Role of Statutory Auditors in Emerging Financial Landscape
I am delighted to be here today to convey my thoughts on the issue of statutory audit of commercial banks and AIFIs. In many ways, we, as Regulators/ Supervisors and you as Auditors, share a common goal. Auditors play a very crucial role in ensuring the health of the financial system as they assist in maintainance of regulatory oversight by ensuring that the financial statements present a true and fair picture of the affairs of the regulated entity. The statutory auditors play a significant role in maintaining stakeholder confidence in audited financial statements and this is particularly important in the case of banking industry where the entire edifice is built on ‘trust’ and the biggest external stakeholders, i.e., depositors are fragmented and unorganised. Therefore, the Reserve Bank has a strong interest in promoting sound and high quality accounting and disclosure standards for the banking and financial industry as well as in having transparent and comparable financial statements that strengthen market discipline.
Auditors are important stakeholders
Financial reports of an entity offer a window into its financial performance as well as risk profile and therefore, financial reporting is often referred to as the “language” for “communication” between an entity and its external stakeholders. The “communication” can be effective only if both the management and the stakeholders speak the same “language”. For this, we need a common language, in the form of a set of rules and principles, which is where the accounting standards come into play. Financial statements prepared on the basis of a set of common codified principles and standards reduce information asymmetry; enhance comparability and transparency between entities and across jurisdictions; and make the information provided through the financial reporting ecosystem relevant and reliable. The financial statements prepared in this manner help users and stakeholders to understand and assess the resource position of the entity, the claims held against these, the sources of changes in resources and claims, and timing and uncertainty of future cashflows which enables them to hold management to account in running the affairs of the entity concerned.
Regulators are important stakeholders in this process. The financial position of an entity informs into the regulator’s assessment of its health. Audited financial statements also form the basis for important elements of prudential regulations set by the Reserve Bank. The capital and leverage ratios, liquidity position, the computation of impairment and provisions, etc. rely on the accurate and transparent financial statements prepared by regulated entities. The financial statements can only be accurate when the accounting standards are correctly interpreted and consistently applied. The auditors are guardians who are expected to ensure the sanctity of this process. They are also the bridge between the management and stakeholders. They ensure that management’s judgement is sound and that the entity adheres to spirit of the accounting standards.
The interest of the regulator is not limited to fair and transparent representation of affairs in the entities regulated by it. Banks and financial institutions are also users of financial statements and to a large extent their well-being in linked to the entities which they lend to or invest in. Therefore, we are equally concerned with sound audit practices that result in high quality corporate reporting. We also monitor developments in the area of national and international accounting and auditing standard setting closely.
With these objectives in mind, we continue to work closely with the Institute of Chartered Accountants in India (ICAI) on accounting issues in the banking sector. In October 2001, the RBI had set up a Working Group under the Chairmanship of Shri N D Gupta, the then President of the ICAI, to identify gaps in compliance with accounting standards. Based on the recommendations of the Group, guidelines were issued to banks in March 2003 to ensure compliance with accounting standards. We had also worked closely with the industry and ICAI on the road map to moving towards adoption of Ind AS and had set up a Working Group to deal with Ind AS implementation issues in banks.
Role of auditors in a principle-based regulatory environment
The Reserve Bank, for some time now, has been supplementing rule-based regulations with principle-based regulations to give REs a degree of flexibility in their business decision making. This process has evolved with Indian financial sector achieving greater maturity. The principle-based regulations also embed an aspect of accounting that would reflect a move away from the prescriptive, rule based criteria to record transactions. Let me cite two recent examples.
The first guideline pertains to classification and valuation of the investment portfolio in banks. The revised norms, effective from April 1, 2024, largely align the guidelines on classification, valuation and operations of investment portfolio of banks with the global financial reporting framework. These norms require banks to classify the investment portfolio based on intention and objective of holding the financial asset (the business model) and the contractual cash flow characteristics of such assets. Further, the categorisation of an asset between banking book and trading book can have significant capital implications. These aspects shall require extensive use of management judgement. We expect the auditors to carefully understand the regulations and ensure that banks comply not only with regulations but also regulatory intent.
The second example is that of expected credit loss (ECL) based provisioning norms. This is a work-in-progress at this point in time. We have issued a Discussion Paper (DP) and an external working group was also set up to get independent inputs on the significant transitions involved. An important aspect of the proposed ECL framework is that, within the broad framework prescribed by RBI, banks can use different methodologies and models for estimating loan loss provisions. This will present an unique challenge to both regulators and auditors. As statutory auditors, you would be required to satisfy yourself that the bank is accurately computing such provisions and the models employed by the regulated entities are robust.
The principle based approach to regulations is founded on the belief that financial reporting reflects the economic reality of a transaction. However, application of principle-based standards requires significant use of management judgement. Sometimes, management may choose accounting estimates which may lack neutrality or freedom from bias. It is in this context that building greater rigor and skepticism into the audit becomes necessary. Doing that, however, may require special skills and it would be prudent to start working on building additional capacity to handle these changes and challenges.
In this connection, let me also share our experience with implementation of such principle-based guidelines in NBFCs with respect to Ind AS implementation. Our assessment shows that the flexibility offered by the principles-based standards, while valuable, has fallen short in some cases where their application is concerned. Let me highlight certain issues and challenges which we have encountered and which could have been evaluated by auditors more carefully.
While the standards allow sale from assets under amortised cost category, an entity needs to assess how such sales are consistent with the objective of collecting contractual cash flows. In practice, we have observed that there have been significant sales from amortised cost category by way of securitisation and direct transfers. It is not clear how such sales are consistent with business model whose objective is to hold assets in order to collect contractual cash flows.
Another example is how the impairment framework prescribed under Ind AS 109 is implemented. While the framework is forward looking and assessment of any significant increase in credit risk (SICR) for movement of assets from Stage 1 to Stage 2 is required to factor in more forward-looking criteria than just days-past-due (DPD), it has been observed that some NBFCs primarily rely on the 30 DPD criteria. DPD being a lagging indicator, is not always in sync with using the forward-looking approach of ECL.
In case of Asset Reconstruction Companies (ARCs), it was observed that no provision was created for management fees and expenses which remained unrecoverable for more than 180 days. Such observations necessitated Reserve Bank to issue guidelines from a prudential perspective so that such unrealised management fees are deducted from regulatory capital while calculating capital adequacy ratios.
The instances highlighted above bring forth our concern of regulated entities using the flexibility offered in the principle based framework in a way that is not free from bias. We are of the view that such issues require greater levels of skepticism from the auditors. As independent assesors, auditors should critically evaluate and challenge management’s judgement and assumptions to ensure that the same are aligned with the underlying principles of the accounting standards and prudential norms.
A recent order by the National Financial Reporting Authority (NFRA) in case of an audit report of a non-banking financial company highlighted that the auditor did not perform the audit procedures to ensure the reasonability of ECL provisions. This is also a stark reminder of potential shortcomings in the auditing process.
Disclosure frameworks
The discussion regarding principle-based frameworks brings me to the second part of my remarks which is focused on disclosure frameworks.
It is said that with great power comes great responsibility. Let me rephrase this to - “With greater flexibility in accounting and prudential norms comes greater responsibility in disclosures.” Disclosures are the cornerstone of transparency. Clear disclosures bridge the gap between what management knows and what external users can infer from financial statements. But the moot question is, how much disclosure is 'good enough' to ensure a clear understanding without overwhelming users with information overload. Striking a balance between comprehensive disclosure and conciseness is a tight rope walk. When disclosures are clearand comprehensive, they foster trust in the market.
Again, let me share our experiences in this regard. We looked at disclosure being made by NBFCs in the context of ECL framework. On perusal of the disclosures of the accounting policies of some NBFCs, we observed that much of the disclosures were largely a repetition of the text of respective accounting standards. We could not glean any specific insights such as discussion of the assumptions and methods applied in measuring ECL, shared credit risk characteristics to assess expected loss on a collective basis, qualitative criteria in determination of SICR, etc.
To remedy this situation, we are nudging REs to enhance the quality of their disclosures. But I will also urge all present here as well as the larger auditor community to critically evaluate the disclosure practices and ensure that same meet the needs of accounting standards and end-users. Auditors also have the responsibility of ensuring that entities provide appropriate qualitative information related to governance and control mechanisms.
Emerging challenges and expectations
Moving on, let me now outline a few challenges and expectations going forward.
It merits repetition that it is the responsibility of the auditor to obtain sufficient audit evidence to assess the appropriateness of the use of the going concern concept. In this changing environment, the role of auditor must transcend from just verifying financial statements to holistically assess material risks being posed by the business operations and business model being pursued by the entity. In the past, we have seen examples where unsustainable business model of the entity ultimately led to its downfall. As Statutory Auditors, this is an emerging challenge which you need to consider and find ways to assimilate in your audit process.
A second emerging challenge pertains to climate and sustainability. With climate risks escalating and stakeholder scrutiny intensifying, robust sustainability reporting will no longer be a nicety but will become a necessity for financial and non-financial entities. The Reserve Bank has also issued draft regulations on disclosures in climate related risk. The complexity and diversity inherent in financial firms makes assessment of climate risk challenging and there is a vital role that the auditors can play in the process.
The third point which I would like to highlight pertains to increasing role of technology, particularly in the in banking and financial sector. Emerging technologies are altering the banking and financial landscape substantially. I am sure that even the way audit is being conducted is undergoing a transformation due to this technological revolution, Exponential growth in usage of digital channels to avail financial services has increased REs reliance on third party service providers and has exposed them to operational risks including cyber and outsourcing risks. In the changing environment, traditional substantive tests and procedures may not provide sufficient/ appropriate audit evidence. The auditors need to evaluate whether management is properly assessing the impact of emerging technologies on internal controls and on financial reporting. Again, the qualitative aspects related to vendor dependence, concentration as well as control mechanisms need specific attention of auditors.
For an audit to be effective, it should consider the needs and the expectations of users. These emerging issues highlight that the responsibilities of auditors have increased manifold and they should consider whether specialized skills are necessary to understand the design, implementation, and effectiveness of controls. Equally important is the ability and skills of the auditors to respond to these expectations so as to provide reasonable assurance and ultimately ensure a high-quality audit outcome.
Concluding thoughts
To conclude, let me say that even as banks navigate an increasingly complex emerging landscape, a harmonised approach by the regulators and auditors can remove the blind spots in risk identification and mitigation. This would help in achieving our shared goal of financial stability as well as ensure robustness of individual institutions. Therefore, there is need for deeper engagement and collaboration between regulators and auditors. This has also been emphasized in the Basel Core Principles for Effective Banking Supervision on ‘Financial Reporting and External Audit’ which encourages the supervisors (regulators) to periodically meet the external auditors to discuss issues of common interest relating to bank operations. I am aware that such discussions do take place during our supervisory process and we deeply value the contribution which auditors make during these discussions.
In the end let me acknowledge that external audit is an indispensable component of a robust regulatory framework. We look forward to closer collaboration to ensure the health, stability and integrity of our financial system.
Thank you. Namaskar.
1 Remarks delivered by Shri M Rajeshwar Rao, Deputy Governor in the Conference of Statutory Auditors and Chief Financial Officers of Commercial Banks and All India Financial Institutions (AIFIs) in Mumbai on July 9, 2024. Inputs provided by Jaikar Mishra, Sandeep Mahajan and Pradeep Kumar are gratefully acknowledged.
First, please LoginComment After ~