Wirecard Scandal Spurs European Commission Consult to Enhance the Quality and Reliability of Corporate Reporting in Europe
CFA Institute Assessment on Pillars of High-Quality, Reliable Corporate Reporting:
Five Key
CFA Institute Assessment on Pillars of High-Quality, Reliable Corporate Reporting: Five Key Recommendations
The implosion of Germany’s Wirecard has demonstrated that those parties – management, the audit committee and board, auditors, audit regulators, and corporate reporting regulators – investors compensate and rely upon to look after their capital investments failed them on multiple levels in the European Union’s (EU’s) largest economy.
This time the failure fell not just at the feet of the auditors, as is traditionally reported in the press when such scandals occur. Innumerable press articles[1] highlighted the failures in corporate governance and weaknesses in Germany’s federal financial regulatory supervision at BaFin; the Financial Reporting Enforcement Panel (FREP), which was charged with investigating violations of accounting requirements; and Germany’s audit regulatory oversight organization, the Abschlussprüferaufsichtsstelle (APAS, Audit Oversight Body). These failures included, but were not limited to: an inability to perform their oversight functions because of conflicts of interest, (i.e., including ownership in Wirecard and holding board seats in companies under their supervisory power); a lack of coordination of supervisory efforts; a denial or disbelief that the claims regarding the company were true; unqualified and insufficient staffing at regulators; and knowledge by the audit profession of the inadequacies and ineffectiveness of APAS. These are but a few of the findings that put the issues clearly in investors’ line of sight. Such failures in financial regulation, corporate oversight, corporate reporting, auditing, and audit supervision were evident in Germany, specifically, and have implications for investing in the European Union, more broadly.
The European Commission Seeks Comment on How to Improve Corporate Reporting
Likely in reaction to these failures and their implication on the EU’s pursuit of a capital markets union, the European Commission (EC) issued a consultation document, Strengthening of the Quality of Corporate Reporting and Its Enforcement (the Consultation) in which it seeks feedback on all the pillars of high-quality, reliable corporate reporting. These pillars include corporate governance, statutory audit, supervision of statutory audit, and supervision of corporate reporting – that is, the work of the European Securities and Markets Authority (ESMA). CFA Institute issued a response to this Consultation and issued a separate letter to comprehensively respond to the Consultation and to provide other stakeholders the appropriate context for our response.
Our Current Assessment of the Pillars of High-Quality, Reliable Corporate Reporting
The Consultation focuses on the pillars of high-quality, reliable corporate reporting and how they work together. The following list summarizes our current assessment of these pillars and how they coordinate (or not). Our five key recommendations are provided in the last section.
- Wirecard Demonstrated All Pillars, Not Just Audit, Failed to Protect Investors: Failures occurred across the entire reporting ecosystem (i.e., pillars) – management, corporate governance, financial reporting regulators, audit regulators, and financial supervisory regulators – in addition to the auditors’ execution of the audit. Wirecard illustrated that all such pillars were not effectively working in Europe’s largest economy. Accordingly, this Consultation rightly focuses on all the pillars of corporate reporting and audit quality.
- EU Legislation Has Heavily Focused on Auditors Over Other Pillars: Much of the EU legislation related to corporate reporting in the post–financial crisis era focused on new audit legislation—without a change in the auditor payor model, which is the biggest conflict of interest. Rotating auditors, reducing non-audit services, and assessing the competitiveness of the audit market: none of these address this fundamental conflict of interest. The desire of the auditor to please management will always reduce auditor skepticism and audit quality. As such, if the payor model is meant to stay in place, then there needs to be stronger accountability by management; stronger and more transparent audit committees; the existence of competent and effective audit regulators and a corporate reporting regulator with stronger powers. All of these are needed as a backstop to the auditor to enable them to offset the negative effects of the payor model.
- Management Accountability Is Foundational: EU-level legislation to date appears relatively more focused on holding auditors accountable rather than management – those who are principally charged with ownership of effective internal controls over financial reporting. Management, in particular, does not appear to have sufficient accountability for the internal controls over financial reporting. Without that being remedied, the corporate reporting and audit ecosystem will never sufficiently improve. Management accountability for controls over financial reporting is not simply a pillar but rather the foundation of high-quality and reliable corporate reporting. We believe the Consultation rightly contextualizes the need for reform in these various pillars, but we also believe that greater and more specific emphasis on the accountability of management (and not simply corporate governance broadly) needs to be emphasized.
- Strength in Other Pillars Is Essential to Improving Quality and Reliability of Corporate Reporting: Auditors cannot improve a company’s broken reporting system. They can only report on it, and advocate to improve. Without a corporate reporting/audit ecosystem with pillars of equal or greater strength, auditors are pushing a boulder uphill alone and additional EU legislation (regulation/directives) on auditors will have no further meaningful effect.
- The Other Pillars Are Not Sufficiently Strong to Support the Audit Pillar: In addition to strengthening management accountability specifically, we believe the other pillars in need of reform are related to the following: (1) corporate governance more broadly because of the fragmented corporate governance requirements at the EU member state level, and (2) the need to improve statutory audit oversight because of similar member state fragmentation. There is also a realization that the quality of staff, lack of resources, lack of transparency, and independence at the member state level were not seen as unique to Germany (e.g., Carillion in the UK, when it was still a member of the EU).
We believe that the greatest improvements are needed in the corporate governance pillar and in supervision of audit. That said, we also believe that improvements are needed in each one of the pillars and that all this work needs to be done in a coordinated manner to create an environment that works for investors and other stakeholders. To work effectively, the ecosystem must have transparency and accountability at each pillar. When one pillar fails, the system fails.
Five Key Recommendations for Improvement
Our five key recommendations – in order of priority – are as follows:
- Implement Management Certifications, Supported by Audits, of Internal Controls Over Financial Reporting: We have found that the implementation of management certifications supported by auditor attestations on internal controls over financial reporting (ICFR) has had significant impacts on the behaviour and on the accountability of management in the execution of their responsibilities and their allocation of resources to financial reporting. As a result, such measures have enhanced the quality of corporate reporting. We believe this is a necessary improvement that the EU should implement. Investors are willing to pay the cost of such certifications and attestations, because the cost is worth the benefit.
- Create a European Audit Regulator: We believe a detailed, independent review and inspection of EU member state audit regulators and the Committee of European Auditing Oversight Bodies (CEAOB) to determine how they should be improved is necessary. In our view, this review would be about how, not if, to create a pan-European audit regulator. Such a regulator would have oversight of audit standard setting and endorsement, inspections, and enforcement actions. We envisage an organization like ESMA, but with the greater powers we have highlighted are needed at ESMA. Relative to the Public Company Accounting Oversight Board (PCAOB) in the United States and the planned improvements in the Financial Reporting Council in the United Kingdom – to become the Audit, Reporting, and Governance Authority (ARGA) – Europe appears to be a laggard in audit supervision with limited oversight of auditors and with limited transparency.
- Strengthen Regulatory Oversight of Audit Committees to Improve Functioning: We believe that improvements are still necessary in the functioning of audit committees and their oversight by regulators.
- Establish Engagement Level Audit Quality Indicators: We believe the most important improvement related to audit – in addition to ICFR attestation – is to develop audit quality indicators (AQIs). Although audit firm level information, quality standards, and transparency reports are important, they are not sufficient. Engagement level AQIs provide management, the audit committee, the audit regulator, and the consumer (investor) with metrics to communicate and measure progress. Measuring audit quality is about providing more information to investors – and the agents engaged to protect their interests—to move audits out of the realm of a credence good.
- Strengthen the Responsibilities and Powers of ESMA: In our view,ESMA’s formation has been effective at bringing an EU-wide perspective and vantage point to the quality of corporate reporting. A similar EU-wide vantage point is missing as it relates to audit supervision as noted above. That said, ESMA lacks the access, strength of supervision, and enforcement powers that are necessary to really effectuate the enforcement necessary to improve corporate reporting. The situation with Germany’s FREP, in the wake of the Wirecard scandal, highlights ESMA’s inability to bring about change on an ex ante basis, which is what is needed most. The published news accounts suggest that it was well known that FREP lacked the resources and capabilities to execute its necessary duties. Even on an ex post basis, ESMA, when asked by the Commission to look at the Wirecard issue, could only observe and comment on changes needed but could not bring them to bear. In that regard, we believe improvements to strengthen ESMA are necessary. Supervision by its nature is an ex post activity, and it is an important backstop, but much of this supervision’s efficacy depends on public displays of enforcement to function as an effective ex ante deterrent. It is for this very reason that we believe ESMA-level changes are necessary to provide greater supervisory and enforcement powers to ESMA.
Improvements Are Essential to Capital Markets Union
In the context of the EC’s pursuit of the capital markets union, the Wirecard scandal highlights that the integrity and efficiency of the union to the free flow of capital for investors likely will be judged by the weakest link. Although we agree with the concept and ambition of the capital markets union, the events that led up to the publication of the Consultation – and the effort expended in responding to the Consultation – only highlight the fragmented and challenging nature of connecting the principles within EC legislation (regulations/directives) with the actual national jurisdictional rules, implementation, application, and enforcement. As a result, our responses with respect to the Consultation are focused on what is needed throughout Europe to protect investors and to increase transparency and accountability in a manner that facilitates a well-functioning capital markets union. We believe the European Commission must act on these recommendations to convince investors of the efficacy of a capital markets union.
[1] Press articles:
- Wirecard Inquiry: Germany’s Political and Financial Elite Exposed, Financial Times; Guy Chazan and Olaf Storbeck; April 18, 2021. (https://www.ft.com/content/6e0c6b5f-3461-463d-b49b-f572dbc39c26)
- Wirecard Collapse Leads to Call for German Parliamentary Inquiry, Reuters, Andreas Rinke and Neil Jerome Morales; June 29, 2020; (https://www.reuters.com/article/us-wirecard-accounts-idUSKBN2401Y7)
- German Audit Watchdog Chief Faces Probe Over Wirecard Share Trading, Financial Times; Olaf Storbeck; December 11, 2020; (https://www.ft.com/content/7c8da57b-aee5-4c62-87c3-5ba0a7ac2a40)
- Head of German Accounting Watchdog to Step Down in Wake of Wirecard, Reuters; Hans Seidenstuecker and Tom Sims; February 24, 2021; (https://www.reuters.com/article/us-wirecard-accounts-frep-idUSKBN2AO2LJ)
- German Watchdog Reports EY to Prosecutors Over Wirecard Audit, Financial Times; Olaf Storbeck; November 26, 2020; (https://www.ft.com/content/c3b9791a-15b2-4a7c-92da-be4458f528d7)
- BaFin Boss ‘Believed’ Wirecard Was Victim Until Near the End, Financial Times; Olaf Storbeck; January 24, 2021; (https://www.ft.com/content/a021012e-bd2e-44d5-a160-96d997c662f1)
- All Financial Reporting Enforcement Panel Articles, Compliance Week; Various (https://www.complianceweek.com/financial-reporting-enforcement-panel/8021.tag)
Image credit: iStock / Getty Images Plus sdecoret