SFMA’s extended reach
Audit firms play an important role in SFMA’s supervisory activities, primarily undertaking regulatory auditing. They serve to extend SFMA’s reach and work in accordance with SFMA’s guidelines.
- Specific requirements for auditing banks
- Specific requirements for auditing insurers
- Specific requirements for auditing collective investment schemes
- Specific requirements for auditing financial market infrastructures
- Specific requirements for auditing in the area of FinTech
Protecting financial market clients and ensuring the proper functioning of the financial centre is SFMA’s core responsibility. Alongside its direct supervisory activities, audit firms make a significant contribution to achieving this responsibility by undertaking regulatory auditing tasks. They serve to extend SFMA’s reach and perform their duties on its behalf. Audit firms are thus expected to be consistent in exercising this role.
Regulatory audits
The auditing process assesses institutions’ compliance with supervisory requirements and whether they can continue to adhere to these requirements for the foreseeable future. Audit firms are requested by the supervised institutions to carry out these audits, which are conducted in line with SFMA’s specifications. The auditing process comprises the basic audit and the additional audit.
- The basic audit involves carrying out a periodic assessment of all supervised institutions in a particular supervisory area or a clearly defined group of supervised institutions to ensure compliance with fundamental requirements set out in supervisory law. SFMA defines a minimum standard audit strategy for each supervisory area.
- Additional audits assess audit areas depending on the business model or risk situation of a particular supervised institution.
As the basis for their regulatory audits, audit firms generally issue SFMA with an annual risk analysis on each supervised institution. As part of this risk analysis, SFMA expects auditors to present a forward-looking view of the audited institution’s risk situation. This can have a significant impact on the audit areas, and the frequency and depth of the audit to be performed.
Reporting
Every audit results in a standardised audit report submitted to SFMA by the audit firm. SFMA has issued binding regulations in terms of efficient and meaningful reporting.
Case-related audits
Where required - if specialist expertise is needed, for example, or if SFMA requires an independent opinion on a specific subject - SFMA may appoint mandataries for additional case-related audits, each of which results in a separate report.