Providing information to auditors
The other day the newspaper "Kommersant" published an article "Auditors shielded from information", which was widely "publicized" in the professional community. Our company could not ignore such a "dissonant question", decided to conduct a rapid analysis of the situation and to determine if financial institutions have the opportunity not to provide auditors with documents relating to counter "money laundering activities and the financing of terrorism".
So, in this article reference is made to supposedly published a letter of the Central Bank of the Russian Federation from 17.11.2017, No. 12-1-5/4141 (hereinafter – the "Letter"), in which the Bank of Russia pointed out the lack in the legislation of the Russian Federation of requirements on verification by the auditors of the companies for implementation of the AML / CFT legislation, as well as the presence in article 4 of the Federal law from 07.08.2001 № 115 – FZ "On counteraction to legalization (laundering) of incomes obtained in a criminal way and financing of terrorism (hereinafter — 115-FZ") ban on informing third parties about the measures taken to counteract. Thus, the RF Central Bank actually allowed the financiers to refuse the auditors to provide a number of documents.
Outset that despite our futile efforts, the above-mentioned letter of the Central Bank of the Russian Federation was not discovered in the open public sources of information. Therefore, the analysis and correlation of the legislation of the Russian Federation and provisions of this Letter will be based on the content of the article in the newspaper "Kommersant".
Auditing activities are regulated mainly by the relevant Federal law of 30.12.2008 № 307 – FZ (hereinafter – the "audit Law"). On the basis of article 1 of this law it follows that the audit recognized the "independent audit of the accounting (financial) statements of the audited entity for the purpose of expressing an opinion on the reliability of such statements", after which the audit report is issued. With respect to credit institutions, banking groups and banking holding company the audit is mandatory. While the audit report on the annual accounting (financial) reporting of the organisations listed shall contain in addition to the information outlined in p 2 article 6 of the Law on audit activities, the results of an audit organization's compliance with internal controls of such entities (article 42 of the Federal law from 02.12.1990 № 395 – 1 "About banks and banking activity" (hereinafter – the "banking Act")).
The literal interpretation of articles 3, 4 115-FZ, it follows that internal control of organisations performing operations with monetary funds or other assets (for example banks), is a measure aimed at counteracting legalization (laundering) of incomes obtained in a criminal way and financing of terrorism.
Taking into account the above, we believe it is an undeniable fact that the legislation of the Russian Federation contains provisions requiring auditors to establish compliance (non-compliance) actions taken by the "Finance companies" on combating legalization (laundering) of incomes obtained in a criminal way and financing of terrorism. Therefore, the provision of credit institution to its auditor the information and documents necessary for the preparation of a report on the state of internal control is not a violation of article 4 of 115-FZ ban on informing clients and other persons about accepted measures of counteraction of legalization (laundering) of incomes obtained in a criminal way and financing of terrorism. A similar position was expressed by the Bank of Russia in para 1 of the letter dated 13.04.2010, No. 12-1-5/666.
However, I would like to note that neither the Law on audit activity nor the Law on banks does not contain any requirements in relation to determination of compliance (non-compliance) internal control of credit institutions and the exercise of such activities. Therefore, in this situation is more likely to occur the question of the validity of individual requests of the auditor in this direction. In our opinion, in the absence of requirements of the legislation of the Russian Federation, the auditors should be guided by international auditing standards promulgated in the territory of the Russian Federation and placed on the website of the Ministry of Finance of the Russian Federation (item 1 of article 7 of the Law on auditing activities).
According to section 6 of the International standard on auditing 250 "Consideration of laws and regulations in an audit of financial statements" (promulgated by the Ministry of Finance of Russia from 24.10.2016, No. 192 n) (hereinafter – "ISA 250") duties of the auditor differ from that to which category does the act or regulation, compliance with which is checked by the auditor:
→ to the laws and regulations that are generally recognized as having a direct impact on the definition of relevant indicators and disclosures in the financial statements such as tax and pension laws and regulations;
→ or other laws and regulations that do not have a direct impact on the measurement and disclosure in financial statements but compliance with which may be fundamental in relation to the operational aspects of the business, the ability of the organization to continue its activities or to avoid significant penalties (e.g., compliance with licensing conditions, compliance with regulatory requirements to maintain the solvency or compliance with regulations on environmental protection).
In the first category of laws and regulations, the auditor should gather sufficient appropriate evidence regarding compliance with those laws and regulations. In the second category — the auditor's responsibility is limited to carrying out specific audit procedures (direct requests to the management and, if relevant, persons responsible for corporate governance, as to whether the organization complies with such laws and regulations; the study of correspondence, if any, with relevant licensing and regulatory bodies). Named to the auditing procedures exhaustive (p. p. 7, 14 ISA 250). The application of other audit procedures, by definition, must indicate the cases of identified or possible non-compliance with laws and regulations.
Given the above, it seems a logical conclusion that rules 115-FZ in terms of internal control apply to the second category of laws, since:
1) do not have a direct impact on the amounts and disclosures the financial statements;
2) the repeated failure within one year of the requirements of 115-FZ, including in terms of organization and implementation of internal control, is grounds for revocation by the Bank of Russia credit institution licensed to conduct banking operations, i.e. the implementation of the requirements of the act is directly related to the possibility of continuing activities (sub. 6.1 of article 20 of the Law on banks).
Accordingly, in cases where no information about the violation of check person standards "anti-money laundering law", the legitimacy of presentation of auditor requirements, which are not indicated in ISA 250 as the specific audit procedures is questionable, and the failure of a credit institution are justified.
The topic of the possibility (or impossibility) of failure "financial institutions" auditors to information about measures of counteraction to the legalization (laundering) of incomes obtained in a criminal way and financing of terrorism would not be fully disclosed without a definition of "legal weight" and importance of the provisions of the Letter of the Central Bank of the Russian Federation.
So, "Legal regulation of banking activities is exercised by the Constitution of the Russian Federation, this Federal law, the Federal law "On the Central Bank of the Russian Federation (Bank of Russia)", other Federal laws, normative acts of the Bank of Russia" (article 2 of the Law on banks). As follows from article 7 of the Federal law of 10.07.2002 № 86 – FZ "On the Central Bank of the Russian Federation (Bank of Russia)" normative acts of the Central Bank of the Russian Federation issued in the form of directives, regulations and instructions, that is, letters to those not included. Therefore, letters are not binding.
In this regard, we recommend that credit institutions to consider more seriously the requirements of the auditors not to take a formal position and refuse with reference to the Letter of the Bank of Russia to provide the latest legitimate requested information. It must be remembered that the auditors shall have the right upon receipt of such a refusal either to give up the audit to either prepare audit report with the relevant clause (article 13 of the Law on auditing, FSAD 1/2010, 2/2010, approved by order of the Ministry of Finance of the Russian Federation dated 20.05.2010 № 46 n). Both of these options can "play havoc" with the audited client, because they provide a cause of doubt as to the legality of the latter as the CBR and third parties.