EXPLANATORY MEMORANDUM

1.           CONTEXT OF THE PROPOSAL

The measures adopted both in Europe and elsewhere in the direct aftermath of the financial crisis have mainly focused on the urgent need to stabilise the financial system. While the role played by banks, hedge funds, rating agencies, supervisors or central banks has been questioned and analysed in depth in many instances, little or no attention had been given to the role auditors played in the crisis – or indeed the role they should have played. Given that many banks revealed huge losses from 2007 to 2009 on the positions they had held both on and off balance sheet, it is difficult for many citizens and investors to understand how auditors could give clean audit reports to their clients (in particular banks) for those periods.

It is important to note that in a crisis where €4 588.9 billion of taxpayer money was committed to support banks between October 2008 and October 2009 and where such aid accounted for 39% of EU 27 GDP in 2009[1], all components of the financial system need to be improved.

Robust audit is key to re-establishing trust and market confidence. It contributes to investor protection by providing easily accessible, cost-effective and trustworthy information about the financial statements of companies. It also potentially reduces the cost of capital for audited companies by ensuring more transparency and reliability of financial statements.

It is also important to stress that auditors are entrusted by law to conduct statutory audits of the financial statements of companies which enjoy limited liability and/or are authorised to provide services in the financial sector. This entrustment responds to the fulfilment of a societal role in offering an opinion on the truth and fairness of the financial statements of those companies.

Since 1984, EU rules have partially regulated statutory audit when a directive (Directive 1984/253/EEC) harmonized the procedures for the approval of auditors. Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC (hereinafter Directive 2006/43/EC) was adopted in 2006 and considerably broadened the scope of the former Directive.

The financial crisis has highlighted weaknesses in the statutory audit especially with regard to Public-Interest Entities (PIE), entities which are of significant public interest because of their business, their size, their number of employees or their corporate status is such that they have a wide range of stakeholders. Therefore, this proposal lays down conditions for carrying out the statutory audit on the financial statements of PIEs.

2.           RESULTS OF CONSULTATIONS WITH THE INTERESTED PARTIES AND IMPACT ASSESSMENTS

The Commission conducted a consultation from 13 October to 8 December 2010[2].

In all, almost 700 responses from various stakeholders; these included members of the profession, supervisors, investors, academics, companies, government authorities, professional bodies and individuals were received.

The consultation has shown both an appetite for as well as resistance to change; stakeholders who are currently well established are particularly opposed to changes. On the other hand, especially small and medium sized practitioners as well as investors concluded that the recent financial crisis highlighted serious shortcomings. A summary of public submissions received can be found on:

http://ec.europa.eu/internal_market/consultations/docs/2010/audit/summary_responses_en.pdf

In addition, a high level conference on audit held by the Commission on 10 February 2011[3] allowed for a further exchange of views.

The European Parliament adopted an own-initiative report on 13 September 2011 on this matter in reaction to the Commission's Green Paper and urges the Commission to ensure more transparency and competition in the audit market.[4] The European Economic and Social Committee (EESC) adopted a similar report on 16 June 2011.[5]

The issues were also brought to the attention of the Member States at the Financial Services Committee meeting of 16 May 2011 and at the Audit Regulatory Committee meeting of 24 June 2011.

In keeping with the principles of 'Better Regulation', the Impact Assessment identifies the various problem areas that may require regulatory action:

· There is an expectation gap between what stakeholders expect of an audit and what auditors actually do.

· Independence is neither assured nor demonstrable in a paradigm where audit has effectively become one of a plethora of commercial services. The lack of regular tendering of audit services and periodic rotation of audit firms has deprived audit of its key ethos: professional scepticism.

· Market concentration and lack of choice: The market is so polarised that rare is the occasion when the auditor of a PIE is not a 'Big Four' firm. In the majority of Member States, the Big Four audit more than 85% of large listed companies.

The impact assessment resulted in the following preferred policy options:

· The scope of statutory audit should be clarified and specified and the information that the auditor provides to users, the audited entities, audit committees and supervisors improved.

· The prohibition of the provision of non-audit services to the audited entities and even the prohibition of the provision of non-audit services in general would effectively address the need to reinforce independence and professional scepticism. Moreover, stricter rules in the procedure for the appointment of auditors and the introduction of mandatory audit firm rotation would contribute to higher quality audits.

· To facilitate an objective choice of an audit provider, contractual clauses limiting audit firm choice should be prohibited, the transparency on audit quality and on audit firms should be increased and an audit quality certification should be established.

· To increase the choice of audit providers ownership restrictions should be lifted.

· National audit supervisory authorities should be strengthened and an EU-wide cooperation within the European Securities and Markets Authority (ESMA) should be set up.

The impact assessment report for this proposal can be found on:

http://ec.europa.eu/internal_market/auditing/index_en.htm

3.           LEGAL ELEMENTS OF THE PROPOSAL

3.1         Legal basis

The existing Directive 2006/43/EC is based on Article 50 TFEU. The establishment related requirements (e.g. those requirements that deal with the approval/registration of auditors) and amendments thereto remain within the purvey of the Directive[6].

Specific additional requirements that deal with the conduct of a statutory audit of PIEs are set out in this regulation, based on Article 114 TFEU.

3.2.        Subsidiarity and proportionality

So far, EU rules have left a large discretion to Member States, which in turn have largely relied on self-regulation by the profession. The crisis has shown that self-regulation is not adequate when looking towards the future. Moreover, the problems highlighted in the Impact Assessment cannot be solved at a national level as important differences would emerge in the regulatory framework and this in turn would seriously undermine the single market.

Given the interconnected nature of securities markets and financial actors, audit should be conducted across the Union within a harmonised framework. It is critical that the role, independence of auditors and the market structure are dealt with at the level of the Union as PIEs in Europe often have cross-border activities. It is worth noting that legislation covering investor protection as well as financial institutions is already enacted at the level of the Union.

Moreover, a coordinated approach at the level of the Union, supplemented by international support, would also lower the risk of regulatory arbitrage.

The proposal respects the principle of proportionality and it does not go beyond what is necessary to achieve the objectives pursued.

3.3.        Detailed explanation of the proposal

Articles 39 to 43 of Directive 2006/43/EC already deal with certain requirements which apply to the statutory audit of PIEs. Those requirements will no longer be comprised in the Directive, but integrated (and further developed) in this Regulation.

A Regulation is a suitable and proportionate legal instrument to ensure high quality of audits of PIEs. The direct applicability of a Regulation offers greater legal certainty. Also, the legislation would become applicable at the same date across the Union, thus avoiding problems associated with the late transpostion of legislation by Member States[7]. Furthermore, a regulation offers the highest degree of harmonisation: statutory audits would be carried out under substantially identical rules in all Member States.

3.3.1.     Title I (subject matter, scope and definitions)

The Regulation applies to auditors that carry out statutory audits of PIEs and to the audited PIEs, e. g. rules on the audit committee which a PIE is required to have.

For the purpose of the Regulation the definitions that apply to the amended Directive 2006/43/EC should also apply here. As the financial sector evolves, new categories of financial institutions are created under Union law and it is thus appropriate that the definition of PIEs also encompasses investment firms, payment institutions, undertakings for collective investment in transferable securities (UCITS), electronic money institutions and alternative investment funds.

3.3.2.     Title II (Conditions for carrying out statutory audit of public-interest entities)

Chapter I (Independence and avoidance of conflict of interest)

An auditor should establish adequate policies and procedures to ensure compliance with the obligations under the Regulation regarding independence, internal quality control systems and the supervision of employees.

Former auditors, key audit partners or their employees are not allowed to take up a key management position in the audited entity, to become a member of the audit committee of the audited entity, to become a non-executive member of the administrative body or to join the supervisory body of the audited entity within two years after the termination of the audit engagement.

The fees for the provision of related financial audit services to the audited entity should be limited to 10 % of the audit fees paid by that entity. Additionally, where the total fees, audit and related financial audit services, received by an auditor from a PIE reach a significant percentage of his/her/its total annual fees, appropriate safeguards should be applied.

The statutory auditor, audit firm or member of the audit firm's network will be prevented from providing certain non-audit services which are fundamentally incompatible with the independent public-interest function of audit to their audited entities in all cases, while for other non-services that are not fundamentally incompatible with the audit services, the audit committee or the competent authority will be empowered to assess, depending on the concrete circumstances, whether or not they may be provided to the audited entity.. However, related financial audit services could be provided. The Commission is empowered to adapt the lists of authorised services and of prohibited services in accordance with the conditions set out in Title VI. In addition, audit firms of significant dimension should focus their professional activity on the carrying out of statutory audit and should not be allowed to undertake non-audit services.

Before accepting or continuing an engagement, an auditor should assess all potential threats to his/her/its independence and confirm his/her independence to the audit committee.

Chapter II (Confidentiality and professional secrecy)

Auditors should not invoke professional secrecy rules to prevent the application of the provisions of this proposal.

Article 13 ensures that necessary information can be exchanged during the performance of the audit. However, such rules would not allow an auditor to cooperate with third country authorities outside the cooperation channels foreseen in Chapter XI of Directive 2006/43/EC.

Chapter III (Performance of the statutory audit)

The Regulation lays out that the auditor should take the necessary steps with a view to forming an opinion as to whether the financial statements give a true and fair view and have been prepared in accordance with the relevant financial reporting framework. It does not include the assurance on the future viability of the audited entity nor the efficiency or effectiveness with which the management or the administrative body has conducted or will conduct the affairs of the entity. However, this exclusion should neither undermine the tasks that an auditor needs to undertake in order to conduct the audit properly nor any reporting requirements.

Professional scepticism is reinforced. The auditor should always remain alert to the possibilty of a material misstatement due to error or fraud, notwithstanding the auditor's past experience with the entity.

Basic requirements for the performance of the statutory audit are established. The audit firm should designate at least a key audit partner, who should be actively involved in the carrying out of the statutory audit. Sufficient resources should be assigned as well. A client account record should be maintained and an audit file should be created. Moreover, the auditor should make sure that all the organisational requirements are properly applied.

Where an incident which has or may have serious consequences for the integrity of the statutory audit activities happens, the auditor should take appropriate measures with a view to managing the consequences of the incident and prevent any recurrence.

In the case of the audit of consolidated financial statements, where the group auditor is not in the position to document the audit work performed by third-country auditor(s), he needs to take appropriate measures including additional audit work and inform the competent authority.

An auditor/audit firm should carry out its own internal quality control review before submitting the audit report. The review should be the responsibility of an auditor who is not involved in the performance of the statutory audit to which the internal quality review relates.

Chapter IV (Audit reporting)

The content of the audit report disclosed to the public is expanded so that it explains the methodology used, especially how much of the balance sheet has been directly verified and how much has been based on system and compliance testing, the levels of materiality applied to perform the audit, the key areas of risk of material misstatements of the financial statements, whether the statutory audit was designed to detect fraud and, in the event of a qualified or adverse opinion or a disclaimer of opinion, the reasons for such a decision. It should also explain the variation in the weighting of substantive and compliance testing when compared to the previous year.

Moreover, the auditor should also prepare a longer and more detailed report for the audit committee. This report would provide more detailed information on the audit carried out, on the situation of the undertaking as such (e. g. going concern) and the findings of the audit combined with the necessary explanations. This additional report would also present (and justify) the audit work carried out to the audit committee. This longer report would be submitted to the audit committee and to the management of the audited entity, but not to the public (given that its content would include business secrets and potentially price sensitive information). However, upon request, the auditor should make this report available to the competent authority.

In most of the financial services directives, the auditor is already required to the competent authorities supervising the PIE any fact or decision concerning the PIE. This obligation is now extended to all PIEs. Moreover, competent authorities supervising credit institutions and insurance undertakings should establish a regular dialogue with the auditors.

Chapter V (Transparency reporting by statutory auditors and audit firms and record keeping)

Auditors will be required to disclose financial information, showing in particular their total turnover divided into audit fees paid by PIEs, audit fees paid by other entities and fees for other services. They should also disclose financial information at the level of the network to which they belong.

The transparency reports of auditors of PIEs should be completed by a statement on the firms' own corporate governance. Additional supplementary information on audit fees should be provided to competent authorities with a view to facilitating their supervisory tasks.

The auditor should keep certain documents and information for a period of five years.

3.3.3.     Title III (The appointment of statutory auditors or audit firms by public-interest entities)

In order to reinforce the independence and capacity of the audit committee, it should be composed of non-executive members, at least one member should have experience and knowledge in auditing and another one in accounting and/or auditing.

The proposal for the appointment of the auditor to the meeting of shareholders should be based on a recommendation of the audit committee. The recommendation should always contain a justification of the decision proposed. In addition, unless it concerns the renewal of an audit engagement, the recommendation should contain at least two choices (excluding the incumbent auditor) and the audit committee should express a duly justified preference for one of them. The recommendation of the audit committee should be made after the completion of a due tendering process. In the case of credit institutions or insurance undertakings, the audit committee should submit its recommendation to the prudential supervisory authority, which should have the right to veto the choice proposed.

Contractual clauses with third parties limiting the audited entity's choice of an auditor should be prohibited.

With a view to addressing the threat of familiarity that results from the audited undertaking often appointing and re-appointing the same audit firm for decades, the regulation introduces mandatory rotation of audit firms after a maximum period of 6 years that may be, under certain exceptional circumstances, extended to 8 years. Where a public-interest entity has appointed two or more statutory auditors or audit firms, the maximum duration of the engagements will be 9 years; on an exceptional basis, such duration may be extended to 12 years. It also provides for a cooling-off period before the audit firm is able to carry out the statutory audit of the same entity again. In order to ensure a smooth transition the former auditor is required to transfer a handover file with relevant information to the incoming auditor.

The audit committee, one or more shareholders, the competent authorities and the competent authorities for the supervision of the PIEs are empowered to bring a claim before a national court for the dismissal of the auditor where there are proper grounds.

3.3.4.     Title IV (Surveillance of the activities of auditors and audit firms carrying out statutory audit of public-interest entities)

Chapter I (Competent authorities)

Each Member State should designate a competent authority responsible for the supervision of auditors and audit firms auditing PIEs. These authorities should be adequately staffed and independent of auditors. The obligations of professional secrecy apply to the competent authorities employees.

The competent authorities should have all supervisory and investigative powers that are necessary to exercise their function but should not interfere with the content of an audit report..

The competent authorities should cooperate at the national level with the authority responsible for the approval and registration of statutory auditors and audit firms (Directive 2006/43/EC) and with other supervisors of PIEs e. g. the banking or the insurance supervisor.

Chapter II (Quality assurance, investigation, market monitoring, contingency planning and transparency of competent authorities)

The tasks of the competent authorities include:

· undertaking quality assurance reviews on the statutory audits carried out. These reviews should be proportionate to the scale and dimension of activity of the reviewed auditor;

· investigating with a view to detecting, correcting and preventing inadequate statutory audits of PIEs;

· monitoring the developments in the market for the provision of statutory audit services to PIEs;

· regularly monitoring the possible threats to the continuity of the operations of large audit firms, including the risks arising from high concentration and requiring large audit firms to establish contingency plans to address such threats;

· being transparent about their activities, including the publication of individual quality assurance review reports.

Chapter III (Cooperation between competent authorities and relations with the European supervisory authorities)

The regulation requires that the EU-wide cooperation between competent authorities takes place within ESMA, thus taking over the current EU-wide cooperation mechanism under the aegis of the European Group of Auditors' Oversight Bodies (EGAOB), an expert group chaired by the European Commission. ESMA is already working in the field of auditing (and accounting) regarding PIEs and the legal framework foresees the cooperation of ESMA, the European Banking Authority (EBA) and the European Insurance and Occupational Pensions Authority (EIOPA) within their joint committee in the area of auditing. ESMA is required to create a permanent internal committee which should at least be composed of the national competent authorities.

ESMA should issue guidance on several issues: e.g. on the content and presentation of the audit report and the additional report to the audit committe, on the oversight activity of the audit committee or for conducting quality assurance reviews.

A 'voluntary' pan-European audit quality certification is introduced to increase the visibility, recognition and reputation of all audit firms having capacities to conduct high quality audits of PIEs. ESMA should publish the requirements for obtaining the certificate along with any administrative and fee implications. National competent authorities should be involved in the examination of the application for the certificate. Concerning investigation and on-site inspections, competent authorities should notify the competent authority of the other Member State, if they conclude that activities contrary to the provisions of the Regulation are being or have been carried out. Moreover, a competent authority of a Member State may request that an investigation be carried out by the competent authority of another Member State in the latter's territory.

Furthermore, colleges of competent authorities may be established by ESMA upon request of one or more competent authorities in order to facilitate the exercise of certain tasks.

Chapter IV (Cooperation with third country auditors and with international organisations and bodies)

The competent authorities and ESMA may conclude cooperation agreements on the exchange of information with the competent authorities of third countries only if the information disclosed is subject to guarantees of professional secrecy and provided data protection rules are respected.

3.3.5.     Title V (Supervisory measures and penalties)

In order to improve compliance with the requirements of this Regulation and following the Commission Communication of 9 December 2010 entitled 'Reinforcing sanctioning regimes in the financial sector'[8], the powers to adopt supervisory measures and the sanctioning powers of competent authorities are enhanced. Administrative pecuniary sanctions on auditors and PIEs for identified violations are envisaged. Authorities should be transparent about the sanctions and measures they apply.

3.3.6.     Title VI (Reporting and transitional and final provisions)

A transitional regime is introduced regarding the entry into force of the obligation to rotate audit firms, the obligation to organise a selection procedure for the choice of audit firm and the establishment of audit firms that only provide audit services.

3.3.7.     Regulatory technical standards and compliance with Article 290 TFE

In order to take account of developments in auditing and the audit market, ESMA is requested to submit regulatory technical standards to the Commission in order to specify technical requirements on the content of the handover file that the new auditor should receive and the establishment of a European quality certificate for auditors carrying out statutory audits of PIEs. The Commission is empowered to adopt these technical standards as delegated acts.

On 23 September 2009, the Commission adopted proposals for Regulations establishing EBA, EIOPA (The European Insurance and Occupational Pensions Authority (EIOPA), and ESMA (European Securities and Markets Authority)[9]. In this respect the Commission wishes to recall the Statements in relation to Articles 290 and 291 TFEU it made at the adoption of the Regulations establishing the European Supervisory Authorities according to which: "As regards the process for the adoption of regulatory standards, the Commission emphasises the unique character of the financial services sector, following from the Lamfalussy structure and explicitly recognised in Declaration 39 to the TFEU. However, the Commission has serious doubts whether the restrictions on its role when adopting delegated acts and implementing measures are in line with Articles 290 and 291 TFEU."

4.           BUDGETARY IMPLICATION

The Commission's proposal has no direct or indirect impact on the European Union budget. In particular, tasks that would be entrusted to EU supervisory bodies as mentioned in the proposal would not entail additional EU funding.

2011/0359 (COD)

Proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

on specific requirements regarding statutory audit of public-interest entities

(Text with EEA relevance)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national Parliaments,

Having regard to the opinion of the European Economic and Social Committee[10],

After consulting the European Data Protection Supervisor[11],

Acting in accordance with the ordinary legislative procedure,

Whereas:

(1) Statutory auditors and audit firms are entrusted by law to conduct statutory audits of public-interest entities with a view to enhancing the degree of confidence of the public in the annual and consolidated financial statements of such entities. The public-interest function of statutory audit means that a broad community of people and institutions rely on the quality of a statutory auditor's work. Good audit quality contributes to the orderly functioning of markets by enhancing the integrity and efficiency of financial statements. Thereby, auditors fulfil a particularly important societal role.

(2) Union legislation requires that the financial stements, comprising annual accounts or consolidated accounts, of credit institutions, insurance undertakings, issuers of securities admitted to trading on a regulated market, payment institutions, UCITS, electronic money institutions and alternative investment funds be audited by one or more persons entitled to carry out such audits in accordance with Union law, namely: Article 1(1) of Council Directive 86/635/EEC of 8 December 1986 on the annual accounts and consolidated accounts of banks and other financial institutions[12], Article 1(1) of Council Directive 91/674/EEC of 19 December 1991 on the annual accounts and consolidated accounts of insurance undertankings[13], Article 4(4) of Directive 2004/109/EC of the European Parliament and of the Council of 15 December 2004 on the harmonisation of transparency requirements in relation to information about issuers whose securities are admitted to trading on a regulated market and amending Directive 2001/34/EC[14], Article 15(2) of Directive 2007/64/EC of the European Parliament and of the Council of 13 November 2007 on payment services in the internal market amending Directives 97/7/EC, 2002/65/EC, 2005/60/EC and 2006/48/EC and repealing Directive 97/5/EC[15], Article 73 of Directive 2009/65/EC of the European Parliament and of the Council of 13 July 2009 on the coordination of laws, regulations and administrative provisions relating to undertakings for collective investment in transferable securities (UCITS)[16], Article 3(1) of Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48EC and repealing Directive 2000/46/EC[17], and Article 22(3) of Directive 2011/61/EC of the European Parliament and of the Council of 8 June 2011 on Alternative Investment Fund Managers and amending Directives 2003/41/EC and 2009/65/EC and Regulations (EC) No 1060/2009 and (EU) No 1095/2010[18]. Moreover, Article 4(1)(1) of Directive 2004/39/EC of the European Parliament and of the Council of 21 April 2004 on markets in financial instruments amending Council Directives 85/611/EEC and 93/6/EEC and Directive 2000/12/EC of the European Parliament and of the Council and repealing Council Directive 93/22/EEC[19] also requires that the annual financial statements of investment firms be audited when the Fourth Council Directive 78/660/EEC of 25 July 1978 on the annual accounts of certain types of companies[20] or the Seventh Council Directive 83/349/EEC of 13 June 1983 on consolidated accounts[21] are not appplicable.

(3) The conditions for the approval of the persons responsible for carrying out the statutory audit as well as the minimum requirements for carrying out such statutory audit are laid down in Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC[22].

(4) During the recent financial crisis, numerous banks revealed huge losses from 2007 to 2009 on the position they had held both on and off balance sheet. This raised not only the question of how auditors could give unqualified audit reports to their clients for those periods but also about the suitability and adequacy of the current legislative framework. The Commission published on 13 October 2010 a Green Paper on Audit Policy: Lessons from the Crisis[23], which launched a wide public consultation, in the general context of financial market regulatory reform, on the role and scope of audit and how the audit function could be enhanced in order to contribute to increased financial stability. It resulted from the public consultation that the rules of Directive 2006/43/EC regarding the carrying out of the statutory audit of annual and consolidated accounts of public-interest entities could be substantially improved. The European Parliament issued an own initiative report on the Green Paper on 13 September 2011. The European Economic and Social Committee also adopted a report on that Green Paper on 16 June 2011.

(5) It is important to lay down detailed rules with a view to ensuring that the statutory audits of public-interest entities are of adequate quality and are carried out by statutory auditors and audit firms subject to stringent requirements. A common regulatory approach should enhance the integrity, independence, objectivity, responsibility, transparency and reliability of statutory auditors and audit firms carrying out statutory audit of public-interest entities, contributing to the quality of statutory audit in the Union, thereby contributing to smooth functioning of the internal market, while achieving a high level of consumer and investor protection. The development of a separate act for public-interest entities should also ensure consistent harmonisation and uniform application and thus contribute to a more effective functioning of the internal market.

(6) The financial sector is evolving and new categories of financial institutions are created by Union law. The importance of new entities and activities outside the regular banking system is growing and their impact on financial stability has become greater. Therefore, it is appropriate that the definition of public-interest entity also encompasses other financial institutions and entities such as investment firms, payment institutions, undertakings for collective investments in transferable securities (UCITS), electronic money institutions and alternative investment funds.

(7) Audit of annual and consolidated financial statements is intended as a statutory safeguard for investors, lenders and business counterparties who have a stake or a business interest in public-interest entities. Hence, statutory auditors and audit firms should be completely independent when carrying out statutory audits of such entities and conflicts of interest should be avoided. In order to determine the independence of auditors and audit firms, the concept of network in which auditors and firms operate has to be taken into account.

(8) Adequate internal organisation of statutory auditors and audit firms should contribute to preventing any threats to their independence. Thus, owners or shareholders of an audit firm, as well as those managing it, should not intervene in the carrying out of a statutory audit in any way which jeopardises the independence and objectivity of the statutory auditor who carries out the statutory audit on behalf of the audit firm. Additionally, statutory auditors and audit firms should establish appropriate internal policies and procedures in relation to employees and other persons involved in the statutory audit activity within their organisations in order to ensure compliance with their statutory obligations. Those policies and procedures should in particular seek to prevent and address any threats to independence and ensure the quality, integrity and thoroughness of the statutory audit. Those policies and procedures should be proportionate in view of the scale and complexity of the business of the statutory auditor or audit firm.

(9) Auditors, audit firms and their employees should in particular refrain from carrying out the statutory audit of an entity if they have a business interest or financial interest in it and from engaging on trading in financial instruments issued, guaranteed or otherwise supported by an audited entity, other than holdings in diversified collective investment schemes. The statutory auditor or audit firm should abstain from the internal decision-making processes of the audited entity. Statutory auditors or their employees should be prevented from taking up duties in the audited entity at managerial or board level until an appropriate period has elapsed since the end of the audit engagement.

(10) The level of fees received from one audited entity and the structure of fees can also threaten the independence of a statutory auditor or audit firm. Thus, it is important to ensure that audit fees are not based on any form of contingency and that, when the audit fees from a single client are significant, a specific procedure is established to secure the quality of the audit. If the dependence on a single client is excessive, the statutory auditor or the audit firm should refrain from undertaking the statutory audit in question.

(11) The provision of services other than statutory audit to audited entities by statutory auditors, audit firms or members of their networks may compromise their independence. Therefore, it is appropriate to require the statutory auditor, the audit firm and the members of their network not to provide non-audit services to their audited entities. The provision of non-audit services by an audit firm to a company would prevent that audit firm from carrying out statutory audit of that company, thus resulting in a reduction of the audit firms available to provide statutory audit, in particular with regard to the audit of large public-interest entities where the market is concentrated. As a result, in order to secure that a minimum number of audit firms is able to provide audit services to large public-interest entities, it is appropriate to request that audit firms of significant dimension focus their professional activity on the carrying out of statutory audit and are not allowed to undertake other services unconnected to their statutory audit function such as consultancy or advisory services.

(12) With a view to avoiding conflicts of interest it is important that the statutory auditor or the audit firm, before accepting or continuing an engagement for a statutory audit of a public-interest entity, assesses whether the independence requirements are met, and in particular whether any threats to independence arise as a result of the relationship with that entity. In order to maintain this independence, it is also important that they keep records of all threats to their independence and that of their employeess and other persons involved in the statutory audit process, as well as the safeguards applied to mitigate those threats. Moreover, where the threats to their indepedence, even after having applied safeguards to mitigate those threats, are too significant, they should resign or abstain from the audit engagement. The statutory auditor or the audit firm should confirm annually to the audit committee of the audited entity their independence and discuss with such committee any threat to their independence as well as the safeguards applied to mitigate those threats.

(13) Directive 95/46 of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data[24] govern the processing of personal data carried our in the Member States in the context of this Regulation and under the supervision of the Member States competent authorities, in particular the public independent authorities designated by the Member States. Regulation (EU) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the EU institutions and bodies and on the free movement of such data[25], governs the processing of personal data carried out by ESMA within the framework of this Regulation and under the supervision of the European Data Protection Supervisor. Any exchange or transmission of information by competent authorities should be in accordance with the rules on the transfer of personal data as laid down in Directive 95/46/EC and any exchange or transmission of information by ESMA should be in accordance with the rules on the transfer of personal data as laid down in Regulation (EC) No 45/2001.

(14) It is important that statutory auditors and audit firms respect the rights to private life and data protection of of their clients. They should therefore be bound by strict rules on confidentiality and professional secrecy which, however, should not impede the proper enforcement of this Regulation or the cooperation with the group auditor during the performance of the audit of consolidated financial statements when the parent undertaking is in a third country, provided that Directive 95/46/EC is complied with. However, such rules would not allow a statutory auditor or audit firm to cooperate with third country authorities outside the cooperation channels foreseen in Chapter XI of Directive 2006/43/EC. Those confidentiality rules should also apply to any statutory auditor or audit firm which has ceased to be involved in a specific audit task.

(15) The statutory audit results in an opinion on the truth and fairness of the financial statements of the audited entities. Stakeholders, however, might to be unaware of the limitations of an audit (materiality, sampling techniques, role of the auditor in the detection of fraud and the responsibility of managers), which can lead to an expectation gap. In order to reduce such gap, it is important to provide more clarity on what the scope of the statutory audit is.

(16) Whilst the primary responsibility for delivering financial information should rest with the management of the audited entities, auditors play a role by actively challenging management from a user's perspective. In order to improve audit quality, it is therefore important that the professional scepticism exercised by auditors vis-à-vis the audited entity is reinforced. Auditors should recognise the possibility that a material misstatment due to fraud or error could exist, notwithstanding the auditor's past experience of the honesty and integrity of the audited entity's management. Securing audit quality should be the main criterion to organise the audit work and to allocate the necessary resources to the tasks. The integrity of the statutory auditor, audit firm and their staff is essential to ensure the public confidence in statutory audits and financial markets. Therefore, any incident that may have serious consequences for the integrity of the statutory audit activities should be appropriately managed. The statutory auditor or the audit firm should appropriately document the audit work.

(17) In the case of consolidated financial statements, it is important that there is a clear definition of responsibilities of the statutory auditors who audit different entities of the group. For this purpose, the group auditor should bear full responsibility for the audit report.

(18) A sound internal quality control review of the work carried out in each statutory audit engagement should be conducive to high audit quality. Therefore, the statutory auditor or the audit firm should not issue his, her or its audit report until such an internal quality control review has been completed.

(19) The results of the statutory audit should be presented to the stakeholders in the audit report. In order to increase the confidence of stakeholders in the financial statements of the audited entity, it is particularly important that the audit report is well-founded and solidly substantiated and its content expanded to include additional information specific to the audit carried out. The audit report should in particular include sufficient information on the methodology used in the audit, especially how much of the balance sheet has been directly verified and how much has been based on system and compliance testing, on the levels of materiality applied to perform the audit, on the key areas of risk of material misstatements of the annual and consolidated financial statements, on whether the statutory audit was designed to detect fraud and, in the event of a qualified or adverse opinion or a disclaimer of opinion, on the reasons for such decision.

(20) The value of statutory audit for the audited entity would be particularly enhanced if the communication between the statutory auditor or the audit firm, on the one hand, and the audit committee, on the other hand, was reinforced. Further to the regular dialogue during the carrying out of the statutory audit, it is important that the statutory auditor or the audit firm submits to the audit committee an additional and more detailed report on the results of the statutory audit. It should be possible to make such additional detailed reports available to the supervisors of public-interest entities, but not to the public.

(21) Statutory auditors or audit firms already provide supervisors of public-interest entities with information on facts or decisions which could constitute a breach of the rules governing the activities of the audited entity or the impairment of the continuous functioning of the audited entity. Supervisory tasks would also be facilitated if supervisors of credit and financial institutions were required to establish a regular dialogue with their statutory auditors and audit firms.

(22) In order to increase the confidence in and the liability of the statutory auditors and audit firms carrying out the statutory audit of public-interest entities, it is important that the transparency reporting by statutory auditors and audit firms is increased. Therefore, statutory auditors and audit firms should be required to disclose audited financial information, showing in particular their total turnover divided into audit fees paid by public-interest entities, audit fees paid by other entities and fees for other services. They should also disclose financial information at the level of the network to which they belong. The transparency reports of audit firms should be completed by a statement on corporate governance with a view to showing whether the audit firm maintains arrangements for sound corporate governance. Additional supplementary information on audit fees should be provided to competent authorities with a view to facilitating their supervisory tasks.

(23) Audit committees, or bodies performing an equivalent function within the audited entity, have a decisive role in contributing to high-quality statutory audit. It is particularly important to reinforce the independence and technical competence of the audit committee by requiring that a majority of its members is independent and that at least one member of the committee has competence in auditing and another one in auditing and/or accounting. The Commission Recommendation of 15 February 2005 on the role of non-executive or supervisory directors of listed companies and on the committees of the (supervisory) board[26] sets out how audit committees should be established and function. Considering, however, the dimension of boards in companies with reduced market capitalisation and in small and medium-sized public-interest entities, it would be appropriate that the functions assigned to the audit committee for those entities, or to a body performing equivalent functions within the audited entity, may be performed by the administrative or supervisory body as a whole. Public-interest entities which are UCITS or alternative investment funds should also be exempted from the obligation to have an audit committee. This exemption takes into account the fact that where those funds function merely for the purpose of pooling assets, the employment of an audit committee is not appropriate. UCITS and alternative investments funds, as well as their management companies, operate in a strictly defined regulatory environment and are subject to specific governance mechanisms such as controls exercised by their depositary.

(24) It is also important that the role of the audit committee in the selection of a new statutory auditor or audit firm be reinforced, for the benefit of a more informed decision of the general meeting of shareholders or members of the audited entity. Hence, when making a proposal to the general meeting, the board should explain whether it follows the recommendation of the audit committee and, if not, why. The recommendation of the audit committee should include at least two possible choices for the audit engagement and a duly justified preference for one of them, so that the general meeting can make a real choice. In order to provide a fair and proper justification in its recommendation, the audit committee should use the results of a mandatory selection procedure organised by the audited entity, under the responsibility of the audit committee. In such selection procedure, the audited entity should invite statutory auditors or audit firms, including smaller ones, to present proposals for the audit engagement. Tender documents should contain transparent and non-discriminatory selection criteria to be used for the evaluation of proposals. Considering, however, that this selection procedure could entail disproportionate costs for companies with reduced market capitalisation or small and medium-sized public-interest entities having regard to their dimension, it is appropriate to relieve such entities from this obligation.

(25) The right of the general meeting of shareholders or members of the audited entity to choose the statutory auditor or the audit firm would be of no value if the audited entity were to enter into a contract with a third party providing for a restriction of such choice. Therefore any contractual clause entered into by the audited entity with a third party regarding the appointment or restricting the choice of a particular auditor or audit firm should be considered null and void.

(26) The appointment of more than one statutory auditor or audit firm by the public-interest entities would reinforce the professional scepticism and contribute to increasing audit quality. Also, this measure combined with the presence of smaller audit firms would facilitate the development of the capacity of such firms, thus contributing to increasing the choice of statutory auditors and audit firms for public-interest entities. Therefore, the latter should be encouraged and incentivised to appoint more than one statutory auditor or audit firm to carry out the statutory audit.

(27) In order to address the familiarity threat and therefore reinforce the independence of auditors and audit firms, it is important to establish a maximum duration of the audit engagement of a statutory auditor or audit firm in a particular audited entity. An appropriate gradual rotation mechanism should also be established with regard to the most senior personnel involved in the statutory audit, including the key audit partners carrying out the statutory audit on behalf of the audit firm. It is also important to provide for an appropriate period within which such statutory auditor or audit firm may not carry out the statutory audit of the same entity. In order to ensure a smooth transition, the former auditor should transfer a handover file with relevant information to the incoming auditor.

(28) In order to protect the independence of the auditor, it is important that dismissal should be possible only where there are proper grounds and if those grounds are communicated to the authority or authorities responsible for supervision. Where there are proper grounds, but the audited entity does not act, the audit committee, the shareholders, the competent authorities responsible for the supervision of auditors and audit firms or the competent authorities responsible for the supervision of the public-interest entity should be empowered to bring a case before a national court on the dismissal of the auditor.

(29) In order to ensure a high level of investor and consumer confidence in the internal market by avoiding conflicts of interests, statutory auditors and audit firms should be subject to appropriate supervision by competent authorities which are independent from the audit profession and which have adequate capacity, expertise and resources. The national competent authorities should have the necessary powers to undertake their supervisory tasks, including the capacity to access documents, demand information from any person and carry out inspections. They should specialize in the supervision of financial markets, of compliance with financial reporting obligations or in statutory audit oversight. However, it should be possible that the supervision of the compliance with the obligations set on public-interest entities is carried out by the competent authorities responsible for the supervision of those entities. The funding of the competent authorities should be free from any possible undue influence by statutory auditors or audit firms.

(30) The quality of supervision should improve if there is effective cooperation between authorities charged with different tasks at national level. Therefore, the authorities competent to supervise compliance with the obligations on statutory audit of public-interest entities should cooperate with the authorities responsible for the approval and registration of statutory auditors and audit firms, with those supervising public-interest entities and with the Financial Intelligence Units referred to in Directive 2005/60/EC of the European Parliament and of the Council of 26 October 2006 on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing[27].

(31) External quality assurance for the statutory audit is fundamental for high quality audit. It adds credibility to published financial information and provides better protection of shareholders, investors, creditors and other interested parties. Statutory auditors and audit firms should therefore be subject to a system of quality assurance under the responsibility of the competent authorities, thus ensuring objectivity and independence from the audit profession. Quality assurance reviews should be organised in such a manner that each statutory auditor or each audit firm undertaking audits of public-interest entities is subject to a quality assurance review at least every three years. The Commission Recommendation of 6 May 2008 on external quality assurance for statutory auditors and audit firms auditing public interest entities[28] provides information on how inspections should be undertaken. Quality assurance reviews should be proportionate in view of the scale and complexity of the business of the reviewed audit firm or statutory auditor.

(32) Investigations help to detect, prevent and correct inadequate carrying out of the statutory audit of public-interest entities. Therefore, competent authorities should be empowered to undertake investigations of statutory auditors and audit firms.

(33) The market for the provision of statutory audit services to public-interest entities evolves over time. It is therefore necessary that competent authorities monitor the developments in the market, particularly as regards possible limited choice of auditor and the risks that arise from high market concentration.

(34) The demise of important audit firms may disrupt the provision of audit services in the market and could result in further structural accumulation of risk in the market. Therefore, competent authorities should, as a preventive action, request the largest audit firms in each Member State to establish contingency plans addressing a possible event threatening the continuity of operations of the concerned firm. Such plans may identify measures to prepare an orderly failure of the firm concerned.

(35) The transparency of the activities of competent authorities should contribute to increase the confidence of investors and consumers in the internal market. Therefore, competent authorities should be required to regularly report on their activities and to publish individual inspections reports.

(36) The cooperation between the competent authorities of the Member States can make an important contribution to ensuring consistently high quality in the statutory audit in the Union. Therefore, the competent authorities of the Member States should cooperate with each other, where necessary, for the purpose of carrying out their supervisory duties regarding statutory audits. They should respect the principle of home-country regulation and oversight by the Member State in which the statutory auditor or audit firm is approved and the audited entity has its registered office. The cooperation between competent authorities would be particularly enhanced if organised within the framework of the Joint Committee of European Supervisory Authorities (ESA), under the leadership of the European Securities and Markets Authority (ESMA) set up by Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities Market Authority)[29]. ESMA, with the assistance of the European Banking Authority (EBA) set up by Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority)[30] and the European Insurance and Occupational Pensions Authority (EIOPA) set up by Regulation (EU) No 1094/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Insurance and Occupational Pensions Authority)[31], should contribute to that cooperation by providing advice and guidelines to national competent authorities.

(37) The scope of cooperation between the competent authorities of Member States should include exchange of information, cooperation with regard to quality assurance assurance reviews, assistance to investigations related to the carrying out of statutory audits of public-interest entities, including in cases where the conduct under investigation does not constitute an infringment of any legislative or regulatory provision in force in the Member States concerned and contingency planning. The modalities of cooperation between the competent authorities of the Member States may include the creation of colleges of competent authorities and the delegation of tasks among themselves. The concept of network in which auditors and firms operate should be taken into account in such cooperation. Competent authorities and the European Supervisory Authorities should respect appropriate confidentiality and professional secrecy rules.

(38) Recognition of the aptitude of statutory auditors and audit firms to perform statutory audits of public-interest entities should faciliate the access of auditors and firms to other clients. Therefore, it is important to provide for a Quality Certificate of European dimension which should be developed by ESMA. National competent authorities should be involved in the examination of the applications for the certificate.

(39) The interrelation of capital markets calls for empowering national competent authorities and the European Supervisory Authorities to cooperate with supervisory authorities and bodies of third countries regarding the exchange of information or quality assurance reviews. However, where the cooperation with third country authorities is related to audit working papers or other documents held by statutory auditors or audit firms, the procedures of Directive 2006/43/EC should apply.

(40) Sustainable audit capacity and a competitive market for statutory audit services in which there is a sufficient choice of audit firms capable of carrying out statutory audits of public-interest entities are required in order to ensure a smooth functioning of capital markets. ESMA should report on the changes brought in the audit market structure by this Regulation. When carrying such analysis, ESMA should take into account the impact of the national civil liability rules for statutory auditors on the structure of the audit market. Based on such report and other appropriate evidence, the Commission should present a report on the impact of the national liability rules for statutory auditors on the audit market structure and should take the steps it considers appropriate as a result of its findings.

(41) In order to improve compliance with the requirements of this Regulation and following the Commission Communication of 9 December 2010 entitled 'Reinforcing sanctioning regimes in the financial sector'[32], the power to adopt supervisory measures and the sanctioning powers of competent authorities should be enhanced. Administrative pecuniary sanctions on statutory auditors, audit firms and public-interest entities for identified violations should be foreseen. The competent authorities should be transparent about the sanctions and measures they apply. The adoption and publication of sanctions should respect fundamental rights as laid down in the Charter of Fundamental Rights of the European Union, in particular the right to respect for private and family life (Article 7), the right to the protection of personal data (Article 8) and the right to an effective remedy and to a fair trial (Article 47).

(42) Whistleblowers can bring new information to the attention of competent authorities which assists them in detecting and sanctioning irregularities, including fraud. However, whistleblowers may be deterred from doing so for fear of retaliation, or may lack incentives to do so. Member States should therefore ensure that adequate arrangements are in place to encourage whistleblowers to alert them to possible breaches of this Regulation and to protect them from retaliation. Member States may also provide them with incentives for doing so; however, whistleblowers should only be eligible for such incentives where they bring to light new information which they are not already legally obliged to notify and where this information results in a sanction for a breach of this Regulation. Member States should also ensure that whistleblowing schemes they implement include mechanisms that provide appropriate protection of a reported person, particularly with regard the right to the protection of his personal data and procedures to ensure the right of the reported person of defence and to be heard before the adoption of a decision concerning him as well as the right to seek effective remedy before a tribunal against a decision concerning him.

(43) In order to take account of developments in auditing and the audit market, the Commission should be empowered to specify technical requirements on the content of the handover file that the new statutory auditor or audit firm should receive and on the establishment of a European quality certificate for statutory auditors and audit firms carrying out statutory audits of public-interest entities.

(44) In order to take account of the technical developments in the financial markets, in auditing and the audit profession and to specify the requirements laid down in this Regulation, the Commission should be empowered to adopt delegated acts in accordance with Article 290 of the Treaty on the Functioning of the European Union. In particular, the use of delegated acts is necessary to adapt the list of related audit services and of non-audit services as well as to set out the level of fees that ESMA could charge for delivering the European Quality Certificate to statutory auditors and audit firms. It is of particular importance that the Commission carries out appropriate consultations during its preparatory work, including at expert level. The Commission, when preparing and drawing up delegated acts, should ensure a simultaneous, timely and appropriate transmission of relevant documents to the European Parliament and to the Council.

(45) In order to ensure legal certainty and the smooth transition to the regime introduced by this Regulation, it is important to introduce a transitional regime regarding the entry into force of the obligation to rotate audit firms, the obligation to organise a selection procedure for the choice of audit firm and the conversion of audit firms into firms that only provide audit services.

(46) Since the objectives of this Regulation, namely clarifying and better defining the role of statutory audit regarding public-interest entities, improving the information that the statutory auditor or audit firm provides to the audited entity, investors and other stakeholers, improving the communication channels between auditors and supervisors of public-interest entities, preventing any conflict of interest arising from the provision of non-audit services to public-interest entities, mitigating the risk of any potential conflict of interest due to existing system of "auditee selects and pays the auditor" or to familiarity threat, facilitating the switching of statutory auditor or audit firm and the choice of an audit provider to public-interest entities, increasing the choice of audit providers to public-interest entities and improving the effectiveness, independence and consistency of the regulation and supervison of statutory auditors and audit firms providing statutory audits to public interest entities including as regards cooperation at Union level, cannot be sufficiently achieved by the Member States and can, therefore, by reason of their scale, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Regulatoin does not go beyond what is necessary in order to achieve those objectives.

(47) This Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union, notably the right to respect for private and family life (Article 7), the right to the protection of personal data (Article 8), the freedom to conduct a business (Article 16), the right to an effective remedy and to a fair trial (Article 47), the presumption of innocence and right of defence (Article 48), the principles of legality and proportionality of criminal offences and penalties (Article 49), the right not to be tried or punished twice for the same offence (Article 50), and has to be applied in accordance with those rights and principles,

HAVE ADOPTED THIS REGULATION:

Title I

Subject matter, scope and definitions

Article 1

Subject matter

This Regulation lays down requirements for the carrying out statutory audit of annual and consolidated financial statements of public-interest entities, rules on the organisation and selection of statutory auditors and audit firms by public-interest entities to promote their independence and the avoidance of conflicts of interest and rules on the supervision of compliance by statutory auditors and audit firms with those requirements.

Article 2

Scope

1.           This Regulation applies to the following:

(a)     statutory auditors and audit firms who carry out statutory audits of public-interest entities;

(b)     public-interest entities.

2.           This Regulation applies without prejudice to Directive 2006/43/EC.

Article 3

Definitions

For the purposes of this Regulation, the definitions laid down in Article 2 of Directive 2006/43/EC shall apply, except for the definitions of 'audit report' and 'competent authority'.

Article 4

Large public interest entities

For the purposes of this Regulation, 'large public-interest entities' shall cover the following

(a)          in relation to entities defined in point 13(a) of Article 2 of Directive 2006/43/EC, the largest 10 issuers of shares in each Member State measured by the market capitalisation on the basis of the end-year quotes and in any case all issuers of shares that had an average market capitalisation of more than EUR 1 000 000 000 on the basis of end-year quotes for the previous three calendar years;

(b)          in relation to entities defined in points 13(b) to (f) of Article 2 of Directive 2006/43/EC, any entity which on their balance sheet date has a balance sheet total exceeding EUR 1 000 000 000;

(c)          in relation to entities defined in points 13(g) and (h) of Article 2 of Directive 2006/43/EC, any entity which on their balance sheet date has total assets under management exceeding EUR 1 000 000 000.

Title II

Conditions for carrying out statutory audit of public-interest entities

CHAPTER I

INDEPENDENCE AND AVOIDANCE OF CONFLICTS OF INTEREST

Article 5

Independence and objectivity

A statutory auditor or audit firm shall take all necessary steps to ensure that the carrying out of a statutory audit of a public-interest entity is not affected by any existing or potential conflict of interest or business or other relationship involving the statutory auditor or audit firm carrying out the statutory audit and, where appropriate, its network, managers, auditors, employees, any other natural persons whose services are placed at the disposal or under the control of the statutory auditor or audit firm, or any person directly or indirectly linked to the statutory auditor or audit firm by control.

Article 6

Internal organisation of auditors and audit firms

1. A statutory auditor or audit firm shall comply with the following organisational requirements:

(a)     an audit firm shall establish adequate policies and procedures to ensure that its owners or shareholders as well as the members of the administrative, management and supervisory bodies of the firm, or of an affiliate firm, do not intervene in the carrying out of a statutory audit in any way which jeopardises the independence and objectivity of the statutory auditor who carries out the statutory audit on behalf of the audit firm;

(b)     a statutory auditor or an audit firm shall have sound administrative and accounting procedures, internal control mechanisms, effective procedures for risk assessment, and effective control and safeguard arrangements for information processing systems.

Those internal control mechanisms shall be designed to secure compliance with decisions and procedures at all levels of the audit firm or of the working structure of the statutory auditor.

A statutory auditor or an audit firm shall implement and maintain decision-making procedures and organisational structures which clearly and in a documented manner specify reporting lines and allocate functions and responsibilities;

(c)     a statutory auditor or an audit firm shall establish adequate policies and procedures to ensure that his, her or its employees and any other natural persons whose services are placed at its disposal or under its control and who are directly involved in the statutory audit activities have appropriate knowledge and experience for the duties assigned;

(d)     a statutory auditor or an audit firm shall establish adequate policies and procedures to ensure that outsourcing of important audit functions is not undertaken in such a way as to impair the quality of the statutory auditor’s or audit firm’s internal control and the ability of the competent authorities to supervise the statutory auditor's or audit firm's compliance with the obligations laid down in this Regulation;

(e)     a statutory auditor or an audit firm shall establish appropriate and effective organisational and administrative arrangements to prevent, identify, eliminate or manage and disclose any threats to independence referred to in Article 11(2);

(f)      a statutory auditor or an audit firm shall establish appropriate procedures and standards for carrying out statutory audits of public-interest entities, coaching, supervising and reviewing employees activities and organising the structure of the audit file referred to in Article 15(5);

(g)     a statutory auditor or an audit firm shall establish an internal quality control system to ensure the quality of the statutory audit of public-interest entities. The quality control system shall at least cover the procedures and standards described in point (f). In the case of an audit firm, the responsibility of the internal quality control system shall be with a person that qualifies as statutory auditor;

(h)     a statutory auditor or an audit firm shall use appropriate systems, resources and procedures to ensure continuity and regularity in the performance of its statutory audit activities;

(i)      a statutory auditor or an audit firm shall establish a policy to preclude his, her or its involvement and that of his, her or its employees in any criminal offence or breach of the law in the conduct of their work. The statutory auditor or the audit firm shall also establish appropriate and effective organisational and administrative arrangements for dealing with and recording incidents which have or may have serious consequences for the integrity of his, her or its statutory audit activities;

(j)      a statutory auditor or an audit firm shall have adequate remuneration policies providing sufficient performance incentives to secure audit quality. In particular, compensation and performance evaluation of employees shall not be contingent on the amount of revenue that the statutory auditor or the audit firm derives from the audited entity;

(k)     a statutory auditor or an audit firm shall monitor and evaluate the adequacy and effectiveness of his, her or its systems, internal control and internal quality control mechanisms and arrangements established in accordance with this Regulation and take appropriate measures to address any deficiencies. A statutory auditor or an audit firm shall in particular carry out an annual evaluation of the internal quality control system referred to in point (g). A statutory auditor or an audit firm shall keep records of the findings of that evaluation and any proposed measure to modify the internal quality control system.

The policies and procedures referred to in the first subparagraph shall be documented and communicated to the employees of the statutory auditor or audit firm.

Any outsourcing of audit functions as referred to in point (d) shall not affect the liability of the statutory auditor or audit firm towards the audited entity.

2. The statutory auditor or audit firm shall take into consideration his, her or its size and complexity of activities when complying with the requirements of paragraph 1 of this Article.

The statutory auditor or audit firm shall be able to demonstrate to the competent authority referred to in Article 35(1) that such compliance is proportionate to the size and complexity of activities of the statutory auditor or audit firm.

Article 7

Independence from the audited entity

1.           A statutory auditor or an audit firm and any holder of voting rights in an audit firm shall be independent of the audited entity and shall not be involved in the decision-taking of the audited entity.

2.           A statutory auditor, an audit firm, their key audit partners, their employees as well as any other natural person whose services are placed at the disposal or under the control of such auditor or firm and who is directly involved in statutory audit activities, and persons closely associated with them within the meaning of Article 1(2) of Commission Directive 2004/72/EC[33] shall not buy or sell or engage in any transaction in any financial instrument issued, guaranteed, or otherwise supported by any audited entity within their area of statutory audit activities other than holdings in diversified collective investment schemes, including managed funds such as pension funds or life insurance.

3.           Persons or firms referred to in paragraph 2 shall not participate in or otherwise influence the determination of a statutory audit of any particular audited entity if they:

(a)     own financial instruments of the audited entity, other than holdings in diversified collective investment schemes;

(b)     own financial instruments of any entity related to an audited entity, the ownership of which may cause or may be generally perceived as causing a conflict of interest, other than holdings in diversified collective investment schemes;

(c)     have had a recent employment, business or other relationship with the audited entity that may cause or may be generally perceived as causing a conflict of interest.

4.           Persons or firms referred to in paragraph 2 shall not solicit or accept money, gifts or favours from anyone with whom the statutory audit or audit firm has a contractual relationship.

5.           National measures on professional ethics enacted pursuant to Article 21(1) of Directive 2006/43/EC which are not compatible with paragraphs 2, 3 and 4 shall not apply.

Article 8

Employment by public-interest entities of former statutory auditors or of employees of statutory auditors or audit firms

1            A statutory auditor or a key audit partner who carries out a statutory audit of a public-interest entity on behalf of an audit firm shall not, before a period of at least two years has elapsed since he or she resigned as a statutory auditor or key audit partner from the audit engagement, take up any of the following duties:

(a)     take up a key management position in the audited entity;

(b)     become a member of the audit committee of the audited entity or, where such committee does not exist, of the body performing equivalent functions to an audit committee;

(c)     become a non-executive member of the administrative body or a member of the supervisory body of the audited entity.

2.           Employees of a statutory auditor or an audit firm carrying out a statutory audit of a public-interest entity as well as any other natural person whose services are placed at the disposal or under the control of such auditor or firm shall not, when such employees or other natural persons are personally approved as statutory auditors, before a period of at least one year has elapsed since he or she was directly involved in the statutory audit activities, take up any of the duties referred to in points (a), b) and (c) of paragraph 1.

Article 9

Audit fees

1.           Fees for the provision of statutory audits to public-interest entities shall not be contingent fees.

For the purposes of the first subparagraph, contingent fees means fees for audit engagements calculated on a predetermined basis relating to the outcome or result of a transaction or the result of the work performed. Fees shall not be regarded as being contingent if a court or a competent authority has established them.

2.           When the statutory auditor or audit firm provides to the audited entity related financial audit services, as referred to in Article 10(2), the fees for such services shall be limited to no more than 10 % of the fees paid by the audited entity for the statutory audit.

3.           When the total fees received from a public-interest entity subject to the statutory audit represent either more than 20 % or, for two consecutive years, more than 15 % of the of the total annual fees received by the statutory auditor or audit firm carrying out the statutory audit, such auditor or firm shall disclose to the audit committee the fact that the total of such fees represents more than 20 % or 15 %, as appropriate, of the total fees received by the firm and the discussions referred to in Article 11(4)(d) shall be undertaken. The audit committee shall consider whether the audit engagement shall be subject to a quality control review by another statutory auditor or audit firm prior to the issuance of the audit report.

When the total fees received from a public-interest entity subject to the statutory audit represent, for two consecutive years, 15 % or more of the total annual fees received by the statutory auditor or audit firm carrying out the statutory audit, the auditor or firm shall inform the competent authority referred to in Article 35(1) of such situation. The competent authority referred to in Article 35(1) shall decide on the basis of objective grounds provided by the statutory auditor or the audit firm whether the statutory auditor or audit firm of such entity may continue to carry out the statutory for an additional period which in any case shall not be longer than two years.

Where the audited entity is exempted from the obligation to have an audit committee, the audited entity shall decide which body or organ of the entity shall engage with the statutory auditor or audit firm for the purposes of the obligations set out in this paragraph.

Article 10

Prohibition of the provision of non-audit services

1.           A statutory auditor or an audit firm carrying out statutory audit of public-interest entities may provide to the audited entity, to its parent undertaking and to its controlled undertakings statutory audit services and related financial audit services.

Where the statutory auditor belongs to a network, a member of such network may provide to the audited entity, to its parent undertaking and to its controlled undertakings within the Union statutory audit services or related financial audit services.

2.           For the purposes of this Article, related financial audit services shall mean:

(a)     the audit or review of interim financial statements;

(b)     providing assurance on corporate governance statements;

(c)     providing assurance on corporate social responsibility matters;

(d)     providing assurance on or attestation of regulatory reporting to regulators of financial institutions beyond the scope of the statutory audit and designed to assist regulators in fulfilling their role, such as on capital requirements or specific solvency rations determining how likely an undertaking will be to continue meeting its debt obligations;

(e)     providing certification on compliance with tax requirements where such attestation is required by national law;

(f)      any other statutory duty related to audit work imposed by Union legislation to the statutory auditor or audit firm.

3.           A statutory auditor or an audit firm carrying out statutory audit of public-interest entities shall not directly or indirectly provide to the audited entity, to its parent undertaking and to its controlled undertakings non-audit services.

Where the statutory auditor belongs to a network, no member of such network shall provide to the audited entity, to its parent undertaking and to its controlled undertakings within the Union any non-audit services.

For the purposes of this Article, non-audit services shall mean:

(a) services entailing conflict of interest in all cases:

(i) expert services unrelated to the audit, tax consultancy, general management and other advisory services;

(ii) bookkeeping and preparing accounting records and financial statements;

(iii) designing and implementing internal control or risk management procedure related to the preparation and/or control of financing information included in the financial statements and advice on risk;

(iv) valuation services, providing fairness opinions or contribution-in-kind reports;

(v) actuarial and legal services, including the resolution of litigation;

(vi) designing and implementing financial information technology systems for public-interest entities as referred to in Article 2(13)(b) to (j) of Directive 2006/43/EC;

(vii) participating in the audit client's internal audit and the provision of services related to the internal audit function;

(viii) broker or dealer, investment adviser, or investment banking services.

(b) services which may entail conflict of interest:

(i) human resources services, including recruiting senior management;

(ii) providing comfort letters for investors in the context of the issuance of an undertaking's securities;

(iii) designing and implementing financial information technology systems for public-interest entities as referred to in Article 2(13)(a) of Directive 2006/43/EC;

(iv) due diligence services to the vendor or the buy side on potential mergers and acquisitions and providing assurance on the audited entity to other parties at a financial or corporate transaction.

By derogation from the first and second subparagraphs, the services mentioned in point (b)(iii) and (iv) may be provided by the statutory auditor or the audit firm, subject to prior approval by the competent authority referred to in Article 35(1).

By derogation from the first and second subparagraphs, the services mentioned in point (b)(i) and (ii) may be provided by the statutory auditor or the audit firm, subject to prior approval by the audit committee as referred to in Article 31 of this Regulation.

4.           When a member of the network to which the statutory auditor or the audit firm carrying out statutory audit of a public-interest entity belongs provides non-audit services to an undertaking incorporated in a third country controlled by the audited public-interest entity, the statutory auditor or the audit firm concerned shall assess whether his, her or its independence would be compromised by such provision of services by the member of the network.

If his, her or its independence is affected, the statutory auditor or the audit firm shall apply safeguards in order to mitigate the threats caused by such provision of services in a third country. The statutory auditor or the audit firm may continue to carry out the statutory audit of the public-interest entity only if he, she or it can justify, in accordance with Article 11, that such provision of services does not affect his, her or its professional judgement and the audit report.

Being involved in the decision-taking of the audited entity and the provision of the services referred to in points (ii) and (iii) of paragraph 3(a) shall be considered as affecting such independence in all cases.

The provision of the services referred to in points (i) and (iv) to (viii) of paragraph 3(a) shall be presumed to affect such independence.

The statutory auditor or the audit firm may consult the competent authority for an opinion on this issue.

5.           Where an audit firm generates more than one third of its annual audit revenues from large public-interest entities and belongs to a network whose members have combined annual audit revenues which exceed EUR 1 500 million within the European Union, it shall comply with the following conditions:

(a)     it shall not directly or indirectly provide to any public interest entity non-audit services;

(b)     it shall not belong to a network which provides non-audit services within the Union;

(c)     any entity which provides the services listed in paragraph 3 shall not directly or indirectly hold more than 5 % of the capital or of the voting rights in the audit firm;

(d)     the entities which provide the services listed in paragraph 3shall not directly or indirectly hold together more than 10 % of the capital or of the voting rights in the audit firm;

(e)     such audit firm shall not directly or indirectly hold more than 5 % of the capital or of the voting rights in any entity which provides the services listed in paragraph 3.

6.           The Commission shall be empowered to adopt delegated acts in accordance with Article 68 for the purpose of adapting the list of related financial audit services referred to in paragraph 2 and the list of non-audit services referred to in paragraph 3 of this Article. When using such powers, the Commission shall take into account developments in auditing and the audit profession.

Article 11

Preparation for the statutory audit and assessment of threats to independence

1.           Before accepting or continuing an engagement for a statutory audit of a public-interest entity, a statutory auditor or audit firm shall assess and document the following:

– whether he, she or it complies with the internal organisation requirements of Article 6;

– whether he, she or it complies with the requirements of Articles 7, 9 and 10;

– whether he, she or it has the competent employees, time and resources to carry out the audit in an appropriate manner;

– whether, in the case of an audit firm, the key audit partner is approved as statutory auditor in the Member State requiring the statutory audit;

– whether the conditions of Article 33 are complied with;

– without prejudice to Directive 2005/60//EC, the integrity of the public-interest entity.

2.           The statutory auditor or audit firm shall also assess whether there are threats to his, her or its independence.

The statutory auditor or audit firm shall not carry out a statutory audit if there is any direct or indirect financial, business, employment or other relationship between the statutory auditor, audit firm, or network and the audited entity from which an objective, reasonable and informed third party would conclude that the statutory auditor's or audit firm's independence is compromised.

If the statutory auditor's or audit firm's independence is affected by threats of self-review or self-interest, the statutory auditor or audit firm shall not carry out the statutory audit.

If the statutory auditor's or audit firm's independence is affected by threats of advocacy, familiarity or trust or intimidation, the statutory auditor or audit firm shall apply safeguards in order to mitigate those threats. If the significance of the threats compared to the safeguards applied is such that his, her or its independence is compromised, the statutory auditor or audit firm shall not carry out the statutory audit.

3.           A statutory auditor or audit firm shall keep records of the assessments referred to in paragraphs 1 and 2 and shall document in the audit working papers all significant threats to his, her or its independence as well as the safeguards applied to mitigate those threats.

4            A statutory auditor or audit firm shall:

(a)     confirm annually in writing to the audit committee his, her or its independence from the audited entity;

(b)     confirm annually in writing to the audit comittee the names of the audit partners, senior manager and manager of the core team conducting the statutory audit, certifying that there are no conflicts of interest;

(c)     request permission from the audit committee to provide the non-audit services referred to in Article 10(3)(b)(i) and (ii) to the audited entity;

(d)     request permission from the competent authority referred to in Article 35(1) to provide the non-audit services referred to in Article 10(3)(b)(iii) and (iv) to the audited entity;

(e)     discuss with the audit committee the threats to their independence and the safeguards applied to mitigate those threats, as documented by them pursuant to paragraph 3.

Where the audited entity is exempted from the obligation to have an audit committee, the audited entity shall decide which body or organ of the entity shall perform the functions assigned to the audit committee in this paragraph.

CHAPTER II

CONFIDENTIALITY AND PROFESSIONAL SECRECY

Article 12

Confidentiality and professional secrecy

Statutory auditors or audit firms, including those who have ceased to be engaged in a particular audit assignment and former statutory auditors or audit firms, shall not invoke the rules on confidentiality and professional secrecy referred to in Article 23(1) of Directive 2006/43/EC to prevent the application of the provisions of this Regulation.

Article 13

Disclosure to third-country auditors and to third country authorities

1.           Where a statutory auditor or an audit firm carries out statutory audit of a public-interest entity which is part of a group of undertakings whose parent undertaking is situated in a third country, the confidentiality and professional secrecy rules referred to in Article 23(1) of Directive 2006/43/EC shall not impede the transfer by the statutory auditor or audit firm of relevant documentation of the audit work performed to the group auditor situated in a third country if such documentation is exclusively necessary for the preparation of the audit of consolidated financial statements of the parent undertaking.

The transfer of information to the group auditor situated in a third country shall comply with Chapter IV of Directive 95/46/EC and the applicable national rules on personal data protection.

2.           A statutory auditor or audit firm that carries out statutory audit of a public-interest entity which has issued securities in a third country or which forms part of a group issuing statutory consolidated financial statements in a third country may only transfer the audit working papers or other documents related to the audit of that entity that he, she or it holds to the competent authorities in the relevant third countries under the conditions set out in Article 47 of Directive 2006/43/EC.

CHAPTER III

PERFORMANCE OF THE STATUTORY AUDIT

Article 14

Scope of the statutory audit

1.           When carrying out the statutory audit of a public-interest entity, the statutory auditor or audit firm shall take the necessary steps with a view to forming an opinion as to whether the annual or consolidated financial statements of the public-interest entity give a true and fair view in accordance with the relevant financial reporting framework and, where appropriate, whether such annual or consolidated financial statements comply with statutory requirements as referred to in Article 22.

Such steps shall include at least the requirements set out in Articles 15 to 20.

The opinion of the statutory auditor or audit firm shall be expressed in accordance with Articles 21 to 25.

2.           Without prejudice to the reporting requirements as referred to in Articles 22 and 23, the scope of statutory audit shall not include the assurance on the future viability of the audited entity nor the efficiency or effectiveness with which the management or administrative body has conducted or will conduct the affairs of the entity.

Article 15

Professional scepticism

When carrying out the statutory audit of a public-interest entity, the statutory auditor or audit firm shall maintain professional scepticism throughout the audit, recognizing the possibility that a material misstatement due to facts or behaviour indicating irregularities, including fraud or error could exist, notwithstanding the auditor's or firm's past experience of the honesty and integrity of the audited entity's management and of the persons charged with its governance.

The statutory auditor or the audit firm shall maintain professional scepticism in particular when reviewing management estimates relating to fair values and the impairment of goodwill and other intangible and future cash flow relevant to the consideration of the going concern.

For the purposes of this Article, 'professional scepticism' means an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud and a critical assessment of audit evidence.

Article 16

Organisation of the work

1.           When the statutory audit of a public-interest entity is carried out by an audit firm, that audit firm shall designate at least one key audit partner. The audit firm shall provide the designated audit partner(s) with sufficient ressources to carry out his, her or their duties appropriately.

Securing audit quality, independence and competence shall be the main criteria for the audit firm to select the key audit partner(s) to be designated.

The designated audit partner(s) shall be actively involved in the carrying out of the statutory audit.

2.           When the statutory audit of a public-interest entity is carried out by a statutory auditor, he or she shall devote sufficient time to the engagement and shall assign sufficient ressources among his or her employees to carry our his or her duties appropriately.

3.           The statutory auditor or the audit firm shall keep records of the cases in which their employees do not respect this Regulation. They shall also keep records of any consequence thereof, including the measures taken towards those employees and the measures taken to modify the internal quality control system. The statutory auditor or the audit firm shall prepare an annual report with an overview of any such measures taken and communicate it to the employees.

When the statutory auditor or the audit firm ask external experts for advice, he, she or it shall document the request made and advice received.

4.           A statutory auditor or an audit firm shall maintain a client account record. Such record shall include the following data for each audit client:

(a)     the name, the address and the place of business;

(b)     in the case of an audit firm, the key audit partner(s);

(c)     the fees charged for the statutory audit and the fees charged for other services in any financial year.

5.           A statutory auditor or an audit firm shall create an audit file for each statutory audit carried out. The audit file shall contain at least the following data and documents, either in paper form or in electronic form:

(a)     the contract between the statutory auditor or the audit firm and the audited entity, and any amendments thereto;

(b)     the correspondence with the audited entity related to the statutory audit;

(c)     an audit plan setting out the probable scope and method of the statutory audit;

(d)     a description of the nature and the extent of the auditing activities carried out;

(e)     the starting and ending dates of the phases of audit procedures set out in the audit plan;

(f)      the principal findings of the audit procedures carried out;

(g)     the conclusions drawn from the findings referred to under point (f);

(h)     the opinion of the statutory auditor or the key audit partner as evidenced by the drafts of the reports referred to in Articles 22 and 23;

(i)      the data recorded pursuant to Article 11(3), Article 16(3), Articles 17 and 18 and 19(6);

(j)      other relevant data and documents that are of importance in support of the reports referred to in Articles 22 and 23 and for monitoring compliance with this Regulation and other applicable legal requirements.

The audit file shall be closed no later than two months after the date of signature of the audit report referred to in Article 22.

6.           The statutory auditor or the audit firm shall keep records of any complaints about the performance of the statutory audits.

Article 17

Market integrity

1.           Where an incident which has or may have serious consequences for the integrity of the statutory audit activities of a statutory auditor or an audit firm occurs, the statutory auditor or the audit firm shall:

(a)     keep record of the incident;

(b)     take appropriate measures with a view to managing the consequences of the incident and prevent any recurrence;

(c)     inform the competent authority referred to in Article 35(1) of the incident.

The record referred in point (a) of the first subparagraph shall include the facts and circumstances of the incident, information about the person or persons involved and details of the measures that have been taken pursuant to point (b) of that subparagraph.

2.           Without prejudice to Directive 2005/60/EC, when a statutory auditor or an audit firm carrying out the statutory audit of a public-interest entity suspects or has reasonable grounds to suspect that facts or behaviour indicating irregularities, including fraud with regard to the financial statements of the audited entity is being or has been committed or attempted, he, she or it shall inform the audited entity and invite it to investigate the matter and take appropriate measures to deal with such irregularities and to prevent any recurrence of such irregularities in the future.

Where the audited entity does not investigate the matter or does not take any measures, or where the statutory auditor or audit firm believes that the measures taken by the audited entity are not adequate to deal with such irregularities, the statutory auditor or audit firm shall inform the competent authorities supervising public-interest entities of such irregularities.

The disclosure in good faith to the competent authorities, by the statutory auditor or audit firm, of any fact referred to in the first subparagraph shall not constitute a breach of any contractual or legal restriction on disclosure of information and shall not involve such persons in liability of any kind.

Article 18

Audit of consolidated financial statements

1            In the case of a statutory audit of the consolidated financial statements of a group of undertakings where the parent undertaking is a public-interest entity, the group auditor shall:

(a)     bear the full responsibility for the audit report referred to in Article 22 and the additional report to the audit committee referred to in Article 23 in relation with the consolidated financial statements;

(b)     document which audit work is performed by third-country auditor(s), statutory auditor(s), third-country audit entity(ies) or audit firm(s) for the purpose of the group audit;

(c)     carry out a review and maintain documentation of his, her or its review of the audit work performed by third-country auditor(s), statutory auditor(s), third-country audit entity(ies) or audit firm(s) for the purpose of the group audit. The documentation retained by the group auditor shall enable the relevant competent authority to review the work of the group auditor properly.

For the purpose of point (c) of the first subparagraph, the group auditor shall secure the agreement of the third-country auditor(s), statutory auditor(s), third-country audit entity(ies) or audit firm(s) to the transfer of relevant documention during the conduct of the audit of consolidated financial statements, as a condition of the reliance by the group auditor on the work of that third-country auditor(s), statutory auditor(s), third-country audit entity(ies) or audit firm(s).

2.           Where the group auditor is not in a position to comply with point (c) of the first subparagraph of paragraph 1, he, she or it shall take appropriate measures and inform the competent authority referred to in Article 35(1) accordingly.

Such measures may include carrying out additional statutory audit work, either directly or by outsourcing such tasks, in the relevant subsidiary of the public-interest entity.

3.           Where the group auditor is subject to a quality assurance review or an investigation concerning the statutory audit of the consolidated financial statements of a group of undertakings where the parent undertaking is a public-interest entity, the group auditor shall, when requested, make available to the competent authority the relevant documention he, she or it mantains concerning the audit work performed by third-country auditor(s), statutory auditor(s), third-country audit entity(ies) or audit firm(s) for the purpose of the group audit, including the working papers relevant to the group audit.

The competent authority shall request additional documentation on the audit work performed by statutory auditor(s) or audit firm(s) for the purpose of the audit group to the relevant competent authorities pursuant to Chapter III of Title IV of this Regulation.

When a component of a group of undertakings is audited by auditor(s) or audit entity(ies) from a third country, the competent authority shall request additional documentation on the audit work performed by third-country auditor(s) or third-country audit entity(ies) to the relevant competent authorities from third countries through the working arrangements referred to in Article 47 of Directive 2006/43/EC.

By way of derogation from the third subparagraph, when a component of a group of undertakings is audited by auditor(s) or audit entity(ies) from a third country that has no working arrangement as referred to in Article 47 of Directive 2006/43/EC, the group auditor shall, when requested, also be responsible for ensuring proper delivery of the additional documentation of the audit work performed by third-country auditor(s) or audit entity(ies), including the working papers relevant to the group audit. To ensure such delivery, the group auditor shall retain a copy of such documentation, or alternatively agree with the third-country auditor(s) or audit entity(ies) his, her or its proper and unrestricted access upon request, or take any other appropriate action. Where audit working papers for legal or other reasons cannot be passed from a third country to the group auditor, the documentation retained by the group auditor shall include evidence that he or she has undertaken the appropiate procedures in order to gain access to the audit documentation, and in the case of impediments other than legal ones arising from the legislation of the third country, evidence supporting such an impediment.

Article 19

Internal quality control review

1.           Before the reports referred to in Articles 22 and 23 are issued, an internal quality control review shall be performed to assess whether the statutory auditor or the key audit partner could reasonably have come to the opinion and conclusions expressed in the draft of these reports.

2.           The internal quality control review shall be performed by an internal quality control reviewer. Such reviewer shall be a statutory auditor who is not involved in the performance of the statutory audit to which the internal quality review relates.

3.           When reviewing the internal quality control, the reviewer shall record at least the following:

(a)     the oral and written information provided by the statutory auditor or key audit partner to support the main findings of the audit procedures carried out and the conclusions drawn from those findings, whether or not at the request of the internal quality control reviewer;

(b)     the audited financial statements;

(c)     the main findings of the audit procedures carried out and the conclusions drawn from those findings;

(d)     the opinions of the statutory auditor or key audit partner, as expressed in the draft of the reports referred to in Articles 22 and 23;

4.           The internal quality control review shall at least assess the following elements:

(a)     the independence of the statutory auditor or audit firm with from the audited entity;

(b)     the significant risks that the statutory auditor or key audit partner has identified during the performance of the statutory audit and the measures that he or she has taken to adequately manage those risks;

(c)     the reasoning of the statutory auditor or key audit partner, in particular with regard to the materiality and the significant risks referred to in point (b);

(d)     any request for advice to external experts and the implementation of such advice;

(e)     the nature and scope of the corrected and uncorrected misstatements in the financial statements that were identified during the performance of the audit;

(f)      the subjects discussed with the audit committee and the management and/or supervisory bodies of the audited entity;

(g)     the subjects discussed with competent authorities and, if applicable, with other third parties;

(h)     whether the documents and information selected from the file satisfactorily reflect the positions taken by the employees involved in the audit, and whether such documents and information support the opinion of the statutory auditor or key audit partner as expressed in the draft of the reports referred to in Articles 22 and 23.

5.           The internal quality control reviewer shall discuss the results of the internal quality control review with the statutory auditor or the key audit partner. The statutory auditor or the audit firm shall determine the procedure to be followed when the reviewer and the statutory auditor or the key audit partner do not agree on the results of the review.

6.           The statutory auditor or the audit firm shall keep record of the results of the internal quality control review, together with the considerations underlying those results.

Article 20

Use of international standards on auditing

The statutory auditor(s) or the audit firm(s) shall comply with the international auditing standards referred to in Article 26 of Directive 2006/43/EC when carrying out the statutory audit of public-interest entities as long as those standards are in conformity with the requirements of this Regulation.

CHAPTER IV

AUDIT REPORTING

Article 21

Results of the statutory audit

The statutory auditor or the audit firm shall present the results of the statutory audit in the following reports:

– an audit report in accordance with Article 22;

– an additional report to the audit committee in accordance with Article 23.

The statutory auditor or the audit firm shall present the results of the statutory audit to the audit committee of the audited entity in accordance with Article 24 and to supervisors of public-interest entities in accordance with Article 25.

Article 22

Audit Report

1.           The statutory auditor or the audit firm shall present the results of the statutory audit of the public-interest entity in an audit report.

2.           The audit report shall be in writing. It shall at least:

(a)     identify the entity whose annual or consolidated financial statements have been audited;

(b)     specify the annual or consolidated financial statements and the date and period they cover;

(c)     explain, where additional reports have been reviewed, the scope of such review;

(d)     identify which body within the audited entity appointed the statutory auditor(s) or the audit firm(s);

(e)     indicate the date of the appointment and the period of total uninterrupted engagement including previous renewals and reappointments;

(f)      indicate that the statutory audit was conducted in accordance with the international standards on auditing as referred to in Article 20;

(g)     identify the financial reporting framework that has been applied in the preparation of the financial statements;

(h)     describe the used methodology, including how much of the balance sheet has been directly verified and how much has been based on system and compliance testing;

(i)      explain any variation in the weighting of substantive and compliance testing when compared to the previous year, even if the previous year's statutory audit had been conducted by another statutory auditor(s) or audit firm(s);

(j)      lay out the details of the level of materiality applied to perform the statutory audit;

(k)     identify key areas of risk of material misstatement of the annual or consolidated financial statements, including critical accounting estimates or areas of measurement uncertainty;

(l)      provide a statement on the the situation of the audited entity or, in case of the statutory audit of consolidated financial statements, of the parent undertaking and the group, especially an assessment of the entity's or the parent undertaking's and group's ability to meet its/their obligation in the forseeable future and therefore continue as a going concern;

(m)    assess the entity's or, in case of consolidated financial statements, the parent undertaking's internal control system, including significant internal control deficiencies identified during the statutory audit, as well as the bookkeeping and accounting system;

(n)     explain to what extent the statutory audit was designed to detect irregularities, including fraud;

(o)     indicate and explain any violation of accounting rules or violation of laws or the articles of incorporations, accounting policy decisions and other matters that are significant for the governance of the entity;

(p)     confirm that the audit opinion is consistent with the additional report to the audit committee referred to in Article 23;

(q)     declare that the non-audit services referred to in Article 10(3) were not provided and that the statutory auditor(s) or the audit firm(s) remained completely independent in conducting the audit. Where the statutory audit was carried out by an audit firm, the report shall identify each member of the audit engagement team and shall state that all members remained completely independent and had no direct or indirect interest in the audited entity;

(r)      indicate the non-audit services referred to in Article 10(3)(b)(i) and (ii) that the audit committee allowed the statutory auditor or the audit firm to provide to the audited entity;

(s)     indicate the non-audit services referred to in Article 10(3)(b)(iii) and (iv) that the competent authority referred to in Article 35(1) allowed the statutory auditor or the audit firm to provide to the audited entity;

(t)      give an opinion which shall state clearly the opinion of the statutory auditor(s) or the audit firm(s) as to whether the annual or consolidated financial statements give a true and fair view and have been prepared in accordance with the relevant financial reporting framework and, where appropriate, whether the annual or consolidated financial statements comply with statutory requirements; the audit opinion shall be either unqualified, qualified, an adverse opinion or, if the statutory auditor(s) or audit firm(s) are unable to express an audit opinion, a disclaimer of opinion. In case of a qualified or an adverse opinion or a disclaimer of opinion, the report shall explain the reasons of such decision;

(u)     refer to any matters to which the statutory auditor(s) or the audit firm(s) draw attention by way of emphasis without qualifying the audit opinion;

(v)     give an opinion concerning the consistency or otherwise of the annual report with the annual financial statements for the same fiscal year;

(w)    identify where the statutory auditor(s) or audit firm(s) is established.

3.           When more than one statutory auditor or audit firm have been appointed to carry out the statutory audit of the public-interest entity, they shall agree on the results of the statutory audit and submit a joint report and opinion. In case of disagreement, each statutory auditor or audit firm shall submit his, her or its opinion separately. If one statutory auditor or audit firm qualifies his, her or its opinion, submits an adverse opinion or a disclaimer of opinion, the overall opinion shall be considered as qualified, adverse opinion or a disclaimer of opinion. In a separate paragraph each statutory auditor or audit firm shall state the reasons of disagreement.

4.           The audit report shall not be longer than four pages or 10000 characters (without spaces). It shall not contain any cross-references to the additional report to the audit committee referred to in Article 23.

5.           The audit report shall be signed and dated by the statutory auditor(s) or the audit firm(s). Where an audit firm carries out the statutory audit, the audit report shall be signed by at least the statutory auditor(s) carrying out the statutory audit on behalf of the audit firm.

6.           Article 35 of Directive [XXX] on the annual financial statements, consolidated financial statements and related reports of certain types of undertakings shall not apply to audit reports of public-interest entities.

7.           The statutory auditor or audit firm shall not use the name of any competent authority in such a way that would indicate or suggest endorsement or approval by that authority of the audit report.

Article 23

Additional report to the audit committee

1.           The statutory auditor(s) or the audit firm(s) carrying out statutory audit of public-interest entities shall submit an additional report to the audit committee of the audited entity.

If the audited entity does not have an audit committee, the additional report shall be submitted to the body performing equivalent functions within the audited entity.

The audit committee or the body performing equivalent functions shall be allowed to transmit the additional report to the management, administrative or supervisory body of the audited entity.

The additional report shall be disclosed to the general meeting of the audited entity if the management or administrative body of the audited entity so decides.

2.           The additional report to the audit committee shall be in writing. It shall explain in detail and explicitly the results of the statutory audit carried out and shall at least:

(a)     include a declaration of independence as provided for in point (q) of Article 22(2);

(b)     identify the dates of the meetings with the audit committee or the body performing equivalent functions within the audited entity;

(c)     identify the dates of the meetings, if any, with the management, administrative or supervisory body of the audited entity;

(d)     describe the appointment procedure;

(e)     describe the distribution of tasks among the statutory auditor(s)s and/or the audit firm(s);

(f)      indicate and explain judgments about material uncertainty that may cast doubt about the entity's ability to continue as a going concern;

(g)     determine in detail whether the bookkeeping, the accounting, all audited documents, the annual or consolidated financial statements and possible additional reports show appropriateness;

(h)     indicate and explain in detail all instances of non-compliance, including non-material instances as far as it is considered to be important to the audit committee in order to fulfil its tasks;

(i)      assess the valuation methods applied to the various items in the annual or consolidated financial statements including any impact of changes of such;

(j)      provide full details of all guarantees, comfort letters, undertakings of public intervention and other support measures that have been relied upon when making a going concern assessment;

(k)     confirm the attendance at stock takes as well as other instances of physical verification, in case such stock takes or verifications took place;

(l)      indicate and explain the principles of consolidation in the case of a statutory audit of consolidated financial statements;

(m)    indicate which audit work is performed by third-country auditor(s), statutory auditor(s), third-country audit entity(ies) or audit firm(s) in case of a statutory audit of consolidated financial statements;

(n)     indicate whether all requested explanations and documents were provided by the audited entity.

3.           In case of disagreement between the appointed statutory auditors or audit firms on auditing procedures, accounting rules or any other issue regarding the conduct of the statutory audit, the reasons for such disagreement shall be explained in the additional report to the audit committee.

4.           The additional report to the audit committee shall be signed and dated by the statutory auditor(s) or the audit firm(s). Where an audit firm carries out the statutory audit, the additional report to the audit committee shall be signed by at least the statutory auditor(s) carrying out the statutory audit on behalf of the audit firm.

5.           Upon request, the statutory auditor(s) or the audit firm(s) shall make available without delay the additional report to the competent authorities.

Article 24

Oversight of the statutory audit by the audit committee

The audit committee of the public-interest entity shall monitor the work of the statutory auditor(s) or audit firm(s) carrying out the statutory audit.

The statutory auditor(s) or audit firm(s) shall report to the audit committee on key matters arising from the statutory audit, and in particular on material weaknesses in internal control in relation to the financial reporting process. Upon request of any of the parties, the statutory auditor(s) or audit firm(s) shall discuss these matters with the audit committee.

The audit committee shall inform the administrative or supervisory body of the audited entity of the outcome of the statutory audit. The audit committee shall explain how the statutory audit contributed to the integrity of financial reporting and which was its role in this process.

In is the instance of the audited entity being exempted from the obligation to have an audit committee, the audited entity shall decide which body or organ of the entity shall engage with the statutory auditor or audit firm for the purposes of the obligations set out in this Article.

Article 25

Report to supervisors of public-interest entities

1.           Without prejudice to Article 55 of Directive 2004/39/EC, Article 53 of Directive 2006/48/EC of the European Parliament and of the Council[34], Article 15(4) of Directive 2007/64/EC, Article 106 of Directive 2009/65/EC, the first paragraph of Article 3 of Directive 2009/110/EC and Article 72 of Directive 2009/138/EC of the European Parliament and of the Council[35], the statutory auditor or audit firm carrying out the statutory audit of a public-interest entity shall have a duty to report promptly to the competent authorities supervising public-interest entities any fact or decision concerning that public-interest entity of which he, she or it has become aware while carrying out that statutory audit and which is liable to bring about any of the following:

(a)     a material breach of the laws, regulations or administrative provisions which lay down, where appropriate, the conditions governing authorisation or which specifically govern pursuit of the activities of such public-interest entity;

(b)     the impairment of the continuous functioning of the public-interest entity;

(c)     a refusal to certify the financial statements or the expression of reservations.

The statutory auditor or the audit firm shall also have a duty to report any facts and decisions of which he, she or it becomes aware in the course of carrying out the statutory audit of an undertaking having close links with the public-interest entity for which he, she or it is also carrying out the statutory audit.

2.           Competent authorities supervising credit institutions and insurance undertakings shall establish regular a dialogue with the statutory auditors and audit firms carrying out the statutory audit of those institutions and undertakings.

In order to facilitate the exercise of the tasks referred to in the first subparagraph, EBA and EIOPA shall issue guidelines addressed to the competent authorities supervising credit institutions and insurance undertakings, in accordance with Article 16 of Regulation (EU) No 1093/2010 and of Regulation (EU) No 1094/2010, respectively.

3.           The disclosure in good faith to the competent authorities, by the statutory auditor or audit firm, of any fact or decision referred to in paragraph 1 or of any fact during the dialogue foreseen in paragraph 2 shall not constitute a breach of any contractual or legal restriction on disclosure of information and shall not involve such persons in liability of any kind.

CHAPTER V

TRANSPARENCY REPORTING BY STATUTORY AUDITORS AND AUDIT FIRMS AND RECORD KEEPING

Article 26

Disclosure of financial information

1.           An audit firm that carries out statutory audits of public-interest entities shall make public its annual financial report within the meaning of Article 4(2) of Directive 2004/109/EC at the latest four months after the end of each financial year.

Statutory auditors who carry out statutory audits of public-interest entities shall publish their annual income statement.

2.           The annual financial report and the annual income statement shall show the total turnover divided into fees from the statutory audit of annual and consolidated financial statements of public-interest entities and entities belonging to a group of undertakings whose parent undertaking is a public-interest entity, fees from the statutory audit of annual and consolidated financial statements of other entities and fees charged for related financial audit services as defined in Article 10(2).

The annual financial report or the annual income statement shall be audited in accordance with the provisions of this Regulation.

3.           Where the statutory auditor or the audit firm belongs to a network, the statutory auditor or the audit firm shall provide the following additional information in the annual financial report or as an annex to the annual income statement:

(a)     the name of each statutory auditor or audit firm belonging to the network;

(b)     the country(ies) in which each statutory auditor or audit firm belonging to the network is qualified as statutory auditor or has his, her or its registered office, central administration or principal place of business;

(c)     the total turnover generated by the statutory auditors and audit firms belonging to the network, resulting from the statutory audit of annual and consolidated financial statements;

(d)     the audited consolidated financial statements for the network and, where there is a legal entity governing the network, the audited financial statements of such legal entity prepared in accordance with Article 4(3) of Directive 2004/109/EC.

By derogation from the first subparagraph, the statutory auditor or the audit firm may not provide the additional information where it is disclosed by the legal entity governing the network or another representative of the network. In this case, the statutory auditor or the audit firm shall indicate in the annex to the annual income statement or to the annual financial report where that information is accessible.

4.           The annual financial report or annual income statement shall be published on the website of the statutory auditor or the audit firm and shall remain available on that website for at least five years.

              Statutory auditors and audit firms shall communicate to the competent authorities that the annual income statement or to the annual financial report have been published on the websites of the statutory auditor or the audit firm.

Article 27

Transparency Report

1.           A statutory auditor or an audit firm that carries out statutory audit(s) of public-interest entities shall make public an annual transparency report at the latest three months after the end of each financial year. The annual transparency report shall be published on the website of the statutory auditor or audit firm and shall remain available on that website for at least five years.

A statutory auditor or audit firm shall be allowed to update its published annual transparency report. In such a case, the auditor or firm indicate that it is an updated version of the report and the original version of the report shall continue to remain available on the website.

Statutory auditors and audit firms shall communicate to ESMA and to the competent authorities that the transparency report has been published on the website of the statutory auditor or audit firm or, as appropriate, that it has been updated.

2.           The annual transparency report shall include at least the following:

(a)     a description of the legal structure and ownership of the audit firm;

(b)     where the statutory auditor or audit firm belongs to a network, a description of the network and the legal and structural arrangements in the network;

(c)     a description of the governance structure of the audit firm;

(d)     a description of the internal quality control system of the audit firm and a statement by the administrative or management body on the effectiveness of its functioning;

(e)     an indication of when the last quality assurance review referred to in Article 40 was carried out;

(f)      a list of public-interest entities for which the statutory auditor or audit firm has carried out statutory audits during the preceding financial year and a list of the entities from which the statutory auditor or audit firm receives more than 5% of its annual revenue;

(g)     a statement concerning the statutory auditor's or audit firm's independence practices which also confirms that an internal review of independence compliance has been conducted;

(h)     a statement on the policy followed by the statutory auditor or audit firm concerning the continuing education of statutory auditors referred to in Article 13 of Directive 2006/43/EC;

(i)      information concerning the basis for the partners' remuneration in audit firms;

(j)      a description of its policy concerning the rotation of key audit partners and staff in accordance with Article 33(5);

(k)     where appropriate, a corporate governance statement.

The statutory auditor or audit firm may, in exceptional circumstances, decide not to disclose the information required in point (f) of the first subparagraph to the extent necessary to mitigate an imminent and significant threat to the personal security of any person. The statutory auditor or audit firm shall be able to demonstrate to the competent authority the existence of such threat.

3.           The transparency report shall be signed by the statutory auditor or audit firm.

Article 28

Corporate governance statement

1.           Where an audit firm generates more than one third of its annual audit revenues from large public-interest entities, it shall make public a corporate governance statement. That statement shall be included as a specific section of the Transparency Report.

2.           The corporate governance statement shall at least include the following information:

(a)     a reference to at least one of the following:

(i)      the corporate governance code to which the audit firm is subject,

(ii)      the corporate governance code which the audit firm may have voluntarily decided to apply;

(iii)     all relevant information about the corporate governance practices applied beyond the requirements under national law.

Where the information referred to in points (i) and (ii) is included, the audit firm shall also indicate where the relevant texts are publicly available. Where the information referred to in point (iii) is included, the audit firm shall make its corporate governance practices publicly available;

If the audit firm is not subject to any corporate governance code and does not voluntarily apply one, it shall state so.

(b)     the extent to which an audit firm, in accordance with national law, departs from a corporate governance code referred to in points (a)(i) or (ii), an explanation by the audit firm as to which parts of the corporate governance code it departs from and the reasons for doing so. Where the audit firm has decided not to apply any provisions of a corporate governance code referred to in points (a)(i) or (ii), it shall explain its reasons for doing so;

(c)     a description of the main features of the undertaking's internal control and risk management systems in relation to the financial reporting process;

(d)     the following information:

(i)      significant direct and indirect holdings of voting rights equal to or exceeding 5 % of the total voting rights in the audit firm, including indirect holdings of voting rights through pyramid structures and cross holdings of voting rights;

(ii)      the identity of the holders of any special control rights and a description of those rights, whether such rights results from the holding of any securities, by contract or otherwise;

(iii)     any restrictions on voting rights, including limitations of the voting rights of holders of a given percentage or number of votes, deadlines for exercising voting rights,

(iv)     the rules governing the appointment and replacement of board members and the amendment of the articles of association;

(v)     the powers of board members;

(e)     unless the information is already fully provided for in national laws or regulations, the operation of the meeting of shareholders or holders of voting rights and its key powers, and a description of shareholders’ or voting rights holders' rights and how they can be exercised;

(f)      the composition and operation of the administrative, management and supervisory bodies and their committees.

Article 29

Information to competent authorities

A statutory auditor or audit firm shall provide annually to his, her or its competent authority a list of the audited public-interest entities by revenue generated from them.

Article 30

Record keeping

Statutory auditors and audit firms shall keep the documents and information referred to in Article 6(1), Article 9(3), Article 11(3) and (4), Article 16(2) to (6), Article 17(1) and (2), Article 18(1) and (3), Article 19(3) to (6), Articles 22, 23 and 24, Article 25(1) and (2), Article 29, Article 32(2), (3), (5) and (6), Article 33(6) and Article 43(4) for a period of five years following the production of such documents or information.

Member States may require statutory auditors and audit firms to keep the documents and information referred to in the first subparagraph for a longer period in accordance with their rules on personal data protection and administrative and judicial proceedings.

Title III

The appointment of statutory auditors or audit firms by public-interest entities

Article 31

Audit Committee

1.           Each public-interest entity shall have an audit committee. The audit committee shall be composed of non-executive members of the administrative body and/or members of the supervisory body of the audited entity and/or members appointed by the general meeting of shareholders of the audited entity or, for entities without shareholders, by an equivalent body.

At least one member of the audit committee shall have competence in auditing and another member in accounting and/or auditing. The committee members as a whole shall have competence relevant to the sector in which the audited entity is operating.

A majority of the members of the audit committee shall be independent. The chairman of the audit committee shall be appointed by its members and shall be independent.

2.           By derogation from paragraph 1 of this Article, in public-interest entities which meet the criteria set out in points (f) and (t) of Article 2(1) of Directive 2003/71/EC of the European Parliament and of the Council[36], the functions assigned to the audit committee may be performed by the administrative or supervisory body as a whole, provided at least that where the chairman of such a body is an executive member, he or she is not the chairman of the audit committee.

3.           By derogation from paragraph 1, the following public-interest entities may decide not to have an audit committee:

(a)     any public-interest entity which is a subsidiary undertaking within the meaning of Article 1 of Directive 83/349/EEC if the entity complies with the requirements in paragraphs 1 to 4 of that Article at group level;

(b)     any public-interest entity which is an undertaking for collective investment in transferable securities (UCITS) as defined in Article 1(2) of Directive 2009/65/EC or an alternative investment fund (AIF) as defined in Article 4(1)(a) of Directive 2011/61/EU;

(c)     any public-interest entity the sole business of which is to act as issuer of asset backed securities as defined in Article 2(5) of Commission Regulation (EC) No 809/2004[37];

(d)     any credit institution within the meaning of Article 1(1) of Directive 2006/48/EC whose shares are not admitted to trading on a regulated market of any Member State within the meaning of point 14 of Article 4(1) of Directive 2004/39/EC and which has, in a continuous or repeated manner, issued only debt securities admitted to trading in a regulated market, provided that the total nominal amount of all such debt securities remains below EUR 100 000 000 and that it has not published a prospectus under Directive 2003/71/EC.

The public-interest entities referred to in points (b) and (c) shall explain to the public the reasons for which it considers it not appropriate to have either an audit committee or an administrative or supervisory body entrusted to carry out the functions of an audit committee.

4.           By derogation from paragraph 1, a public-interest entity that has a body performing equivalent functions to an audit committee, established and functioning according to provisions in place in the Member State in which the entity to be audited is registered, may decide not to have an audit committee. In such a case the entity shall disclose which body carries out those functions and how that body is composed.

5.           Without prejudice to the responsibility of the members of the administrative, management or supervisory bodies, or of other members who are appointed by the general meeting of shareholders of the audited entity, the audit committee shall, inter alia:

(a)     monitor financial reporting process and submit recommendations or proposals to ensure its integrity;

(b)     monitor the effectiveness of the undertaking's internal control, internal audit where applicable, and risk management systems;

(c)     monitor the statutory audit of the annual and consolidated financial statements and supervise the completeness and integrity of the draft audit reports in accordance with Articles 22 to 23;

(d)     review and monitor the independence of the statutory auditors or audit firms in accordance with Articles 5 to 11, and in particular the provision of additional services to the audited entity in accordance with Article 10;

(e)     be responsible for the procedure on the selection of statutory auditor(s) or audit firm(s) and recommend the statutory auditor(s) or audit firm(s) to be appointed in accordance with Articles 32;

(f)      authorise, on a case by case basis, the provision by the statutory auditor or audit firm of the services referred to in Article 10(3)(b)(i) and (ii) of this Regulation to the audited entity.

Article 32

Appointment of the statutory auditors or audit firms

1.           For the purposes of the application of Article 37 of Directive 2006/43/EC, for the appointment of statutory auditors or audit firms by public-interest entities, the conditions set out in paragraphs 2 to 5 of this Article shall apply.

Where Article 37(2) of Directive 2006/43/EC applies, the public-interest entity shall inform the competent authority of the use of the alternative systems or modalities referred to in that Article.

2.           The audit committee shall submit a recommendation to the administrative or supervisory board of the audited entity for the appointment of statutory auditors or audit firms. The audit committee shall justify the recommendation made.

Unless it concerns the renewal of an audit engagement in accordance with the second subparagraph of Article 33(1), the recommendation shall contain at least two choices for the audit engagement and the audit committee shall express a duly justified preference for one of them.

When it concerns the renewal of an audit engagement in accordance with the second subparagraph of Article 33(1), the audit committee shall, for the preparation of its recommendation, take into consideration any findings and conclusions on the recommended statutory auditor or audit firm referred to in Article 40(6) and published by the competent authority pursuant to Article 44(d).

In its recommendation, the audit committee shall state that its recommendation is free from influence by a third party and that no contractual clause as referred to in paragraph 7 has been imposed upon it.

3.           Unless it concerns the renewal of an audit engagement in accordance with the second subparagraph of Article 33(1), the recommendation of the audit committee referred to in paragraph 2 of this Article, shall be prepared following a selection procedure organized by the audited entity respecting the following criteria:

(a)     the audited entity shall be free to invite any statutory auditors or audit firms to submit proposals for the provision of the statutory audit service on the condition that Article 33(2) is respected and that at least one of the invited auditors or firms is not one who received more than 15% of the total audit fees from large public-interest entities in the Member State concerned in the previous calendar year;

(b)     the audited entity shall be free to choose the method to contact the invited statutory auditor(s) or audit firm(s) and shall not be required to publish a call for tenders in the Official Journal of the European Union and/or in national gazettes or newspapers;

(c)     the audited entity shall prepare tender documents to the intention of the invited statutory auditor(s) or audit firm(s). Those tender documents shall allow them to understand the business of the audited entity and the type of statutory audit that is to be carried out. The tender documents shall contain transparent and non-discriminatory selection criteria that shall be used by the audited entity to evaluate the proposals made by statutory auditors or audit firms;

(d)     the audited entity shall be free to define the selection procedure and may conduct direct negotiations with interested tenderers in the course of the procedure;

(e)     where, in accordance with national law or Union law, the competent authorities referred to in Article 35, require statutory auditors and audit firms to comply with certain quality standards, those standards shall be included in the tender documents;

(f)      the audited entity shall evaluate the proposals made by the statutory auditors or audit firms in accordance with the selection criteria predefined in the tender documents. The audited entity shall prepare a report on the conclusions of the selection procedure, which shall be validated by the audit committee. The audited entity and the audit committee shall take into consideration any inspection report on the applicant statutory auditor or audit firm referred to in Article 40(6) and published by the competent authority pursuant to Article 44(d);

(g)     the audited entity shall be able to demonstrate to the competent authority referred to in Article 35 that the selection procedure was conducted in a fair manner.

The audit committee shall be responsible for the selection procedure referred to in the first subparagraph.

For the purposes of point (a) of the first subparagraph, the competent authority referred to in Article 35(1) shall make public a list of the auditors and audit firms concerned which shall be updated on an annual basis. The competent authority shall use the information provided by statutory auditors and audit firms pursuant to Article 28 to make the relevant calculations.

4.           Public-interest entities which meet the criteria set out in points (f) and (t) of Article 2(1) of Directive 2003/71/EC shall not be required to apply the selection procedure referred to in paragraph 4.

5.           The proposal of the administrative or supervisory board to the general meeting of shareholders or members of the audited entity for the appointment of statutory auditors or audit firms shall include the recommendation made by the audit committee.

If the proposal of the administrative or supervisory board departs from the recommendation of the audit committee, the proposal shall justify the reasons for not following the recommendation of the audit committee.

6.           In the case of a credit institution or insurance undertaking, the administrative or supervisory board shall submit its draft proposal to the competent authority referred to in Article 35(2). The competent authority referred to in Article 35(2) shall have the right to veto the choice proposed in the recommendation. Any such opposition shall be duly justified.

The absence of a reply by the competent authority within the prescribed time-limit following submission of the audit committee's recommendation shall be considered as constituting an implied consent to the recommendation.

7.           Any contractual clause entered into between a public-interest entity and a third party restricting the choice by the general meeting of shareholders or members of that entity pursuant to Article 37 of Directive 2006/43/EC to certain categories or lists of statutory auditors or audit firms to carry out the statutory audit of that entity shall be null and void.

The public-interest entity shall inform the competent authorities referred to in Article 35 of any attempt by a third party to impose such a contractual clause or to otherwise influence the decision of the general meeting of shareholders on the selection of a statutory auditor or audit firm.

8.           Where the audited entity is exempted from the obligation to have an audit committee, the audited entity shall decide which body or organ of the entity shall perform its functions for the purposes of the obligations set out in this Article.

9.           Member States may decide that a minimum number of statutory auditors or audit firms shall be appointed by public-interest entities in certain circumstances and establish the conditions governing the relations between the auditors or firms appointed.

If a Member State establishes such requirement, it shall inform the Commission and ESMA thereof.

10.         In order to facilitate the exercise of the task of the audited entity to organize a selection procedure for the appointment of a statutory auditor or audit firm, EBA, EIOPA and ESMA shall issue guidelines addressed to the public-interest entities on the criteria governing the selection procedure referred to in paragraph 3, in accordance with Article 16 of Regulation (EU) No 1093/2010, of Regulation (EU) No 1094/2010 and of Regulation (EU) No 1095/2010, respectively.

Article 33

Duration of the audit engagement

1.           The public-interest entity shall appoint a statutory auditor or audit firm for an initial engagement that shall not be shorter than two years.

The public-interest entity may renew this engagement only once.

The maximum duration of the combined two engagements shall not exceed 6 years.

Where throughout a continuous engagement of 6 years two statutory auditors or audit firms have been appointed, the maximum duration of the engagement of each statutory auditor or audit firm shall not exceed 9 years.

2.           After the expiry of the maximum duration of the engagement referred to in paragraph 1, the statutory auditor or audit firm or any members of its network within the Union, where applicable, shall not undertake the statutory audit of the public-interest entity concerned until a period of at least four years has elapsed.

3.           By way of derogation from paragraphs 1 and 2, on an exceptional basis the public-interest entity may request the competent authority referred to in Article 35(1) to grant an extension to re-appoint the statutory auditor or audit firm for an additional engagement. In case of appointment of two statutory auditors or audit firms, this third engagement shall not exceed three years. In case of appointment of one statutory auditor or audit firm, this third engagement shall not exceed two years.

4.           The key audit partner(s) responsible for carrying out a statutory audit shall cease his, her or their participation in the statutory audit of the audited entity after a period of seven years from the date of appointment has elapsed. He, she or they may participate in the statutory audit of the audited entity again after a period of at least three years.

The statutory auditor or audit firm shall establish an appropriate gradual rotation mechanism with regard to the most senior personnel involved in the statutory audit, including at least the persons who are registered as statutory auditors. The gradual rotation mechanism shall be undertaken in phases on the basis of individuals rather than of a complete team. It shall be proportionate in view of the scale and the dimension of the activity of the statutory auditor or audit firm.

The statutory auditor or audit firm shall be able to demonstrate to the competent authority that such mechanism is effectively applied and adapted to the scale and the dimension of the activity of the statutory auditor or audit firm.

5.           Where a statutory auditor or audit firm is replaced by another statutory auditor or audit firm, the former statutory auditor or audit firm shall provide the incoming statutory auditor or audit firm with a handover file. Such file shall include relevant information concerning the audited entity as may reasonably be necessary to understand the nature of the business and the internal organisation of the audited entity and to ensure the continuity of the statutory audit and the comparability with the audits carried out in previous years.

The former statutory auditor or audit firm shall also grant access to the incoming statutory auditor or audit firm to the additional reports to the audit committee referred to in Article 23 of previous years and to any information transmitted to competent authorities pursuant to Articles 25 and 27.

The former statutory auditor or audit firm shall be able to demonstrate to the competent authority that such information has been provided to the incoming statutory auditor or audit firm.

6.           ESMA shall develop draft regulatory technical standards to specify technical requirements on the content of the handover file referred to in paragraph 6.

Power is delegated to the Commission to adopt the regulatory technical standards referred to in paragraph 6 in accordance with Article 10 of Regulation (EU) No 1095/2010.

Article 34

Dismissal and resignation of the statutory auditors or audit firms

1.           Without prejudice to Article 38(1) of Directive 2006/43/EC, the audited entity and the statutory auditor or audit firm shall inform the competent authority concerning the dismissal or resignation of the statutory auditor or audit firm during the term of appointment and give an adequate explanation of the reasons thereof.

Where a Member State has appointed other competent authorities for the purpose of Title III of this Regulation in accordance with Article 35(2), such competent authority shall forward this information to the competent authority referred to in Article 35(1).

2.           The audit committee, one or more shareholders, the competent authorities referred to in Article 35(1) or 35(2) shall be able to bring a claim before a national court for the dismissal of the statutory auditor(s) or audit firm(s) where there are proper grounds.

Where the condition laid down in Article 6(2) of Directive 2007/36/EC applies, it shall also apply to shareholders exercising the power described in the first subparagraph.

In case that the audited entity is exempted from the obligation to have an audit committee, the audited entity shall decide which body or organ of the entity shall perform its functions for the purposes of this paragraph.

Title IV

Surveillance of the activities of auditors and audit firms carrying out statutory audit of public-interest entities

CHAPTER I

COMPETENT AUTHORITIES

Article 35

Designation of competent authorities

1.           Each Member State shall designate a competent authority responsible for carrying out the tasks provided for in this Regulation and for ensuring that the provisions of this Regulation are applied.

The competent authority shall be one of the following:

(a)     the competent authority referred to in Article 24(1) of Directive 2004/109/EC;

(b)     the competent authority referred to in Article 24(4)(h) of Directive 2004/109/EC;

(c)     the competent authority referred to in Article 32 of Directive 2006/43/EC.

2.           By derogation from paragraph 1, Member States may decide that the responsibility for ensuring that all or part of the provisions of Title III of this Regulation are applied shall be entrusted to, as appropriate, the competent authorities referred to in:

(a)     Article 24(1) of Directive 2004/109/EC;

(b)     Article 24(4)(h) of Directive 2004/109/EC;

(c)     Article 40 of Directive 2006/48/EC;

(d)     Article 30 of Directive 2009/138/EC;

(e)     Article 20 of Directive 2007/64/EC;

(f)      Article 3(1) of Directive 2009/110/EC;

(g)     Article 48 of Directive 2004/39/EC;

(h)     Article 97 of Directive 2009/110/EC;

(h)     Article 44 of Directive 2011/61/EU.

3.           Where more than one competent authority has been designated pursuant to paragraphs 1 and 2, those authorities shall be organised in such a manner that their tasks are clearly allocated.

4.           Paragraphs 1, 2 and 3 shall be without prejudice to the possibility for a Member State to make separate legal and administrative arrangements for overseas European territories for whose external relations that Member State is responsible.

5.           The competent authorities shall be adequately staffed, with regard to capacity and expertise, and shall have the adequate resources in order to be able to fulfill their tasks provided for in this Regulation.

6.           The Member States shall inform each other, EBA, EIPA and ESMA in accordance with the relevant provisions of Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010, and shall inform the Commission of the appointment of competent authorities for the purposes of this Regulation.

ESMA shall consolidate this information and make it public.

Article 36

Conditions of independence

The competent authorities and any authority to which the competent authority referred to in Article 35(1) has delegated tasks shall be independent of statutory auditors and audit firms.

A person shall not be involved in the governance of those authorities if in the course of the three previous years he or she:

(a)          has carried out statutory audits of public-interest entities;

(b)          held voting rights in an audit firm;

(c)          was member of the administrative, management or supervisory body of an audit firm;

(d)          was an employee or otherwise associated with an audit firm.

The funding of those authorities shall be secure and free from any possible undue influence by statutory auditors and audit firms.

Article 37

Professional secrecy

The obligation of professional secrecy shall apply to all persons who are or have been employed by competent authorities or by any authority to whom the competent authority referred to in Article 35(1) has delegated tasks, including experts contracted by such authorities. Information covered by professional secrecy may not be disclosed to any other person or authority except by virtue of the obligations of this Regulation or of the laws, regulations or administrative procedures of a Member State.

Article 38

Powers of competent authorities

1.           Without prejudice to Articles 40 and 41, in carrying out their tasks under this Regulation, the competent authorities or any other public authorities of a Member State may not interfere with the content of audit reports.

2.           In order to carry out their tasks under this Regulation, the competent authorities shall, in conformity with national law, have all the supervisory and investigatory powers that are necessary for the exercise of their functions. They shall exercise their powers in any of the following ways:

(a)     directly;

(b)     in collaboration with other authorities;

(c)     under their responsibility by delegation to entities to which tasks have been delegated according to Article 35(1);

(d)     by application to the competent judicial authorities.

3.           In order to carry out their tasks under this Regulation, the competent authorities shall, in conformity with national law, have the power in their supervisory capacity to:

(a)     access any document in any form relevant to the carrying out of their tasks and to receive or take a copy thereof;

(b)     demand information from any person and if necessary to summon and question a person with a view to obtaining information;

(c)     carry out on-site inspections with or without announcement;

(d)     require records of telephone and data traffic processed by statutory auditors and audit firms;

(e)     refer matters for criminal prosecution;

(f)      request experts to carry out verifications or investigations;

(g)     take the administrative measures and sanctions referred to in Article 61.

The competent authorities may use the powers referred to in the first subparagraph only in relation to statutory auditors and audit firms carrying out statutory audit of public-interest entities, persons involved in the activities of statutory auditors and audit firms carrying out statutory audit of public-interest entities, audited entities, their affiliates and related third parties, third parties to whom the statutory auditors and audit firms carrying out statutory audit of public-interest entities have outsourced certain functions or activities, and persons otherwise related or connected to statutory auditors and audit firms carrying out statutory audit of public-interest entities.

4. A request for records of telephone or data traffic referred to in point (d) of paragraph 3 shall require authorisation from a judicial authority.

5.           Where a cooperative within the meaning of Article 2(14) of Directive 2006/43/EC or a similar entity as referred to in Article 45 of Directive 86/635/EEC is required or permitted under national law to be a member of a non-profit-making auditing entity, the competent authority referred to in Article 35(1) may decide that certain provisions set out under this Regulation shall not apply to the statutory audit of such entity provided that the principles of independence laid down in Chapter I of this Regulation are complied with by the statutory auditor carrying out the statutory audit and by persons who may be in a position to influence the statutory audit. For the purpose of deciding upon such exceptional situations of non-application of certain provisions of this Regulation, the competent authority referred to in Article 35(1) shall consult the supervisory authority of the cooperative or the similar entity where appropriate.

              The competent authority referred to in Article 35(1) shall inform ESMA of such exceptional situations of non-application of certain provisions of this Regulation. It shall communicate ESMA the list of provisions of this Regulation that have not been applied to the statutory audit of the entities referred to in paragraph 5 and the reasons that justified the exemption granted for such non-application.

6.           The processing of personal data processed in the exercise of the supervisory and investigative powers pursuant to this Article shall be carried out in accordance with Directive 95/46/EC.

Article 39

Cooperation with other competent authorities at national level

The competent authority designated pursuant to Article 35(1) and, where appropriate, any authority to whom that competent authority has delegated tasks shall cooperate at national level with:

(a)          the competent authorities responsible for the approval and registration of statutory auditors and audit firms pursuant to Directive 2006/43/EC;

(b)          the authorities referred to in Article 35(2), whether they have been designated competent authorities for the purposes of this Regulation or not;

(c)          the financial intelligence units and the competent authorities referred to in Articles 21 and 37 of Directive 2005/60/EC.

CHAPTER II

QUALITY ASSURANCE, INVESTIGATION, MARKET MONITORING, CONTINGENCY PLANNING AND TRANSPARENCY OF COMPETENT AUTHORITIES TASKS

Article 40

Quality assurance

1.           For the purposes of this Article:

(a)     "inspections" means quality assurance reviews of statutory auditors and audit firms, which are led by an inspector and which do not represent an investigation within the meaning of Article 41;

(b)     "inspector" means a reviewer who meets the requirements set out in point (a) of the second subparagraph of paragraph 3 of this Article and is employed by a competent authority;

(c)     "expert" means a natural person, who has specific expertise in financial markets, financial reporting, auditing or other fields relevant for inspections, including practising statutory auditors.

2.           The competent authorities referred to in Article 35(1) shall establish an effective system of audit quality assurance.

The competent authority shall carry out quality assurance reviews of statutory auditors and audit firms that carry out statutory audits of public-interest entities at least every three years.

3.           The competent authority shall be responsible for the quality assurance system and shall organise it in a manner that is independent of the reviewed statutory auditors and audit firms.

The competent authority shall have the following responsibilities which may not be delegated to any association or body affiliated with the accounting or audit profession:

(a)     approval and amendment of the inspection methodologies, including inspection and follow-up manuals, reporting methodologies and periodic inspection programmes;

(b)     approval and amendment of inspection reports and follow up reports;

(c)     approval and assignment of inspectors for each inspection.

The competent authority shall allocate adequate resources to the quality assurance system.

4.           The competent authority shall ensure that appropriate policies and procedures related to the independence and objectivity of the staff, including inspectors, and the management of the inspection system are put in place.

The competent authority shall comply with the following criteria when appointing inspectors:

(a)     inspectors shall have appropriate professional education and relevant experience in statutory audit and financial reporting combined with specific training on quality assurance reviews;

(b)     a person who is a practicing statutory auditor or is employed or otherwise associated with a statutory auditor or an audit firm shall not be allowed to act as an inspector;

(c)     a person shall not be allowed to act as an inspector in an inspection of the statutory auditor or audit firm until at least two years have elapsed since that person ceased to be a partner or employee of that auditor or in that audit firm or to be otherwise associated therewith;

(d)     inspectors shall declare that there are no conflicts of interest between them and the statutory auditor and audit firm to be inspected.

The competent authority may contract experts for carrying out specific inspections when the number of inspectors within the authority is insufficient. The competent authority may also be assisted by experts when this is essential for the proper conduct of an inspection. In such instances, the competent authorities and the experts shall comply with the requirements of this paragraph. Experts shall be independent from professional associations and bodies.

5.           The scope of inspections shall cover:

(a)     an assessment of the design of the internal quality control system of the audit firm or of the statutory auditor;

(b)     adequate compliance testing of procedures and a review of audit files of public interest entities in order to verify the effectiveness of the internal quality control system;

(c)     in the light of the inspection findings under points (a) and (b) of this paragraph, an assessment of the contents of the most recent annual transparency report published by a statutory auditor or an audit firm in accordance with Article 27.

At least the following internal control policies and procedures of the statutory auditor or the audit firm shall be reviewed:

(a)     compliance by the statutory auditor or the audit firm with applicable auditing and quality control standards, and ethical and independence requirements, including those related to Chapter IV of Directive 2006/43/EC and Articles 5 to 10 of this Regulation, as well as relevant laws, regulations and administrative provisions of the Member State concerned;

(b)     the quantity and quality of resources used, including compliance with continuing education requirements as set out in Article 13 of Directive 2006/43/EC;

(c)     compliance with the requirements set out in Article 9 on the audit fees charged.

For the purposes of testing compliance, at least a significant part of audit files shall be selected on the basis of an analysis of the risk of an inadequate carrying out of the statutory audit.

The competent authorities shall also periodically review the methodologies used by statutory auditors and audit firms to carry out statutory audit.

Inspections shall be appropriate and proportionate in view of the scale and complexity of the activities of the reviewed audit firm or statutory auditor.

6.           Inspections findings and conclusions on which recommendations are based, including the findings and conclusions related to a transparency report, shall be communicated to and discussed with the inspected statutory auditor or audit firm before an inspection report is finalised.

Recommendations of inspections shall be followed up by the inspected statutory auditor or audit firm within a reasonable period set by the competent authority. Such period shall not exceed 12 months in the case of recommendations on the internal quality control system of the audit firm.

7.           The inspection shall be the subject of a report which shall contain the main conclusions of the quality assurance review.

Article 41

Investigation

The competent authorities referred to in Article 35(1) shall establish effective systems of investigation with a view to detecting, correcting and preventing inadequate carrying out of the statutory audit of public-interest entities.

Where a competent authority contracts experts for carrying out specific assignments, the authority shall ensure that there are no conflicts of interest between these experts and the statutory auditor or audit firm under investigation.

Article 42

Market monitoring

1.           The competent authorities referred to in Article 35(1) shall regularly monitor the developments in the market for providing statutory audit services to public-interest entities.

The competent authorities shall in particular assess the following:

(a)     the risks arising from high concentration, including the demise of audit firms with significant market share, the disruption in the provision of statutory audit services whether in a specific sector or across sectors, the further accumulation of risk in the market and the impact on the overall stability of the financial sector;

(b)     the need to adopt measures to mitigate those risks.

2.           By X X 20XX [2 years after the entry into force of the Regulation], and at least on a two-year basis thereafter, each competent authority shall draw up a report on this issue and submit it to ESMA, EBA and EIOPA.

ESMA, EBA and EIOPA shall use those reports to draw up a joint report on the situation at Union level. The report shall be submitted to the Commission, the European Central Bank and the European Systemic Risk Board.

Article 43

Contingency planning

1.           Without prejudice to Article 52, competent authorities designated pursuant to Article 35(1) shall require at least the six largest audit firms in terms of statutory audits of large public-interest entities in each Member State to establish a contingency plan addressing a possible event threatening the continuity of operations of the concerned firm.

The competent authority shall make public a list of the firms concerned by the first subparagraph and update it annually. The competent authority shall use the information provided by statutory auditors and audit firms pursuant to Article 28 to calculate which the largest six audit firms are.

2.           The contingency plans shall identify measures to avoid disruption in the provision of statutory audit services to public-interest entities, prevent the contagion effect to other audit firms, belonging to the same network or not, as a result of either liability or reputation risks and prevent further structural accumulation of risk in the market.

The contingency plans shall indicate:

(a)     the level of liability that each partner is subjected to within the audit firm;

(b)     the extent to which legal liability can spread to other audit firms belonging to the same network, both at national, Union and international level.

3.           Without prejudice to the applicable national insolvency laws, competent authorities may specifically require that the contingency plans identify measures to prepare an orderly failure of the firm concerned.

4.           The audit firms concerned shall submit their respective contingency plans to the competent authorities within a timeframe set by the competent authorities. The contingency plans shall be updated as appropriate.

The competent authorities shall not formally approve or endorse the contingency plans. They may however provide an opinion on the contingency plans or on draft contingency plans, should the audit firms consult them in advance.

Article 44

Transparency of Competent Authorities

Competent authorities shall be transparent and shall at least publish:

(a)          annual activity reports regarding the tasks provided in this Regulation;

(b)          annual work programmes regarding the tasks provided in this Regulation;

(c)          a report on the overall results of the quality assurance system on an annual basis. This report shall include information on recommendations issued, follow-up on the recommendations, supervisory measures taken and penalties imposed. It shall also include quantitative information and other key performance information on financial resources and staffing, and the efficiency and effectiveness of the quality assurance system;

(d)          the inspections findings and conclusions referred to in Article 40(6).

CHAPTER III

COOPERATION BETWEEN COMPETENT AUTHORITIES AND RELATIONS WITH THE EUROPEAN SUPERVISORY AUTHORITIES

Article 45

Obligation to cooperate

The competent authorities of the Member States shall cooperate with each other where it is necessary for the purposes of this Regulation, including in cases where the conduct under investigation does not constitute an infringement of any legislative or regulatory provision in force in the Member State concerned.

Article 46

ESMA

1.           The cooperation between competent authorities shall be organised within the framework of ESMA.

ESMA shall create a permanent internal committee pursuant to Article 41 of Regulation (EU) No 1095/2010 for this purpose. Such internal committee shall be at least composed of the competent authorities referred to in Article 35(1) of this Regulation. The competent authorities referred to in Article 32 of Directive 2006/43/EC shall be invited to attend the meetings of such internal committee concerning matters related to approval and registration of statutory auditors and audit firms and relations with third countries in so far as relevant to the statutory audit of public-interest entities.

ESMA shall cooperate with EBA and EIOPA within the framework of the Joint Committee of the European Supervisory Authorities established in Article 54 of Regulation (EU) No 1095/2010.

ESMA shall take over, as appropriate, all existing and ongoing tasks from the European Group of Audit Oversight Bodies (EGAOB) created by Decision 2005/909/EC.

2.           ESMA shall provide advice to the competent authorities in the cases provided for in this Regulation. The Competent authorities shall consider that advice before taking any final decision under this Regulation.

3.           In order to facilitate the exercise of the tasks provided for in this Regulation, ESMA shall issue guidelines, in accordance with Article 16 of Regulation (EU) No 1095/2010, as appropriate, on:

(a)     common standards on the content and presentation of the report referred to in Article 22;

(b)     common standards on the content and presentation of the report referred to in Article 23;

(c)     common standards on the oversight activity of the audit committee referred to in Article 24;

(d)     common standards and best practices on the content and presentation of the report referred to in Article 27, including the statement referred to in Article 28;

(e)     common standards and best practices on the gradual rotation mechanism referred to in Article 33;

(f)      common standards and best practices regarding the dismissal of auditors, in particular on the existence of proper grounds for it, as referred to in Article 34;

(g)     enforcement practices and activities to be conducted by competent authorities under this Regulation;

(h)     common standards and best practices for conducting quality assurance reviews provided for in Article 40, taking into consideration, in particular:

(i)      the different scale and dimension of activity of statutory auditors and audit firms and policies;

(ii)      the commonality of quality standards, policies and procedures to which members of networks of statutory auditors and audit firms adhere;

(i)      common standards and best practices for conducting investigations provided for in Article 41;

(j)      procedures for the exchange of information provided for in Article 48;

(k)     procedures and modalities for cooperation with regard to quality assurance reviews provided for in Article 49;

(l)      procedures and modalities for joint investigations and inspections provided for in Article 51;

(m)    the operational functioning of the colleges provided for in Article 53, including on the modalities for determining the membership to the colleges, the selection of facilitators, the written arrangements for the operation of the colleges and the coordination arrangements between colleges.

ESMA shall consult EBA and EIOPA before issuing the guidelines referred to in the first subparagraph.

4.           By X X 20XX [four years after the entry into force of the Regulation], and at least at on a two-year basis thereafter, ESMA shall prepare a report on the application of this Regulation.

ESMA shall consult EBA and EIOPA before making public its report.

In a report to be prepared by X X 20XX [two years after the entry into force of the Regulation], ESMA shall undertake an evaluation of the structure of the audit market .

For the purpose of this report, ESMA shall examine the influence of Member States’

civil liability systems for statutory auditors on the audit market structure.

In a report to be prepared by ESMA by X X 20XX [four years after the entry into force of the Regulation], shall examine whether the competent authorities referred to in Article 35(1) are sufficiently empowered and have adequate resources to carry out their tasks.

In a report to be prepared by ESMA by X X 20XX [six years after the end of the transitional period], shall examine the following issues:

(a)     the changes in the audit market structure;

(b)     the changes in the patterns of cross-border activity, including as a result of the changes introduced to Chapter II of Directive 2006/43/EC by Directive xxxx/xx/EU;

(c)     an interim assessment on the improvement of audit quality and the impact of this Regulation on small and medium-sized enterprises which are public-interest entities.

In a report, to be prepared by X X 20XX [twelve years after the entry into force of the Regulation], ESMA shall undertake an evaluation of the impact of this Regulation.

5.           Before X X 20XX [three years after the entry into force of the Regulation] the Commission shall present a report, on the basis of the ESMA reports and other appropriate evidence, on the impact of the national liability rules for statutory auditors on the audit market structure. In the light of that report, the Commission shall take the steps it considers appropriate as a result of its findings.

Article 47

Home Member State principle

1.           Member States shall respect the principle of Home Member State regulation and oversight by the Member State in which the statutory auditor or audit firm is approved and the audited entity has its registered office.

2.           In the case of a statutory audit of consolidated financial statements, the Member State requiring the statutory audit of the consolidated financial statements may not impose additional requirements in relation to the statutory audit concerning registration, quality assurance review, auditing standards, professional ethics and independence on a statutory auditor or audit firm carrying out a statutory audit of a subsidiary established in another Member State.

3.           In the case of a undertaking whose securities are traded on a regulated market in a Member State other than that in which that undertaking has its registered office, the Member State in which the securities are traded may not impose any additional requirements in relation to the statutory audit concerning registration, quality assurance review, auditing standards, professional ethics and independence on a statutory auditor or audit firm carrying out the statutory audit of the annual or consolidated financial statements of that undertaking.

Article 48

Exchange of information

1.           The competent authorities referred to in Article 35 shall, without undue delay, supply each other and the relevant European Supervisory Authorities with the information required for the purposes of carrying out their tasks under this Regulation.

2.           When receiving a request for information from another competent authority or a European Supervisory Authority, the competent authority receiving such request shall, without undue delay, take the necessary measures to gather the required information. If the requested competent authority is not able to supply the required information without undue delay, it shall notify the requesting competent authority of the reasons thereof.

3.           The competent authorities may refuse to act on a request for information under any of the following circumstances:

(a)     supplying information might adversely affect the sovereignty, security or public order of the requested Member States or breach national securities rules;

(b)     judicial proceedings have already been initiated in respect of the same actions and against the same statutory auditors or audit firms before the authorities of the requested Member State;

(c)     a final judgment has already been passed in respect of the same actions and on the same statutory auditors or audit firms by the competent authorities of the requested Member State.

Without prejudice to the obligations to which they are subject in judicial proceedings, competent authorities or the European Supervisory Authorities which receive information pursuant to paragraph 1 may use that information only for the exercise of their tasks within the scope of this Regulation and in the context of administrative or judicial proceedings specifically related to the exercise of those tasks.

4.           The competent authorities may transmit to the competent authorities responsible for supervising public-interest entities, central banks, the European System of Central Banks and the European Central Bank, in their capacity as monetary authorities, and the European Systemic Risk Board confidential information intended for the performance of their tasks. Such authorities or bodies shall not be prevented from communicating to the competent authorities information that the competent authorities may need in order to carry out their duties under this Regulation.

Article 49

Cooperation with regard to quality assurance reviews

1.           Competent authorities shall take measures to ensure effective cooperation at Union level in respect of quality assurance reviews.

2.           The competent authority of one Member State may request the assistance of the competent authority of another Member State with regard to the quality assurance reviews of statutory auditors or audit firms belonging to a network exercicing significant activities in that Member State.

The competent authority making any such request shall inform ESMA thereof. In the event of an investigation or inspection with cross-border effect, the competent authorities may request ESMA to coordinate the investigation or inspection.

3.           Where a competent authority receives a request from a competent authority of another Member State to participate in the quality assurance review of a statutory auditors or audit firm belonging to a network exercicing significant activities in that Member State, it shall allow the requesting competent authority to participate in such quality assurance review.

The requesting competent authority shall not have the right to access information which might adversely affect the sovereignty, security or public order of the requested Member State or breach national securities rules.

Article 50

European Quality Certificate

1.           ESMA shall establish a European quality certificate for statutory auditors and audit firms carrying out statutory audits of public-interest entities.

The European quality certificate shall meet the following conditions:

(a)     the European quality certificate shall be delivered by ESMA and shall be valid across the Union;

(b)     Union auditors and audit firms meeting the relevant requirements shall be entitled to apply for the European quality certificate;

(c)     ESMA shall publish the requirements for obtaining the European quality certificate. Such requirements shall be based on audit quality and the experience of the quality assurance systems referred to in Article 30 of Directive 2006/43/EC and Article 40 of this Regulation;

(d)     ESMA shall charge fees to the applicant statutory auditors and audit firms for delivering the European quality certificate in accordance with the delegated act referred to in paragraph 4 of this Article. Those fees shall fully cover ESMA's necessary expenditure relating to the delivering of the certificate and the reimboursement of any costs that the competent authorities may incur carrying out work pursuant to this Article;

(e)     ESMA shall state the reasons for delivering the certificate or for rejecting the application;

(f)      a statutory auditor or audit firm shall comply at all times with the conditions for the initial granting of the certificate;

(g)     ESMA shall be entitled to re-examine any certificate granted to any statutory auditor or audit firm, either at the request of a competent authority or on its own initiative. The results of the quality assurance reviews shall be taken into account;

(h)     ESMA shall be entitled to withdraw the European quality certificate where the statutory auditor or audit firm does not longer meet the conditions for obtaining it;

(i)      ESMA shall keep a registry of statutory auditors and firms which obtained the certificate;

(j)      the European quality certificate shall have a voluntary character and shall not be a condition for statutory auditors or audit firms to be able to carry out statutory audits of public-interest entities, to be approved in another Member in accordance with Article 14 of Directive 2006/43/EC or to be recognised in another Member in accordance with Article 3a of that Directive.

2.           ESMA shall develop draft regulatory technical standards to specify the procedure for obtaining a European quality certificate for statutory auditors and audit firms carrying out statutory audits of public-interest entities. Those technical standards shall comply with the following principles:

(a)     applications shall be submitted to ESMA in either a language accepted in the Member State where the statutory auditor or audit firm is approved or in a language customary in the sphere of international finance.

Where a group of audit firms applies for the European quality certificate, the members of the group may mandate one of their members to submit all the applications on behalf of the group;

(b)     ESMA shall transmit a copy of the application to the competent authorities of the Member States concerned by the application;

(c)     the competent authorities of the Member States concerned by the application shall jointly examine the application for the certificate within a college of competent authorities referred to in Article 53. Such examination shall cover whether the application is complete and whether it meets the conditions for delivering the certificate. Information obtained in quality assurance reviews on a particular applicant shall be used in this examination;

(d)     the competent authorities of the Member States concerned by the application shall provide an advice to ESMA as to whether the applicant shall be entitled to obtain the certificate;

(e)     ESMA shall take a decision on the application;

(f)      ESMA shall establish the detailed procedural steps and time limits;

For the purposes of point (ii), those Member States shall be at least:

– if the applicant is a statutory auditor, the Member State(s) where the statutory auditor is approved in accordance with Article 3 of Directive 2006/43/EC and, if applicable, the Member State(s) where the statutory auditor is approved in accordance with Article 14 of that Directive and/or the Member State(s) where statutory auditor is undertaking an adaptation period pursuant to Article 14 of Directive 2006/43/EC;

– if the applicant is an audit firm, the Member State(s) where the audit firm is approved in accordance with Article 3 of Directive 2006/43/EC and, if applicable, the Member State(s) where the audit firm is recognised in accordance with Article 3a of that Directive and/or the Member State(s) where the audit firm has controlled firms, affiliate firms or a parent firm.

3.           ESMA shall submit the draft regulatory technical standards referred to in paragraph 2 to the Commission by [ 3 years after the entry into force of this Regulation].

Powers are delegated to the Commission to adopt the regulatory technical standards referred to in paragraph 2 in accordance with Article 10 of Regulation (EU) No 1095/2010.

4.           The Commission shall be empowered to adopt delegated acts in accordance with Article 68 for the purpose of determining the fees referred to in point (d) of paragraph 1.

The delegated acts shall determine in particular the types of fees and the matters for which fees are due, the amount of the fees, they way in which they are to be paid and the way in which ESMA is to reimburse competent authorities in respect of any costs that they may incur carrying out work pursuant to this Article.

The amount of a fee charged to a statutory auditor or an audit firm shall cover all administrative costs.

Article 51

Cooperation with regard to investigations or on-site inspections

1.           Where a competent authority concludes that activities contrary to the provisions of this Regulation are being carried out or have been carried out on the territory of another Member State, it shall notify the competent authority of the other Member State of that conclusion in as specific a manner as possible. The competent authority of the other Member State shall take appropriate action. It shall inform the notifying competent authority of the outcome and, to the extent possible, of significant interim developments.

2.           A competent authority of one Member State may request that an investigation is carried out by the competent of another Member State on the latter's territory.

It may also request that some of its own personnel be allowed to accompany the personnel of the competent authority of that Member State in the course of the investigation, including with regard to on-site inspections.

The competent authority making any such request shall inform ESMA of any request referred to in the first and second subparagraphs.

The investigation or inspection shall be subject throughout to the overall control of the Member State on whose territory it is conducted. However, in the event of an investigation or inspection with cross-border effect, the competent authorities may request ESMA to coordinate the investigation or inspection.

3.           The requested competent authority may refuse to act on a request for an investigation to be carried out as provided for in the first subparagraph of paragraph 2, or on a request for its personnel to be accompanied by personnel of a competent authority of another Member State as provided for in the second subparagraph of paragraph 2, in the following cases:

(a)     such an investigation or on-site inspection might adversely affect the sovereignty, security or public order of the requested Member State;

(b)     judicial proceedings have already been initiated in respect of the same actions and against the same persons before the authorities of the requested Member State;

(c)     a final judgment has already been passed in respect of the same actions on such persons by the competent authorities of the requested Member State.

Article 52

Cooperation with regard to contingency planning

Where the audit firms concerned by the requirement in Article 43 belong to networks of at least Union dimension, competent authorities shall cooperate within ESMA with a view to ensuring that the different national requirements take account of the network dimension.

The competent authorities shall make available to ESMA and the other competent authorities the contingency plans received pursuant to Article 43(4).

ESMA shall not formally approve or endorse the contingency plans, but may provide an opinion on them.

Article 53

Colleges of competent authorities

1.           Colleges of competent authorities may be established in order to facilitate the exercise of the tasks referred to in Articles 40, 41, 50, 51, 52 and 61 with regard to specific statutory auditors, audit firms or their networks.

2.           With regard to specific statutory auditors or audit firms, colleges of competent authorities shall be established by the competent authority of the home Member State.

The college shall comprise the competent authority of the home Member State and any other competent authority of other Member States provided that:

(a)     the statutory auditor or audit firm is providing statutory audit services to public-interest entities within its jurisdiction; or

(b)     a branch which is a part of the audit firm is established within its jurisdiction.

The competent authority of the home Member State shall act as facilitator.

3.           With regard to specific networks, colleges of competent authorities shall be established by ESMA upon request of one or more competent authorities.

The college shall comprise the competent authorities of the Member States where the network exercises significant activities.

4.           Within 15 working days of the establishment of the college of competent authorities with regard to a specific network, its members shall select a facilitator. In the absence of agreement, ESMA shall appoint a facilitator.

Members of the college shall review the selection of the facilitator at least every five years to ensure the selected facilitator remains the most appropriate.

5.           The facilitator shall chair the meetings of the college, coordinate the actions of the college and ensure efficient exchange of information among members of the college.

6.           The facilitator shall, within 10 working days of his or her selection, establish written coordination arrangements within the framework of the college regarding the following matters:

(a)     information to be exchanged between competent authorities;

(b)     cases in which the competent authorities must consult each other;

(c)     cases in which the competent authorities may delegate supervisory tasks in accordance with Article 54.

7.           In the absence of agreement concerning the written coordination arrangements under paragraph 6, any member of the college may refer the matter to ESMA. The facilitator shall give due consideration to any advice provided by ESMA concerning the written coordination arrangements before agreeing their final text. The written coordination arrangements shall be set out in a single document containing full reasons for any significant deviation from the advice of ESMA. The facilitator shall transmit the written coordination arrangements to the members of the college and to ESMA.

Article 54

Delegation of tasks

The competent authority of the home Member State may delegate any of its tasks to the competent authority of another Member State subject to the agreement of that authority. Delegation of tasks shall not affect the responsibility of the delegating competent authority.

Article 55

Confidentiality and professional secrecy in relation to ESMA

1.           The obligation of professional secrecy shall apply to all persons who work or who have worked for ESMA, or for any other person to whom ESMA has delegated tasks, including experts contracted by ESMA. Information covered by professional secrecy shall not be disclosed to another person or authority except where such disclosure is necessary for legal proceedings.

2.           Paragraph 1 of this Article and Article 37 shall not prevent ESMA and the competent authorities from exchanging confidential information. Information thus exchanged shall be covered by the obligation of professional secrecy, to which persons employed or formerly employed by competent authorities are subject.

3.           All the information exchanged under this Regulation between ESMA, the competent authorities and other authorities and bodies shall be considered confidential, except where ESMA or the competent authority or other authority or body concerned states at the time of communication that such information may be disclosed or where such disclosure is necessary for legal proceedings.

Article 56

Protection of personal data

1.           Member States shall apply Directive 95/46/EC to the processing of personal data carried out in the Member States pursuant to this Regulation.

2.           Regulation (EC) No 45/2001 shall apply to the processing of personal data carried out by ESMA, EBA and EIOPA in the context of this Regulation.

CHAPTER IV

COOPERATION WITH THIRD COUNTRY AUTHORITIES AND WITH INTERNATIONAL ORGANISATION AND BODIES

Article 57

Agreement on exhange of information

1.           The competent authorities and ESMA may conclude cooperation agreements on exchange of information with the competent authorities of third countries only if the information disclosed is subject, in the third countries concerned, to guarantees of professional secrecy which are at least equivalent to those set out in Articles 37 and 55.

Such exchange of information shall be intended for the performance of the tasks of those competent authorities.

Where such exchange of information involves the transfer of personal data to a third country, Member States shall comply with Directive 95/46/EC and ESMA shall comply with Regulation (EC) No 45/2001.

2.           The competent authorities shall cooperate with the competent authorities or other relevant bodies of third countries regarding the quality assurance reviews and investigations of auditors and audit firms. ESMA shall contribute to this cooperation.

ESMA shall contribute to the establishment of supervisory convergence with third countries.

3.           Where the cooperation or exchange of information is related to audit working papers or other documents held by statutory auditors or audit firms, Article 47 of Directive 2006/43/EC shall apply.

Article 58

Disclosure of information received from third countries

The competent authority of a Member State or ESMA may disclose the information received from competent authorities of third countries only if it has obtained the express agreement of the competent authority that has transmitted the information and, where applicable, the information is disclosed only for the purposes for which that competent authority gave its agreement, or where such disclosure is necessary for legal proceedings.

Article 59

Disclosure of information transferred to third countries

The competent authority of a Member State or ESMA shall require that information communicated by them to a competent authority of a third country may be disclosed by that competent authority to third parties or authorities only with the prior express agreement of the competent authority which has transmitted the information, in accordance with its national law and provided that the information is disclosed only for the purposes for which that competent authority of the Member State or ESMA has given its agreement, or where such disclosure is necessary for legal proceedings.

Article 60

Cooperation with international organisation and bodies

ESMA shall cooperate with the international organisations and bodies elaborating international auditing standards.

Title V

Administrative sanctions and measures

Article 61

Administrative sanctions and measures

1.           Member States shall lay down the rules on administrative sanctions and measures applicable in cases of breaches of the provisions of this Regulation identified in the Annex to the persons responsible for those breaches and shall take all measures necessary to ensure that they are implemented. The sanctions and measures provided for shall be effective, proportionate and dissuassive.

2.           By [24 months after the entry into force of this Regulation] the Member States shall notify the rules referred to in paragraph 1 to the Commission and ESMA. They shall notify the Commsison and ESMA without delay of any subsequent amendment thereto.

3.           This Article and Articles 62 to 66 are without prejudice to provisions of national criminal law.

Article 62

Sanctioning powers

1.           This Article shall apply to breaches of the provisions of this Regulation identified in the Annex.

2.           Without prejudice to the supervisory powers of competent authorities in accordance with Article 38, in case of a breach referred to in paragraph 1, competent authorities shall, in conformity with national law, have the power to impose at least the following administrative measures and sanctions:

(a)     an order requiring the person responsible for the breach to cease the conduct and to desist from a repetition of that conduct;

(b)     a public statement which indicates the person responsible and the nature of the breach, published on the website of competent authorities;

(c)     a temporary prohibition for the statutory auditor, the audit firm or the key audit partner to carry out statutory audits of public-interest entities and/or signing audit reports within the meaning of Article 22 with effect throughout the Union, until the breach has been brought to an end;

(d)     declaring that the audit report does not meet the requirements of Article 22, until the breach has been brought to an end;

(e)     a temporary ban against a member of an audit firm or a public-interest entity administrative or management body to exercise functions in audit firms or public-interest entities;

(f)      administrative pecuniary sanctions of up to twice the amount of the profits gained or losses avoided because of the breach where those can be determined;

(g)     in respect of a natural person, administrative pecuniary sanctions of up to EUR 5 000 000 or, in the Member States where the Euro is not the official currency, the corresponding value in the national currency on the date of entry into force of this Regulation;

(h)     in respect of a legal person, administrative pecuniary sanctions of up to 10% of its total annual turnover in the preceding business year; where the legal person is a subsidiary of a parent undertaking as defined in Articles 1 and 2 of Directive 83/349/EEC, the relevant total annual turnover shall be the total annual turnover resulting from the consolidated account of the ultimate parent undertaking in the preceding business year.

3.           Member States may give to competent authorities other sanctioning powers in addition to those referred to in paragraph 2 and may provide for higher levels of administrative pecuniary sanctions that those established in that paragraph.

Article 63

Effective application of sanctions

1.           When determining the type of administrative sanctions and measures, competent authorities shall take into account all relevant circumstances, including:

(a)     the gravity and the duration of the violation;

(b)     the degree of responsibility of the responsible person;

(c)     the financial strength of the responsible person, as indicated by the total turnover of the responsible undertaking or the annual income of the responsible natural person;

(d)     the importance of the profits gained or losses avoided by the responsible person, insofar as they can be determined;

(e)     the level of cooperation of the responsible person with the competent authortiy, without prejudice to the need to ensure disgorgements of profits gained or losses avoided by that person;

(f)      previous violations by the responsible person.

Additional factors may be taken into account by competent authorities, if such factors are specified in national law.

2.           EBA, EIOPA and ESMA shall jointly issue guidelines addressed to competent authorities in accordance with Article 16 of Regulation No (EU) 1093/2010, Regulation No (EU) 1094/2010 and Regulation No (EU) 1095/2010 on types of administrative measures and sanctions and level of administrative pecuniary sanctions to be applied in individual cases within the national legal framework.

Article 64

Publication of sanctions and measures

Every administrative measure or sanction imposed for breach of this Regulation shall be published without undue delay, including at least information on the type and nature of the breach and the identity of the persons responsible for it, unless such publication would seriously jeopardise the stability of financial markets. Where publication would cause disproportionate damage to the parties involved, competent authorities shall publish the measures and sanctions on an anonymous basis.

Competent authorities shall inform ESMA, without undue delay, of any sanction or measure adopted for breach of this Regulation.

The publication of sanctions shall respect fundamental rights as laid down in the EU Charter of Fundamental Rights, in particular the right to respect for private and family life and the right to the protection of personal data.

Article 65

Appeal

Member States shall ensure that decisions taken by the competent authority in accordance with this Regulation are subject to the right of appeal.

Article 66

Reporting of breaches

1.           Member States shall establish effective mechanisms to encourage reporting of breaches of this Regulation to the competent authorities.

2.           The mechanisms referred to in paragraph 1 shall include at least:

(a)     specific procedures for the receipt of reports of breaches and their follow-up;

(b)     appropriate protection for persons who report potential or actual breaches;

(c)     protection of personal data concerning both the person who reports the potential or actual breaches and the accused person in compliance with the principles laid down in Directive 95/46/EC;

(d)     appropriate procedures to ensure the right of the accused person of defence and to be heard before the adoption of a decision concerning him and the right to seek effective remedy before a tribunal against any decision or measure concerning him.

3.           Audit firms and public-interest entities shall establish appropriate procedures for their employees to report potential or actual breaches of this Regulation internally trough a specific channel.

Article 67

Exchange of information with ESMA

1.           Competent and judicial authorities shall provide ESMA annually with aggregated information regarding all administrative measures, sanctions and fines imposed in accordance with Articles 61, 62, 63, 64, 65 and 66. ESMA shall publish this information in an annual report.

2.           Where the competent authority has disclosed administrative measures, sanctions and fines to the public, it shall simultaneously report that fact to ESMA.

Title VI

Delegated acts, reporting and transitional and final provisions

Article 68

Exercise of the delegation

1.           The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.

2.           The power to adopt delegated acts referred to in Articles 10(6) and 50(4) shall be conferred on the Commission for an indeterminate period of time from [date of entry into force of this Regulation].

3.           The delegation of power referred to in Articles 10(6) and 50(4) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

4.           As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.

5.           A delegated act adopted pursuant to Articles 10(6) and 50(4) shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of [two months] of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by [two months] at the initiative of the European Parliament or of the Council.

Article 69

Report

By X X 20XX [five years after the end of the transitional period] the Commission shall prepare a report on the application of this Regulation. The report shall take due account of the report prepared by ESMA referred to in the fourth subparagraph of Article 46(4).

Article 70

Transitional provision

1.           By derogation from Articles 32and 33, the following requirements shall apply to contracts for the provision of statutory audit to public-interest entities which are in force at [date of entry into force of this Regulation]:

(a)     any audit contract entered into before XX/XX/XXXX [the date of adoption of the Commission proposal] which is still in force on [the date of entry into force of this Regulation] shall remain applicable for a maximum period of four accounting years after [the date of entry into force of this Regulation];

(b)     any audit contract entered into after XX/XX/XXX [the adoption of the Commission proposal] but before XX/XX/XXXX [the date of entry into force of this Regulation] and which is still in force shall remain applicable for a maximum period of five accounting years after XX/XX/XXXX [the date of entry into force of this Regulation];

(c)     when an audit contract referred to in points (a) or (b) of this paragraph expires or is terminated, the public-interest entity may renew such contract once with the same audit statutory auditor or audit firm, without the provisions Article 31(3) being applicable. Such renewed contract shall be subject to the following maximum duration:

(i)      1 year: if the auditor has been providing services to the audited entity for a consecutive period exceeding 100 years;

(ii)      2 years: if the auditor has been providing services to the audited entity for a consecutive period between 51 and 100 years;

(iv)     3 years: if the auditor has been providing services to the audited entity for a consecutive period between 21 and 50 years;

(v)     4 years: if the auditor has been providing services to the audited entity for a consecutive period between 11 and 20 years;

(vi)     5 years: if the auditor has been providing services to the audited entity for a consecutive period not exceeding 10 years.

By derogation from the criteria set out in point (c), the audit contract may remain applicable until the end of the first accounting year ending after [2 years after the entry into force of this Regulation].

By derogation from points (a) to (c), when national rules establish a maximum duration of the contractual relationship between the statutory auditor or the audit firm and the audited entity which does not exceed 9 years and require the audited entity to select a different statutory auditor or audit firm when such maximum duration is reached, the audit contract may remain applicable until the end of that maximum duration period.

2.           Article 33 shall apply to any audit contract entered into after […] [the date of the entry into force of this Regulation] but before […] [[2 years after the entry into force of this Regulation].

Article 32(3) shall only apply to such contract after the expiration or termination of the first renewal of such contract.

Article 71

National provisions

The Member States shall make such provision as is appropriate to ensure the effective application of this Regulation.

Article 72

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

It shall apply from [2 years after the entry into force].

However, Article 32(7) shall apply from […] [the date of the entry into force of the Regulation] and Article 10(5) shall apply from […] [3 years after the entry into force of the Regulation].

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels,

For the European Parliament                       For the Council

The President                                                 The President

ANNEX

I.          Breaches by statutory auditors, audit firms or key audit partners

A. Breaches related to conflicts of interest, organisational or operational requirements

1.           The statutory auditor or audit firm infringes Article 6(1) by not establishing adequate policies and procedures to ensure compliance with the minimum organisational requirements, as set out in paragraph 1(a) to (k).

2.           The statutory auditor or the key audit partner who carries out a statutory audit on behalf of an audit firm infringes Article 8(1)(a) by taking up a key management position in the audited entity before a period of at least two years has elapsed since he or she resigned as a statutory auditor or key audit partner from the audit engagement.

3.           The statutory auditor or the key audit partner who carries out a statutory audit on behalf of an audit firm infringes Article 8(1)(b) by becoming a member of the audit committee of the audited entity or of an equivalent body, before a period of at least two years has elapsed since he or she resigned as a statutory auditor or key audit partner from the audit engagement.

4.           The statutory auditor or the key audit partner who carries out a statutory audit on behalf of an audit firm infringes Article 8(1)(c) by becoming a non-executive member of the administrative body or a member of the supervisory body of the audited entity, before a period of at least two years has elapsed since he or she resigned as a statutory auditor or key audit partner from the audit engagement.

5.           The statutory auditor or audit firm infringes Article 9(2) by not ensuring that related financial audit services provided to the audited entity do not exceed 10% of the fees paid by the audited entity for the statutory audit.

6.           The statutory auditor or audit firm infringes Article 10 by providing services other than statutory audit services or related financial audit services to the audited entity.

B. Breaches related to the performance of the statutory audit

7.           The statutory auditor or the audit firm infringes Article 16(3) by not keeping records of the cases when his, her or its employees do not respect the provisions contained in this Regulation or by not preparing an annual report of the measures taken in order to ensure compliance with those provisions.

8.           The statutory auditor or the audit firm infringes Article 16(4) by not maintaining a client account record that includes the data referred to in point (a), (b) and (c) of the same paragraph.

9.           The statutory auditor or the audit firm infringes Article 16(5) by not creating an audit file for each statutory audit carried out which contains the information referred to in points (a) to (j) of the same paragraph.

10.         The statutory auditor or the audit firm infringes Article 17(1)(c) by not informing the competent authority referred to in Article 36 of an incident which has or may have serious consequences for the integrity of his, her or its statutory activity.

11.         The statutory auditor or the audit firm infringes Article 17(2) by not informing the competent authority supervising public-interest entities of any fraud committed or attempted with regard to the financial statements of the audited entity.

12.         The statutory auditor or the audit firm infringes Article 19 by not ensuring that an internal quality control review is done according to the requirements set out in paragraphs 2 to 6 of that Article.

C. Breaches related to audit reporting

13.         The statutory auditor or the audit firm infringes Article 22 by not providing an audit opinion prepared in accordance with the requirements set out in paragraphs 2, 3, 4, 5 and 7 of that Article.

14.         The statutory auditor or the audit firm infringes Article 23 by not submitting an additional report to the audit committee of the audited entity that is prepared in accordance with the requirements set out in paragraphs 2 to 5 of that Article.

15.         The statutory auditor or the audit firm infringes Article 25 by not reporting promptly to the competent authorities supervising public-interest entities any fact or decision concerning that public-interest entity of which he, she or it has become aware while carrying out that statutory audit and which might be linked to any of the breaches mentioned in points (a) to (c) of the first paragraph of Article 25.

D. Breaches related to disclosure provisions

16.         The audit firm infringes the first subparagraph of Article 26(1) in connection with Article 26(4) by not making public on its website its annual financial report within the meaning of paragraph 2 of Article 4 of Directive 2004/109/EC at the latest four months after the end of each financial year and making it available for at least five years.

17.         The statutory auditor infringes the second subparagraph of Article 28(2) in connection with Article 27(1) by not making public on his or her website his or her annual income statement and making it available for at least five years.

18.         The statutory auditor or the audit firm infringes Article 26(2) by not showing in his or her annual income statement or in its annual financial report the fees received from the statutory audit of annual and consolidated financial statements of public-interest entities and entities belonging to a group of companies whose parent undertaking is a public-interest entities separated from the fees received from the statutory audit of annual and consolidated financial statements of other entities and fees charged for related financial audit services as defined in Article 10.

19.         The statutory auditor or audit firm that belong to a network infringes Article 26(3) by not providing as annex to the income statement or to the annual financial report the information referred to in point (a) to (d) of Article 26(3), unless the derogation of the second subparagraph of that paragraph applies.

20.         The statutory auditor or audit firm infringes Article 27 by not or not timely publishing a transparency report including information set out in paragraph 2 of that Article and, where applicable, the information set out in Article 28.

21.         The statutory auditor or audit firm infringes Article 29 by not providing annually to his, her or its competent authority referred to in Article 35(1) a list of the audited public-interest entities by revenue generated from them.

22.         The statutory auditor or audit firm infringes Article 30(1) by not keeping the documents and information referred to in Article 30(1).

E. Breaches related to the appointment of statutory auditors or audit firms by public-interest entities

23.         The statutory auditor or audit firm infringes Article 33(2) by undertaking the statutory audit of the public–interest entity after the expiry of the two consecutive engagements referred to in Article 33(1) before the period of four years has elapsed.

24.         The statutory auditor or audit firm infringes Article 33(6) by not presenting a complete handover file at the end of the audit engagement to the incoming statutory auditor or audit firm.

F. Breaches related to quality assurance

25.         The statutory auditor or audit firm infringes Article 40(6) by not following up the recommendations of inspections within the period set out by the competent authority.

II.        Breaches by public-interest entities

A.        Breaches related to the appointment of statutory auditors or audit firms

1.           Without prejudice to Article 31(2), (3) and (4), a public-interest entity infringes Article 31(1) by not establishing an audit committee and/or by not appointing the required number of independent members and/or by not appointing the required number of members having specific competence in accounting and/or auditing.

2.           A public-interest entity infringes Article 32(1) by not appointing the statutory auditor(s) or audit firm(s) in accordance with the conditions set out in Article 32(2) to (6).

3.           A public-interest entity infringes Article 33 by employing the same statutory auditor or audit firm for a period longer than the one referred to in Article 33.

4.           A public-interest entity infringes Article 34 by dismissing a statutory auditor or audit firm in the absence of proper grounds.

[1]               The large amounts of support approved under schemes can be explained by the fact that some Member States adopted blanket guarantee schemes which covered all their banks' debt. Member States relied mainly on guarantee measures. €546.08 billion (4.5% of GDP) was approved as recapitalisation measures, of which Member States actually used about €141.5 billion in 2009. In the period between October 2008 and October 2010 the Commission authorized financial crisis measures in the field of State aid in 22 Member States: i.e. all Member States except Bulgaria, the Czech Republic, Estonia, Malta and Romania.

[2]               European Commission, Green Paper on Audit Policy: Lessons from the Crisis, COM (2010)561, 13.10.2010.

[3]               http://ec.europa.eu/internal_market/accounting/conferenc_20110209_en.htm

[4]               http://www.europarl.europa.eu/oeil/FindByProcnum.do?lang=en&procnum=INI/2011/2037

[5]               COM(2010)561 final, OJ C 248, 25.8.2011, p. 92.

[6]               See section 4.3 of the Explanatory Memorandum of the proposal for an amendment of Directive 2006/43/EC for more detailed information on the scope of each proposal.

[7]               Subject, where appropriate, to adequate transitional arrangements.

[8]               COM(2010) 716 final.

[9]               COM(2009) 501 final, COM(2009) 502 final, COM (2009) 503 final.

[10]             OJ C , , p. .

[11]             Date of the opinion of the EDPS

[12]             OJ L 372, 31.12.1986, p. 1.

[13]             OJ L 374, 31.12.1991, p. 7.

[14]             OJ L 390, 31.12.2004, p. 38.

[15]             OJ L 319, 5.12.2007, p. 1.

[16]             OJ L 302, 17.11.2009, p. 32.

[17]             OJ L 267, 10.10.2009, p. 7.

[18]             OJ L 174, 1.7.2011, p.1.

[19]             OJ L 145, 30.4.2004, p. 1.

[20]             OJ L 222, 14.8.1978, p.11.

[21]             OJ L 193, 18.7.1983, p. 1.

[22]             OJ L 157, 9.6.2006, p.87.

[23]             COM(2010)561 final.

[24]             OJ L 281, 23.11.1995, p. 31.

[25]             OJ L 8, 12.1.2001, p. 1.

[26]             OJ L 52, 25.2.2005, p. 51.

[27]             OJ L 309, 25.11.2005, p. 15.

[28]             OJ L 120, 7.5.2008, p.20.

[29]             OJ L 331, 15.12.2010, p.84.

[30]             OJ L 331, 15.12.2010, p.12.

[31]             OJ L 331, 15.12.2010, p.48.

[32]             COM(2010)716 final.

[33]             OJ L 162, 30.4.2004, p.70.

[34]             OJ L 177, 30.6.2006, p.1.

[35]             OJ L 335, 17.12.2009, p.1.

[36]             OJ L 345, 31.12.2003 p.64.

[37]             OJ L 149, 30.04.2004, p. 1.