Broker-Dealer Audits Still Badly Broken

On August 19, 2013, the Public Company Accounting Oversight Board, the audit industry regulator, released its second report on its interim inspection program for auditors of brokers-dealers registered with the Securities and Exchange Commission.

The PCAOB’s second “progress” report found deficiencies in all of the audit firms inspected and in 57 of the 60 audits inspected. The Board’s first interim progress report in August 2012 reviewed ten audit firms covering portions of 23 audits. Deficiencies were also identified in all of the audits inspected at that time.

That’s not much progress.

Violations of auditor independence rules were rampant, found in more than one-third (22 of 60) of the audits selected for inspection this time. The PCAOB inspections staff found, in particular, that auditors had violated independence rules by performing services for clients prohibited under SEC independence rules. For example, audit firms prepared the financial statements the firm was paid to “independently” audit on behalf of customers and investors.

Until now audits of the broker-dealer have been performed under AICPA standards. This goes for even the public companies such as Goldman Sachs and JP Morgan where the rest of the audit is performed according to PCAOB standards – that is, the ones now required by the Sarbanes-Oxley Act. And on July 30, 2013, the SEC finally approved amendments to Exchange Act Rule 17a-5 required by the Dodd-Frank Act. These amendments include the requirement that the audits of brokers and dealers must be conducted in accordance with PCAOB standards for fiscal years ending on or after June 1, 2014.

It’s no wonder that auditors, even of these large public companies, were confused about independence.

Well, not really.

One year ago, in Forbes on August 22, 2012, I published Already Behind The Eight-Ball: Auditors of Broker-Dealers Are A Disaster. That was followed up with a post on this blog on August 30, Four Years After Madoff, Audits and Auditors of Broker-Dealers Still Lousy.

I wrote:

The broker-dealers that were inspected by the PCAOB were not judged by any new rules. The auditors operate, for now, under generally accepted auditing standards (“GAAS”) issued by the American Institute of Certified Public Accountants (“AICPA”). The new “surprise” examination of investment advisors who have custody of customer funds or securities is also performed under AICPA attestation standards.

Broker-dealer audit firms will soon have to start auditing those firms under PCAOB standards. One wonders how most of them will ever be able to make the transition and stay in business given their poor performance under well-known AICPA standards.

From my Forbes column:

One very difficult complication is that auditors of broker-dealers are required to be independent of their clients under SEC rules, not AICPA rules. AICPA independence rules are more lenient and do not prohibit auditors from also preparing the financial statements they audit and supporting firms with accounting software and IT expertise.

The PCAOB says in its report even firms that audit public broker-dealers — who should know better — broke the independence rules.

These independence findings were identified in approximately eight percent of the audits selected for inspection performed by firms that audited brokers and dealers and also audited issuers. In contrast, independence findings were identified in approximately 80 percent of the audits selected for inspection performed by firms that audited brokers and dealers but did not audit issuers.

In July of 2012, after the failure of PFGBest because of massive fraud, I told readers that the smaller audit firms, in particular, had problems with the independence rules.

But one issue that provoked heated discussion at the Chicago forum was auditor independence. It seems many of these Certified Public Accountants and broker-dealer auditors were under the mistaken impression that it’s the AICPA’s rules for auditor independence that apply to them, not the SEC’s. SEC rules, post-Sarbanes-Oxley Act of 2002, prohibit an auditor of an SEC-registered firm from performing a list of nine prohibited services including bookkeeping and systems design and implementation for its audit clients.

Several audit firm professionals tried to convince the SEC and PCAOB staff that they were mistaken in the belief that broker-dealer auditors could not sign the broker-dealer audit opinion as well as help implement accounting software, prepare period-end journal entries and compile those same financial statements and regulatory reports that they would audit. PCAOB staff told me that this issue has come up at every forum.

Those audit firm professionals were dead wrong.

On August 27, the SEC published, Broker-Dealer Reports: A Small Entity Compliance Guide to more fully explain the expectations for broker-dealers registered with the Commission with regard to the amended reporting, audit, and notification requirements under 17 CFR Parts 240 and 249.

One overlooked addition to the legal obligations of the broker-dealer auditor is a Securities and Exchange Act of 1934 Section 10A-type requirement. This new rule requires the auditor to report to the SEC if the broker-dealer fails to notify the SEC of any instances of non-compliance with Exchange Act Rules 15c3-1 and 15c3-3(e) and the broker-dealer’s internal control over compliance with Rules 15c3-1, 15c3-3, Exchange Act Rule 17a-13, and applicable designated examining authority (DEA) rules that require broker-dealers to send account statements to customers (collectively, the “financial responsibility rules”).

If the independent public accountant determines that a broker-dealer is not in compliance with any of the financial responsibility rules during the course of preparing its reports, the independent public accountant must immediately notify the broker-dealer’s chief financial officer of the nature of the non-compliance.  The broker-dealer must then provide notice in accordance with Rule 15c3-1, Rule 15c3-3, or Exchange Act Rule 17a-11 if the non-compliance requires the broker-dealer to provide notice under those rules and must provide a copy of the notification to the independent public accountant.

If the independent public accountant determines that a material weakness exists in the internal control over compliance of the broker-dealer, the accountant must immediately notify the broker-dealer’s chief financial officer of the nature of the material weakness.  The broker-dealer must then provide notice in accordance with Rule 17a-11 and provide a copy of the notification to the independent public accountant.

The broker-dealer is also required to provide a copy of the notice sent to the Commission to the accountant within one business day.  If the accountant does not receive the notice or if the accountant does not agree with any statements in the notice, the accountant is required to provide a report to the Commission and the broker-dealer’s DEA within one business day.

Fulfilling this serious legal obligation to the capital markets, doing your public duty, is not easy thing. An audit firm has to actually be independent, objective, professionally skeptical and not financially beholden to its client. (This recent article by Chicago lawyer Bennett Lasko describes what happened when Deloitte apparently tried to do the right thing. Clients just don’t get it.)

In July of 2012 I wrote at Forbes:

The changes that will have to occur to bring the broker-dealer audit firms, and their clients, in line may mean not only consolidation of audit firms that can not deliver audit-only services cost effectively and per the standards, but also consolidation of broker-dealers who do not want hire competent accounting and systems professionals in-house or contract for them separately from a firm that’s not their auditor.

According to the PCAOB, this consolidation is already occurring but maybe not quickly enough to protect customers, investors, and the markets. There are fewer broker-dealers to audit and fewer audit firms registered with the PCAOB to audit broker-dealers than a year ago. However, 83% of auditors registered to audit broker-dealers do five or fewer such audits and almost half of those registered do only one.

(One quirk in the PCAOB inspection process is that the PCAOB selects broker-dealer audit firms to inspect from amongst those that have registered with the agency. If a broker-dealer files with the SEC as required but its auditor is not registered with the PCAOB, the auditor would never be inspected. It may be helpful for the SEC and the PCAOB to cross-check auditors named in broker-dealer SEC filings against the PCAOB registration list. Bingo! Easy pickings.)

Doing five or fewer broker-dealer audits — definitely doing only one — is not nearly enough, in my opinion, to be competent or cost-effective, let alone profitable and sufficiently objective, professionally skeptical and independent. PCAOB board member Jay Hanson seems to agree. On a call briefing reporters about the second interim inspection results he said, “firms that audit only a small number of broker-dealers may want to get out of that line of work rather than invest the time needed to become an expert.”

So many audit firms can’t, or won’t, follow the SEC independence rules. How can we expect them to fulfill their legal obligation to tell the SEC when a broker-dealer has a material weakness in internal controls over compliance with important rules like customer funds segregation, safeguarding securities, and calculating net capital?

Main page image from this blog.

8 replies
  1. ExDT
    ExDT says:

    Were there any variations in results based on the size of the audited firm? Curious if this applies equally to the big boys of Wall St too but have to assume it does.

  2. Francine
    Francine says:

    @ExDT

    I think the only breakdown they made was for firms that also audit public issuers and firms that don’t. Also this:

    “Of the 43 audit firms inspected:
    19 (including the nine annually inspected firms and 10 triennial inspected firms)
    were already subject to PCAOB inspection in connection with their audits of
    public company clients
    24 were not subject to previous inspection because they have not audited public
    companies.”

    So they looked at engagements in all of the firms that are inspected annually, that is, they audit more than 100 public companies. Then 10 more of the ones that audit less pubic companies and a fair number who audit no public companies. I think they would have looked at some of the engagements at the largest FCMs and broker-dealers. Deficiencies were observed in all firms inspected. They give a pretty good profile of how they chose the firms to inspect.

    “The Board is working to identify ways that the risk of loss to customers can be differentiated through various attributes that characterize a broker or dealer. These include whether or not a broker or dealer:
    -Receives, handles or holds securities or cash from the purchase or sale of securities by customers;
    -Carries customer accounts;
    -Engages in lines of business that transact with customers;
    -Reports financial measurements of net capital, revenues or assets that, on a combined basis, represent a differentiation of risk of loss to customers;
    -Has characteristics that may indicate heightened fraud risk or has received regulatory sanctions; and
    -Is a member of the Securities Investor Protection Corporation (“SIPC”).”

  3. Francine
    Francine says:

    Hi, I am working on something about the PCAOB proposed audit report changes. It will be focused on the auditor liability impact. I will add a comment on the Part I reports for the four now that they are all out. Look for it Monday.

  4. James Gilbert
    James Gilbert says:

    My name is Jim Gilbert, the sole owner of a one-person FINRA Broker/Dealer Pension Service Associates Securities (PSAS) which I established 23 years ago. PSAS is listed in the FINRA Broker Check website under CRD 29919. Everything mentioned in the below can be verified by the FINRA Broker Check Website http://brokercheck.finra.org. PSAS is a California S-corp and has been filing Focus reports and annual certified audits since inception. PSAS is in good standing with FINRA.
    I need to find an affordable new CPA who is in the PCAOB to do the annual certified audits for PSAS for 2015 and beyond. The CPA I used for the past 20 years and I have parted company.
    Here are the key facts to help you evaluate my situation. Hopefully after considering the following you will be willing to discuss taking on my certified audit at a price point close to what I have been paying for many years now. If interested please reply to this email : jim90024@gmail.com and we can discuss this further.
    Thank you,
    Jim Gilbert
    President, Pension Service Associates Securities Corp (FINRA CRD 29919)
    (310) 513-5233 (messages only)
    ———————————————————————————————————————————-
    BACKGROUND:
    I have sole owner a very small one-person FINRA Broker-Dealer for the past 23 years. Its name is Pension Service Associates Securities (PSAS) and is listed in the FINRA Broker Check website under CRD 29919. The firm since inception has been approved to do only one line of business; the sale of mutual funds by application only. This condition of restricting my activities to only mutual fund sales by application has allowed PSAS to certain SEC, FINRA and SIPC waivers on some requirements that full-service brokerages are obligated to adhere to. In addition, the net capital required to maintain PSAS is only $5000, compared to typical brokerages, which require net capital of $100,000 or much more.
    Under federal regulation all FINRA Broker Dealers, no matter their size, much have an annual audit performed by a CPA who is a member of the PCAOB. The PCAOB is a nonprofit corporation established by Congress to oversee the audits of public companies in order to protect the interests of investors and further the public interest in the preparation of informative, accurate and independent audit reports. The PCAOB also oversees the audits of broker-dealers, including compliance reports filed pursuant to federal securities laws, to promote investor protection.
    Historically my CPA took about half a day to complete PSAS’s audit, and each year she used the same basic boilerplate text, and simply reviewed and then dropped in financials that were prepared by my bookkeeper. Her main function was to write a short opinion, which was also mostly boilerplate. The typical annual audit report is 9 pages long, with four pages of financials prepared by my bookkeeper and the remaining pages contain 95% boilerplate and the same words, year after year.
    Each year the CPA charged me about $1,300 for essentially half a day of work reviewing financials and preparing her written opinions, which were always positive with the exception of the past two years. It is my disagreement with her written opinion that ended the business relationship. What makes the audit so quick and simple is because PSAS’s FINRA membership charter restricts PSA to mutual fund sales, and never having direct or indirect access to investor assets.
    Selling a mutual fund to investors is exactly like when an insurance agent sells a policy to a customer….it customer completes an application and mails it with premium to the insurance company. After the fact the agent gets paid a commission. This is exactly the same way PSAS business has been conducted for the past 23 years. As a result of this, my firm has never held customer accounts, assets, taken constructive recipe of money, and because I have never handled customer money I was never required to have any bonding or E&O insurance. The risk assessment is zero

    Below is a list of 12 specifics that will help in understanding the transparency and simplicity of Pension Service Associates Securities Corp CRD 29919

    1). PSAS has been in business for 23 years as a one-person operation. It has never had any employees, never was required to maintain a physical office, never had any disciplinary actions, fines or arbitrations, or debts, every. It has never had a single customer complaint in its history which can be verified by FINRA Broker Check described above.

    2). the firm has its routine in-office FINRA audit by FINRA going back twenty years. The most recent in-office FINRA audit occurred in May 2014, in Los Angeles, and passed. I was issued a written report I am glad to supply.

    3). PSAS is a “$5 K net capital” requirement firm, which means it only needs to be capitalized by $5000 and can only do mutual fund business with the public wherein the public fills-in mutual fund purchases applications and send them plus their payments to the mutual funds directly.

    4). PSAS never in its history held customer money, stocks, bonds, or any other investments, nor does PSAS have a correspondent arrangement with a larger broker (like Merrill Lynch, for example) to provide more extensive brokerage services to customers. PSAS has never sold any stock or bond to any customer since inception.

    5). The firm has a FINRA waiver for FinOp, and waiver to report to the SEC, and a waiver from SIPC as well because of its small size, minimal customer base, and limited business activities.

    6). the firm has not done any business with its customers for the past ten years, with only one exception. It is basically a dormant and passive entity, and its only function is to collect small fees (trailers) paid to it by mutual fund companies. These fees total less than $10,000 paid to the firm from all sources.

    7). PSAS only has three expenses that are reported in the financials each year:
    —FINRA Membership Fee of about $500 per year
    —Bookkeeping and Focus Filing Fees of $500 per year
    —Auditor Fee of about $1,300 per year.
    PSAS has no office expense because there is no office, and all communications are via email and US mail. PSAS has maintained same bank account with Bank of America for the past 25 years, and all revenues and expenses flow in and out of this single account making auditing an easy task. What is left after these expenses are paid is a net annual profit of about $7000-$8000 a year.

    8). There is only one bank account since inception, and the annual number of transactions is less than 30, of which 26 are deposits and four are withdrawals to cover expenses.

    9). I have a copy of every audit that was filed with NASD/FINRA since inception 23 years ago.

    10). the balance sheet, bank reconciliations, and other routine financials are prepared by an experienced bookkeeper who has worked for me for 25 years.

    11). PSAS is completely debt free and has no liens, judgments or other debts or liabilities. PSAS has never had any employees, and is a California s-corporation in good standing.

    12) PSAS is currently up for sale and I am actively looking for a qualified buyer, who would likely retain the new CPA.

  5. Francine
    Francine says:

    Hi, I am not a CPA firm and I do not perform any of these services. I have posted your comment to allow others who may be interested to see your info.

    fm

  6. Francine
    Francine says:

    @james gilbert

    It sounds like your CPA was not really doing an audit at the level that is required. It’s best she gets out of the business of signing broker-dealer audit opinions since it is riskier to do them now no matter how much time and how little you charge. “You get what you pay for.”

Comments are closed.