What is prohibited?
The regulations now sets out that audit firms must not directly or indirectly provide, to a person connected with Russia, auditing services.
A ‘person connected with Russia’ means:
- an individual who is, or an association or combination of individuals who are, ordinarily resident in Russia;
- an individual who is, or an association or combination of individuals who are, located in Russia;
- a person, other than an individual, who is incorporated or constituted under the law of Russia;
- a person, other than an individual, who is domiciled in Russia.
Auditing services is defined as:
- services consisting of examination of the accounting records and other supporting evidence of an organisation for the purpose of expressing an opinion as to—
- whether financial statements of the organisation present fairly its position as at a given date, and
- the results of its operations for the period ending on that date,
in accordance with generally accepted accounting principles.
There is no clear definition of ‘directly’ or ‘indirectly’ and the advice from BEIS is that you should seek legal advice if you are concerned whether your firm might be providing auditing services ‘indirectly’ to a person connected with Russia.
What are the exemptions?
There are specific exemptions to the ban.
The first exception relates to a UK subsidiary understanding (as defined in the Regulations) that is owned by a Russian parent undertaking. UK companies in this situation are still permitted to be audited by a UK auditor in fulfilment of its legal obligations, irrespective of any indirect benefit to the Russian parent undertaking.
The second exception relates to the audit of a UK parent undertaking with a subsidiary undertaking that is ‘a person connected with Russia’, where the UK parent undertaking is a credit institution (as defined in the Regulations). In this situation, a UK auditor is permitted to provide services to that UK credit institution, for the purposes of the audit of the consolidated group account.
Finally, if an audit firm signed an audit engagement letter prior to 16 December 2022, the firm has until 31 May 2023 to complete the audit. However, the firm must notify the Secretary of State that they will be completing the work by 15 March 2023.
How does the ban impact group audits?
It is important that firms take their own legal advice as to whether their activity falls within scope of the sanctions. However, the Department for Business and Trade has issued guidance on common scenarios:
- Where a UK auditor provides standardised material for the purpose of the audit of the UK group accounts, and the group includes a Russian subsidiary, then these services would generally not be considered within scope of the ban. Where bespoke material is provided for the audit of the specific subsidiary, this may qualify as the provision of auditing services to a person connected with Russia and firms should consider obtaining legal advice.
- A UK company that is consolidating group accounts receives an audit report for a Russian subsidiary from a local Russian auditor, then this is generally considered the receipt and not the delivery of a service. This generally would not be considered within scope of these export bans. If the firm wishes to undertake any activities beyond the receipt of the report, such as discussing its contents with the subsidiary or local auditor in Russia, then we suggest they take independent legal advice and consider whether a person connected with Russia (as defined in the Regulations) is a direct or indirect beneficiary of that interaction.
Auditors will be familiar with the requirements of ISA 600 and the need for involvement by the Group Engagement Team at the planning and risk assessment stage as well as discussions about work done, conclusions and likely review of component auditor working papers when dealing with a significant / material component. These are clearly activities that go beyond simple receipt of the report and so are likely to need independent legal advice as above.
In cases where sanctions prohibit conduct of the audit in compliance with ISA 600, it is acknowledged by the Government that audit opinions qualified due to limitation of scope are to be expected.
Guidance on group audits and the role of the Group Engagement Team can be found here. You can also read our guidance on the limitation on the scope of the audit here.
Checking your audit clients for ‘persons connected with Russia’
You will need to consider how the new prohibitions apply to your client base, potential new clients, and given the exemptions outlined above, clients you may have accepted prior to 16 December, but not yet completed audit work for.
ICAEW’s article, Russia sanctions: how to check your client base, may be helpful in assessing current and potential clients. It recommends the following:
- Savvy use of open source information already in the public domain can allow members to gain a more complete picture of who they will potentially be dealing with.
- A simple internet search of the client’s name as part of wider background checks that could potentially raise concerns about the client’s activities.
- More complex searches using strings of words, especially search terms that indicate relations to ‘Russia’ or ‘Russian companies’, perhaps even words that indicate undesirable relationships.
- Newspapers, online news and subscription news services, as well as news aggregation services which may reduce time spent scouring multiple outlets.
- ICAEW members, use our own client screening service for three name checks per week.
- You should apply professional scepticism and review, document the information obtained and check for consistency with anything provided to you by the client.
If alarm bells ring when you are conducting research on clients, raise any concerns directly with them. Information that is in the public domain can be discussed openly – after all, your reputation could be at stake.
Being aware of and maintaining scepticism about changes in ownership will be important. Ignorance will not be a suitable defence for a lapse in compliance with the sanctions, therefore think carefully about the further due diligence you judge to be necessary.
- the duty to comply with sanctions legislation as per the Code of Ethics and the Principle of Professional Behaviour;
- that the Statutory Guidance recommends making a voluntary disclosure to BEIS if firms discover that they have breached the prohibition BUT THEY MIGHT WANT TO TAKE LEGAL ADVICE FIRST BEFORE DOING SO
Criminal Offence
It is a criminal offence for any person to provide audit services to a person connected with Russia. However, there is a statutory defence if the person can show that they did not know and had no reasonable cause to suspect that the person to whom the services were provided was ‘connected with Russia’.
Firms that do not have previous (or extensive) experience of providing services to ‘persons connected to Russia’ should exercise particular caution if they are approached by new clients.
Recent guidance issued by OFSI and US authorities in relation to red flags for potential sanctions evasion, can be found at file (nationalcrimeagency.gov.uk) and FinCEN and Bis Joint Alert.
Notifying Department of Business and Trade (DBT)
If you discover that you have breached any of the trade prohibitions or licensing provisions, you should voluntarily disclose the irregularity by reporting it to the Secretary of State. You may wish to obtain legal advice before contacting DBT.