SUP 3A.9 Duties of auditors: notification and safeguarding report

An external auditor of a relevant institution must prepare a safeguarding report addressed to the FCA which:

1. (1) states the matters set out in SUP 3A.9.2R;

2. (2) specifies the matters to which SUP 3A.9.11R and SUP 3A.9.12R refer; and

3. (3) is prepared in accordance with the terms of a reasonable assurance engagement.

The auditor’s safeguarding report must state whether, in the auditor’s opinion:

1. (1) the relevant institution has maintained systems adequate to enable it to comply with the relevant funds regime throughout the period; and

2. (2) the relevant institution was in compliance with the relevant funds regime at the end of the period covered by the report.

The auditor’s safeguarding report must be:

1. (1) in the form prescribed by SUP 3A Annex 1; and

2. (2) signed on behalf of the audit firm by the individual with primary responsibility for the relevant institution's safeguarding report and in that individual's own name.

SUP 3A.9.1R provides that an auditor must ensure that a safeguarding report is prepared in accordance with the terms of a reasonable assurance engagement. The FCA also expects an auditor to have regard, where relevant, to material published by the Financial Reporting Council that deals specifically with the safeguarding report which the auditor is required to submit to the FCA. In the FCA's view, a safeguarding report that is prepared in accordance with that material is likely to comply with SUP 3A.9.1R and SUP 3A.9.2R where that report is prepared for a relevant institution within the scope of the material in question.

1. (1) An auditor must ensure that the information provided to it by a relevant institution in accordance with SUP 3A.10.1G is included in the safeguarding report.

2. (2) If by the date at which the report is due for submission in accordance with SUP 3A.9.7R an auditor has not received the information referred to in SUP 3A.10.1G it must submit the report without that information, together with an explanation for its absence.

The period covered by an auditor’s safeguarding report must end not more than 53 weeks after the later of:

1. (1) the date the relevant institution first becomes subject to this chapter;

2. (2) the date the relevant institution becomes subject to this chapter after being exempt in accordance with SUP 3A.1.1R(2); or

3. (3) the end of the period covered by the previous report.

The auditor of a relevant institution must deliver their safeguarding report to the FCA within 4 months of the end of the period covered.

1. (1) If an auditor expects that it will fail to comply with SUP 3A.9.7R, it must, no later than the end of the 4-month period in question:

2.      (a) notify the FCA that it expects that it will be unable to deliver a safeguarding report by the end of that period; and

3.      (b) ensure that the notification in (a) is accompanied by a full account of the reasons for its expected failure to comply with SUP 3A.9.7R.

4. (2) If an auditor fails to comply with SUP 3A.9.7R, it must promptly:

5.      (a) notify the FCA of that failure; and

6.      (b) ensure that the notification in (a) is accompanied by a full account of the reasons for its failure to comply with SUP 3A.9.7R.

The rights and duties of auditors are set out in SUP 3A.8 (Rights and duties of auditors) and SUP 3A.9 (Duties of auditors: notification and safeguarding report). An auditor should bear these rights and duties in mind when carrying out safeguarding report work, including whether anything should be notified to the FCA immediately.

An auditor must:

1. (1) provide the relevant institution with a draft of its safeguarding report so it has an adequate period of time to consider the auditor’s findings and provide the auditor with comments of the kind referred to in SUP 3A.10.1G; and

2. (2) deliver a copy of the final report to the relevant institution at the same time as it delivers that report to the FCA in accordance with SUP 3A.9.7R.

If the auditor’s safeguarding report states that one or more of the requirements in SUP 3A.9.2R have not been met, the auditor must specify in the report each of those requirements and the respects in which they have not been met.

1. (1) Whether or not an auditor concludes that one or more of the requirements in SUP 3A.9.2R have been met, the auditor must ensure that the safeguarding report identifies each individual regulation or rule in respect of which a breach has been identified.

2. (2) If an auditor does not identify a breach of any individual regulation or rule, it must include a statement to that effect in the safeguarding report.

For the purpose of SUP 3A.9.11R and SUP 3A.9.12R, an auditor must ensure that the information prescribed under those rules is submitted using, respectively, Part 1 (Auditor’s Opinion) and Part 2 (Breaches Schedule) of SUP 3A Annex 1.

1. (1) The FCA expects that the list of breaches will include every breach of a regulation or rule in the relevant funds regime insofar as that regulation or rule is within the scope of the safeguarding report and is identified in the course of the auditor’s review of the period covered by the report, whether identified by the auditor or disclosed to it by the relevant institution, or by any third party.

2. (2) For the purpose of determining whether to qualify its opinion or express an adverse opinion, the FCA would expect an auditor to exercise its professional judgment as to the significance of a breach of a regulation or rule, as well as to its context, duration and incidence of repetition. The FCA would expect an auditor to consider the aggregate effect of any breaches when judging whether a relevant institution had failed to comply with the requirements in SUP 3A.9.2R.

If an auditor is unable to form an opinion as to whether one or more of the applicable requirements in SUP 3A.9.2R have been met, the auditor must specify in the report under SUP 3A.9.1R those requirements and the reasons why the auditor has been unable to form an opinion.

An auditor of a relevant institution must submit their safeguarding report by electronic means made available by the FCA.