Who should be paying civil fines? It’s a commercial not a moral question.
The UK’s Financial Reporting Council (“FRC”) fined auditors and individual partners/managers £46 million+ from 23 investigations in the last 24 months. The FRC regulates auditors, accountants, and actuaries, and sets the UK’s Corporate Governance and Stewardship Codes. Its jurisdiction includes those directors & officers who are also chartered accountants (eg the CFO) and so this can very much be a D&O as well as an accountants’ PI issue.
Recent Fines
The frequency and severity of the fines has already been increasing. Whilst the Big 4 paid the most in fines, medium sized firms (who might not have captives picking up an uninsured primary layer) did not escape.
Recent audit failings range from deliberate / reckless misconduct (eg KPMG in respect of Carillion and Regenersis audits) to substandard work / insufficient challenge (eg PWC in respect of Galliford Try audits). Of the fourteen fines handed out in 2022, only two were for "misconduct", the rest were for "substandard" work. This hardening approach appears to be borne out by an article in the FT on August 3, 2022, in which the then Chief Executive of the FRC, Sir Jon Thompson, said that accountants should stop complaining about extra scrutiny and fines for audit failures and improve the quality of their work. ‘’It’s no good complaining about the fines” he told the FT: “The solution is entirely in [the audit firms’] hands. Do a good audit and you don’t get in trouble with us.”
Imminent Changes
The FRC is due to be replaced by the Audit, Reporting and Governance Authority (“ARGA”), which intends to be an even more powerful and rigorous regulator.
The FRC published it’s draft three-year plan in December 2022. The plan assumes that by the end of this year the long-awaited legislation will be in place to establish ARGA. The FRC will be subsumed into ARGA and ARGA will have the powers it needs to enforce rigorous corporate governance in the UK.The draft plan sets out strategic goals which include:
Setting high standards in corporate governance and stewardship, corporate reporting, and auditing, enforcing them where it is in the public interest. Immediate evidence of this is (1) the proposed Minimum Standard for Audit Committees of Premium Listed Companies, a draft of which has been in circulation since November 2022; and (2) a revised Corporate Governance Code, a draft of which will be published mid-summer this year.
Creating a more resilient audit market through greater competition and choice.- Transforming the organisation into a new robust, independent, and high performing regulator, acting in the public interest.
Better resourcing – increasing the FRC/ARGA’s total staff numbers over the next four years to around 600 with a budget for 2023/24 of £67.9m.
So, it sounds like ARGA will mean business, which will include more fines and heavier fines for audit (and for finance directors, financial reporting) failures.
Insurance of Civil Fines
No one argues that deliberate/reckless misconduct should be insured. Civil fines for merely substandard work are in principle insurable under English law even though they are punitive. But is this the best use of the PI (or D&O) cover, and shouldn't firms be incentivised to try harder to avoid substandard work as Sir Jon Thompson suggested? In many cases there are significant civil claims following on which the cover will be needed for. The increasing frequency and severity means insuring these fines may not be commercially sustainable.
Most policies cover civil fines "where insurable by law" so if insurers don't want to cover them a change in the policy language would be needed. This is preferable to objecting to covering a fine because it’s “not insurable" after claims have arrived: this is too late and due to the fact sensitivity in every case is likely to be highly contentious.