The announcement of civil and criminal insider trading charges earlier this month against Scott London, a senior audit partner at a major accounting firm, grabbed business headlines and took the public accounting profession by surprise. As insider trading schemes go, the alleged misconduct by London and his tippee, Bryan Shaw, was both brazen and unsophisticated: the SEC and criminal authorities alleged that, over an 18-month period, London provided Shaw with material nonpublic information regarding expected earnings or merger announcements involving five KPMG LLP clients, including two companies for which London served as the lead audit partner, enabling Shaw to make over $1.2 million in illicit trading profits. The allegations raise no novel issues under either the “traditional” or misappropriation theories of insider trading and, indeed, both London and Shaw reportedly intend to concede their culpability.
At the same time, the London case has given rise to considerable discussion about the responsibilities of public accounting firms to monitor the trading activities of their personnel, and whether the matter should prompt the PCAOB to adopt new rules requiring accounting firms to identify by name the lead engagement partners on public company audits in SEC filings and/or PCAOB reports. These issues are more nuanced and, in our view, should not lead to a rush to judgment by either regulators or the investing public. We discuss below what we believe to be the key implications of the London case for the relationship between public companies and their external auditors.
First, notwithstanding the serious breach of trust alleged, the London case does not reflect adversely on the current systems of quality controls that most large public accounting firms have adopted to restrict and monitor securities trading by their partners and other professional employees. London was not alleged to have traded personally in any KPMG clients, but instead to have “tipped” Shaw, his friend. Major accounting firms have detailed policies that, among other things, restrict personnel from trading in the securities of audit clients, require the pre-clearance and reporting of securities transactions, and provide for periodic “compliance audits” of investments by firm personnel. The London case does not call the effectiveness of these quality controls into question. No system of quality controls, however robust, can prevent a “rogue” partner or employee from surreptitiously tipping a third party who is not subject to the firm’s supervision or control.
Second, the London case serves as a reminder that public accounting firms should assess whether their existing insider trading training programs for firm personnel are adequate. Likewise, as part of their ongoing discussions with the external auditors, corporate audit committees should consider asking the auditors what procedures they have in place to safeguard the confidentiality of client information and whether they regularly educate their personnel on the perils of insider trading. In this case, London expressly admitted to the Government that KPMG’s annual ethics training made clear that tipping material nonpublic information was improper, and that he knew that passing nonpublic information to Shaw was wrong and in violation of KPMG policies. Not every firm may have provided its personnel with similar training, however, and the consequences to public companies and their auditors when a firm unexpectedly concludes it must resign an audit engagement due to improper trading are substantial. No public company wants to incur the logistical challenges associated with an unanticipated need to bring a new public accounting firm on board, particularly if its business models and accounting practices are already the subject of scrutiny by hedge funds or the financial media.
Third, the London case suggests that public accounting firms should give additional thought to how they discuss any violation of auditor independence requirements with their public company clients. After learning of London’s alleged tipping, KPMG resigned as the auditor of the two clients for which London had served as the lead engagement partner and withdrew its prior reports, stating that it was no longer independent. The firm’s conclusion is certainly understandable: the concept that an accountant may not possess a “direct or material indirect financial interest” in an audit client has long been a fundamental principle of auditor independence, and investors might well question a firm’s objectivity if they knew that a lead audit partner – or his tippees – stood to gain financially depending upon the client’s reported financial results.
Even so, the SEC’s and PCAOB’s current auditor independence requirements are quite detailed, and not all infractions of these voluminous rules are alike. In practice, situations can and do arise where accounting firms learn of inadvertent violations, discuss such situations with a client’s audit committee and management, and jointly conclude that the violation does not rise to a level that impedes a firm’s ability to continue as the outside auditors. When they become aware of an independence violation, firms need to be prepared to assess the violation critically, assess its impact thoroughly, and explain to their clients clearly why they believe a situation either does or does not warrant a decision, as in the London situation, to resign the engagement.
Fourth, while some have suggested that the London case should serve as a catalyst for the PCAOB to adopt a pending proposal to require auditors of SEC-registered clients to name the lead engagement partners in audit reports filed with the SEC and other reports submitted to the PCAOB, we view this argument as a nonsequitur. In this instance, there is no reason to believe that London would have desisted from his alleged misconduct had he been personally identified in KPMG’s audit reports as the lead audit partner on several firm engagements. Moreover, an audit is performed by a large engagement team, not a single auditor, and the results are subject to detailed review by other firm partners before an audit report is issued.
In addition, while individual auditors are identified by name in audit reports filed in certain jurisdictions outside the United States, the litigation landscape in this country remains singularly harsh. Some firms have argued that individual audit partners may face heightened liability under the federal securities laws, if they are identified by name in audit reports or PCAOB filings, and that the specter of such expanded liability may discourage qualified CPAs from serving as public company auditors. Accordingly, we believe that, before reaching a final judgment on its proposal, the PCAOB should carefully weigh the full range of considerations that have been identified by investors, public companies, and external auditors.