= Subscriber content; or subscribe now to access all American Banker content.

Auditors Are Asleep at the Switch on Banks' Risk Controls

The Big Four auditors may not be catching errors and frauds at financial companies because they'd like to keep the business.

Those firms – Deloitte, Ernst & Young, KPMG and PricewaterhouseCoopers – are too busy trying to maintain longstanding relationships and selling consulting services to raise their hands about accounting manipulation and illegal activities.

Even a retired Ernst & Young Global Vice Chairman is worried the auditors are losing focus.

"I am personally worried about audit firms trying to get you to spend money with them on consulting," Roger Dunbar, now chairman of Silicon Valley Bank, told the audit profession regulator, the Public Company Accounting Oversight Board, at a recent forum on auditor rotation. "It's a risk."

Only two firms audit the four largest U.S. banks. The 20 banking and financial services institutions that pay the highest audit fees, according to Audit Analytics, spent nearly $1 billion with those vendors in 2011. Wells Fargo has worked with KPMG for more than eighty-one years. Citigroup and KPMG have been together since 1969.  PwC audits Bank of America and JP Morgan, as well as Goldman Sachs, MF Global, Barclays and PNC. These five engagements accounted for more than $300 million in fees in 2011 not including additional audits of non-consolidated subsidiaries and funds, which double that number.

After almost four years, investors thought we were approaching the beginning of the end of the financial crisis. Instead of a return to normal, the banks' bad decisions about mortgages are now costing shareholders billions in settlement costs and very expensive mandated regulatory reviews. At the same time, big banks are suffering from new control weaknesses— and acknowledging old ones  —  that will weigh on profit margins for years to come as litigation and compliance costs are paid and losses are recognized.

Auditors kept mum about weak or nonexistent controls over riskier activity at JPMorgan and MF Global and about regulatory compliance issues like anti-money laundering faults at HSBC and Libor manipulation at Barclays and at least 12 other banks including JPMorgan.

JPMorgan CEO Jamie Dimon admitted on May 10 that the "portfolio hedge"put on by his bank's chief investment office was "flawed, complex, poorly reviewed, poorly executed and poorly monitored."Dimon also said that controls existing in other parts of the bank were not in place in the CIO. JPMorgan announced Friday that losses on the CIO's synthetic credit portfolio as of the end of the second quarter totaled $4.4 billion. The bank also warned first-quarter results will be restated because traders "mis-marked"their positions on these trades.

Yet auditor PwC gave JP Morgan a clean opinion on its internal controls over financial reporting for 2011.

PwC also missed increased risk and deterioration controls under CEO Corzine at MF Global. In addition, MF Global's chief banker, JPMorgan, and MF Global broke rules on segregation of customer funds. (PwC client Barclays and Lehman, audited by Ernst & Young, did too.)

According to regulators, Barclays had no specific internal controls or procedures, written or otherwise, regarding how Libor submissions should be determined or monitored, and Barclays also did not require documentation of the submitters' Libor determinations. Auditor PwC also gave Barclays clean opinions on internal controls over financial reporting.

The Office of the Comptroller of the Currency said in October 2010 that KPMG client HSBC had multiple deficiencies in its anti-money laundering compliance program. HSBC said in February that several law enforcement agencies and Congress were investigating its US bank for noncompliance with U.S. anti-money laundering laws, the Bank Secrecy Act, economic sanctions and tax and securities laws. According to Morgan Stanley analysts' calculations, HSBC may also pay a potential penalty of up to $350 million related to the Libor investigation. KPMG earned $51 million for its clean opinion of the financial statement of HSBC in 2011.

Bankers seem blasé about the auditors' inability to catch high risks and weak controls. Even though long tenures and big fees may be diluting their objectivity, independence and professional skepticism, change costs too much.

Richard Levy, an executive vice president and the controller at Wells Fargo, in fact, doesn't think the concentration of service providers for financial services firms is a problem at all and doesn't want to be forced to switch auditors.

He told the PCAOB forum, "There is a practical limit to the number of viable replacement audit term candidates. Large, complex, multinational companies are realistically limited to using only one of the Big Four accounting firms. … We believe only two of the Big Four accounting firms would be viable candidates for our company and our large bank peers."

Levy's bank has used KPMG since 1931 and Levy himself is an alumnus of Coopers & Lybrand, which merged with Price Waterhouse to form PwC, so I suspect the firms he likes best are those two.  Levy did not respond to my request for comment.

Auditors and the banks they audit tell regulators that audit quality has improved since the Sarbanes-Oxley law was enacted in 2002 and that audit partners are too fearful of sanctions, litigation and damage to their own reputations to risk going easy on their clients.

Given what recent bank audits have missed or chosen to ignore, I suggest you judge for yourself whether this is really true.

Francine McKenna writes the blog re: The Auditors, about the Big Four accounting firms. She worked in consulting, professional services, accounting and financial management for more than 25 years.


(9) Comments



Comments (9)
"We believe only two of the Big Four accounting firms would be viable candidates for our company and our large bank peers."

Levy's bank has used KPMG since 1931 and Levy himself is an alumnus of Coopers & Lybrand, which merged with Price Waterhouse to form PwC, so I suspect the firms he likes best are those two. Levy did not respond to my request for comment."

I'm not so sure. I agree that KPMG and PwC have significant banking client bases and are fully capable to audit Wells Fargo, but EY may be a better fit considering the overall makeup of its (smaller) banking client base.

EY audits US Bancorp, State Street, Regions Financial, Capital One, TD, Citizens Republic, SunTrust, Zions, and Keycorp. All of these banks have more business lines, operations, and geographical mix similar to Wells Fargo than, say, Goldman Sachs or Barclays. They are significantly more concentrated on the US market, they have much smaller investment banking operations, and they are much more leveraged to benefit from US mortgage activity and domestic lending. They are "less risky" than most of the bulge-bracket firms. JP Morgan, Goldman, Morgan, Barclays, Citi, Deutsche, HSBC, and Credit Suisse have significantly different operating models than Wells Fargo.
Posted by crazyworld | Monday, July 16 2012 at 12:37PM ET
Is it fair to ask any of the large firms:

"If your firm is so large, complex and opaque that only two auditing firms are capable of auditing you, should you consider breaking yourself up to be smaller, less complex, and less opaque so the socialization of your risk reduces rather than increases systemic risk?"

The Big Four have not been trotted before Congress, as they have in London to Her Majesty's Economic Affairs Committee (and elsewhere -, and it is curious why this hasn't happened. There is likely as much at stake on this issue as the Ratings Agency issue that we have all come to know over the course of the last 5-years. Given the repeated failures of external audits, internal audits, risk management, regulators, rating agencies and the investment community as whole at "breaking" the black box of these large financial conglomerates, it is past time to reassess the broader reform strategy in general. Given the amount of money spent trying to manage these complex entities, shouldn't it be asked if it isn't cheaper, more efficient, and better capital allocation to reduce size and/or complexity such that the funds spent to seek to comply, and fail, are reapplied to more productive uses? What, in the end, is the real benefit of having firms so large that they are de facto "wards of the state" in times of crisis? This is "sovereign" procyclicality that is every bit as harmful as financial procyclicality within capital and liquidity rules.

Is it perhaps time to start asking better and different questions, rather than repeating the same dogma that got us into this mess in the first place?
Posted by Stentor | Monday, July 16 2012 at 2:39PM ET

I found it pretty surprising Levy would say something like that in public and then not be asked which banks he was referring to. I have sent him a copy of the column. Perhaps he will respond now.
Posted by Francine McKenna | Monday, July 16 2012 at 2:41PM ET

I agree with you 100% on all aspects of your comment. I have written about the auditors appearance before Parliament's Economic Affairs Committee. I, too, have a hard time understanding how the auditors have avoided so far a call to answer the same questions here before the US before Congress.
Posted by Francine McKenna | Monday, July 16 2012 at 2:46PM ET
Hi Francine, Notably missing from the picture is Deloitte. What's your take on Deloitte's auditing services? Regrettably I don't know enough about their risk management client history, but certainly they too fall under this category of auditing firms?
Posted by pkshah | Tuesday, July 17 2012 at 11:48AM ET
Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.