The value of independent external regulatory audit

Leaning into regulatory compliance

Scenic view of the sea - Lorne, Australia

5 minute read
September 12, 2023

In today's increasingly complex and innovative marketplace, adherence to regulation is of paramount importance for organisations in the financial services sector. It is, quite literally, a licence to operate. As financial services regulations evolve to respond to changing risks and products, stakeholders demand higher levels of transparency, accountability, and trust. Independent audits play a pivotal role in providing assurance regarding compliance with these regulations, offering valuable insights to organisations and their stakeholders. Whether mandated by regulatory bodies or undertaken voluntarily, audits can have numerous benefits that go beyond simple compliance verification.

The importance of regulatory compliance

Regulation is a good thing, no really! If you’re reading this and your eyes are rolling, then you are not alone. Long have sceptics felt that regulation does nothing but increase costs, reduce efficiency and stifle innovation. But consider yourself a customer for a moment. Regulation is protecting your money. It's protecting your job. It’s protecting the stability and freedom of your marketplace. It is giving you the assurance you need that tomorrow is just as safe as today for your financial wellbeing.

Compliance with regulations, therefore, is not merely a legal obligation but a fundamental necessity for the sustainability and credibility of any financial organisation. Non-compliance can lead to serious consequences, such as hefty fines, legal penalties, loss of investor confidence, and reputational damage.

Thinking beyond the burden of an audit

At the core of an independent audit lies impartiality and objectivity, together with a healthy dose of professional scepticism. External auditors, with their expertise and independence, evaluate an organisation's internal systems and controls to ensure they are designed to adhere to relevant regulations and have operated effectively to achieve that objective. The primary goal of an independent audit is to provide stakeholders (whether regulators, investors, customers, partners, management, non-execs, or any other stakeholder) with credible and reliable information about the organisation's current regulatory compliance, which in turn, provides a level of security for continued forward-looking compliance.

Audits are an underused tool when it comes to regulation. Few regulations actually mandate external audits - usually they are reserved for the most risky areas or where there have historically been problems (think LIBOR; think protection of customer assets). However, there is an increasing appreciation for the benefits (and costs avoided, such as a S166 ‘skilled person’ review imposed by a regulator) by voluntarily opting for a regulatory compliance audit proactively.

Take a look at your organisation’s risk register. How many of those risks are based on regulation or, conversely, partially managed via regulation? An audit provides management, the audit committee and a plethora of other stakeholders assurance that you are managing those risks effectively and within appetite. Recently, the UK government has clocked this and you may be familiar with the concept of an Audit & Assurance Policy which encourages organisations to ensure they are obtaining appropriate assurance where needed.

We are seeing increased demand from institutions for voluntary audits of compliance with regulations relating to anti-money laundering (AML), transaction reporting, operational resilience, cyber security and any number of other areas.

The benefits of audit beyond compliance

Mandatory independent audits, required by specific regulations, ensure that organisations maintain the prescribed standards. These audits provide an unbiased evaluation of an organisation's compliance efforts, enhancing transparency, accountability, and confidence among stakeholders. Additionally, these audits serve as protection against potential misconduct and irregularities, acting as a deterrent for fraudulent activities and unethical practices. Examples include safeguarding for electronic money firms and payments firms; Client Money and Assets (CASS) for investment firms; and the UK Benchmarks Regulation (BMR) for index providers, benchmark administrators and price reporting agencies.
Beyond the regulatory requirements, many organisations voluntarily request independent audits to demonstrate their commitment to responsible business practices. Voluntary audits are a proactive step that signals a dedication to high standards of transparency and risk management. Organisations that voluntarily seek audits gain a competitive edge by instilling confidence in stakeholders, attracting investors, and fostering strong partnerships. A good example of this is an operational resilience audit to support customer due diligence requests with respect to associated regulations in the UK and the Digital Operational Resilience Act (DORA) in the EU.
Audits go beyond compliance validation - they provide an opportunity to identify potential risks, gaps and vulnerabilities within an organisation, with the benefit of an external specialist that has a wealth of views and experience obtained delivering across the broader market. Auditors assess an organisation's governance and risk management practices, offering an opportunity to strengthen controls and minimise the risk of failure or regulatory sanction. They also can go a long way towards supporting the Audit & Assurance ‘maps’, which many are now implementing at the top of the house. By addressing risks proactively, organisations can protect their assets, reputation, and long-term viability. Don’t be the next breaking news story for the wrong reasons!
Auditors evaluate an organisation's internal controls and operational processes. Through audit findings, organisations can streamline their operations, optimise processes, and enhance efficiency. As a result, resources can be utilised more effectively, reducing inefficiencies and costs. In recent years regulators have imposed mandatory audits over capital and liquidity ratios at banks, in relation to so-called RWAs (Risk-Weighted Assets) - boards are now taking this forward annually, recognising the benefits it can bring.

Embracing audits and ensuring regulatory compliance

History is littered with institutional failure, scandal and fraud. No organisation is immune because no organisation is perfect. Management and boards can only make the best decisions with the information they have. So is there enough information?

Independent audits are powerful tools which organisations can leverage to manage their risk and demonstrate their commitment to compliance, risk management, and transparency. Whether mandated by regulations or undertaken voluntarily, audits provide assurance to stakeholders and foster trust in an organisation's operations. By embracing audits, organisations ensure that they not only meet regulatory requirements but also achieve operational excellence and long-term sustainability in the dynamic financial services landscape.

To find out more about our offerings

Explore our non-financial assurance services

Required fields are marked with an asterisk(*)

First Name*

Last Name*

Email address*

What can we help you with?*

Tick the box to verify you are not a robot. *

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

Gregory Campbell

Partner, Regulatory Assurance, PwC United Kingdom

Tel: +44 (0)7971 479439

Hide