The Commission presents a report on developments in the EU market for providing statutory audit services to public interest entities pursuant to Article 27 of Regulation (EU) 537/2014.

The Regulation makes up part of EU legislation on audits and aims to enhance audit quality and at the same time, promote competition in the audit market. Article 27 serves as a means of effectively and regularly monitoring compliance with these aims.

The analysis in the report is based on the data that the Commission received from the national authorities responsible for audit oversight (NCAs) and the European Competition Network (ECN). It refers mostly to 2015.

European audit market : the available data shows a very diverse EU audit market in terms of size and structure.

Furthermore, the market for statutory audits of public-interest entities (PIEs) remains relatively concentrated in most Member States, particularly in terms of turnover. In 15 of 21 Member States the Big Four (PwC, Deloitte, KPMG and EY) hold more than 80 % of the market share for turnover.

However, there is insufficient evidence to draw conclusions about the level and effectiveness of competition in the market. The Commission will continue monitoring trends in the consolidated concentration levels of the largest audit firms in Member States.

Quality assurance systems : the report notes that the application of a common methodology and supervisory convergence in this area will become crucial to ensure consistency and comparability. Whilst no major risks have been identified, the Commission considers that it is certainly too early to fully assess major risks .

The Commission recognises, however, that more work could be done to encourage further convergence around common indicators and the terminology for findings and deficiencies, these being: (i) deficiencies in the internal quality control systems ; (ii) failure to document some aspects of the audit engagement ; and (iii) lack of sufficient audit evidence.

Encourage dialogue between NCAs and audit committees: the assessment shows most NCAs have very little experience in monitoring the audit committee activities and performance . To overcome this problem, the NCAs should have appropriate tools to assess the ACs’ performance and receive the information they need to monitor how ACs are complying with the new rules. For their part, AC members should be made aware of their new responsibilities and more prominent role.

At this stage, engaging with ACs and raising awareness is vital. This would not necessarily entail redefining or changing the national corporate governance frameworks or the supervisory remit of NCAs. Each national authority would be free to decide the best approach and the most appropriate tools to assess the ACs’ performance. The Commission could have a role to play in promoting this dialogue and in engaging with ACs directly to better understand their experience in implementing the audit reform.

Data collection: the Commission considers that some limitations will be addressed as the new audit rules take effect. This is the case for access to and availability of data. However, further work will be required if there is to be progress on areas such as common terminology, convergence around reference periods and methodologies for data collection . To move forward on convergence, the Commission will work to review the current indicators in close cooperation with the NCAs, and especially with the Committee of European Auditing Oversight Bodies (CEAOB) sub-group on market monitoring.

The Commission will continue monitoring developments in the market for providing statutory audit services to PIEs in the EU. It stands ready to work with Member States to ensure that the requirements in Article 27 of the Regulation can be fulfilled as effectively as possible.

Corrigendum to Regulation (EU) No 537/2014 of the European Parliament and of the Council of 16 April 2014 on specific requirements regarding statutory audit of public-interest entities and repealing Commission Decision 2005/909/EC

( Official Journal of the European Union L 158 of 27 May 2014 )

Article 5(1)(b):

for:

‘(b) the financial year immediately preceding the period referred to in point (a) in relation to the services listed in point (g) of the second subparagraph.',

read:

‘(b) the financial year immediately preceding the period referred to in point (a) in relation to the services listed in point (e) of the second subparagraph.'.

The European Parliament adopted by 332 votes to 253, with 26 abstentions a legislative resolution on the proposal for a regulation of the European Parliament and of the Council on specific requirements regarding statutory audit of public-interest entities.

Parliament adopted its position at first reading following the ordinary legislative procedure. The amendments adopted in plenary are the result of an agreement negotiated between the European Parliament and the Council. They amend the proposal as follows:

Subject matter and scope: the Regulation lays down requirements (i) for the carrying out of the statutory audit of annual and consolidated financial statements of public-interest entities, (ii) rules on the organisation and selection of statutory auditors and audit firms by public-interest entities to promote their independence and the avoidance of conflicts of interest and (iii) rules on the supervision of compliance by statutory auditors and audit firms with those requirements.

Parliament stipulated that where a cooperative or a savings bank or a similar entity is required or permitted under national provisions to be a member of a non-profit-making auditing entity, the Member State may decide that this Regulation should not apply to the statutory audit of such entity, provided that the principles of independence are complied with.

Prohibition to provide services other than auditing : the provision of certain services other than statutory audit (non-audit services) to audited entities by statutory auditors, audit firms or members of their networks may compromise their independence.

Therefore, it is appropriate to prohibit the provision of certain non-audit services such as specific tax, consultancy and advisory services to the audited entity, to its parent undertaking and to its controlled undertakings within the Union. Services linked to the financing, capital structure and allocation, and investment strategy of the audited entity should, in principle, be prohibited.

Member States may decide to allow the statutory auditors and the audit firms to provide certain tax and valuation services when such services are immaterial or have no direct effect, separately or in the aggregate, on the audited financial statements. Where such services involve aggressive tax planning, they should not be considered as immaterial. Accordingly, a statutory auditor or an audit firm should not provide such services to the audited entity.

An audit firm should be able to provide non-audit services which are not prohibited under this Regulation:

· if the provision of those services has been approved in advance by the audit committee and

· if the statutory auditor or the audit firm has satisfied itself that provision of those services does not pose a threat to the independence of the statutory auditor or the audit firm that cannot be reduced to an acceptable level by the application of safeguards.

Member States may establish stricter rules setting out the conditions under which an audit firm may provide other than the prohibited non-audit services referred to in the Regulation.

Audit fees: when an audit firm provides services other than auditing, the total fees for these services should be limited to no more than 70% of the average of the fees paid in the last three consecutive financial years for the statutory audit(s) of the audited entity and, where applicable, of its parent undertaking, of its controlled undertakings and of the consolidated financial statements of that group of undertakings.

Audit report: Parliament and the Council laid down the aspects that need to be included in the audit report. Among other things, the report should:

· state by whom or by which body the statutory auditor(s) or the audit firm(s) was (were) appointed;

· indicate the date of the appointment and the period of total uninterrupted engagement including previous renewals and reappointments of the statutory auditors or the audit firms;

· provide, in support of the audit opinion, the following: (i) a description of the most significant assessed risks of material mis-statement, including assessed risks of material misstatement due to fraud; (ii) a summary of the auditor's response to those risks; and where relevant, key observations arising with respect to those risks;

· indicate any services, in addition to the statutory audit, which were provided by the statutory auditor or the audit firm to the audited entity and its controlled undertaking(s), and which have not been disclosed in the management report or financial statements.

Additional report to the audit committee: this should include a description of the scope and timing of the audit, and detailed information on the significant findings from the statutory audit.

This report should be submitted to the audit committee by the same deadline as the audit report.

Upon request, the statutory auditor or an audit firm should discuss key matters arising from the statutory audit, referred to in the additional report.

In addition, upon request, and in accordance with national law, the statutory auditors or the audit firms should make available without delay the additional report to the competent authorities .

Appointment of statutory auditors or audit firms: to strengthen the independence of the audit firm, the audited entity would be free to invite any audit form to make an offer to provide the statutory audit service.

However, the organisation of the tender process does not in any way preclude the participation in the selection procedure of firms which received less than 15% of the total audit fees from public-interest entities in the Member State concerned in the previous calendar year.

Duration of the audit engagement: a public-interest entity should appoint a statutory auditor or an audit firm for an initial engagement of at least one year . The engagement may be renewed but neither the initial engagement of a particular statutory auditor or audit firm, nor this in combination with any renewed engagements therewith should exceed a maximum duration of 10 years . This period may be increased to 20 years in total where a public tendering process for the statutory audit is conducted, or to 24 years, where more than one statutory auditor or audit firm is simultaneously engaged – when a business is audited by at least two audit firms.

The maximum durations referred should be extended only if, upon a recommendation of the audit committee, the administrative or supervisory body, proposes to the general meeting of shareholders or members, that the engagement be renewed and that proposal is approved.

Delegation of tasks: a ccording to the amended text, the Member States should be able to delegate or allow their competent authorities to delegate any of the tasks required to be undertaken to other authorities or bodies designated or otherwise authorised by law to carry out such tasks, except for tasks related to the quality assurance system, investigations and sanctions.

Member States may, however, decide to delegate the tasks relating to systems of sanctions to other authorities or bodies designated or otherwise authorised by law to carry out such tasks, when the majority of the persons involved in the governance of the authority or body concerned is independent from the audit profession.

Cooperation with other competent authorities at national level : this should be organised within the framework of a Committee of European Auditing Oversight Bodies ( CEAOB ), which should be composed of high-level representatives of the competent authorities and a member appointed by the European Securities and Markets Authority (ESMA).

Executive summary of the Opinion of the European Data Protection Supervisor on the Commission proposals for a directive amending Directive 2006/43/EC on statutory audit of annual accounts and consolidated accounts, and for a regulation on specific requirements regarding statutory audit of public-interest entities.

The EDPS welcomes the fact that he is consulted by the Commission and recommends that a reference to this Opinion is included in the preamble of the directive. A reference to the EDPS consultation has already been included in the preamble of the proposed regulation. The financial crisis has highlighted weaknesses in the statutory audit especially with regard to public-interest entities (PIE). To address these concerns, the Commission has published a proposal to amend Directive 2006/43/EC on statutory audits, which concerns the approval and registration of auditors and audit firms, the principles regarding professional ethics, professional secrecy, independence and reporting as well as the associated supervision rules. The Commission has also proposed a new regulation on statutory audit of public-interest entities laying down the conditions for carrying out such audits.

The EDPS notes that the Commission proposes that Directive 2006/43/EC shall apply to situations not covered by the proposed regulation. Therefore, it is important to introduce a clear separation between the two legal texts. This means that the current provisions in Directive 2006/43/EC that only relate to the performance of a statutory audit on the annual and consolidated financial statements of the public-interest entities are moved to and, as appropriate, amended in the proposed regulation.

The implementation and application of the legal framework for statutory audits may in certain cases affect the rights of individuals relating to the processing of their personal data. Directive 2006/43/EC in its current and amended form and the proposed regulation contain provisions that may have data protection implications for the individuals concerned.

The EDPS welcomes the attention specifically paid to data protection in the proposed regulation but identified some scope for further improvement and, accordingly, recommends the following:

· rephrasing Article 56 of the proposed regulation and inserting a provision in Directive 2006/43/EC emphasising the full applicability of existing data protection legislation and replacing the multiple references in different articles of the proposed regulation with one general provision referring to Directive 95/46/EC as well as Regulation (EC) No 45/2001 . The EDPS suggests that the reference to Directive 95/46/EC be clarified by specifying that the provisions will apply in accordance with the national rules which implement Directive 95/46/EC;

· specifying the kind of personal information that can be processed under Directive 2006/43/EC and the proposed regulation, to define the purposes for which personal data can be processed by the competent authorities concerned and fix a precise, necessary and proportionate data retention period for the above processing;

· in view of the risks concerned regarding transfers of data to third countries, the EDPS recommends adding to Article 47 of Directive 2006/43/EC that in the absence of an adequate level of protection an assessment should take place on a case-by-case basis . He also recommends including a similar reference and the assessment on a case-by-case basis in the relevant provisions of the proposed regulation;

· replacing the minimum retention period of five years in Article 30 of the proposed regulation with a maximum retention period . The chosen period should be necessary and proportionate for the purpose for which data are processed;

· mentioning the purpose of the publication of sanctions in the articles concerned in Directive 2006/43/EC and in the proposed regulation and explaining the necessity and proportionality of the publication in the recitals of both Directive 2006/43/EC and the proposed regulation. He also recommends that publication should be decided on a case-by-case basis and that a possibility of publishing less information than currently required should be catered for;

· providing for adequate safeguards regarding mandatory publication of sanctions to ensure respect of the presumption of innocence, the right of the persons concerned to object, the security/accuracy of the data and their deletion after an adequate period of time;

· adding a provision in Article 66(1) of the proposed regulation saying that: ‘The identity of these persons should be guaranteed at all stages of the procedure, unless its disclosure is required by national law in the context of further investigation or subsequent judicial proceedings.’

Lastly, the EDPS’ analysis is directly relevant for the application of the existing legislation and for other pending and possible future proposals containing similar provisions, such as those discussed in the EDPS Opinions on the legislative package on the revision of the banking legislation, credit rating agencies, markets in financial instruments (MiFID/MiFIR) and market abuse. Therefore, the EDPS recommends reading this Opinion in close conjunction with his Opinions of 10 February 2012 on the abovementioned initiatives.

PURPOSE: to strengthen the requirements for the statutory audit on the financial statements of public-interest entities (PIEs).

PROPOSED ACT: Regulation of the European Parliament and of the Council.

BACKGROUND: since 1984, EU rules have partially regulated statutory audit when a directive (Directive 1984/253/EEC) harmonised the procedures for the approval of auditors. Directive 2006/43/EC on statutory audits of annual accounts and consolidated accounts, was adopted in 2006 and considerably broadened the scope of the former Directive.

The financial crisis has highlighted weaknesses in the statutory audit especially with regard to Public-Interest Entities (PIE), such as banks insurance companies and listed companies. Given that many banks revealed huge losses from 2007 to 2009 on the positions they had held both on and off balance sheet, it is difficult for many citizens and investors to understand how auditors could give clean audit reports to their clients (in particular banks) for those periods.

Statutory auditors and audit firms play an important role in society. They are entrusted by law to conduct statutory audits of public-interest entities with a view to enhancing the degree of confidence of the public in the annual and consolidated financial statements of such entities. In view of the public interest, better audit quality would contribute to the orderly functioning of markets by enhancing the integrity and efficiency of financial statements .

IMPACT ASSESSMENT : the impact assessment resulted in the following preferred policy options:

· the scope of statutory audit should be clarified and specified and the information that the auditor provides to users, the audited entities, audit committees and supervisors improved;

· the prohibition of the provision of non-audit services to the audited entities and even the prohibition of the provision of non-audit services in general would effectively address the need to reinforce independence and professional scepticism. Moreover, stricter rules in the procedure for the appointment of auditors and the introduction of mandatory audit firm rotation would contribute to higher quality audits;

· in order to facilitate an objective choice of an audit provider, contractual clauses limiting audit firm choice should be prohibited, the transparency on audit quality and on audit firms should be increased and an audit quality certification should be established;

· ownership restrictions should be lifted in order to increase the choice of audit providers;

· national audit supervisory authorities should be strengthened and an EU-wide cooperation within the European Securities and Markets Authority ( ESMA ) should be set up.

LEGAL BASIS: Article 114 of the Treaty on the Functioning of the European Union (TFEU).

CONTENT: this proposal lays down conditions for carrying out the statutory audit on the financial statements of PIEs. Directive 2006/43/EC already deals with certain requirements which apply to the statutory audit of PIEs. Those requirements will no longer be comprised in the Directive, but integrated (and further developed) in this Regulation.

The main points are as follows:

Conditions for carrying out statutory audit of public-interest entities :

· an auditor should establish adequate policies and procedures to ensure compliance with the obligations under the Regulation regarding independence, internal quality control systems and the supervision of employees ;

· former auditors, key audit partners or their employees are not allowed to take up a key management position in the audited entity, to become a member of the audit committee of the audited entity, to become a non-executive member of the administrative body or to join the supervisory body of the audited entity within two years after the termination of the audit engagement;

· the statutory auditor, audit firm or member of the audit firm's network will be prevented from providing certain non-audit services to their audited entities. For other non-services that are not fundamentally incompatible with the audit services, the audit committee or the competent authority will be empowered to assess whether or not they may be provided to the audited entity;

· audit firms of significant size should focus their professional activity on the carrying out of statutory audit and should not be allowed to undertake non- audit services;

· the content of the audit report disclosed to the public is expanded so that it: (i) explains the methodology used, especially how much of the balance sheet has been directly verified and how much has been based on system and compliance testing, the levels of materiality applied to perform the audit, the key areas of risk of material misstatements of the financial statements; (ii) explains whether the statutory audit was designed to detect fraud and, (iii) in the event of a qualified or adverse opinion or a disclaimer of opinion, explain the reasons for such a decision;

· the auditor should also prepare a longer and more detailed report for the audit committee. This report would provide more detailed information on the audit carried out, on the situation of the undertaking as such (e. g. going concern) and the findings of the audit combined with the necessary explanations;

· the auditor should keep certain documents and information for a period of five years.

The appointment of statutory auditors or audit firms by public-interest entities:

· in order to reinforce the independence and capacity of the audit committee, the latter should be composed of non-executive members, at least one member should have experience and knowledge in auditing and another one in accounting and/or auditing;

· the proposal for the appointment of the auditor to the meeting of shareholders should be based on a recommendation of the audit committee . Unless it concerns the renewal of an audit engagement, the recommendation should contain at least two choices (excluding the incumbent auditor) and the audit committee should express a justified preference for one of them. The recommendation of the audit committee should be made after the completion of a due tendering process;

· the proposal introduces mandatory rotation of audit firms after a maximum period of 6 years that may be, under certain exceptional circumstances, extended to 8 years;

· where a public-interest entity has appointed two or more statutory auditors or audit firms, the maximum duration of the engagements will be 9 years; on an exceptional basis, such duration may be extended to 12 years. It also provides for a cooling-off period before the audit firm is able to carry out the statutory audit of the same entity again.

Surveillance of the activities of auditors and audit firms carrying out statutory audit of public-interest entities:

· each Member State should designate a competent authority responsible for the supervision of auditors and audit firms auditing PIEs. The proposal requires that the EU-wide cooperation between competent authorities takes place within ESMA;

· a 'voluntary' pan-European audit quality certification is introduced to increase the visibility, recognition and reputation of all audit firms having capacities to conduct high quality audits of PIEs. ESMA should publish the requirements for obtaining the certificate along with any administrative and fee implications.

Supervisory measures and penalties: administrative pecuniary sanctions on auditors and PIEs for identified violations are envisaged. Authorities should be transparent about the sanctions and measures they apply.

BUDGETARY IMPLICATIONS: the Commission's proposal has no direct or indirect impact on the European Union budget. In particular, tasks that would be entrusted to EU supervisory bodies as mentioned in the proposal would not entail additional EU funding.

DELEGATED ACTS: the proposal contains provisions empowering the Commission to adopt delegated acts in accordance with Article 290 of the Treaty on the Functioning of the EU.

PURPOSE: to strengthen the requirements for the statutory audit on the financial statements of public-interest entities (PIEs).

PROPOSED ACT: Regulation of the European Parliament and of the Council.

BACKGROUND: since 1984, EU rules have partially regulated statutory audit when a directive (Directive 1984/253/EEC) harmonised the procedures for the approval of auditors. Directive 2006/43/EC on statutory audits of annual accounts and consolidated accounts, was adopted in 2006 and considerably broadened the scope of the former Directive.

The financial crisis has highlighted weaknesses in the statutory audit especially with regard to Public-Interest Entities (PIE), such as banks insurance companies and listed companies. Given that many banks revealed huge losses from 2007 to 2009 on the positions they had held both on and off balance sheet, it is difficult for many citizens and investors to understand how auditors could give clean audit reports to their clients (in particular banks) for those periods.

Statutory auditors and audit firms play an important role in society. They are entrusted by law to conduct statutory audits of public-interest entities with a view to enhancing the degree of confidence of the public in the annual and consolidated financial statements of such entities. In view of the public interest, better audit quality would contribute to the orderly functioning of markets by enhancing the integrity and efficiency of financial statements .

IMPACT ASSESSMENT : the impact assessment resulted in the following preferred policy options:

· the scope of statutory audit should be clarified and specified and the information that the auditor provides to users, the audited entities, audit committees and supervisors improved;

· the prohibition of the provision of non-audit services to the audited entities and even the prohibition of the provision of non-audit services in general would effectively address the need to reinforce independence and professional scepticism. Moreover, stricter rules in the procedure for the appointment of auditors and the introduction of mandatory audit firm rotation would contribute to higher quality audits;

· in order to facilitate an objective choice of an audit provider, contractual clauses limiting audit firm choice should be prohibited, the transparency on audit quality and on audit firms should be increased and an audit quality certification should be established;

· ownership restrictions should be lifted in order to increase the choice of audit providers;

· national audit supervisory authorities should be strengthened and an EU-wide cooperation within the European Securities and Markets Authority ( ESMA ) should be set up.

LEGAL BASIS: Article 114 of the Treaty on the Functioning of the European Union (TFEU).

CONTENT: this proposal lays down conditions for carrying out the statutory audit on the financial statements of PIEs. Directive 2006/43/EC already deals with certain requirements which apply to the statutory audit of PIEs. Those requirements will no longer be comprised in the Directive, but integrated (and further developed) in this Regulation.

The main points are as follows:

Conditions for carrying out statutory audit of public-interest entities :

· an auditor should establish adequate policies and procedures to ensure compliance with the obligations under the Regulation regarding independence, internal quality control systems and the supervision of employees ;

· former auditors, key audit partners or their employees are not allowed to take up a key management position in the audited entity, to become a member of the audit committee of the audited entity, to become a non-executive member of the administrative body or to join the supervisory body of the audited entity within two years after the termination of the audit engagement;

· the statutory auditor, audit firm or member of the audit firm's network will be prevented from providing certain non-audit services to their audited entities. For other non-services that are not fundamentally incompatible with the audit services, the audit committee or the competent authority will be empowered to assess whether or not they may be provided to the audited entity;

· audit firms of significant size should focus their professional activity on the carrying out of statutory audit and should not be allowed to undertake non- audit services;

· the content of the audit report disclosed to the public is expanded so that it: (i) explains the methodology used, especially how much of the balance sheet has been directly verified and how much has been based on system and compliance testing, the levels of materiality applied to perform the audit, the key areas of risk of material misstatements of the financial statements; (ii) explains whether the statutory audit was designed to detect fraud and, (iii) in the event of a qualified or adverse opinion or a disclaimer of opinion, explain the reasons for such a decision;

· the auditor should also prepare a longer and more detailed report for the audit committee. This report would provide more detailed information on the audit carried out, on the situation of the undertaking as such (e. g. going concern) and the findings of the audit combined with the necessary explanations;

· the auditor should keep certain documents and information for a period of five years.

The appointment of statutory auditors or audit firms by public-interest entities:

· in order to reinforce the independence and capacity of the audit committee, the latter should be composed of non-executive members, at least one member should have experience and knowledge in auditing and another one in accounting and/or auditing;

· the proposal for the appointment of the auditor to the meeting of shareholders should be based on a recommendation of the audit committee . Unless it concerns the renewal of an audit engagement, the recommendation should contain at least two choices (excluding the incumbent auditor) and the audit committee should express a justified preference for one of them. The recommendation of the audit committee should be made after the completion of a due tendering process;

· the proposal introduces mandatory rotation of audit firms after a maximum period of 6 years that may be, under certain exceptional circumstances, extended to 8 years;

· where a public-interest entity has appointed two or more statutory auditors or audit firms, the maximum duration of the engagements will be 9 years; on an exceptional basis, such duration may be extended to 12 years. It also provides for a cooling-off period before the audit firm is able to carry out the statutory audit of the same entity again.

Surveillance of the activities of auditors and audit firms carrying out statutory audit of public-interest entities:

· each Member State should designate a competent authority responsible for the supervision of auditors and audit firms auditing PIEs. The proposal requires that the EU-wide cooperation between competent authorities takes place within ESMA;

· a 'voluntary' pan-European audit quality certification is introduced to increase the visibility, recognition and reputation of all audit firms having capacities to conduct high quality audits of PIEs. ESMA should publish the requirements for obtaining the certificate along with any administrative and fee implications.

Supervisory measures and penalties: administrative pecuniary sanctions on auditors and PIEs for identified violations are envisaged. Authorities should be transparent about the sanctions and measures they apply.

BUDGETARY IMPLICATIONS: the Commission's proposal has no direct or indirect impact on the European Union budget. In particular, tasks that would be entrusted to EU supervisory bodies as mentioned in the proposal would not entail additional EU funding.

DELEGATED ACTS: the proposal contains provisions empowering the Commission to adopt delegated acts in accordance with Article 290 of the Treaty on the Functioning of the EU.