¹ Regaining public trust is one of the most topical subjects related to the regulation and supervision of financial undertakings: see, for example, Group of Thirty, “Banking conduct and culture: a call for sustained and comprehensive reform” (Group of Thirty, July 2015); Financial Stability Board, “Guidance on supervisory interaction with financial institutions on risk culture” (April 2014).

² According to statistics, banking has gone from being one of the public’s most trusted sectors to the least trusted: The Edelman Trust Barometer (2017), <www.edelman.com/research/edelman-trust-barometer-archive> accessed 16 March 2018; Group of Thirty, “Banking conduct and culture: a call for sustained and comprehensive reform” (Group of Thirty, July 2015); European Commission, Evidence-based consumer policy, “Consumer Scoreboard”, <ec.europa.eu/consumers/consumer_evidence/consumer_scoreboards/10edition/docs/consumer_market_brochure_141027_en.pdf> accessed 16 March 2018.

³ Dodd-Frank Wall Street Reform and Consumer Protection Act (Pub.L. 111–203), section 619. Noteworthy are Mr Volcker’s comments on the proposed Volcker rule regulations: “The need to restrict proprietary trading is not only, or perhaps most importantly, a matter of the immediate market risks involved. It is the seemingly inevitable implication for the culture of the commercial banking institutions involved, manifested in the huge incentives to take risk inherent in the compensation practices for the traders. Can one group of employees be so richly rewarded, the traders, for essentially speculative, impersonal, short-term trading activities while professional commercial bankers providing essential commercial banking services to customers, and properly imbued with fiduciary values, be confined to a much more modest structure of compensation?” (PA Volcker, “Commentary on the Restrictions on Proprietary Trading by Insured Depositary Institutions (13 February 2012) <online.wsj.com/public/resources/documents/Volcker_Rule_Essay_2-13-12.pdf> accessed 16 March 2018).

⁴ See the speech by Daniele Nouy, Chair of the Supervisory Board of the Single Supervisory Mechanism, “The European banking landscape – initial conclusions after four months of joint banking supervision and the main challenges ahead” (European Central Bank (ECB), 17 March 2015) <www.bankingsupervision.europa.eu/ecb/pub/pdf/ssm.mepletter171013_tajani_dn.en.pdf> accessed 16 March 2018. The process of approximation of laws underpinning the Single Rulebook and the Banking Union in Europe is inspired by the main goal of restoring public confidence. In that respect, for instance, “making banking resolution credible” has been rightly, and pointedly, identified as the core challenge for legislators and regulators when drafting the Bank Recovery and Resolution Directive, 2014/59/EU (BRRD). See BRRD, preamble, recital 5, and, among scholars, eg Armour, J, “Making bank resolution credible” in E Ferran, N Moloney and J Payne (eds), Oxford Handbook of Financial Regulation (Oxford University Press 2014)Google Scholar; and J-H Binder, “Resolution: concepts, requirements and tools”, paper presented at a symposium on Bank Recovery and Resolution in Europe – The EU Crisis Management Directive in Context, organised jointly by the author and Dalvinder Singh (University of Tübingen, 18–19 October 2014).

⁵ J Shipton, Executive Director of Intermediaries Securities and Futures Commission, “Supervision of intermediaries: key initiatives and focus in 2014” (Securities and Futures Commission, 4 June 2014).

⁶ Bronfman, NC, López Vázquez, E and Dorantes, G, “An Empirical Study for the Direct and Indirect Links Between Trust in Regulatory Institutions and Acceptability of Hazards” (2009) 47 Safety Science 686 CrossRefGoogle Scholar.

⁷ Awrey, D, “Complexity, Innovation and the Regulation of Modern Financial Markets” (2012) 2 Harvard Business Law Review 235 Google Scholar.

⁸ Complexity has been thoroughly studied as a contributing factor to systemic risk: See, eg, Scott, HS, “The Reduction of Systemic Risk in the United States Financial System” (2010) 33 Harvard Journal of Law & Public Policy 671, 673 Google Scholar; Schwarcz, SL, “Regulating Complexity in Financial Markets” (2009) 87 Washington University Law Review 211, 212–213 Google Scholar (identifying complexity “as the greatest financial-market challenge of the future” and one of the three core causes of the 2007–2009 financial crisis). Increased complexity has arisen in the financial sector for a number of reasons. The first is technological advancement (see R Merton, “Financial Innovation and the Management and Regulation of Financial Institutions” (1995) NBER Working Paper Series, Working Paper No 5096 <www.nber.org/papers/w5096> accessed 16 March 2018; Merton, RC, “Financial innovation and economic performance” (1992) 4 Journal of Applied Corporate Finance 12 CrossRefGoogle Scholar; Tufano, P, “Financial innovation” in GM Constantinides, M Harris and R Stulz (eds), Handbook of the Economics of Finance (Elsevier 2003)Google Scholar; Allen, F, “Trends in financial innovation and their welfare impact: An overview” (2012) 18 European Financial Management 493 CrossRefGoogle Scholar; for a legal perspective on the subject, see, eg C Brummer, “Disruptive technology and securities regulation” (2015) 84 Fordham Law Review 977). The second reason for increased complexity is increased regulation: more stringent regulatory requirements and the unintended consequences associated with them (regulatory arbitrage). The third, and to our mind, most important factor is interconnection.

⁹ Black, J, “Critical Reflections on Regulation” (2002) 27 Australian Journal of Legal Philosophy 1 Google Scholar; Black, J, “Enrolling Actors in Regulatory Systems: Examples from UK Financial Services Regulation” (2003) Public Law 63 Google Scholar; Black, J, “Mapping the Contours of Contemporary Financial Services Regulation” (2002) 2 Journal of Corporate Law Studies 253 CrossRefGoogle Scholar. Black indeed argues that decentred regulation is premised on these four preconditions. “Complexity” refers to the nature of problems that may need to be dealt with. “Fragmentation” refers to the fragmentation of knowledge, resources and capacity for control in the regulatory space. “Interdependencies” refers to the dynamics between the participants in the regulatory space, co-producing and co-enforcing norms of governance. “Ungovernability” refers to the autonomy and unpredictability of actor behaviour in the regulatory space, which will pose challenges to assumptions made by regulatory authorities. In a decentred landscape, there is, some argue, no public-private distinction, as all participants contribute to and influence governance.

¹⁰ Barth, JR, Caprio, G and Levine, R, “Bank Regulation and Supervision: What Works Best?” (2004) 13 Journal of Financial Intermediation 205 CrossRefGoogle Scholar; Porter, T, States, Markets and Regimes in Global Finance (Springer 2016) 149 Google Scholar.

¹¹ Masciandaro, D and Quintyn, M, “The Evolution of Financial Supervision: the Continuing Search for the Holy Grant” in M Balling and E Gnan (eds), 50 Years of Money and Finance (Larcier 2013)Google Scholar.

¹² Chiu, IH-Y, Regulating (From) the Inside: The Legal Framework for Internal Control in Banks and Financial Institutions (Bloomsbury 2015)Google Scholar.

¹³ See D Singh, “The Role of External Auditors in Bank Supervision: A Supervisory Gatekeeper?” (2013) 47 The International Lawyer 65; D Masciandaro, and D Romelli, “Banking Supervision and External Auditors: What Works Best?” (2016) Baffi Carefin Centre Research Paper No 2017-46, <ssrn.com/abstract=2895999> accessed 16 March 2018.

¹⁴ The earlier literature on gatekeepers includes a number of important articles, including Kraakman, RH, “Corporate Liability Strategies and the Costs at Legal Controls” (1984) 93 Yale Law Journal 857 CrossRefGoogle Scholar; Gilson, RJ, “Value Creation by Business Lawyers: Legal Skills and Asset Pricing” (1984) 94 Yale Law Journal 239 CrossRefGoogle Scholar; Kraakman, RH, “Gatekeepers: The Anatomy of a Third-Party Enforcement Strategy” (1986) 2 Journal of Law, Economics & Organization 53 Google Scholar; Choi, SJ, “Market Lessons for Gatekeepers” (1998) 92 Northwestern University Law Review 16 Google Scholar.

¹⁵ Coffee Jnr, JC, Gatekeepers (Oxford University Press 2004)Google Scholar; Coffee Jnr, JC, “Understanding Enron: It’s About the Gatekeepers, Stupid” (2002) 57 Business Lawyer 1403 Google Scholar. See also Choi, SJ and Fisch, JE, “How to Fix Wall Street: A Voucher Financing Proposal” (2003) 113 Yale Law Journal 269 CrossRefGoogle Scholar.

¹⁶ See Partnoy, F, “How and Why Credit Rating Agencies are Not Like Other Gatekeepers” in Y Fuchita and RE Litan (eds), Financial Gatekeepers: Can they Protect Investors? (Brookings Institution Press 2006)Google Scholar.

¹⁷ Kraakman (1986), supra, note 14.

¹⁸ See White, LJ, “The Credit Rating Industry: An Industrial Organization Analysis” in RM Levich, G Majnoni and C Reinhart (eds), Ratings, Rating Agencies and the Global Financial System (Kluwer Academic Press 2002)Google Scholar, describing the variety of regulations that require or depend on a rating provided by a NRSRO.

¹⁹ In the period leading up to the financial crisis in 2008, CRAs failed to properly appreciate the risks in more complex financial instruments. For instance, structured finance products backed by risky sub-prime mortgages were issued with incorrect ratings that were far too high. During the subsequent euro area debt crisis, certain countries were faced with abrupt bond sell-offs and higher borrowing costs following a downgrading of their credit rating. In the wake of the financial crisis, the EU adopted rules on CRAs to restore market confidence and increase investor protection. The latest legislative package on CRAs consists of Regulation No 462/2013 of the European Parliament and of the Council of 21 May 2013 amending Regulation (EC) No 1060/2009 on credit rating agencies [2013] OJ L 146/1 and Directive 2013/14/EU of the European Parliament and of the Council of 21 May 2013 amending Directive 2003/41/EC on the activities and supervision of institutions for occupational retirement provision, Directive 2009/65/EC on the coordination of laws, regulations and administrative provisions relating to undertakings for collective investment in transferable securities (UCITS) and Directive 2011/61/EU on Alternative Investment Funds Managers in respect of over-reliance on credit ratings [2013] OJ L 145/1. These laws seek to: (i) reduce over-reliance on credit ratings; (ii) increase transparency regarding the issuing of sovereign debt ratings; (iii) improve the quality of the rating process and make CRAs more accountable for their actions; (iv) reduce conflicts of interest and encourage a greater number of actors to operate in the credit rating market.

²⁰ K Casey and F Partnoy, “Op-Ed, Downgrade the Ratings Agencies” New York Times (New York, 5 June 2010).

²¹ Singh, supra, note 13.

²² Brummer, C, “How International Financial Law Works (and How it Doesn’t)” (2011) 99 Georgetown Law Journal 257 Google Scholar; Verdier, P-H, “The Political Economy of International Financial Regulation” (2012) 88 Indiana Law Journal 1405 Google Scholar; Zaring, DT, “International Institutional Performance in Crisis” (2010) 10 Chicago Journal of International Law 475 Google Scholar.

²³ Becker, GS, “Crime and Punishment: An Economic Approach” (1968) 76 Journal of Political Economy 169 CrossRefGoogle Scholar; Easterbrook, FH, “Criminal Procedure as a Market System” (1983) 12 The Journal of Legal Studies 289 CrossRefGoogle Scholar;

Choi, supra, note 14.

²⁴ In laying the theoretical foundation for gatekeeper liability, Reinier Kraakman conceived of the gatekeeper as an actor with the capacity to monitor and to control the conduct of its corporate client and thereby to deter wrongdoing by it. He regarded liability as a mechanism to ensure the optimal deterrence of corporate wrongs. In this framework, wrongdoings could be directly deterred by the imposition of liability on corporations and on individual corporate managers. Besides, gatekeepers would face potential liability themselves, to provide incentives for them to exercise their ability to monitor and control. Professor Kraakman observes that gatekeeper liability supplements direct forms of liability as well as private enforcement devices, such as the established reputations of gatekeepers. See Kraakman, RH, “Corporate Liability Strategies and the Costs of Legal Controls” (1984) 93 Yale Law Journal 857, 890 CrossRefGoogle Scholar.

²⁵ Bruner, CM, “States, Markets, and Gatekeepers: Public-Private Regulatory Regimes in an Era of Economic Globalization” (2008) 30 Michigan Journal of International Law 125 Google Scholar.

²⁶ Singh, D, Banking Regulation of UK and US Financial Markets (Routledge 2007) 157 Google Scholar.

²⁷ Companies Act 2006, s 495(3) (UK); see also Dicksee, LR, Auditing: A Practical Manual for Auditors (Arno Press 1976)Google Scholar; Power, M, The Audit Society: Rituals of Verification (2nd edn, Oxford University Press 1999)CrossRefGoogle Scholar; Brown, G, “Changing Audit Objectives and Techniques” (1962) 37 The Accounting Review 696, 703 Google Scholar; Chandler, RA, Edwards, JR and Anderson, M, “Changing Perceptions of the Role of the Company Auditor” (1993) 23 Accounting and Business Research 1840 CrossRefGoogle Scholar; Maltby, J, “‘A Sort of Guide, Philosopher and Friend’: The Rise of the Professional Auditor in Britain” (1999) 9 Accounting, Business and Financial History 29, 33 CrossRefGoogle Scholar; Willingham, JJ, “Discussant’s Response to Relationship of Auditing Standards to Detection of Fraud” (1975) 45 CPA Journal 13, 18 Google Scholar.

²⁸ See generally Bird, P, “What is “a true and fair view”?” (1984) Journal of Business Law 480 Google Scholar; Bird, P, “Group accounts and the true and fair view” (1985) Journal of Business Law 364 Google Scholar; Lasok, KPE and Grace, E, “The true and fair view” (1987) 10 Company Lawyer 13 Google Scholar; McGee, A, “The “true and fair view” debate: A study in the legal regulation of accounting” (1991) 54 Modern Law Review 874 CrossRefGoogle Scholar.

²⁹ Caparo Industries plc v Dickman [1990] 1 All ER 568: “It is the auditors’ function to ensure, so far as possible, that the financial information as to the company’s affairs prepared by the directors accurately reflects the company’s position in order, first, to protect the company itself from consequences of undetected errors or, possibly, wrongdoing ... and second, to provide shareholders with reliable intelligence for the purpose of enabling them to scrutinise the conduct of the company’s affairs and to exercise their collective powers to reward or control or remove those to whom that conduct has been confided” (at 583); Auditing Practices Board, “International Standard on Auditing 200, Objective and General Principles Governing an Audit of Financial Statements”, 2007.

³⁰ According to the Report of the High level group on financial supervision in the EU, chaired by Jacques de Larosière (De Larosière Group Report), “Report on the future of financial supervision in the EU” (25 February 2009) <ec.europa.eu/internal_market/finances/docs/de_larosiere_report_en.pdf> accessed 16 March 2018, corporate governance was one of the most important elements underlying the financial crisis; in the literature, see, for example, Hopt, K, “Corporate governance of banks and other financial institutions after the financial crisis” (2013) Journal of Corporate Law Studies 222 Google Scholar; PO Mülbert and R Citlau, “The uncertain role of banks’ corporate governance in systemic risk regulation” (2011) ECGI Law Working Paper No 179 <ssrn.com/abstract=1885866> accessed 16 March 2018.

³¹ See Howson, N, “When ‘good’ corporate governance makes ‘bad’ financial firms: the global crisis and the limits of private law” (2009) 108 Michigan Law Review 44 Google Scholar.

³² PO Mülbert, “Corporate governance of banks after the financial crisis – theory, evidence, reforms” (2009) ECGI Law Working Paper No 130 <ssrn.com/abstract=1448118> accessed 16 March 2018; M Hilb, “Redesigning corporate governance: lessons learnt from the global financial crisis” (2011) 15 Journal of Management and Governance 533.

³³ Basel Committee on Banking Supervision, “Principles for Enhancing Corporate Governance” (Bank for International Settlements March 2010) Principle 6. See also OECD Steering Committee on Corporate Governance, “Corporate governance and the financial crisis. Key findings and main messages” (OECD June 2009) 15.

³⁴ “Principles for Enhancing Corporate Governance”, supra, note 35, Principle 7.

³⁵ European Commission, “Corporate governance in financial institutions and remuneration policies” (Green Paper) COM/2010/0284 final, section 3.4.

³⁶ Timme, SG and Pi, L, “Corporate control and bank efficiency” (1993) 17 Journal of Bank and Finance 515 Google Scholar; MC Jensen, “Value maximization, stakeholder theory, and the corporate objective function” (2000) Harvard Business School Working Paper No 58; R Chami and C Fullenkamp, “Trust as a means of improving corporate governance and efficiency” (2002) IMF Working Paper No. 02/33 <www.imf.org/en/Publications/WP/Issues/2016/12/30/Trust-As-a-Means-of-Improving-Corporate-Governance-and-Efficiency-15658> accessed 16 March 2018; R Levine, “The corporate governance of banks: a concise discussion of concepts and evidence” (2004) World Bank Policy Research Working Paper No 3404 <openknowledge.worldbank.org/bitstream/handle/10986/14239/WPS3404.pdf?sequence=1&isAllowed=y> accessed 16 March 2018; Kirkpatrick, G, “The corporate governance lessons from the financial crisis” (2009) 3 Financial Market TrendsGoogle Scholar; De Jonghe, O, Disli, M and Schoors, K, “Corporate governance, opaque bank activities, and risk/return efficiency” (2012) 41 Journal of Financial Services Research 51 CrossRefGoogle Scholar.

³⁷ Griffith, SJ, “Corporate Governance in an Era of Compliance” (2016) 57 William & Mary Law Review 2075 Google Scholar.

³⁸ GP Miller, “The Compliance Function: An Overview” (2014) NYU Law and Economics Research Paper No 14-36 <ssrn.com/abstract=2527621> accessed 16 March 2018.

³⁹ Griffith, supra, note 37.

⁴⁰ In that respect, see A Minto and I Arndorfer, “The “four lines of defence model” for financial institutions. Taking the three-lines-of-defence model further to reflect specific governance features of regulated financial institutions”, Financial Stability Institute, Occasional Paper 11 (Bank for International Settlements 2015).

⁴¹ Easterbrook, F and Fischel, D, The Economic Structure of Corporate Law (Harvard University Press 1991)Google Scholar.

⁴² “Transaction cost” theories of the firm account for the development of the firm as a result of these costs. Williamson, OE, The Economic Institutions of Capitalism: Firms, Markets, Relational Contracting (The Free Press 1985)Google Scholar (“The board of directors thus arises endogenously, as a means by which to safeguard the investments of those who face a significant risk of expropriation”); Fama, EF and Jensen, MC, “Separation of Ownership and Control” (1983) 26 The Journal of Law and Economics 301, 311 CrossRefGoogle Scholar (describing the board of directors as a basic decision-control system).

⁴³ “Property rights” theories of the firm take incomplete contracts as a starting point, but also emphasise the importance of allocating to the residual claimant control rights to the physical or intangible assets at the centre of the firm. See generally Hart, O and Moore, J, “Property Rights and the Nature of the Firm” (1990) 98 Journal of Political Economy 1119 CrossRefGoogle Scholar.

⁴⁴ See, eg, Bainbridge, SM, “Director Primacy: The Means and Ends of Corporate Governance” (2003) 97 Northwestern University Law Review 547, 559–560 Google Scholar.

⁴⁵ Griffith, supra, note 37, 2180.

⁴⁶ See EBA, “Guidelines on internal governance under Directive 2013/36/EU” (26 September 2017) para. 14, “Reporting of breaches to competent authorities”.

⁴⁷ Griffith, SJ et al., “The Changing Face of Corporate Compliance and Corporate Governance” (2016) 21 Fordham Journal of Corporate and Financial Law 1 Google Scholar.

⁴⁸ EBA Guidelines, supra, note 46, para. 21, “Compliance function”.

⁴⁹ See Andenas, M, “Harmonising and Regulating Financial Markets” in M Andenas and C Andersen (eds), Theory and Practice of Harmonisation (Edward Elgar 2012) 14 CrossRefGoogle Scholar.

⁵⁰ See the seminal contributions of Julia Black, supra, note 9. See also concurring account from the sociological point of view, Snider, L, “The Conundrum of Financial Regulation: Origins, Controversies, and Prospects” (2011) 7 Annual Review of Law and Social Science 121 CrossRefGoogle Scholar.

⁵¹ Wilke, H, Governance in a Disenchanted World (Edward Elgar 2009)CrossRefGoogle Scholar.

⁵² Pagliari, S, “Who Governs Finance? The Shifting Public-Private Divide in the Regulation of Derivatives, Rating Agencies and Hedge Funds” (2012) 18 European Law Journal 44 CrossRefGoogle Scholar.

⁵³ Parker, C, The Open Corporation (Cambridge University Press 2000) 246 Google Scholar.

⁵⁴ Andenas, M and Chiu, I H-Y, The Foundations and Future of Financial Regulation Governance for Responsibility (Routledge 2014), 104 Google Scholar.

⁵⁵ Gray, J and Hamilton, J, Implementing Financial Regulation: Theory and Practice (John Wiley & Sons 2006)Google Scholar.

⁵⁶ Coglianese, C and Mendelson, E, “Meta-Regulation and Self-Regulation” in R Baldwin, M Cave and M Lodge (eds), The Oxford Handbook of Regulation (Oxford University Press 2010)Google Scholar.

⁵⁷ RM Pecchioli, “Prudential supervision in banking” (1987) OECD Working Paper.

⁵⁸ The most recent definition of public-interest entities (PIEs) in the EU is included in Art 2(13) of Directive 2014/56/EU of the European Parliament and of the Council of 16 April 2014 amending Directive 2006/43/EC on statutory audits of annual accounts and consolidated accounts [2014] OJ L 158/196 and is as follows: “‘Public-interest entities’ means:

(a) Entities governed by the law of a Member State whose transferable securities are admitted to trading on a regulated market of any Member State within the meaning of point 14 of Article 4(1) of Directive 2004/39/EC;

(b) Credit institutions as defined in point 1 of Article 43(1) of Directive 2013/36/EU of the European Parliament and of the Council, other than those referred to in Article 2 of that Directive;

(c) Insurance undertakings within the meaning of Article 2(1) of Directive 91/674/EEC; or

(d) Designated by Member States as public-interest entities, for instance undertakings that are of significant public relevance because of the nature of their business, their size or the number of their employees.”

⁵⁹ Bank of England, Engagement between external auditors and supervisors and commencing the PRA’s disciplinary powers over external auditors and actuaries (CP8/15, 21 January 2016); Report of the Parliamentary Commission on Banking Standards, Changing banking for good, Volume II (HL Paper 27-II, June 2013) where para. 1053 states that: “The Commission recommends that the Court of the Bank of England commission a periodic report on the quality of dialogue between auditors and supervisors.”

⁶⁰ See the recent report by Centre for Financial Reporting Reform, “Banking Supervision and External Auditors: Building a Constructive Relationship” (World Bank Group 2015). For example, a list of additional tasks that are considered legal requirements are: conducting special audits (ie those conducted to detect potential or suspected irregularities, errors or frauds); conducting risk assessment, asset quality review and stress tests directed by the ECB during the asset quality review process; complying with own funds requirements; reviewing the Internal Capital Adequacy Assessment Process (ICAAP); monitoring the orderly unwinding of the bank.

⁶¹ Although internal auditors, external auditors and supervisors have traditionally been expected to engage in close interaction, empirical research has shown that reality has not matched what theory predicted would happen. See P Frerejacque. and J Lincoln, “Financial supervisors and external auditors: partnering for financial stability” (Austrian National Bank, Vienna, 28 September 2015) for a detailed picture of the national provisions at stake.

⁶² Frerejacque. and Lincoln, supra, note 61.

⁶³ Supervisors may ask auditors to submit an LFAR elaborating on the external audit of financial statements and on special prudential supervisory requirements. This report can be an effective tool in the supervision of financial institutions, helping to support reliable financial reporting and underpinning market confidence. If presented in a consistent format, the LFAR can facilitate comparison across banks. In Germany, external auditors are required to submit an LFAR to the supervisory board. This report is not available to the public and is a useful tool to monitor management. This report must include: (i) general findings (comments on the general situation of the bank and going concern assessment; facts and significant risks that affect the future development and existence of the bank; any irregularities or violations of statutory provisions or the articles of incorporation by representatives or employees of the bank); (ii) basis of the external audit (subject, nature and scope of the external audit; applied accounting and auditing standards; confirmation of the external auditor’s independence); (iii) accounting policy decisions (accounting methods, substantial bases of valuation and changes thereof; exercise of accounting and measurement options; use of discretion, estimation and judgment; structuring measures (“window dressing” transactions); any material disclosures not already in the notes). See Audit Regulatory Committee, “Long-Form Audit Report in Germany” (Bundesministerium der Justiz, 3 March 2011) <ec.europa.eu/internal_market/auditing/docs/committees/pres1-03-03-11_en.pdf> accessed 16 March 2018.

⁶⁴ Basel Committee on Banking Supervision, External audits of banks (Bank for International Settlements, March 2014).

⁶⁵ EBA, “Consultation Paper on Draft Guidelines on communication between competent authorities supervising credit institutions and statutory auditors and audit firms(s) carrying out the statutory audits of credit institutions” (October 2015) <www.eba.europa.eu/documents/10180/1240549/EBA-CP-2015-17+CP+on+draft+GL+on+communication+between+competent+authorities+and+auditors.pdf> accessed 16 March 2018.

⁶⁶ Centre for Financial Reporting Reform, “Banking Supervision and External Auditors: Building a Constructive Relationship” (World Bank Group 2015).

⁶⁷ IMF, “Towards a framework for financial stability” (1998) World Economic and Financial Surveys 36.

⁶⁸ E Nowotny, Governor of the Austrian National Bank, “Small Countries in big unions – the Austrian experience” (University of Oxford, 28–30 September 2015); BCBS, “Letter to the International Auditing and Assurance Standards Board (IAASB)” (21 March 2013) <www.bis.org/bcbs/commentletters/ifac45.pdf> accessed 16 March 2018.

⁶⁹ See BCBS, The internal audit function in banks (Bank for International Settlements, June 2012) Principle 12.

⁷⁰ Financial Stability Board, “Supervisory intensity and effectiveness. Progress report on enhanced supervision” (7 April 2014) <www.fsb.org/wp-content/uploads/r_140407.pdf?page_moved=1> accessed 16 March 2018.

⁷¹ Board of Governors of the Federal Reserve System, “Supplementary policy statement on the internal audit function and its outsourcing” (23 January 2013) <www.federalreserve.gov/supervisionreg/srletters/sr1301a1.pdf> accessed 16 March 2018.

⁷² Supra, note 69.

⁷³ On the distribution of tasks between the ECB and NCAs, see ECB, “Guide to banking supervision” (November 2014). In the literature, see G Ferrarini and L Chiarella, “Common banking supervision in the eurozone: strengths and weaknesses” (2013) ECGI Law Working Paper No 223/2013 <ssrn.com/abstract=2309897> accessed 16 March 2018; F Eilis, “European Banking Union and the EU single financial market: more differentiated integration, or Disintegration?” (2014) University of Cambridge Faculty of Law Research Paper No 29/2014 <ssrn.com/abstract=2426580> accessed 16 March 2018; G Ferrarini, “Single supervision and the governance of banking markets” (2015) ECGI Law Working Paper 294/2015 <ssrn.com/abstract=2604074> accessed 16 March 2018.

⁷⁴ International Standard on Auditing (ISA) 200, “Overall Objectives of the independent auditor and the conduct of an audit in accordance with International standards on Auditing”, para. 11.

⁷⁵ OECD, G20/OECD Principles of Corporate Governance: OECD Report to G20 Finance Ministers and Central Bank Governors (OECD, September 2015). In order to ensure the independence of external auditors, several governance arrangements must be put in place. The audit committee of the board should identify and nominate suitable candidate firms to act as external auditors and approve their appointment. Mandatory tenure limits and rotation are now commonly imposed on external auditors to avoid situations where they gradually lose their objectivity and independence as they become too closely engaged with the organisation over time. Furthermore, certain jurisdictions have introduced a limit on the amount of non-audit services provided by the auditor, to prevent external auditors from being involved in auditing their own work. Financial institutions can further enhance auditors’ independence by publicly disclosing payments to external auditors for non-audit services and prohibiting auditors from having a stake in the audited organisation.

⁷⁶ Appreciation of the work of internal audit has been pointed out by the Committee of European Bank Supervisory in comments related to the Association of Chartered Certified Accountants, “ISA 610 The Auditor’s Consideration of the Internal Audit Function: redrafted International Standard on Auditing issued for Comment by the International Auditing and Assurance Standards Board of the International Federation of Accountants” (ACCA, March 2007).

⁷⁷ The term “material significance” requires interpretation in the context of the specific legislation relevant to the regulated entity. A matter or group of matters is normally of material significance to a regulator’s function when, due to either its nature or its potential financial impact, it is likely of itself to require investigation by the regulator.

⁷⁸ BCBS, External audits of banks, supra, note 64.

⁷⁹ The supervisor may also require the use of specific approaches in the planning and performing of the external audits: see BCBS, “Core Principles for Effective Banking Supervision” (Bank for International Settlements, September 2012), Core Principle 27.

⁸⁰ In the UK, the Prudential Regulation Authority (PRA) issued a Policy Statement (Prudential Regulation Authority, “Engagement between external auditors and supervisors and commencing the PRA’s disciplinary power over external auditors and actuaries” (January 2016) Policy Statement PS1/16) laying out the rules for external auditors of the largest UK banks for the provision of written reports to the PRA as part of the statutory audit cycle. The PRA asked external auditors to contribute to its supervision of firms by directly engaging in a proactive and constructive way to support judgment-based supervision and help promote the safety and soundness of firms supervised by the PRA. The insights gained by auditors when they carry out high-quality audits should help enhance the effectiveness of the relationship between the auditors and the supervisor. More broadly, a closer and more frequent engagement between supervisors and external auditors came about in the last few years. The PRA keeps monitoring the quality of auditor-supervisor dialogue. In a survey of external auditors, it was noted that the vast majority of engagements was considered only “reasonable” and that the PRA’s aim was to improve this engagement in the longer term. In particular, in individual cases both supervisors and auditors considered that there was room for improvement in the frankness with which information was shared, how often it was shared and what was covered in bilateral meetings.

⁸¹ In Switzerland, for many years, the Swiss Financial Market Supervisory Authority (FINMA) has adopted a dualist approach, whereby on-site examinations are outsourced to approved and licensed external auditors. A recent IMF assessment (IMF Country Report 14/143, Switzerland: Financial Sector Stability Assessment, May 2014) noted significant weaknesses in Swiss supervision, though. FINMA should provide more guidance to auditors to ensure greater supervisory harmonisation across entities and should complement the auditors’ work with its own in-depth-examinations of selected issues. In addition, the payment of auditors by a supervised entity was viewed critically as auditors should not be paid by a supervised entity but rather by a “FINMA-administered bank-financed fund”. The IMF also noted that FINMA’s on- and off-site supervisory resources had been increased in recent years but still needed to be strengthened. Resources were insufficient to supervise and regulate the entire banking system in a way that met the Core Principles for Banking Supervision, including sufficient in-depth on-site work and oversight of supervisory work done by external auditors, particularly for small- and medium-sized banks.

⁸² In the US, supervisors meet periodically with external audit firms to discuss issues of common interest relating to bank operations. The IMF analysis (International Monetary Fund, “United States: Financial Sector Assessment Program”, IMF Country Report 15/170 (July 2015)) noted that there is no “safe haven” protection for external auditors in reporting issues to regulators. However, according to Part 363 of the Federal Deposit Insurance Corporation (FDIC) rules, a bank must inform its supervisor within 15 days of having received written information from the auditors about a violation that was committed. This gap is somehow mitigated by the frequent contact between supervisors and auditors in the course of examinations and planning. Furthermore, although the supervisors cannot set the scope of the external audit, they could encourage the auditors to include new issues. However, the report highlighted weaknesses relating to the fact that supervisors do not have legal powers to add specific issues to the scope of the external audit in order to address issues that are not normally covered by such an audit.

⁸³ The Hong Kong Monetary Authority (HKMA) devotes significant efforts to ensuring effective communication channels with external auditors. Furthermore, its powers to commission external auditor reports for supervisory purposes further supports the relationship between the HKMA and the external auditors, and the understanding of the HKMA’s supervisory concerns. However, the IMF report (International Monetary Fund, “People’s Republic of China – Hong Kong Special Administrative Region, Report on the Observance of Standards and Codes”, IMF Country Report 14/131 (May 2014)) states that there are two areas in which the HKMA lacks powers and where the legislative framework could be enhanced: the HKMA lacks powers to reject the appointment of an external auditor, when there are concerns over its competence or independence, and it does not have direct power to access the working documents of the external auditor even though the HKMA is able to address issues that arise by indirect means. While the HKMA has been able to work around these restrictions, amendments to the relevant legislation should be made.

⁸⁴ BCBS, External audits of banks, supra, note 64.

⁸⁵ ibid.

⁸⁶ ibid.

⁸⁷ An interesting survey conducted by the Independent Forum of Independent Audit Regulators (International Forum of Independent Audit Regulators, “Report on 2014 Survey of Inspection Findings” (3 March 2015)) analysed the quality of external auditors. It collected information on inspections of the quality of the external audits of public interest entities and of systemically important financial institutions (SIFIs). The three main areas of finding reported in the 2014 Survey for SIFIs relate to audit of the Valuation of Investment and Securities (27% of inspected audits had findings), Internal Control Testing (27%) and audit of Allowance for Loan Losses and Loan Impairments (17%). A finding does not necessarily indicate that the financial statements were misstated, but implies that the auditor’s performance fell below the expected level of diligence that would have satisfied the public interest role of the audit. It also implies that the audit failed to provide the level of assurance about the financial statements that it was supposed to ensure and that was required by professional standards. Confidence in the auditor’s execution of this assurance function should not await the ex post result of an inspection of the auditor.

⁸⁸ A financial institution may be part of a large, internationally active foreign-owned banking or insurance group. In this case, the regulator located in the country of the branch or subsidiary is referred to as “host regulator” whereas the regulator of the foreign holding company acts as “home regulator”. To facilitate the exchange of information between the home regulator and (the various) host regulators, so called “supervisory colleges” have been implemented. Such colleges should be permanent but flexible structures that allow for collaboration, coordination and information-sharing among the regulatory authorities of cross-border financial groups (see Basel Committee on Banking Supervision, “Principles for Effective Supervisory Colleges” (Bank for International Settlements, June 2014)).

⁸⁹ Such structures may require financial institutions to be subject to a special arrangement such as a supranational supervisory authority in addition to a local supervisor. An example of such a supranational supervisory body is the “Single Supervisory Mechanism” (SSM) which represents a centralised bank supervisory authority vested in the ECB. Although it was established in 2014, a precise division of power has yet to be agreed by the participating national supervisors and the SSM (see Decision (EU) 2015/839 of the European Central Bank of 27 April 2015 identifying the credit institutions that are subject to a comprehensive assessment [2015] OJ L 132/88; Global Risk Regulator, “ECB single supervisor’s relations with national authorities still in flux”, The Banker (London, June 2015)).

⁹⁰ Depending on the assignment of financial oversight responsibilities in a specific jurisdiction, various regulators (eg bank and insurance regulators, and securities and exchange commissions) may be charged with the oversight of a financial institution.

⁹¹ BCBS, “Core Principles for Effective Banking Supervision”, supra, note 79, Core Principle 27.

⁹² Perrin, A, “A knowledge lost in translation: the role of knowledge brokers in knowledge transfer” (2013) 12 International Journal of Information Technology and Management 214 CrossRefGoogle Scholar; Von Krogh, G, “Knowledge sharing and the communal resource” in M Easterby-Smith and MA Lyles (eds), Handbook of Organizational Learning and Knowledge Management (Blackwell Publishing 2003)Google Scholar.

⁹³ Arcuri, A and Dari-Mattiacci, G, “Centralization versus Decentralization as a Risk-Return Trade-Off” (2010) 53 The Journal of Law & Economics 359 CrossRefGoogle Scholar.

⁹⁴ Compliance departments have lawyers, but they also have non-lawyers. The compliance function is partly a legal function, partly a management function, and partly involves other important topics such as sociology, psychology, and other fields. This is a multidisciplinary area of study that is not limited to law. We are into something that is interesting and changing rapidly.

⁹⁵ BCBS, “Compliance and the compliance function in banks” (Bank for International Settlements, April 2005).

⁹⁶ In stark contrast to traditional corporate governance theories based on Ronald Coase conceptual framework of the firm’s contractual counterparties. On this point, see Miller, supra, note 38.

⁹⁷ Supervisors implicitly acknowledge their lack of information when they require the appointment and engagement of a compliance function: see generally Kern Griffin, L, “Inside-Out Enforcement” in AS Barkow and RE Barkow (eds), Prosecutors in the Boardroom: using Criminal Law to Regulate Corporate Conduct (New York University Press 2011) 154 Google Scholar.

⁹⁸ Bruner, supra, note 25, 125.

⁹⁹ BCBS, External audits of banks, supra, note 64. The term “material significance” requires interpretation in the context of the specific legislation relevant to the regulated entity. A matter or group of matters is normally of material significance to a regulator’s function when, due to either its nature or its potential financial impact, it is likely of itself to require investigation by the regulator. (Material significance is sometimes determined by establishing a single rule method, eg 5% of pre-tax income or 0.5% of total assets.)

¹⁰⁰ Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (MIFID II) [2014] OJ L 173/349 Art 77; Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC Text with EEA relevance (CRD IV) [2013] OJ L 176/338 Art 63.

¹⁰¹ BCBS, External audits of banks, supra, note 64.

¹⁰² ibid.

¹⁰³ See, with reference to lawyers’ role as gatekeepers, M De Stefano Beardslee, “The Corporate Attorney-Client Privilege: Third-Rate Doctrine for Third-Party Consultants” (2009) 62 SMU Law Review 727, 735.

¹⁰⁴ On the effectiveness of reputation as a device for ensuring legal compliance, see Brewster, R, “Unpacking the State’s Reputation” (2009) 50 Harvard International Law Journal 231 Google Scholar.

¹⁰⁵ Minto, A, Voelkerling, M and Wulff, M, “Separating apples from oranges: identifying threats to financial stability originating from FinTech” (2017) 12 Capital Markets Law Journal 428 CrossRefGoogle Scholar.

¹⁰⁶ Black, J, “Decentring Regulation: Understanding the Role of Regulation and Self-Regulation in a ‘Post-Regulatory’ World” (2001) 54 Current Legal Problems 103 CrossRefGoogle Scholar; J Black, “Seeing, Knowing, and Regulating Financial Markets: Moving the Cognitive Framework from the Economic to the Social” (2013) LSE Legal Studies Working Paper No. 24/2013 <ssrn.com/abstract=2346098> accessed 16 March 2018.

¹⁰⁷ Griffith, SJ, “The Question Concerning Technology in Compliance” (2016) 11 Brooklyn Journal of Corporate, Financial and Commercial Law 25 Google Scholar.