The Auditing Standards Board (the “ASB”) of the American Institute of Certified Public Accountants recently released new standards as part of the “Attestation Clarity Project” with the goal of redrafting all its standards “in clarity format” (what format were they in before? And, while we’re at it, can we try to use English here? Clarity format?). This Project will require compliance by bankers and issuers with very specific disclosure obligations (reps?) before the auditors will issue an Agreed Upon Procedures Letter (AUPs) for securitizations. Some of this formalized existing practice, but the changes go further and are far more prescriptive. A “new letter of representation” from the party who hires the auditors (the “Engaging Party”) is required as well as similar letters from the parties providing the data that the auditors are reviewing (each, a “Responsible Party”). These new rules will become effective on May 1, 2017. Any AUP that is issued after May 1 will be subject to the new rules.

The Engaging Party will need to represent that it:

  • Is responsible for the criteria used by the auditors and that the criteria is appropriate for the engaging party’s intended purposes;
  • Acknowledges that each Responsible Party is responsible for the subject matter it provided to the auditors;
  • Is not aware of any material misstatements in any of the subject matter or any assertion reviewed by the auditors;
  • Has disclosed all known events occurring after the subject matter was reported that would have a material effect on the subject matter or any assertion; and
  • Has disclosed all other matters that the auditors deemed appropriate.

Each Responsible Party will each need to represent that it:

  • Is responsible for the subject matter the auditors reviewed in connection with the AUP;
  • Has disclosed all known matters “contradicting” the AUP’s subject matter (how, by the way does one contradict a “subject matter?” See comment about speaking English above. Did these guys miss class that day in sixth grade when English grammar was first explained?);
  • Has disclosed any communications from “regulatory agencies or others” (“others?” huh?) affecting the AUP’s subject matter;
  • Has provided access to all records relevant to the AUP’s subject matter and scope; and
  • Has disclosed all other matters that the auditors deemed appropriate.

Because these obligations apply to each party responsible for the information used in the AUP, obtaining the necessary representations will be more time consuming and, let’s face it, expensive, than current practice. Under these new “clarity format” rules, an accountant, if it’s not satisfied with the information, may withdraw from the engagement or soldier on and then disclose in the AUP that the required representations were not made. Wouldn’t that be a delightful surprise!

In addition to the above, starting in May, some accounting firms may date AUPs as of the date when their examination was completed (including the accountant’s review of the required representations), instead of the closing of the securitization. Although the rules don’t prevent auditors from dating down their AUPs (say, for example, in connection with the printing of “red” and “black” offering documents), some accounting firms may take the position that they should only date AUPs as of their review competition.

Is this really about clarity, or is this about risk shifting? Someone tell me I’m wrong, but it feels like risk shifting to me. Is the negotiation of the auditors’ engagement letter going to now be more difficult than the lawyer’s negative assurance letter? Are we creating a new more adversarial relationship between issuers and auditors? And note, many of the delivery obligations under this new standard are not entirely straightforward, leading to a need to resolve potentially complex questions about what information needs to be provided to the auditors. Heaven knows what materials could be deemed to “contradict” the AUP subject matter! What are parties going to have to do now to get comfortable that they have met the deliverables required by the new AUP Standard? These are all unanswered questions and maybe I’m getting ahead of myself but this really doesn’t feel like an exercise in enhanced clarity. It feels like we are getting lawyered up.

We have always largely released the auditors from liability. So, were there really unmanaged liabilities the auditors were incurring for which there needed to be a fix? Was there a real problem to which this is a solution? The old lawyer’s adage is never ask a question to which you don’t know the answer, and asking the parties to resolve questions like: What “contradicts” the AUP subject matter? Has there been any disclosure from regulatory agencies that affect the AUP subject matter?

Questions like these are an exercise in rabbit hole delving. These are really hard to answer and it’s going to take time and energy to do so. Maybe that’s not the point of this exercise, but boy, is it going to make engaging auditors harder. At a minimum this is going to give rise to a new and more elaborate process around the AUP exercise.

So my friends, get ready for more documents, more lawyers, more cats to herd and more legal fees. Maybe once we have done half a year’s worth with these new standards this will all become routinized and the annoyance and anxiety that I am feeling right now will have faded away. But at least for a while, it’s going to be a pain in the neck. And we really did need a new problem right now, right?