CHAPTER 6: Bank audits and the financial
crisis
General
134. During the course of our inquiry we have
increasingly been led into issues that arise in their most acute
form with the auditing of banks. Thus in the previous chapter,
which exposes some of the shortcomings of IFRS, it is clear that
these shortcomings are at their most serious in the case of the
accounts of banks. There are at least two interconnected reasons
for this.
135. First, an important part of the accountancy
process is the correct valuation of assets. Indeed, a new process,
customarily known as mark-to-market, under which assets are accounted
for at market rather than book value, was introduced for just
this reason. But the difficulty of correctly valuing the financial
assets held by banks, particularly the highly complex and often
somewhat artificially constructed financial instruments that have
proliferated since the millennium, is of a wholly different order
of magnitude from the difficulty of valuing the bulk of the assets
held by the general run of companies. Moreover, in many cases
and at many times the 'market' is a dangerously narrow one. Indeed,
in many cases it is narrow to the point of non-existence, in which
case the accepted practice is to use what is known as 'mark-to-model',
valuing assets on the basis of financial models. This inevitably
adds to the problems of complexity and an inadequate market the
problem of the real-world (as opposed to mathematical) reliability
of the model.
136. Second, given these complexities and uncertainties
of valuation, it is all the more important that auditors should
err on the side of prudence. Yet the evidence we have received
has demonstrated that the advent of IFRS has led to a culture
of box-ticking and 'neutrality' at the expense of prudence. This
is particularly serious in the case of banks where, given their
crucial importance to the health of the economy as a whole and
the uniquely troubling consequences of a major bank failure, the
necessity of erring on the side of prudence cannot be overstated.
137. But during the course of our inquiry we
have found some other grave defects in the auditing of banks,
unrelated to the advent of IFRS, and it is to these we now turn
in this chapter.
138. The banking crisis of 2007-09 raised the
question (among others) why there was so little warning that so
many banks were in trouble and that the world's financial system
was at risk. The role of auditors in the crisis is naturally of
most interest to this inquiry. We do not seek to apportion blame
but to draw lessons, bearing in mind that, with hindsight, responsibility
for the crisis and the lack of warning was shared by almost all
the players in the system. As Lord Myners put it, "the financial
crisis revealed the failure of just about everybody ... [but]
the auditing profession, the accounting profession, cannot be
excluded from those who must share responsibility and, more importantly,
seek to learn lessons."[171]
139. To learn the right lessons, it helps to
know what happened. With audit, this is not easy. Although, in
the words of Professor Vivien Beattie of Glasgow University,
"accounting and auditing is what underpins the capital markets"[172],
the uninitiated cannot see it. Only the auditors themselves, and
perhaps the client's Audit Committee and the FRC's Audit Inspection
Unit (AIU) know just how thorough was a given audit and what it
saw. Except in rare cases where the accounts are qualified, others
make do with an anodyne assurance that the financial statements
drawn up by the audited company are not misleading. As Professor Stella
Fearnley of the University of Bournemouth said: "The quality
of the audit is quite often unobservable to the client themselves."[173]
In the words of Mr Guy Jubb, Head of Corporate Governance
at Standard Life Investments, "the output of the audit is
the audit report and that is what we see. We have very little
transparency currently as to what the actual audit process involves
audit reports ... are very, very standardised in their
content ... are often ... riddled with 'get out of jail free'
clauses".[174]
Mr Jubb was nevertheless clear that "the reliability
that we have to place upon audited financial information is the
lifeblood of capital markets".[175]
140. There is a particularand particularly
seriousproblem with the auditing of banks which has to
be faced. An auditor who encounters a problem which might, in
the ordinary course of events, justify a published qualification
to the accounts, might understandably be reluctant to insist on
this in the case of a bank. They might fear that to do so could
cause a collapse of confidence and a run on the bank, to the detriment
of the shareholders and, quite possibly, of the wider public interest.
While this problem cannot be entirely avoided, we recommend in
paragraphs 164, 165 and 167 how it can best be minimised.
141. We were especially interested in how the
bank auditors had approached their tasks at the end of 2007, when
as we now know the crisis was already under way, and at the end
of 2008, when several banks were on their knees. We wished to
know if they had seen signs of impending trouble in 2007 and,
if so, what action they had taken. And for 2008, at the height
of the crisis, with various banks needing state bailouts to survive,
we wanted to know on what basis the auditors had signed off their
financial statements, and opined that banks were still going concerns
and we also wanted to know if they had had assurances of support
from the Government. We questioned the senior partners in the
UK of the Big Four (of which only three, Deloitte, KPMG and PwC,
audit large British banks).
142. The Big Four expressed the general view
that in auditing banks before and during the crisis they had carried
out their duties properly. Mr John Connolly, Senior Partner
and Chief Executive, Deloitte, denied there was a failure of audit.[176]
Mr John Griffith-Jones, Chairman, KPMG, recalled that the
scope of statutory audit is limited: "The auditor's primary
role is to count the score at the end of the accounting period
... not trying to forecast next year's profits
not responsible
... for making an assessment of the risk of the business ... if
you have a company that has leverage of 100 times and a company
that has no leverage at all, the audit report is the same ...
It is the role of the auditors to point out weaknesses in controls."[177]
Mr Ian Powell, Chairman and Senior Partner, PwC, agreed:
"It's not the job of the auditor presently to look at the
business model of a business. That is the job of management."[178]
He acknowledged however that in "undertaking an audit you
do look at the market conditions that were extant at the time
of signing off the audit."[179]
We do not accept the defence that bank auditors did all that
was required of them. In the light of what we now know, that defence
appears disconcertingly complacent. It may be that the Big Four
carried out their duties properly in the strictly legal sense,
but we have to conclude that, in the wider sense, they did not
do so.
143. There is inevitably a connection between
the assessment of the Big Four's performance and the question,
discussed earlier, of market concentration. The point is that,
in the case of auditing, the benefits that might be expected from
competition have to be weighed against the fact that oligopoly
allows the existence of audit firms that have the size, strength
and competence both to conduct the effective audit of large, highly
complex, and often global banking groups, and to avoid being cowed
by such clients. To the extent that the gain from oligopoly may
appear in practice to have been somewhat disappointing, the case
for more competition is enhanced.
144. We were told that in assessing whether to
endorse a company as a going concern an auditor takes account
of "the business's projected net cash generation and its
ability to obtain funding (regardless of the source ... or the
circumstances in which the funding is required)" and that
in banks, where financing is obtained mainly from deposits, and
their retention depends on confidence, "going concern in
a bank is therefore inextricably linked with a question of confidence.
Whilst confidence is maintained the bank is a going concern; when
confidence is lost then it is no longer a going concern."[180]
We received evidence from the Big Four, for example at paragraph
149 below, which seemed to suggest that an auditor might properly
regard a bank as a going concern even when a non-bank in a similar
position might not be so regarded, since a bank that got into
difficulties would be bailed out. It cannot (or at least should
not) be taken for granted by auditors that banks in difficulties
will be bailed out by the authorities and the taxpayers. We do
not accept therefore that this should at any time be a decisive
consideration in making the 'going concern' judgment.
145. It could be argued that, until 2006, confidence
remained generally high in the British and global economy and
financial system. The role of bank audits was not then in question.
Even at Northern Rock, when PwC concluded its audit for 2006 in
January 2007 the company "had a history of profitable operations
and had a track record of ready access to funds ... none of the
information available to us indicated anything that would constitute
a 'material uncertainty' ... we concluded that in our opinion
there were no matters relating to the going concern basis of accounting
that were required to be reported to shareholders."[181]
We find this complacency disturbing. In 2006 Northern Rock was
already operating a dangerously risky business model. The FSA
said: "Northern Rock, relative to its peers, [had] a high
public target for asset growth (15-25% year-on-year) and for profit
growth; a low net interest margin; a low cost:income ratio; and
relatively high reliance on wholesale funding and securitisation."[182]As
a result of this business model it was able to increase its share
of the UK mortgage market at an extraordinary rate. Northern Rock's
market share of net residential lending[183]
jumped from 11.2% in 2004 to 18.9% in the first half of 2007.[184]
We are astonished that PwC appeared not to recognize an amber
light that flashed so brightly.
146. The Bank of England's timeline of crisis
events, annexed to its Financial Stability Report of June 2009,
starts only in March 2007.[185]
It may be argued that it would have required unusual prescience
on the part of auditors to spot trouble coming in banks' financial
statements for the year 2006, although this does not apply in
the case of Northern Rock. It is true that, even if the auditors
did have concerns, they were confronted with the problem referred
to in paragraph 140 above. But we were provided with no evidence
from the Big Four that they did, in fact, have any concerns.
147. A year later, as bank audits were prepared
in late 2007, the writing was on the wall. Mr Powell said:
"The closure of the wholesale markets in the second half
of 2007 created real difficulty for many banks ... one of the
key questions around the banks ... at the year-end 31 December
2007 was ... is there adequate liquidity or is there likely to
be liquidity provided to these banks to survive"[186]
so that auditors could sign off a going-concern opinion. He added
that PwC reported to the FSA on 11 September 2007 that they "had
concerns about the going concern of Northern Rock" and "Northern
Rock asked for emergency support from the Bank of England on 13
September and were granted that"[187].
But since "other banks were all still funding themselves
in the short-term wholesale markets at the end of 2007 and market
conditions were still showing signs of easing when banks announced
their results in February 2008 ... auditors ... had no reason
to believe that a going concern qualification was appropriate
with respect to the financial reports for the financial years
ending 31 December 2007"[188].
We do not accept this. A going concern qualification was clearly
warranted in several cases, even if the auditors may understandably
have been reluctant to make it for the reason referred to in paragraphs
140 and 144 above.
148. Other bank auditors also maintained that
circumstances at the end of 2007 were not so difficult as to justify
qualifying going concern opinions on banks. In KPMG's view, there
were "two key issues which had given cause for concern during
the yearfirstly in relation to lack of liquidity, particularly
in respect of the securitisation markets, and secondly in relation
to the valuation of securitised assets". But "for the
UK banking industry in general there was insufficient evidence
to believe at that time that a material uncertainty in relation
to going concern existed in this regard."[189]
Deloitte's view was similar and was reinforced by official intervention
in the markets: "We did not have significant concerns about
going concern for the majority of our clients. This assessment
was reached after considering both the state of the banking market
and the actions of the Treasury, the Bank of England and others
following the collapse of Northern Rock ... nobody ... predicted
the total market dislocation that would occur later in 2008."[190]
149. In late 2008 and early 2009, banks were
audited during a general loss of confidence following the bankruptcy
of Lehman Brothers. The Big Four auditors were in close touch
with the authorities. Mr Scott Halliday, Managing Partner,
Ernst & Young, said: "At the banking crisis, all four
of us had meetings with the Bank of England around trying to improve
the dialogue between the Bank of England and the firms."[191]
Mr Connolly described the Big Four's approach to the Chancellor
of the Exchequer[192],
which resulted in a meeting at the Treasury on 16 December 2008
with the then Financial Services Secretary, Lord Myners. "All
four of the people here had detailed discussions, instigated by
the Big Four, with Lord Myners because of the circumstances we
were in. It was recognised that the banks would only be going
concerns if there was support forthcoming ... it was a proper
and appropriate act from the four firms to seek to understand
the likelihood of support being forthcoming ... had we concluded
... that there was not going to be support, then a different audit
opinion would have been given."[193]
Lord Myners "provided evidence of the Government's actions
and the extent of their commitment which would support the management,
directors and auditors in forming their view on going concern[194]
... we also considered the evidence obtained by ... our banking
clients [on] the recapitalisation scheme, the Bank of England's
Liquidity Scheme and the Treasury's Credit Guarantee Scheme ...
concluded that ... support ... would ... avoid ... significant
uncertainty as to going concern."[195]
150. Lord Myners also gave us his account of
the meeting described by Mr Connolly. To the best of his
knowledge it was a unique event; there were no similar meetings
in 2007 or 2009[196].
Lord Myners reminded the auditors that the "Government were
committed to taking whatever action they regarded as necessary
to maintain financial stability" and said he would "like
to maintain a regular dialogue with them on this issue relating
to the preparation and completion of year-end accounts" but
"they did not seek an additional meeting." His subsequent
letter in reply to Mr Griffith-Jones included the statement
that the Government remained "committed to taking whatever
action is necessary to maintain financial stability and to protect
depositors and the taxpayer."[197]
Lord Myners also told us that "with auditing and accounting
for banks ... there has to be an underlying assumption of continued
confidence."[198]
151. Lord Myners added that, around the time
of his meetings with the Big Four auditors, he invited the chairs
of audit companies of major banks to meetings, and was disappointed
that they mostly showed only a "cloudy" grasp of valuation
models of complex financial instruments.[199]
In defence of the audit chairs, it has to be said that very few
in senior management positions in the major banks had more than
a 'cloudy' grasp themselves of the mathematical models used to
value the banks' complex financial instruments.[200]
It is clear, moreover, that the models, whether grasped cloudily
or not, gave a false sense of security to the banks. We are not
clear, however, to what extent if at all the Big Four conducted
an independent assessment of the reliability of these models.
152. Press reports of the time make clear that
it was known publicly that a meeting between the Big Four auditors
and the responsible Treasury Minister had taken place[201].
Audited financial statements by banks for 2008 were issued at
the usual time in early 2009. That of Royal Bank of Scotland included
"extensive disclosure of the liquidity provided by central
banks ... and support from the UK Government ... also a going
concern statement which referred explicitly to the UK Government's
support."[202]
153. By the time banks were audited in late 2008,
events had shattered confidence in most of them. Auditors and
Ministers recognised that banks could be seen as going concerns
only if continuing support by the Government was assured. They
reached an understanding to enable auditors to sign off on banks'
financial statementssome of which acknowledged dependence
on Government support.
154. We are concerned at a number of aspects
of the above narrative. Not only were the contacts between the
Big Four and the authorities few and far between, but they appear
to have occurred very late in the day, in particular the meeting
with Lord Myners in December 2008. Moreover Mr Halliday of
Ernst & Young referred only to "meetings with the Bank
of England around trying to improve the dialogue between the Bank
of England and the firms"[203],
despite the fact that the authority responsible for the supervision
of the banks was, and had been since 1997, the Financial Services
Authority.
155. Adequate and timely dialogue between
bank auditors and supervisors is of the first importance. It is
essential not only to enable the auditors to audit more effectively
and the supervisors to supervise more effectively, but in particular
to overcome the problem caused by the understandable reluctance
of auditors to qualify banks' accounts. It is to this we now
turn.
Dialogue between bank auditors
and supervisors
156. The importance of close dialogue between
bank auditors and supervisors first came to the fore in the wake
of the collapse of Johnson Matthey Bankers in 1984, which led
to the Bank of England (at that time responsible for bank supervision
in the UK, a responsibility which it lost to the Financial Services
Authority in 1997 and which it is now about to resume) acquiring
JMB and all its liabilities (for the sum of £1). It rapidly
became clear both that the Bank had fallen down badly in the exercise
of its supervisory responsibilities and that JMB's auditors, Arthur
Young, had also failed to do their job adequately.[204]
157. Accordingly, the Bank commenced legal action
against the auditors for negligence which led Arthur Young to
make a substantial payment to the Bank in an out-of-court settlement;
and on the wider issue of bank supervision in general the Chancellor
appointed a Committee of Inquiry, under the chairmanship of the
Governor. The Committee's report was published in June 1985 and,
among other recommendations, proposed: "A mechanism should
be established to enable a regular dialogue to take place between
the supervisors and banks' auditors. Existing confidentiality
restraints on both parties should be removed
as soon as
possible by legislation."[205]
This duly appeared as one of the more significant proposals of
the White Paper on Banking Supervision published in December 1985,
and was translated into legislative form in the Banking Act of
1987.[206]
158. This overcame what had previously been seen
as a practical impediment to regular and adequate dialogue, including
the sharing of information, between bank auditors and supervisors,
namely the concern of many auditors that this would breach their
duty of confidentiality to their client. (It was also the case
that the previous Government's 1979 Banking Act, which the 1987
Act was to replace, appeared to prohibit the supervisor passing
information to the auditors). The 1987 Act, among a number of
other provisions, in the explicit interest of furthering a regular
dialogue, established for the first time that a bank auditor who
provided the supervisor with confidential information or opinions
about a client for the purpose of better supervision would have
full statutory protection against any action for breach of good
faith or confidentiality. It also gave a reserve power to the
Treasury to oblige the auditor to disclose such information, should
this appear not to be occurringif, for example, it was
not required by the accountant's professional body.[207]
159. The provisions of the 1987 Act explicitly
concerned communication between the auditors and the Bank of England,
which was then the supervisory authority. The transfer in 1997
of this responsibility from the Bank to the Financial Services
Authority meant that the relevant provisions needed to be reenacted
in the legislation implementing the transfer, so as to ensure
the necessary dialogue between the auditors and the FSA.
160. However, in practice the regular dialogue
which had been working well following the passage of the 1987
Act appeared to fall into desuetude following the 1997 transfer
of supervisory responsibility from the Bank to the FSA. Of the
three troubled banks which subsequently had to be bailed out by
the taxpayerNorthern Rock, HBoS and the Royal Bank of Scotlandwe
were informed that in 2006 there was not a single meeting between
the FSA and the external auditors of either Northern Rock (PwC)
or HBoS (KPMG), and only one meeting between the auditor of RBS
(Deloitte) and the FSA; and that in the whole of 2007 there was
only one FSA/auditors meeting with each bank auditor. Even in
2008 there were only two meetings between the FSA and the auditors
of Northern Rock and HBoS and none between the FSA and the auditors
of RBS. As the FSA admitted to us, "the regular practice
of auditor-supervisor meetings fell away gradually following the
transition from the Bank of England to the FSA as banking supervisor."[208]
161. We are unclear at what level and at what
depth these very few meetings took place. We regard the recent
paucity of meetings between bank auditors and regulators, particularly
in a period of looming financial crisis as a dereliction of duty
by both auditors and regulators.
162. In its written evidence to us, the Bank
of England acknowledged: "The working relationship between
external auditors and the prudential supervisors had broken down
in the period prior to the financial crisis. Prior to 2007, formal
meetings between supervisors and external auditors no longer formed
part of the routine supervisory framework and the informal channels
of communication that existed when the Bank had responsibility
for supervision had fallen away. The FSA had also in this period
made much less frequent use of skilled persons' reports as a routine
supervisory tool [these had been another innovation of the 1987
Act]. The regular meetings that these had previously engendered
helpfully reinforced the links between the auditor and supervisor.
All [that is, the Bank and the FSA] agreed that the auditor has
an important role to play in the regulatory framework and that
an effective relationship between the two parties needed to be
re-established."[209]
163. The way forward proposed by the Bank and
the FSA was a code of practice for the relationship between the
external auditor and the supervisor, and indeed a draft code with
precisely this description was duly published by the FSA for 'guidance
consultation' in February 2011.
164. We welcome the Code of Practice proposed
by the Bank of England and the FSA for the relationship between
the external auditor and the supervisor. But in the light of the
regrettable backsliding of the years 1997-2007, and of the manifest
importance of this issue, we believe that a Code of Practice does
not go far enough. A statutory obligation is required.
165. This might take the form of a mandatory
quarterly meeting, at the highest appropriate level, between the
supervisory authority and the external auditor of each bank whose
failure might, in the view of the supervisory authority, pose
a systemic risk. There might be a further requirement for either
side to initiate a meeting between the regular quarterly meetings
should information come to light which might warrant such a meeting.
166. We therefore welcome the statement by Mr Mark
Hoban MP, Financial Secretary to the Treasury, in his evidence
to us that "if the Bank were to say that we need this [the
requirement for adequate dialogue between auditors and supervisors]
in the statute, then I would be happy to see that happen."[210]
We also note the statement by Mr Paul Lee, Director of Hermes
Equity Ownership Services, speaking as a major bank shareholder,
that despite the fact that the confidential information disclosed
at private meetings between auditors and supervisors would not
be available to shareholders, "we would not be concerned
by such dialogue. We would welcome it."[211]
167. There was no single cause of the banking
meltdown of 2008-09. First and foremost, the banks have themselves
to blame. As our predecessor Committee found in its report on
Banking Supervision and Regulation in 2009, the supervisory
system put in place in 1997 proved unfit for purpose. But we conclude
that the complacency of bank auditors was a significant contributory
factor. Either they were culpably unaware of the mounting dangers,
or, if they were aware of them, they equally culpably failed to
alert the supervisory authority of their concerns. Our recommendations
are designed to address these failings and thus make a repetition
less likely.
171 Q 483. Back
172
Q 2. Back
173
Q 10. Back
174
QQ 405-406. Back
175
Q 405. Back
176
Q 263. Back
177
Q 274. Back
178
Q 278. Back
179
Q 275. Back
180
ADT 35 (KPMG). Back
181
ADT 36. Back
182
FSA Internal Audit Division, The supervision of Northern Rock:
a lessons learned review, Executive Summary, para 15, March
2008. Back
183
Net residential lending refers to mortgages advanced in a given
period minus redemptions. Back
184
Northern Rock 2007 interim results. Back
185
Bank of England Financial Stability Report, page 58, June
2009. Back
186
Q 266. Back
187
QQ 267-268. Back
188
ADT 36. Back
189
ADT 35. Back
190
ADT 33. Back
191
Q 256. Back
192
Mr John Griffith-Jones's letter to the Chancellor of 11 November
2008 - available at http://www.parliament.uk/documents/lords-committees/economic-affairs/auditors/KPMG171210.pdf Back
193
Q 263. Back
194
Lord Myners's reply of 17 December 2008 - available at
http://www.parliament.uk/documents/lords-committees/economic-affairs/auditors/KPMG171210.pdf
Back
195
ADT 33 (Deloitte). Back
196
Q 473. Back
197
Q 466. Back
198
Q 467. Back
199
Q 478. Back
200
For example, see Lord Myners's oral evidence to a previous inquiry-Economic
Affairs Committee, 2nd Report (2008-09): Banking Supervision
and Regulation (HL Paper 101-II) QQ 562-63. Back
201
The Sunday Times, 'Brown calls in UK's top bank bosses'
by Iain Dey and David Smith, 11 January 2009. Back
202
ADT 33 (Deloitte). Back
203
Q 256. Back
204
Nigel Lawson (1993), The View from Number 11. Back
205
Report of the Committee set up to consider the system of banking
supervision, June 1985. Back
206
Nigel Lawson (1993), The View from Number 11. Back
207
Nigel Lawson (1993), The View from Number 11; Banking Act (1987)
Section 47. Back
208
ADT 28. Back
209
ADT 75. Back
210
Q 529. Back
211
Q 436. Back
|