The Securities and Exchange Commission (SEC) has recently disclosed two settled enforcement actions against Prager Metis CPAs, an audit firm linked to FTX, the now-defunct crypto trading platform. The firm's founder and former CEO, Sam Bankman-Fried, is currently in custody alongside Sean "Diddy" Combs at the Metropolitan Detention Center in Brooklyn. These enforcement actions highlight three important considerations for auditors and accountants: the SEC's stance on auditor independence, the qualifications of individuals conducting audits in emerging sectors and the significance of written documentation in the context of regulatory scrutiny.
In a recent article authored by Gray Reed Partners Joshua Smeltzer and Chris Davis, featured in Bloomberg Law, the implications of recent enforcement actions for auditors and accountants are examined. Joshua Smeltzer, a former Justice Department trial attorney, and Chris Davis, the Government Investigations & Compliance Practice Group Leader at Gray Reed, shared their insights on key considerations for auditors navigating these challenges. Together, Joshua and Chris also co-chair the firm's Blockchain and Digital Assets Practice.
Excerpt:
Be aware of the SEC's aggressive view of auditor independence. In our experience, audit firms are keenly attuned to independence—maybe more than any other issue. But the allegation here—that independence was impaired by an indemnity provision in the engagement agreements—is one that could easily be missed.
The SEC's claim that independence was impaired hinges on its "view" that indemnity agreements impair independence. The Commission articulated this view 20 years ago, through an FAQ and an interpretation. But in 2006, a standing advisory group of the American Institute of Certified Public Accountants said that independence isn't necessarily impaired if the engagement letter includes certain types of indemnity provisions.
Read the full article here.
- Gray Reed partners say anything in writing could be evidence
- Experience and documentation matter in digital asset audits
The Securities and Exchange Commission recently announced two settled enforcement actions against Prager Metis CPAs, one of the audit firms connected to FTX, the failed crypto trading firm whose founder and former CEO, Sam Bankman-Fried, is now sharing quarters with Sean "Diddy" Combs at the Metropolitan Detention Center in Brooklyn.
There are three clear considerations from the SEC's enforcement actions here for auditors and accountants: the SEC's view of auditor independence, consideration of who's doing the audits in emerging industries, and the importance of what you do—and don't—put in writing.
Be aware of the SEC's aggressive view of auditor independence. In our experience, audit firms are keenly attuned to independence—maybe more than any other issue. But the allegation here—that independence was impaired by an indemnity provision in the engagement agreements—is one that could easily be missed.
The SEC's claim that independence was impaired hinges on its "view" that indemnity agreements impair independence. The Commission articulated this view 20 years ago, through an FAQ and an interpretation. But in 2006, a standing advisory group of the American Institute of Certified Public Accountants said that independence isn't necessarily impaired if the engagement letter includes certain types of indemnity provisions.
The same opinion went on to say that auditors must comply with the SEC's (contradictory) independence guidance when auditing public companies. This could lead to confusion, so standard engagement letters should be reviewed to account for these differences when an SEC-regulated entity is audited.
Be careful that only experienced professionals staff audits involving emerging industries. This is especially true in areas such as blockchain and digital assets. The SEC alleged this was one of the key failings here.
In a nascent industry such as digital assets, this raises a chicken-or-egg question: How can a firm staff an engagement with experienced people if the industry itself just came into existence?
The Public Company Accounting Oversight Board's AS 1010, which addresses training and proficiency, provides some guidance. It requires an audit to be performed by people with adequate technical training and proficiency in auditing. It also recognizes this proficiency may be attained through a combination of formal education, professional experience, and training.
Consequently, a firm should consider whether all these factors, taken together, mean that an engagement is properly staffed. This may require education or technical training, paired with experience auditing comparable clients in similar industries.
For instance, while the SEC acknowledged that two outside contractors for Prager Metis had experience auditing cryptocurrency trading platforms, it alleged they hadn't audited clients of the size and complexity of FTX. More important, the SEC alleged that the engagement partner who supervised their work had "fundamental deficiencies in knowledge and competence."
Moving quickly without a clearly defined plan of how to establish or obtain the proper qualifications comes with a bigger risk after these enforcement actions. Finally, firms should ensure that the team's bona fides are well-documented so they can't be questioned later.
Be aware that everything you put in writing is potential evidence in a regulatory investigation. The SEC alleged that the Prager Metis engagement partner acknowledged staffing would be "somewhat on the fly," but still pushed for proceeding quickly. Based on our experience, there is likely more context to this statement, which may have been cherry-picked out of a significant body of evidence. But that context isn't in the SEC's complaint, and as the saying goes, winners write history.
In hindsight, giving the SEC this quote—especially coming from the engagement partner and especially in an audit of a highly scrutinized industry—likely made the SEC's job much easier. So before putting anything in writing, ask, "Would I want to explain this to a regulator?" This advice applies not just to lower-level employees, but all the way up to the highest levels of the organization.
Originally published by Bloomberg Law
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.