

However, we have also reached some preliminary conclusions as to the effect that mandatory auditor-regulator collaboration has on market perceptions of risk in the banking system.

More on that later.

First, in order, what were the responses to the three questions?

The following countries, 14 in all, required auditors to submit a long-form audit report to regulators: Austria, Belgium, Croatia, Denmark, Estonia, Germany, Hungary, Ireland, Luxembourg, Romania, Slovakia, Slovenia, Spain and the UK.

The following, again 14, did not: Bulgaria, Cyprus, Czech Republic, Finland, France, Greece, Italy, Latvia, Lithuania, Malta, Netherlands, Poland, Portugal and Sweden.

So, a 50-50 split across the EU.

Rather fewer, 11 in total, required auditors to give assurances to regulators on capital, solvency or other ratios: Austria, Belgium, Croatia, Germany, Hungary, Ireland, Lithuania, Netherlands, Poland, Slovenia and Spain. Those that did not were Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Greece, Italy, Latvia, Luxembourg, Malta, Portugal, Romania, Slovakia, Sweden and the UK.

The closest the EU came to uniformity was on the question of regular meetings being required between auditors and regulators – only Spain made no such requirement.

Austria, Belgium, Croatia, Germany, Hungary and Ireland answered yes to all three questions.

Then there were the cases in which the European Central Bank’s answer in the case of some countries was different from that given by the country concerned. Thus while Ireland answered yes when asked if it required auditors to submit long-form audit reports to regulators, the ECB said no. The Netherlands answered no to the same question while the ECB answered yes.

Luxembourg and Slovakia answered no when asked if auditors were asked to give regulators assurances on financial ratios, while the ECB answered yes, while Ireland’s yes to the same question became a no from the ECB.

Again, the ECB contradicted Ireland on the question of regular auditor-regulator meetings, replying no to Ireland’s yes. We are following up on the reasons for this contradiction.

The ECB itself is, of course, responsible for the supervision of the larger banks, those with assets totalling more than €30 billion. It told us that, with regard to long-form audit reports, it had the right to request such reports from the institutions that it supervises, but “there are no further specifications for the form of audit reports that need to be submitted [to the ECB],”

In terms of assurances on financial ratios, the ECB said that “the practices among the countries regarding the quality assurance differ greatly” and mentioned no additional ECB requirements in terms of the banks that it supervises.

Regarding regular meetings with bank auditors, the ECB said it gave “high importance to the role of the auditors and the added value of external audits for prudential supervision”, adding: “ECB senior management meets bi-annually with representatives of the six largest audit firms to exchange views on matters of relevance for the industry as a whole.”

Should auditor-supervisor collaboration be standardised?

An obvious question arising from these findings is whether there would be any benefit in standardising the requirements for auditor-supervisor collaboration across the EU. A tentative answer would be, “Yes, but…” There may be benefits, but it should not be forgotten that different countries have very different views about the desirability of such collaboration in the first place.

Put simply, some countries are relaxed about the prospect of their regulators depending, to some extent, on auditors, while others fear that regulators becoming over-reliant on auditors could put them in danger of being misled. Any moves towards reducing current divergences would need to be nuanced.

Beyond this, of course, is the question of whether mandatory auditor-supervisor collaboration would, in fact, make the banking system safer. Short of awaiting the next crisis, that may be impossible to judge. But what is feasible is to look at market perceptions of the effect of such collaboration on risk, using credit default swaps (CDS) to gauge market sentiment about the creditworthiness (or otherwise) of banks.

CDS are an insurance-type contract in which the buyer pays a periodic fixed premium to insure against the credit risk of the bank in question. The size of the premium provides a timely and liquid measure of the market view of the risk for banks.

Using CDS data, we can examine the market view of two types of risks: credit risk, in other words whether banks’ creditworthiness increase in the wake of enhanced collaboration between auditors and supervisors, and information risk, in other words whether the market believes that audit information improves the reliability of regulatory reports.

Our preliminary enquiries related to two of the three types of engagements, the requirement for auditors to supply regulators with a long-form audit report and the requirement for auditors to supply assurances on financial ratios. In order to give a clear picture of the effect on CDS premiums of such requirements, we looked at different countries in both cases, those that introduced such a requirement and those that did not.

Thus in terms of supplying long-form audit reports, such a requirement was introduced in Denmark in 2008, in Spain in 2011, in Luxembourg in 2013 and in the UK in 2016. We compared this group with four countries that did not introduce such a requirement: Sweden, Italy, Switzerland and France.

Regarding assurances on financial ratios, the following countries introduced such a requirement: Germany (2009), Spain (2011), Belgium (2014) and the Netherlands (2014). We compared this group with four countries that did not: France, Italy, Austria and Switzerland.

Our findings, from measuring differences in the CDS premiums, suggest that the financial stability of the system is seen by markets to have improved after such mandatory collaboration is introduced. We also observe an increase in audit fees paid by banks, which suggests that banks bear at least some of the additional costs associated with enhanced auditor-regulator interaction. But we stress that these findings are preliminary, and that more work needs to be done on the differences in practice across Europe and how this may be made less divergent while respecting different national attitudes on this issue.

We hope our work on highlighting the extent of these divergences may provide a useful starting point in this endeavour.

This article is hosted by London Business School and the European Economics & Financial Centre

Comments (0)