Audit Committees in Banking, You Have Been Warned

Audit committees at big international banks have just been nudged. Whether that nudge is friendly or not remains to be seen.

The regulatory poke to the ribs came in a bulletin issued Friday by three U.S. banking regulators, voicing their support for external audits of large banks done according to standards issued by the Basel Committee on Banking Supervision. Those Basel standards differ in several crucial ways from how audits are done in the United States; the bulletin outlined what those differences are, and affirmed that if U.S. banking regulators had their way, those Basel standards would be common practice here too.

Here’s the rub: the Basel standards were issued nearly two years ago. So why give them an endorsement now, rather than some other time? And what are audit committees to make of this latest pronouncement, anyway?

Let’s start with the agencies that issued the bulletin: the Federal Reserve, the Federal Deposit Insurance Corp., and the Office of the Comptroller of the Currency. To one extent or another, all three are charged with ensuring the overall soundness of the U.S. financial system, and of cleaning up any banks that lurch into insolvency. Their bulletin applies specifically to large banks (those with $250 billion or more in assets) or others with considerable ($10 billion or more) exposure to foreign assets. So that is what’s on these regulators minds: how to keep large international banks from crashing the financial system, and what role external audits should play there.

The bulletin spends a fair bit of time talking about how an effective external audit supports the Basel Committee’s overall goals for effective banking supervision — and remember, banking supervision goes well beyond what an annual audit covers. The annual audit only looks to ensure the accuracy of financial statements and to identify fraud. Banking supervision is much more about risk management, and rooting out risks that might be lurking on or off a bank’s balance sheet; risks that could contaminate other banks, and the markets at large, and plunge the world into a financial crisis like we saw in 2008.

This is where astute readers might think, “Hmmm, you mean like what we’re seeing in China or oil prices right now, and how they’re sending the markets on a roller-coaster ride?”

Well, yes. Banking supervisors like the Fed, OCC, and FDIC worry about situations exactly like that. Let’s return to that point in a minute. What’s most interesting to me were the differences between U.S. and Basel standards that the bulletin called out. Specifically, the Basel standards say:

  • External auditors and banking regulators should have effective channels of communication for the exchange of information necessary to do their jobs; and
  • The banking regulator should require the external auditor to report to it directly on matters arising in an audit that are likely to be of material significance to the function of the regulator.

The bulletin from the U.S. regulators goes on to note that here in the United States we have no such requirements, and no legal safe harbor to do so — but gee, the document seems to say, U.S. banking regulators think that would be a really cool thing to do. The bulletin concludes with a suggestion to use regulatory ratios in determining what’s material for an audit, and a reminder that the external auditor should also tell the audit committee about its relationship with (and opinion of) the work done by the bank’s internal audit function.

None of the bulletin breaks any new ground or says anything truly provocative. The real question is simply: why issue this statement now?

Perhaps the reason is political. The Securities and Exchange Commission and the Public Company Accounting Oversight Board are both reviewing the duties of audit committees and external audit firms, and those projects are part of a larger global discussion the United States is having with the European Union. U.S. banking regulators may want to remind everyone that they deserve a voice in the conversation, too.

Still, that must be a frustrating errand, since the EU is far ahead of the United States already on audit firm oversight and articulating the duties of a modern audit committee. We here are so politically paralyzed that we’re not going to accomplish much, although I suspect the SEC’s review of required audit committee disclosures will ultimately pre-empt any PCAOB proposals that might seriously address audit committees.

Then again, I can’t help but wonder whether some of the reason is economic. Loans carried by Chinese banks today are just as rotten as mortgage-backed loans U.S. banks carried in 2007. Oil prices are falling so fast, and may stay down for so long, that derivative securities based on oil will need to be written down or charged off. If any collection of economic warning signs might drive banking regulators to wish for more help from external audit firms — well, it would be the economic warning signs we see right now.

The ideal, of course, would be robust dialogue between audit firm and audit committee about risk, so banking regulators don’t have to worry so much that they may be missing something. But just like intelligent political dialogue in Washington — that’s not in abundance these days either.

This column first appeared on RadicalCompliance.com.