The Reserve Bank of India’s spate of new measures on auditor appointment(1) allude that the RBI is worried about audit quality.
Having taken the flak for a series of bank and NBFC failures, there has been a steady but rising groundswell of opinion questioning the regulatory oversight that the RBI has provided: be it the failures themselves, to how banks undertake their asset quality review and report divergences, or the recent spate of regulatory violations by private sector banks that have raised questions on the strength of their processes and risk management.
The RBI’s concerns are valid, but the new measures are unlikely to improve overall audit quality.
The RBI has focused on two broad aspects of audit quality through these current regulations — strengthening auditor independence and ensuring auditor experience in banking and financial services (see Table 1 below). From an intent perspective, these regulations are in the right direction; and yet they are neither necessary nor sufficient to achieve the desired outcome.
Key Notes (for the entire list of notes, please refer to the RBI guidelines):
Auditors need time to fully understand a company’s systems, processes, documentation methods, and technology. Because of this, the Companies Act 2013 had set an auditor term for five years — this being the timeline within which the audit experience will bear fruit. The RBI would be better placed in aligning the auditor tenure to a five-year term.
The RBI regulations further mandate joint audits based on size thresholds (see Table 2 below). The opinion regarding joint audits is polarised — while the audit industry bodies and their representatives believe this measure will bolster audit quality, not everyone is convinced. The Punjab National Bank had five joint auditors at the time of the Nirav Modi scam — and yet transactions were entered into SWIFT outside the books. Because the roles and responsibilities are separated across the joint auditors, the joint auditors do not provide oversight on each other — and therefore, its function in improving audit quality is limited.
The RBI seems to be intent on increasing the pool size of the audit firms that can audit banks and the NBFCs, through the implementation of a standardised six-year cooling period between audits(2) coupled with limiting the number of bank and NBFC audits that can be undertaken(3) by an audit firm. The RBI has approved just over 60 audit firms, which are auditing the financial statements of public sector banks — and the current regulations will likely expand the list of approved audit firms. Yet investors have demonstrated faith in only a handful of audit firms, while simultaneously asking if there are enough audit firms of legitimate size and experience to audit financial services businesses. It is not clear if the regulator has done the homework.
The RBI has rightly argued for independence of auditors — but its regulations miss the woods for the trees. The regulations do not address revenue dependence, which is the one key variable that shoulders auditor objectivity. Client and fee concentration risks for audit firms are determinants of their malleability. Rather than the cooling period and the cessation of non-audit services one year before and after the audit period, the RBI must mandate audit committees and audit firms to publish the degree of revenue dependence as a measure of auditor independence.
The RBI’s new regulations will have the most impact on the private sector banks and the NBFCs, and large audit firms. The private sector banks and the NBFCs tend to have one audit firm — not joint auditors. While one can argue that the larger audit firms, despite their size and international affiliations, have not measured up, the solution cannot be to disperse the assurance function across many firms. The experience of the PSBs does not provide comfort that this is the solution.
Financial services regularly need to raise capital for growth, and therefore, investor confidence is paramount. If investors start questioning audit quality, the impact on the economy will be deleterious.
Notes:
(1): The regulations apply to commercial banks (excluding regional rural banks), primary (urban) co-operative banks, and non-banking finance companies (including housing finance companies). For the purpose of simplicity, this article refers to this entire group as ‘banks and NBFCs’.
(2): Private sector banks were allowed an auditor tenure of four years with a six-year cooling period. Private sector banks were allowed an auditor tenure of three years, with a cooling period of three-years. NBFCs operated under the Companies Act 2013, under which auditors can be appointed for a maximum of two-terms of fives each, followed by a three-year cooling period.
(3): The regulations limit one audit firm to concurrently take up statutory audit of a maximum of four Commercial Banks (including not more than one PSB or one All India Financial Institution or RBI), eight UCBs and eight NBFCs during a particular year.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
