On 9 September 2015, Law No. 148/2015, approving the Legal Regime on Statutory Audits Supervision was published. The new regime, which will only come into force on 1 January 2016, applies to statutory auditors (ROCs), statutory audit firms (SROCs), auditors and audit entities of Member States of the European Union and of third countries registered in Portugal.
This law partially complies with Directive 2014/56/EU of the European Parliament and of the Council of 16 April 2014, on statutory audits of annual accounts and consolidated accounts, simultaneously enabling the enforcement, in the domestic legal order, of Regulation (EU) No 537/2014 of the European Parliament and of the Council of 16 April 2014, on specific requirements regarding statutory audit of public -interest entities.
By reviewing the European legal framework for the statutory audit of the annual and consolidated accounts, the aforementioned Directive aimed to generally reinforce and apply stricter requirements to the public supervision system. The Regulation developed and implemented various aspects related to the statutory audits of accounts of entities classified as of public interest, by recognising the importance, complexity and s cope that they represent, namely for the purposes of stability and confidence in the financial system.
Besides the compliance with the directive and the creation of rules for the application of the abovementioned regulation, Law no. 148/2015, of 9 September, amends the statute of the Portuguese Securities Commission (CMVM), the Portuguese Securities Code and the Commercial Companies Code (only Article 413), to ensure the conformity of the content of certain provisions of that statute and those codes with t he rules that will be set out in the new Regime on Statutory Audits Supervision. It also revokes Decree-Law no. 225/2008, of 20 November (which created the National Auditing Oversight Council and contained, in its Article 2, the internal list of entities classified as of public interest). The processes and procedures started and pending under that bo dy pass on to CMVM, together with the staff assigned to the body (only for some time). Nevertheless, there will still be a renamed General Auditing Oversight Council which will be regulated by Article 35 and the public-interest entities will be those listed in Article 3, both of the new Regime on Statutory Audits Supervision.
With the new Regime on Statutory Audits Supervision, CMVM will thus be responsible for public oversight of ROCs and SROCs, along with auditors and the audit entities of Member states and of third countries registered in Portugal, as well as all the auditing activities they carry out. It is to be noted that the responsibil ities of CMVM on this matter may overlap with those of Statutory Auditors Bar Association (OROC), including the oversight of procedures and acts of registration carried out by OROC and the quality control systems it has implemented pursuant to its by-laws. In connection with Supervision, Article 25.2(b) states that CMVM may even give orders and issue specific recommendations to the OROC.
Pursuant to Article 4.4 of the new Regime, the following shall be the exclusive responsibility of CMVM: (a) ensure quality control and the systems of inspection of ROCs and SROCs of auditors conducting the statutory audits of public -interest entities, as well as inspections of other auditors arising from a complaint by another national or foreign authority, (b) assess the performance of the supervisory body of public-interest entities, pursuant to Article 27 of Regulation (EU) no. 537/2014, of the European Parliament and of the Council of 16 April 2014, (c) issue regulations on matters falling within the scope of its responsibilities, consulting OROC for this purpose and (d) investigate and decide on administrative offence proceedings, including the application of penalties.
As already provided for in the Portuguese Securities Code, the preliminary registration of ROCs and SROCs with the CMVM is maintained, as well as registration with the OROC. The registration is a mandatory requirement for the performance of public interest activities by ROCs, SROCs and other auditors (duties defined in Article 41 of the new statute of OROC, approved by Law no. 140/2015, of 7 September, which will also enter into force in January 2016: auditing of accounts or other acts in which the interven tion of ROCs in that capacity is required). Registration with CMVM is developed in Articles 6 to 22 of the new Regime on Statutory Audits Supervision, including rules on refusal, cancellation, suspension and amendments. CMVM also guarantees the public and centralised disclosure of the registration system. Subject to registration as well are auditors and the audit entities of Member States and of third countries that intend to carry out statutory audits in Portugal.
Information requirements include the following: (i) ROCs and SROCs that audit the accounts of public-interest entities shall prepare and disclose an annual transparency report, as well as an additional report on the supervisory board in the case of a statutory audit; and (ii) ROCs or SROCs that audit the accounts of public-interest entities shall confirm in writing to the supervisory body of the audited entity that its partners, as well as the top management and directors who perform the statutory audit, are independent from the entity, as well as inform the supervisory body of the entity, each year, of all the services, other than auditing, provided to the entity and to examine, with the supervisory body of the audited entity, any threats to their independence and the safeguards applied to reduce these threats.
With regard to supervision, the prerogatives already attributed to CMVM by the Portuguese Securities Code (namely the exchange of information with other entities, the supervision of compliance with the law and the power to give orders, demand details and information, examine documents, conduct inspections, monitor advertising, etc.) are now extended to the new audit oversight duties regarding the auditing activity, with the power to request information from the Statutory Auditors Bar Association and, as mentioned above, give orders and issue recommendations to the OROC. CMVM may also, whenever necessary, commence and conduct quality control operations with any ROCs and SROCs, and take the measures that it considers appropriate as a result of such quality control operations. However, CMVM may not interfere in the contents of the legal certification of the accounts or the audit report.
Breach of the duty to make reservations or request to be excused of duty in the legal certification of accounts, as well as breach of the duties of independence and of confidentiality by auditors are qualified as very serious administrative offences and therefore punished with a fine ranging from €25,000.00 to €5,000,000.00.