Financial Services (Auditors) Act 2009

Link to law: http://www.gibraltarlaws.gov.gi/articles/2009-18o.pdf
Published: 2009-05-28

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now
I ASSENT Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
FINANCIAL SERVICES (AUDITORS) ACT 2009
Principal Act
Act. No. 2009-18 Commencement (LN.2009/031) 28.5.2009 Assent 5.5.2009
Amending enactments
Relevant current provisions
Commencement date
LN. 2015/118 s. 28 20.7.20151
2016/124 ss. 2, 2A, 3(4), (5), 3A, 5(3), 6(3), 8(a)(ix), 10(a), (b), 12(3), 13, 14, 15(1), 15(1)(b), 15(3)(c), 17(1)(i), (j), 18(1), 21, 22, 22A, 22B, 23(2), (3), (5), (6), (7), 24A, 24B, 25A, 26, 27, 28, 29(1), 29(1)(a), (e), (h), (k), 29(2), (3), (4), (5), Part VII, 33(1), (3), (4), (5), (6), (7), 35(2), (3), 36(1), (3), (5), (5)(b), (c), (6), (10), (10)(a), (b), (c), 38(3), 39(3), (4), Part X, 45, 45(1), (2), 46, 46(1), (2), (6), (7), (8), 47, 48(1), (1)(a), (2)(ba), 48(2)(d)(ii), (3), 48A, 52,
17.6.2016
English sources: None cited
EU Legislation/International Agreements involved: Directive 78/660/EEC Directive 83/349/EEC Directive 84/253/EEC Directive 2006/43/EC Directive 2008/30/EC Directive 2014/56/EU
1 These Regulations shall have effect on the earlier of–
(a) financial years beginning on or after 1 January 2016; or
(b) 17 June 2016.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
Regulation (EC) No 1435/2003
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
ARRANGMENT OF SECTIONS
Section
PART I PRELIMINARY
1. Title and commencement. 2. Interpretation. 2A. Competent authority.
PART II APPROVAL, CONTINUING EDUCATION AND MUTUAL
RECOGNITION
3. Approval of statutory auditors and audit firms. 3A. Recognition of audit firms. 4. Good repute. 5. Withdrawal of approval. 6. Educational qualifications. 7. Examination of professional competence. 8. Test of theoretical knowledge. 9. Exemptions. 10. Practical training. 11. Qualification through long-term practical experience. 12. Combination of practical training and theoretical instruction. 13. Continuing education. 14. Approval of statutory auditors from other EEA States.
PART III REGISTRATION
15. Public register. 16. Registration of non-EEA auditors and statutory auditors. 17. Registration of audit firms. 18. Updating of registration information. 19. Responsibility for registration information. 20. Language.
PART IV PROFESSIONAL ETHICS, INDEPENDENCE, OBJECTIVITY,
CONFIDENTIALITY AND PROFESSIONAL SECRECY
21. Professional ethics and scepticism. 22. Independence and objectivity. 22A. Employment by audited entities of former audit personnel.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
22B. Preparation for the statutory audit and assessment of threats to independence.
23. Confidentiality and professional secrecy. 24. Independence and objectivity of the statutory auditors carrying out the
statutory audit on behalf of audit firms. 24A. Internal organisation of statutory auditors and audit firms. 24B. Organisation of the work. 25. Audit fees. 25A. Scope of the statutory audit.
PART V AUDITING STANDARDS AND AUDIT REPORTING
26. Auditing standards. 27. Statutory audits of consolidated financial statements. 28. Audit reporting.
PART VI QUALITY ASSURANCE
29. Quality assurance systems.
PART VII INVESTIGATIONS AND PENALTIES
30. Investigative capability. 30A. Sanctioning powers. 30B. Public statement. 30C. Cease and desist order. 30D. Non-compliance declaration. 30E. Prohibition order. 30F. Suspension or withdrawal, etc. of approval or registration. 30G. Civil penalties. 30H. Effective application of sanctions. 30I. Warning notices. 30J. Decision notices. 30K. Interim orders. 30L. Publication of enforcement action. 30M. Restoration. 31. Appeals. 32. Reporting of breaches. 32A. Exchange of information.
PART VIII PUBLIC OVERSIGHT AND REGULATORY ARRANGEMENTS
BETWEEN MEMBER STATES
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
33. Principles of public oversight. 34. Cooperation between public oversight systems at Community level. 35. Mutual recognition of regulatory arrangements between EEA States. 36. Regulatory cooperation between Member States. 37. Professional secrecy.
PART IX APPOINTMENT AND DISMISSAL
38. Appointment of statutory auditors or audit firms. 39. Dismissal and resignation of statutory auditors or audit firms.
PART X AUDIT COMMITTEE
40. Audit committee. 41. Omitted. 42. Omitted. 43. Omitted. 44. Omitted.
PART XI INTERNATIONAL ASPECTS
45. Approval of auditors from non-EEA countries as statutory auditors 46. Registration and oversight of non-EEA auditors and audit entities. 47. Derogation in the case of equivalence. 48. Cooperation with competent authorities from non-EEA State. 48A. Application of Regulation (EU) No 537/2014.
PART XII TRANSITIONAL AND FINAL PROVISIONS
49. Repeal of the Financial Services (Auditors Approval and Registration) Act 1998.
50. Transitional provision. 51. Regulations. 52. Offences.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
AN ACT TO TRANSPOSE IN PART INTO THE LAW OF GIBRALTAR DIRECTIVE 2006/43/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 17 MAY 2006 ON STATUTORY AUDITS OF ANNUAL ACCOUNTS AND CONSOLIDATED ACCOUNTS, AMENDING COUNCIL DIRECTIVES 78/660/EEC AND 83/349/EEC AND REPEALING COUNCIL DIRECTIVE 84/253/EEC AS AMENDED BY DIRECTIVE 2008/30/EC, AND MATTERS CONNECTED THERETO.
PART I
PRELIMINARY
Title and commencement.
1. This Act may be cited as the Financial Services (Auditors) Act 2009 and comes into operation on such day as the Minister may appoint by notice in the Gazette.
Interpretation.
2. In this Act and unless the context otherwise requires
“affiliate of an audit firm” means any undertaking, regardless of its legal form, which is connected to an audit firm by means of common ownership, control or management;
“audit firm” means a legal person or any other entity, regardless of its legal form, that is approved in accordance with this Act to carry out statutory audits;
“Audit Regulation” means Regulation (EU) No 537/2014 of the European Parliament and of the Council of 16 April 2014 on specific requirements regarding statutory audit of public-interest entities and repealing Commission Decision 2005/909/EC, as amended from time to time;
“audit report” means the report signed and dated from the statutory auditors having the following characteristics
(a) an introduction which identifies the annual accounts that are the subject of the statutory audit, together with the financial reporting framework that has been applied in their preparation;
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(b) a description of the scope of the statutory audit which identifies the auditing standards in accordance with which the statutory audit was conducted;
(c) an audit opinion which clearly states the opinion of the statutory auditors as to whether the annual accounts give a true and fair view in accordance with the relevant financial reporting framework and, where appropriate, whether the annual accounts comply with statutory requirements; the audit opinion is either unqualified, qualified, an adverse opinion or, if the statutory auditors are unable to express an audit opinion, a disclaimer of opinion;
(d) a reference to any matters to which the statutory auditors draw attention by way of emphasis without qualifying the audit opinion;
(e) an opinion concerning the consistency or otherwise of the annual report with the annual accounts for the same financial year;
“CEAOB” means the Committee of European Auditing Oversight Bodies;
“cooperative” means a European Cooperative Society as defined in Article 1 of Council Regulation (EC) No 1435/2003 of 22 July 2003 on the Statute for a European Cooperative Society (SCE), or any other cooperative for which a statutory audit is required under Community law, such as credit institutions as defined in Financial Services (Banking) Act and insurance undertakings within the meaning of the Insurance Companies (Accounts Directive) Regulations 1997;
“Directive”, without further, means Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC as amended from time to time;
“EEA State” shall be interpreted in accordance with the provisions of the European Communities Act and, for the purposes of this Act, shall include a reference to Gibraltar;
“group auditor” means the statutory auditor or audit firm carrying out the statutory audit of consolidated accounts;
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
“home State” means–
(a) for a statutory auditor or audit firm approved in accordance with section 3, Gibraltar; and
(b) for a statutory auditor or audit firm approved in another EEA State in accordance with Article 3(1) of the Directive, that EEA State;
“host State” in respect of a statutory auditor or audit firm approved in its home State, means–
(a) where a statutory auditor seeks to be or is also approved–
(i) in accordance with section 14, Gibraltar; and
(ii) in another EEA State in accordance with Article 14 of the Directive, that EEA State; or
(b) where an audit firm seeks to be or is registered–
(i) in accordance with section 3A, Gibraltar; and
(ii) in another EEA State in accordance with Article 3a of the Directive, that EEA State;
“international accounting standards” means International Accounting Standards (IAS), International Financial Reporting Standards (IFRS) and related Interpretations (SIC-IFRIC interpretations), subsequent amendments to those standards and related interpretations, and future standards and related interpretations issued or adopted by the International Accounting Standards Competent authority (IASB);
“key audit partner” means
(a) the statutory auditor designated by an audit firm for a particular audit engagement as being primarily responsible for carrying out the statutory audit on behalf of the audit firm; or
(b) in the case of a group audit, the statutory auditor designated by an audit firm as being primarily responsible for carrying out the statutory audit at the level of the group and the statutory auditor designated as being primarily responsible at the level of material subsidiaries; or
(c) the statutory auditor who signs the audit report;
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
“medium-sized undertakings” means the undertakings referred to in Article 1(1) and Article 3(3) of Directive 2013/34/EU of the European Parliament and of the Council of 26 June 2013;
“Minister” means the Minister responsible for financial services;
“network” means the larger structure
(a) which is aimed at cooperation and to which a statutory auditor or an audit firm belongs, and
(b) which is clearly aimed at profit- or cost-sharing or shares common ownership, control or management, common quality- control policies and procedures, a common business strategy, the use of a common brand-name or a significant part of professional resources;
“non-EEA audit entity” means an entity, regardless of its legal form, which carries out audits of the annual or consolidated financial statements of a company incorporated in a non-EEA State, other than an entity which is registered as an audit firm in an EEA State as a consequence of approval in accordance with Article 3 of the Directive;
“non-EEA auditor” means a natural person who carries out audits of the annual or consolidated financial statements of a company incorporated in a non-EEA State, other than a person who is registered as a statutory auditor in an EEA State as a consequence of approval in accordance with Articles 3 and 44 of the Directive;
“non-practitioner” means any natural person who, during his or her involvement in the governance of the public oversight system and the three years immediately preceding that involvement, has not–
(a) carried out statutory audits;
(b) held voting rights in an audit firm;
(c) been a member of the administrative, management or supervisory body of an audit firm; or
(d) been employed by, or otherwise associated with, an audit firm;
“public-interest entity” means–
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(a) an entity governed by the law of an EEA State whose transferable securities are admitted to trading on a regulated market of any EEA State within the meaning of point 14 of Article 4(1) of Directive 2004/39/EC of the European Parliament and of the Council of 21 April 2004;
(b) a credit institution as defined in point 1 of Article 3(1) of Directive 2013/36/EU of the European Parliament and of the Council, other than one referred to in Article 2 of that Directive;
(c) an insurance undertaking within the meaning of Article 2(1) of Directive 91/674/EEC; or
(d) an entity designated by an EEA State as a public-interest entity, such as an undertaking that is of significant public relevance because of the nature of its business, size or number of employees;
“small undertakings” means the undertakings referred to in Article 1(1) and Article 3(2) of Directive 2013/34/EU;
“statutory audit” means an audit of annual financial statements or consolidated financial statements in so far as–
(a) required by European Union law;
(b) required by section 258 of the Companies Act 2014 in respect of a company which is a small undertaking within the meaning of Directive 2013/34/EU;
(c) voluntarily carried out at the request of a small undertaking which meet legal requirements in an EEA State that are equivalent to those in paragraph (b) and where legislation in that State defines such an audit as a statutory audit;
“statutory auditor” means a natural person who is approved in accordance with this Act to carry out statutory audits;
Competent authority
2A.(1) The Financial Services Commission established by section 7 of the Financial Services Commission Act 2007 is designated as the competent authority for the purposes of this Act, the Directive and the Audit Regulation.
(2) In this Act, “competent authority” means–
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(a) in relation to Gibraltar–
(i) the Financial Services Commission; or
(ii) where, in accordance with section 6A of the Financial Services Commission Act 2007, the Commission arranges for its functions as the competent authority to be exercised by its Auditors Regulatory Committee, that committee; and
(b) in relation to another EEA State–
(i) the authority designated by law in that State as being responsible for the regulation or oversight of statutory auditors and audit firms; or
(ii) where different authorities are responsible for different aspects of that regulation or oversight, the authority responsible for the aspect referred to in a specific section or Article of the Directive.
PART II
APPROVAL, CONTINUING EDUCATION AND MUTUAL RECOGNITION
Approval of statutory auditors and audit firms.
3.(1) It is an offence for a statutory audit to be carried out other than by a statutory auditor or audit firm approved by the competent authority.
(2) Without prejudice to section 11, the competent authority may approve as statutory auditor only natural persons who satisfy the conditions laid down in sections 4 and 6 to 10.
(3) The competent authority may approve as audit firms only those entities which satisfy the following conditions
(a) natural persons responsible for carrying out statutory audits on behalf of firms satisfy the conditions imposed by sections 4 and 6 to 12 and are approved as statutory auditors in an EEA State;
(b) a majority of the voting rights in the firms are held either by audit firms approved in any EEA State, or by natural persons satisfying the conditions in sections 4 and 6 to 12;
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(c) a majority of up to a maximum of 75 % of the members of the administrative or management body of the entity must be audit firms which are approved in any EEA State or natural persons who satisfy the conditions imposed by Articles 4 and 6 to 12. Where such a body has no more than two members, one of those members must satisfy the conditions in this point. Subject to the foregoing, the Minister may, by regulations, provide that such natural persons must also have been approved in another EEA State; and
(d) the firm must satisfy the condition imposed by section 4.
Recognition of audit firms
3A.(1) By way of derogation from section 3(1), an audit firm which is approved in another EEA State shall be entitled to perform statutory audits in Gibraltar provided that the key audit partner who carries out the statutory audit on behalf of the audit firm satisfies the conditions specified in section 3(3)(a).
(2) An audit firm whose home State is not Gibraltar but that wishes to carry out statutory audits in Gibraltar shall register with the competent authority in accordance with sections 15 and 17.
(3) The competent authority shall–
(a) register an audit firm if it is satisfied that the audit firm is registered with the competent authority in its home State; and
(b) inform the competent authority in the home State of the registration of the audit firm.
(4) Where the competent authority intends to rely upon a certificate attesting to the registration of the audit firm in its home State, the competent authority may require that the certificate issued by the competent authority in the home State be not more than three months old.
Good repute.
4. The competent authority may grant approval under this Act only to
(a) natural persons; or
(b) firms,
of good repute.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
Withdrawal of approval.
5.(1) The competent authority shall withdraw approval of a statutory auditor or an audit firm where the good repute of that person or firm has been seriously compromised. Subject to the foregoing, the Minister may, by regulations, provide for a reasonable period of time for the purpose of meeting the requirement of good repute.
(2) The competent authority shall withdraw approval of an audit firm where any of the conditions imposed in section 3(3)(b) and (c) is no longer fulfilled. Subject to the foregoing, the Minister may, by regulations, provide for a reasonable period of time for the purpose of fulfilling those conditions.
(3) Where the competent authority withdraws approval of a statutory auditor or audit firm for any reason, the competent authority shall communicate that fact and the reasons for the withdrawal to the relevant competent authorities of those host States where the statutory auditor or audit firm is also registered in accordance with Article 3a, point (c) of Article 16(1) and point (i) of Article 17(1) of the Directive.
Educational qualifications.
6.(1) Without prejudice to section 11, the competent authority may approve a natural person to carry out a statutory audit only after having attained university entrance or equivalent level, then completed a course of theoretical instruction, undergone practical training and passed an examination of professional competence of university final or equivalent examination level, organised or recognised by the competent authority in accordance with the provisions of this Act.
(2) Subject to section 14, any natural person approved under the provisions of the Directive by the competent authority of an EEA State is approved by the competent authority for the purposes of subsection (1).
(3) The competent authority shall cooperate with the competent authorities designated under Article 32 of the Directive by other EEA States with a view to achieving a convergence of the requirements set out in subsection (1) and when doing so–
(a) shall take account of developments in auditing and in the audit profession and, in particular, convergence that has already been achieved by the profession; and
(b) shall cooperate with CEAOB and the competent authorities referred to in Article 20 of the Audit Regulation in so far as such convergence relates to the statutory audit of public interest entities.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
Examination of professional competence.
7. Where the competent authority organises examinations of professional competence under section 6(1), it shall guarantee the necessary level of theoretical knowledge of subjects relevant to statutory audit and the ability to apply such knowledge in practice, and shall ensure that Part of that examination, is in writing.
Test of theoretical knowledge.
8. Where the competent authority organises a test of theoretical knowledge as part of the examination referred to in section 6(1), it shall ensure that
(a) the following subjects in particular are covered
(i) general accounting theory and principles;
(ii) legal requirements and standards relating to the preparation of annual and consolidated accounts;
(iii) international accounting standards;
(iv) financial analysis;
(v) cost and management accounting;
(vi) risk management and internal control;
(vii) auditing and professional skills;
(viii) legal requirements and professional standards relating to statutory audit and statutory auditors;
(ix) international auditing standards as referred to in section 26;
(x) professional ethics and independence.
(b) the following subjects are covered insofar as they are relevant to auditing
(i) company law and corporate governance;
(ii) the law of insolvency and similar procedures;
(iii) tax law;
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(iv) civil and commercial law;
(v) social security law and employment law;
(vi) information technology and computer systems;
(vii) business, general and financial economics;
(viii) mathematics and statistics;
(ix) basic principles of the financial management of undertakings.
Exemptions.
9.(1) By way of derogation from sections 7 and 8, the Minister may, by regulations, provide that a person who has passed a university or equivalent examination or holds a university degree or equivalent qualification in one or more of the subjects referred to in section 8 may be exempted from the test of theoretical knowledge in the subjects covered by that examination or degree.
(2) By way of derogation from section 7 the Minister may, by regulations, provide that a holder of a university degree or equivalent qualification in one or more of the subjects referred to in section 8 may be exempted from the test of the ability to apply in practice his or her theoretical knowledge of such subjects if he has received practical training in those subjects attested by an examination or diploma of the sort set out in the regulations.
Practical training.
10.(1) In order to ensure the ability to apply theoretical knowledge in practice, a test of which is included in the examination, the competent authority shall ensure that
(a) a trainee completes a minimum of three years’ practical training in, inter alia, the auditing of annual financial statements, consolidated financial statements or similar financial statements; and
(b) at least two thirds of such practical training shall be completed with a statutory auditor or audit firm approved in any EEA State.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(2) The competent authority shall ensure that all training is carried out by persons providing adequate guarantees regarding their ability to provide practical training.
Qualification through long-term practical experience.
11. The competent authority may approve a person who does not satisfy the conditions laid down in section 6 as a statutory auditor, if he can show either
(a) that he has, for 15 years, engaged in professional activities which have enabled him to acquire sufficient experience in the fields of finance, law and accountancy, and has passed the examination of professional competence referred to in section 7 or an equivalent in Gibraltar or an EEA State; or
(b) that he has, for seven years, engaged in professional activities in those fields and has, in addition, undergone the practical training referred to in section 10 and passed the examination of professional competence referred to in section 7 or an equivalent in Gibraltar or an EEA State.
Combination of practical training and theoretical instruction.
12.(1) The Minister may, by regulations, provide that periods of theoretical instruction of not less than one year in the fields referred to in section 8 shall count towards the periods of professional activity referred to in section 11, provided that such instruction is attested by an examination of a sort set out in the regulations.
(2) Regulations under subsection (1) may not reduce the period of professional activity referred to in section 11(a) and (b) by more than four years.
(3) The competent authority shall ensure that the period of professional activity and practical training is not shorter than the course of theoretical instruction together with the practical training required under section 10.
Continuing education.
13. The competent authority shall ensure that statutory auditors take part in appropriate programmes of continuing education in order to maintain their theoretical knowledge, professional skills and values at a sufficiently high level, and that failure to respect the continuing education requirements is subject to appropriate sanctions under Part VII.
Approval of statutory auditors from other EEA States.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
14.(1) The competent authority shall establish procedures for approving statutory auditors who have been approved in other EEA States.
(2) Subject to subsection (3), those procedures shall require an applicant to pass an aptitude test, which shall be conducted in English and test the applicant’s knowledge of the law of Gibraltar (which includes the rules of professional conduct) in so far as it is relevant to statutory audits.
(3) An aptitude test shall not be required in any case where the competent authority is satisfied that the applicant holds a professional qualification which has covered the knowledge which would be covered by an aptitude test.
(4) The competent authority shall cooperate with the competent authorities in other EEA States and with CEAOB, in accordance with Article 14(3) of the Directive, with a view to achieving the convergence of aptitude test and other compensation measure requirements and enhancing their transparency and predictability.
(5) In this section “aptitude test” and “compensation measure” have the same meaning as in Directive 2005/36/EC of the European Parliament and of the Council of 7th September 2005 on the recognition of professional qualifications.
PART III REGISTRATION
Public register.
15.(1) The competent authority
(a) shall ensure that statutory auditors and audit firms are entered in a public register in accordance with sections 16 and 17;
(b) may, in exceptional circumstances and with the prior consent of the Minister, derogate from the requirements laid down in this section and section 16 regarding disclosure only to the extent necessary to mitigate an imminent and significant threat to the personal security of any person.
(2) The competent authority shall ensure that each statutory auditor and audit firm is identified in the public register referred to in subsection (1) by an individual number. Registration information shall be stored in the register in electronic form and shall be electronically accessible to the public.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(3) Where relevant, the public register referred to in subsection (1) shall also contain in relation to each statutory auditor and audit firm, the name and address of the competent authorities of the EEA State responsible
(a) for the approval of an auditor as referred to in section 2(2) and 3;
(b) for the quality assurance of an auditor as referred to in section 29;
(c) for investigations and sanctions on statutory auditors and audit firms as referred to in under Part VII; and
(d) for public oversight of an auditor as referred to in section 33.
Registration of non-EEA auditors and statutory auditors.
16.(1) The public register referred to in section 15 shall contain the following information on statutory auditors
(a) the name, address and registration number of the statutory auditor;
(b) if applicable, the name, address, website address and registration number of the audit firm by which the statutory auditor is employed, or with whom he or she is associated as a partner or otherwise;
(c) any other registration
(i) as statutory auditor with the competent authorities of other EEA States; and
(ii) as auditor with third countries, including the names of the registration authorities,
and, if applicable, the registration numbers.
(2) Non-EEA auditors registered in accordance with section 46 shall be clearly indicated in the register as such and not as statutory auditors.
Registration of audit firms.
17.(1) The public register referred to in section 15 shall contain the following information relating to audit firms
(a) the name, address and registration number of the firm;
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(b) its legal form;
(c) contact information, the primary contact person and, where applicable, the website address;
(d) the address of each office in Gibraltar;
(e) the name and registration number of all statutory auditors employed by or associated as partners or otherwise with the audit firm;
(f) the names and business addresses of all owners and shareholders;
(g) the names and business addresses of all members of the administrative or management body;
(h) if applicable, the membership of a network and a list of the names and addresses of member firms and affiliates or an indication of the place where such information is publicly available;
(i) all other registrations as audit firm with the competent authorities of other EEA States and as audit entity with third countries, including the name of the registration authorities, and, if applicable, the registration numbers; and
(j) where applicable, whether the audit firm is registered pursuant to section 3A(3).
(2) Non-EEA audit entities registered in accordance with section 46 shall be clearly indicated in the register as such and not as audit firms.
Updating of registration information.
18.(1) A statutory auditor or audit firm shall notify the competent authority without undue delay of any change to the information in respect of that statutory auditor or audit firm which appears in the public register.
(2) The competent authority shall update the register without undue delay after receiving a notification under subsection (1).
Responsibility for registration information.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
19.(1) Any information provided to the competent authority in accordance with sections 16 to 18 shall be signed by the statutory auditor or audit firm.
(2) Where the competent authority may provide for information referred to in subsection (1) to be provided electronically, the competent authority may make it subject to it being done by means of an electronic signature.
(3) For the purposes of subsection (2), “electronic signature” means data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication.
Language.
20.(1) The information entered in the public register shall be drawn up by the competent authority in English.
(2) The Minister may, by regulations, allow information to be entered in the public register in any other official language of the Community.
(3) The competent authority may, in its discretion, require any translation of the information to be certified. The register shall indicate whether or not the translation is certified.
PART IV
PROFESSIONAL ETHICS, INDEPENDENCE, OBJECTIVITY, CONFIDENTIALITY AND PROFESSIONAL SECRECY
Professional ethics and scepticism.
21.(1) All statutory auditors and audit firms shall be subject to such principles of professional ethics as the Minister may provide by regulations.
(2) Regulations under subsection (1) shall cover the duties of statutory auditors and audit firms, their public-interest function, their integrity and objectivity and their professional competence and due care.
(3) In default of any regulations being made under subsection (1), the professional ethics applying to statutory auditors and audit firms immediately prior to the coming into force of this Act shall continue applying.
(4) When carrying out a statutory audit, a statutory auditor or firm shall maintain professional scepticism throughout the audit, recognising the possibility of a material misstatement due to facts or behaviour indicating irregularities, including fraud or error, notwithstanding the statutory auditor's or the audit firm's past experience of the honesty and integrity of
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
the audited entity's management and of the persons charged with its governance.
(5) The statutory auditor or the audit firm shall maintain professional scepticism in particular when reviewing management estimates relating to fair values, the impairment of assets, provisions, and future cash flow relevant to the entity's ability to continue as a going concern.
(6) For the purposes of this section “professional scepticism” means an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence.
Independence and objectivity.
22.(1)When carrying out a statutory audit, a statutory auditor or audit firm, and any natural person in a position to directly or indirectly influence the outcome of the statutory audit, shall be independent of the audited entity and not involved in the decision-making of the audited entity.
(2) That independence shall be required at least during both–
(a) the period covered by the financial statements to be audited; and
(b) the period during which the statutory audit is carried out.
(3) A statutory auditor or audit firm shall take all reasonable steps to ensure that, when carrying out a statutory audit, the statutory auditor’s or audit firm’s independence is not affected by any existing or potential conflict of interest or business or other direct or indirect relationship involving–
(a) the statutory auditor or the audit firm; and
(b) where appropriate–
(i) its network, managers, auditors or employees;
(ii) any other natural persons whose services are placed at the disposal or under the control of the statutory auditor or audit firm; or
(iii) any person directly or indirectly linked to the statutory auditor or audit firm by control.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(4) Statutory auditors and audit firms shall record in the audit working papers all significant threats to the statutory auditor’s or audit firm’s independence as well as the safeguards applied to mitigate those threats.
(5) A statutory auditor or audit firm shall not carry out a statutory audit if there is any threat of self-review, self-interest, advocacy, familiarity or intimidation created by financial, personal, business, employment or other relationships between–
(a) the statutory auditor, the audit firm, its network and any natural person in a position to influence the outcome of the statutory audit; and
(b) the audited entity;
as a result of which an objective, reasonable and informed third party, taking into account the safeguards applied, would conclude that the statutory auditor's or audit firm's independence is compromised.
(6) Statutory auditors and audit firms, their key audit partners, employees, other natural persons whose services are placed at the disposal or under the control of a statutory auditor or audit firm and who are directly involved in statutory audit activities and any closely associated persons (within the meaning of Article 1(2) of Commission Directive 2004/72/EC) shall not, within their area of statutory audit activities–
(a) hold or have a material and direct beneficial interest in an audited entity; or
(b) engage in any transaction in any financial instrument issued, guaranteed, or otherwise supported by an audited entity;
other than interests owned indirectly through diversified collective investment schemes, including managed funds such as pension funds or life insurance.
(7) A person or firm referred to in subsection (6) shall not participate in or otherwise influence the outcome of a statutory audit of an audited entity if that person or firm—
(a) owns financial instruments of the audited entity, other than interests owned indirectly through diversified collective investment schemes;
(b) owns financial instruments of any entity related to the audited entity, the ownership of which may cause, or may be generally perceived as causing, a conflict of interest, other than interests
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
owned indirectly through diversified collective investment schemes;
(c) has had an employment, business or other relationship with the audited entity within the period specified in subsection (2) that may cause, or may be generally perceived as causing, a conflict of interest.
(8) A person or firm referred to in subsection (6) shall not solicit or accept pecuniary and non-pecuniary gifts or favours from an audited entity or any entity related to an audited entity unless an objective, reasonable and informed third party would consider the value of any gift or favour as being trivial or inconsequential.
(9) If, during the period covered by its financial statements, an audited entity is acquired by, merges with, or acquires another entity, the statutory auditor or the audit firm shall–
(a) identify and evaluate any current or recent interests or relationships (including any non-audit services provided to that entity) which, taking into account available safeguards, could compromise the auditor's independence and ability to continue with the statutory audit after the effective date of the merger or acquisition; and
(b) as soon as possible, and in any event within three months,
(i) take all such steps as may be necessary to terminate any current interest or relationship that would compromise its independence; and
(ii) where possible, adopt safeguards to minimise any threat to its independence arising from a prior or current interest or relationship.
Employment by audited entities of former audit personnel.
22A.(1) A statutory auditor or a key audit partner who carries out a statutory audit on behalf of an audit firm shall not take up a relevant role in relation to the audited entity before–
(a) at least one year has elapsed since he or she ceased to act as a statutory auditor or key audit partner in connection with the audit engagement; or
(b) in the case of the statutory audit of a public-interest entity, at least two years have elapsed since he or she ceased to do so.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(2) A natural person who is personally approved as a statutory auditor and–
(a) who is an employee or partner (other than key audit partner) of a statutory auditor or audit firm carrying out a statutory audit; or
(b) whose services are placed at the disposal or under the control of such a statutory auditor or audit firm;
shall not take up a relevant role in relation to the audited entity before at least one year has elapsed since he or she was directly involved in the statutory audit engagement.
(3) In this section a “relevant role” means–
(a) a key management position in the audited entity;
(b) being a member of the audited entity’s audit committee or, where such a committee does not exist, of the body performing equivalent functions to an audit committee; or
(c) being a non-executive member of the administrative body or a member of the supervisory body of the audited entity.
Preparation for the statutory audit and assessment of threats to independence
22B.(1) A statutory auditor or audit firm, before accepting or continuing a statutory audit engagement, shall assess and record whether–
(a) the statutory auditor or audit firm complies with the requirements of section 22;
(b) there are threats to the statutory auditor’s or audit firm’s independence and the safeguards applied to mitigate those threats;
(c) the statutory auditor or audit firm has the competent employees, time and resources needed in order to carry out the statutory audit in an appropriate manner; and
(d) in the case of an audit firm, the key audit partner is approved as a statutory auditor in the EEA State requiring the statutory audit.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
Confidentiality and professional secrecy.
23.(1) All information and documents to which a statutory auditor or audit firm has access when carrying out a statutory audit shall be protected by a duty of confidentiality and professional secrecy.
(2) The duty of confidentiality and professional secrecy referred to in subsection (1) shall not impede the enforcement of the provisions of this Act or the Audit Regulation.
(3) Where a statutory auditor or audit firm is replaced by another statutory auditor or audit firm, the former statutory auditor or audit firm shall provide the incoming statutory auditor or audit firm with access to all relevant information concerning the audited entity and the most recent audit of that entity.
(4) A statutory auditor or audit firm who has ceased to be engaged in a particular audit assignment and a former statutory auditor or audit firm shall remain subject to the provisions of subsections (1) and (2) with respect to that audit assignment.
(5) Where a statutory auditor or audit firm carries out a statutory audit of an undertaking which is part of a group whose parent undertaking is situated in a non-EEA State, the duty of confidentiality and professional secrecy referred to in subsection (1) shall not impede the transfer by the statutory auditor or audit firm of relevant documents concerning the audit work it has performed to the group auditor situated in a non-EEA State, if those documents are necessary for the performance of the audit of consolidated financial statements of the parent undertaking.
(6) A statutory auditor or audit firm that carries out the statutory audit of an undertaking which has issued securities in a non-EEA State or which forms part of a group issuing statutory consolidated financial statements in a non-EEA State, may only transfer the audit working papers or other documents relating to the audit of that entity which the statutory auditor or audit firm holds to the competent authorities in the relevant non-EEA State under the conditions set out in section 48.
(7) The transfer of information to a group auditor situated in a non-EEA State shall comply with the Data Protection Act 2004.
Independence and objectivity of the statutory auditors carrying out the statutory audit on behalf of audit firms.
24. Owners or shareholders of an audit firm as well as the members of the administrative, management and supervisory bodies of such a firm, or of an affiliated firm, shall not intervene in the execution of a statutory audit in any
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
way which jeopardises the independence and objectivity of the statutory auditor who carries out the statutory audit on behalf of the audit firm.
Internal organisation of statutory auditors and audit firms.
24A.(1) A statutory auditor or audit firm shall comply with the following organisational requirements–
(a) an audit firm shall establish appropriate policies and procedures to ensure that its owners or shareholders, as well as the members of the administrative, management and supervisory bodies of the firm, or of an affiliate firm, do not intervene in the carrying-out of a statutory audit in any way which jeopardises the independence and objectivity of the statutory auditor who carries out the statutory audit on behalf of the audit firm;
(b) a statutory auditor or an audit firm shall have sound administrative and accounting procedures, internal quality control mechanisms, effective procedures for risk assessment, and effective control and safeguard arrangements for information processing systems and those internal quality control mechanisms shall be designed to secure compliance with decisions and procedures at all levels of the audit firm or of the working structure of the statutory auditor;
(c) a statutory auditor or an audit firm shall establish appropriate policies and procedures to ensure that–
(i) the statutory auditor’s or audit firm’s employees; and
(ii) any other natural persons whose services are placed at the disposal or are under the control of the statutory auditor or audit firm;
and who are directly involved in the statutory audit activities, have appropriate knowledge and experience for the duties assigned;
(d) a statutory auditor or an audit firm shall establish appropriate policies and procedures to ensure that outsourcing of important audit functions is not undertaken in such a way as to impair the quality of the statutory auditor's or the audit firm's internal quality control and the ability of the competent authorities to supervise the statutory auditor's or the audit firm's compliance with the obligations laid down in this Act and, where applicable, the Audit Regulation;
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(e) a statutory auditor or an audit firm shall establish appropriate and effective organisational and administrative arrangements to prevent, identify, eliminate or manage and disclose any threats to their independence as referred to in sections 22, 22A and 22B;
(f) a statutory auditor or an audit firm shall establish appropriate policies and procedures for carrying out statutory audits, coaching, supervising and reviewing employees’ activities and organising the structure of the audit file referred to in section 24B(6) to (8);
(g) a statutory auditor or an audit firm shall establish an internal quality control system to ensure the quality of the statutory audit and–
(i) the quality control system shall at least cover the policies and procedures described in paragraph (f); and
(ii) in the case of an audit firm, responsibility for the internal quality control system shall lie with a person who is qualified as a statutory auditor;
(h) a statutory auditor or an audit firm shall use appropriate systems, resources and procedures to ensure continuity and regularity in the carrying out of statutory audit activities;
(i) a statutory auditor or audit firm shall establish appropriate and effective organisational and administrative arrangements for dealing with and recording incidents which have, or may have, serious consequences for the integrity of statutory audit activities;
(j) a statutory auditor or audit firm shall have in place adequate remuneration policies, including profit-sharing policies, providing sufficient performance incentives to secure audit quality and, in particular, the amount of revenue that the statutory auditor or the audit firm derives from providing non- audit services to the audited entity shall not form part of the performance evaluation and remuneration of any person involved in, or able to influence the carrying out of, the audit;
(k) a statutory auditor or audit firm shall–
(i) monitor and evaluate the adequacy and effectiveness of the systems, internal quality control mechanisms and arrangements established in accordance with this Act
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
and, where applicable, the Audit Regulation and take appropriate measures to address any deficiencies; and
(ii) in particular, carry out an annual evaluation of the internal quality control system, referred to in paragraph (g) and keep a record of the findings of that evaluation and any proposed measure to modify the internal quality control system.
(2) Statutory auditors and audit firms shall record the policies and procedures they establish in accordance with subsection (1)(a) and communicate them to their employees.
(3) In complying with subsection (1), a statutory auditor or audit firm shall–
(a) consider the scale and complexity of the statutory auditor or audit firm activities; and
(b) be able to demonstrate to the competent authority that the policies and procedures designed to achieve such compliance are appropriate given that scale and complexity.
(4) Any outsourcing of audit functions as provided for in subsection (1)(d) shall not affect the responsibility of the statutory auditor or the audit firm towards the audited entity.
Organisation of the work.
24B.(1) When an audit firm carries out a statutory audit, it shall–
(a) designate at least one key audit partner–
(i) who has been selected on the basis of the main criteria of securing audit quality, independence and competence; and
(ii) who shall be actively involved in carrying-out the statutory audit;
(b) provide the key audit partner–
(i) with sufficient resources to carry out the key audit partner’s duties appropriately; and
(ii) with personnel that have the necessary competence and capabilities to assist the key audit partner to do so.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(2) When carrying out a statutory audit, a statutory auditor shall devote sufficient time to the engagement and assign sufficient resources to enable the statutory auditor’s duties to be carried out appropriately.
(3) A statutory auditor or audit firm shall–
(a) keep records of–
(i) any breach of this Act and, where applicable, the Audit Regulation; and
(ii) the consequence of any breach, including any measures taken to address it and to modify their internal quality control system; and
(b) prepare an annual report containing an overview of any such measures taken and shall communicate that report internally.
(4) A statutory auditor or audit firm shall keep records of—
(a) any request for advice made to an external expert; and
(b) the advice received in response to the request.
(5) A statutory auditor or audit firm shall maintain a client account record, which shall include the following data for each audit client–
(a) the name, the address and the place of business;
(b) in the case of an audit firm, the name of the key audit partner; and
(c) the fees charged for the statutory audit and the fees charged for other services in any financial year.
(6) A statutory auditor or audit firm shall create an audit file for each statutory audit.
(7) A statutory auditor or the audit firm shall–
(a) record at least the information required by section 22B and, where applicable, Articles 6 to 8 of the Audit Regulation.
(b) retain any other data and documents that are of importance–
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(i) in support of the report referred to in section 28 and, where applicable, Articles 10 and 11 of the Audit Regulation; and
(ii) for monitoring compliance with this Act and other applicable legal requirements.
(8) An audit file shall be closed no later than 60 days after the date of signature of the audit report referred to section 28 and, where applicable, Article 10 of the Audit Regulation.
(9) A statutory auditor or audit firm shall keep records of any complaints made in writing about the performance of any statutory audits carried out by the statutory auditor or audit firm.
Audit fees.
25. Fees for statutory audits
(a) shall not be influenced or determined by the provision of additional services to the audited entity; and
(b) shall not be based on any form of contingency.
Scope of the statutory audit.
25A.(1) The scope of a statutory audit shall not include assurance on the future viability of the audited entity or on the efficiency or effectiveness with which the management or administrative body has conducted or will conduct the affairs of the entity.
(2) Subsection (1) applies without limiting–
(a) the reporting requirements referred to in section 28; and
(b) where applicable, Articles 10 and 11 of the Audit Regulation,
PART V
AUDITING STANDARDS AND AUDIT REPORTING
Auditing standards.
26.(1) Statutory auditors and audit firms shall carry out statutory audits in compliance with international auditing standards adopted by the European Commission in accordance with Article 26(3) of the Directive.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(2) In this section “international auditing standards” means International Standards on Auditing (ISAs), International Standard on Quality Control (ISQC-1) and other related Standards issued by the International Federation of Accountants (IFAC) through the International Auditing and Assurance Standards Board (IAASB), in so far as they are relevant to the statutory audit.
Statutory audits of consolidated financial statements.
27.(1) Where a statutory audit of the consolidated financial statements of a group of undertakings is carried out–
(a) in relation to the consolidated financial statements, the group auditor bears the full responsibility for the audit report referred to in section 28 and, where applicable, Article 10 of the Audit Regulation and for any additional report to the audit committee referred to in Article 11 of that Regulation;
(b) the group auditor shall evaluate the audit work performed by any other auditor for the purpose of the group audit, and record the nature, timing and extent of the work performed by that auditor, including, where applicable, the group auditor's review of relevant parts of that auditor’s audit documentation;
(c) the group auditor shall review the audit work performed by any other auditor for the purpose of the group audit and make a record of that review.
(2) The documents retained by the group auditor shall be such as to enable the relevant competent authority to review the work of the group auditor.
(3) For the purposes of subsection (1)(c), the group auditor shall request the agreement of any other auditor to the transfer of relevant documentation during the conduct of the audit of consolidated financial statements, as a condition of the reliance by the group auditor on the work of that auditor.
(4) Where the group auditor is unable to comply with subsection (1)(c), the group auditor shall–
(a) take appropriate measures, including carrying out additional statutory audit work (directly or by means of outsourcing) in the relevant subsidiary; and
(b) inform the relevant competent authority.
(5) Where the group auditor is subject to a quality assurance review or an investigation concerning the statutory audit of the consolidated financial
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
statements of a group of undertakings, the group auditor shall make available to the competent authority upon request the relevant documentation which the group auditor retains concerning the audit work performed by any other auditor for the purpose of the group audit, including any working papers relevant to the group audit.
(6) The competent authority may request additional documentation on the audit work performed by a statutory auditor or audit firm for the purpose of the group audit from the relevant competent authority in another EEA State in accordance with section 36.
(7) Where a parent undertaking or subsidiary undertaking of a group of undertakings is audited by a non-EEA auditor or non-EEA audit entity, the competent authority may request additional documentation on the audit work performed by that auditor or audit entity from the competent authority in the relevant non-EEA State through the working arrangements referred to in section 48.
(8) Where a parent undertaking or subsidiary undertaking of a group of undertakings is audited by a non-EEA auditor or non-EEA audit entity that has no working arrangements of the kind referred to in section 48, the group auditor shall, when requested, also be responsible for ensuring proper delivery of the additional documentation of the audit work performed by that non-EEA auditor or non-EEA audit entity, including the working papers relevant to the group audit.
(9) In order to ensure such delivery, the group auditor shall–
(a) retain a copy of such documentation;
(b) agree with the auditor or audit entity that the group auditor is to be given unrestricted access to such documentation upon request; or
(c) take other appropriate action.
(10) Where audit working papers cannot, for legal or other reasons, be passed from a non-EEA State to the group auditor, the documentation retained by the group auditor shall include–
(a) evidence that the group auditor has undertaken the appropriate procedures in order to gain access to the audit documentation, and
(b) in the case of impediments other than legal ones arising from the legislation of the non-EEA State concerned, evidence supporting the existence of such impediments.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
Audit reporting.
28.(1) Statutory auditors and audit firms shall present the results of a statutory audit in an audit report, which shall be prepared in accordance with the requirements of auditing standards adopted in accordance with section 26 or Article 26 of the Directive.
(2) An audit report shall be in writing and shall–
(a) identify the entity whose annual or consolidated financial statements are the subject of the statutory audit; specify the annual or consolidated financial statements and the date and period they cover; and identify the financial reporting framework that has been applied in their preparation;
(b) include a description of the scope of the statutory audit which shall, as a minimum, identify the auditing standards in accordance with which the statutory audit was conducted;
(c) include an audit opinion, which shall be unqualified, qualified or an adverse opinion and shall state clearly the opinion of the statutory auditor or audit firm as to–
(i) whether the annual financial statements give a true and fair view in accordance with the relevant financial reporting framework; and,
(ii) where appropriate, whether the annual financial statements comply with statutory requirements;
or a disclaimer of opinion, if the statutory auditor or audit firm is unable to express an audit opinion;
(d) refer to any other matters to which the statutory auditor or the audit firm draws attention by way of emphasis without qualifying the audit opinion;
(e) include an opinion and statement, both of which shall be based on the work undertaken in the course of the audit, referred to in the second subparagraph of Article 34(1) of Directive 2013/34/EU;
(f) provide a statement on any material uncertainty relating to events or conditions that may cast significant doubt about the entity's ability to continue as a going concern;
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(g) identify the place of establishment of the statutory auditor or audit firm.
(3) Where a statutory audit is carried out by more than one statutory auditor or audit firm, the statutory auditors or audit firms shall–
(a) agree on the results of the audit and submit a joint report and opinion; or
(b) in the case of disagreement, each submit an opinion as a separate paragraph of the audit report and state the reason for the disagreement.
(4) An audit report shall be signed and dated by the statutory auditor and, where the audit was carried out by an audit firm, shall at least be signed by the statutory auditor who carried it out on behalf of the firm.
(5) Where more than one statutory auditor or audit firm has been engaged simultaneously, any audit report shall be signed by all of the statutory auditors or at least by the statutory auditors who carried out the statutory audit on behalf of each of the audit firms.
(6) Exceptionally, the competent authority may permit an audit report not to include the signatures required by subsection (4) or (5) where–
(a) the names of the persons involved are known to the competent authority; and
(b) the competent authority is satisfied that public disclosure could lead to an imminent and significant threat to the personal security of any person.
(7) The report of the statutory auditor or the audit firm on the consolidated financial statements shall comply with the requirements in subsections (1) to (5) and, in reporting on the consistency of the management report and financial statements as required by subsection (2)(e), the statutory auditor or audit firm shall consider the consolidated financial statements and the consolidated management report.
(8) Where the annual financial statements of the parent undertaking are attached to the consolidated financial statements, the reports of the statutory auditors or audit firms required by this section may be combined.
PART VI
QUALITY ASSURANCE
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
Quality assurance systems.
29.(1) Subject to subsection (5), the competent authority shall ensure that all statutory auditors and audit firms are subject to a system of quality assurance controls which meets the following criteria
(a) the quality assurance controls shall be carried out independently of the reviewed statutory auditors and audit firms and subject to public oversight;
(b) the funding for the quality assurance controls shall be secure and free from any possible undue influence by statutory auditors or audit firms;
(c) the quality assurance controls shall have adequate resources;
(d) the persons engaged by the competent authority to carry out quality assurance controls shall have appropriate professional education and relevant experience in statutory audit and financial reporting combined with specific training on quality assurance controls;
(e) the selection by the competent authority of reviewers for specific quality assurance control assignments shall be effected in accordance with an objective procedure designed to ensure that there are no conflicts of interest between the reviewers and the statutory auditor or audit firm under review;
(f) the scope of the quality assurance control, supported by adequate testing of selected audit files, shall include an assessment of compliance with applicable auditing standards and independence requirements, of the quantity and quality of resources spent, of the audit fees charged and of the internal quality control system of the audit firm;
(g) the quality assurance control shall be the subject of a report which shall contain the main conclusions of the quality assurance control;
(h) quality assurance controls shall take place based upon an analysis of risk and, in the case of statutory auditors and audit firms carrying out statutory audits required by European Union law, at least every six years;
(i) the overall results of the quality assurance control system shall be published annually;
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(j) recommendations of quality control reviews shall be followed up by the statutory auditor or audit firm within a reasonable period.
(k) quality assurance controls shall be appropriate and proportionate to the scale and complexity of the activity of the reviewed statutory auditor or audit firm.
(2) Where the recommendations referred to in point (j) are not followed up, the statutory auditor or audit firm may be subject to the sanctions under Part VII.
(3) For the purpose of subsection (1)(e) at least the following criteria shall apply to the selection of reviewers–
(a) reviewers shall have appropriate professional education and relevant experience in statutory audit and financial reporting combined with specific training on quality assurance reviews;
(b) a person shall not be allowed to act as an reviewer in a quality assurance control assignment in respect of a statutory auditor or audit firm until at least three years have elapsed since that person ceased to be a partner or an employee of, or otherwise associated with, that statutory auditor or audit firm;
(c) reviewers shall declare that there are no conflicts of interest between them and the statutory auditor and the audit firm to be reviewed.
(4) For the purpose of subsection (1)(k) the competent authority, when undertaking quality assurance controls in respect of the statutory audits of annual or consolidated financial statements of medium-sized and small undertakings, shall take account of the fact that the auditing standards adopted in accordance with Article 26 of the Directive are designed to be applied in a manner that is proportionate to the scale and complexity of the business of the audited entity.
(5) This section shall only apply to the statutory audit of annual and consolidated financial statements of public-interest entities to the extent required by the Audit Regulation.
PART VII
INVESTIGATIONS AND SANCTIONS
Investigative capability.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
30. The competent authority shall establish and maintain effective systems for the detection, correction and prevention of the inadequate execution of statutory audits.
Sanctioning powers.
30A.(1) The competent authority may take the actions specified in this Part where it is satisfied that a default has occurred.
(2) In this Part “default” means breach of a provision of this Act or the Audit Regulation.
Public statement.
30B. The competent authority may publish on its website a statement specifying–
(a) the nature of the default; and
(b) the identity of the person who has committed it.
Cease and desist order.
30C. The competent authority may order a person–
(a) to cease any conduct which constitutes a default; and
(b) to desist from any repetition of that conduct.
Non-compliance declaration.
30D. The competent authority may declare that an audit report does not meet the requirements of section 28 or, where applicable, Article 10 of the Audit Regulation.
Prohibition order.
30E.(1) The competent authority may by order (“a prohibition order”) prohibit–
(a) a specified statutory auditor, audit firm or key audit partner from carrying out statutory audits or signing audit reports; or
(b) a specified member of an audit firm or of the administrative or management body of a public-interest entity from exercising functions in audit firms or public-interest entities.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(2) A prohibition order must specify–
(a) the period during which it applies (which must not exceed three years); and
(b) the functions which it prohibits.
Suspension or withdrawal, etc. of approval or registration.
30F.(1) The competent authority may–
(a) suspend or withdraw an approval granted to a statutory auditor or audit firm under Part II or section 45; or
(b) suspend or revoke registration granted to a non-EEA auditor or non-EEA audit entity under Part XI.
(2) A suspension under subsection (1)(a) or (b) must specify the period during which it applies, which must not exceed 18 months.
(3) This section applies without limiting section 5 and notice of a withdrawal of approval under subsection (1)(a) must be given to any relevant competent authority in accordance with section 5(3).
Civil penalties.
30G.(1) The competent authority may impose a penalty not exceeding–
(a) in the case of a legal person, £250,000; or
(b) in the case of a natural person, £125,000.
(2) A penalty imposed under subsection (1) may be enforced in the same manner as if it were a civil debt owed to the competent authority.
Effective application of sanctions.
30H.(1) In determining the type and level of any sanction, the competent authority must take into account all relevant circumstances, including where appropriate–
(a) the gravity and the duration of the default;
(b) the degree of responsibility of the responsible person;
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(c) the financial strength of the responsible person, for example as indicated by the responsible undertaking’s total turnover or the responsible person’s annual income;
(d) in so far as they can be determined, the profits gained or losses avoided by the responsible person;
(e) the level of cooperation with the competent authority by the responsible person;
(f) previous defaults by the responsible person.
Warning notices.
30I.(1) Before taking action in respect of a person under this Part the competent authority must give the person a warning notice, stating the action proposed and the reasons for it.
(2) Subsection (1) does not apply if the competent authority is satisfied that a warning notice–
(a) cannot be given because of urgency;
(b) should not be given because of the risk that steps would be taken to undermine the effectiveness of the action to be taken; or
(c) is superfluous having regard to the need to give notice of legal proceedings or for some other reason.
(3) A warning notice–
(a) must give the recipient not less than 14 days to make representations; and
(b) must specify a period within which the recipient may decide whether to make oral representations.
(4) The period for making representations may be extended by the competent authority.
Decision notices.
30J.(1) This section applies where the competent authority has–
(a) issued a warning notice; or
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(b) dispensed with the requirement to give a warning notice in accordance with section 30I(2).
(2) After considering any representations made in accordance with section 30I the competent authority must issue—
(a) a decision notice stating that the competent authority will take the action specified in the warning notice;
(b) a discontinuance notice stating that the competent authority does not propose to take that action; or
(c) a combined notice consisting of a decision notice stating that the competent authority will take certain action specified in the warning notice and a discontinuance notice in respect of the remaining action.
(3) A decision notice takes effect, and the specified action may be taken–
(a) at the end of the period for bringing an appeal if no appeal is brought; or
(b) when any appeal is finally determined or withdrawn.
Interim orders.
30K. The competent authority may apply to the Supreme Court for permission to take action under this Part where a decision notice has been given and has not yet taken effect (whether or not a warning notice has been given).
Publication of enforcement action.
30L.(1) This section applies where the competent authority has taken action under this Part in respect of a default.
(2) The competent authority must publish on its official website details of any action taken in respect of a person under this Part without undue delay after that person is informed of that action.
(3) The competent authority must publish details on an anonymous basis, in a manner which accords with any other law, in any of the following circumstances–
(a) where the action is taken in respect of a natural person and, following an obligatory prior assessment, publication of personal data is found to be disproportionate;
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(b) where publication would jeopardise the stability of financial markets or an ongoing criminal investigation;
(c) where publication would cause, insofar as can be determined, disproportionate damage to the institution or natural person involved.
(4) Alternatively, where the circumstances in subsection (3) are likely to cease within a reasonable time, publication under subsection (2) may be postponed for that period of time.
(5) Subsection (2) does not apply while an appeal could be brought or is pending.
(6) Despite subsection (5), the competent authority may apply to the Supreme Court for permission to publish a decision notice pending an appeal or the outcome of an appeal; and following publication under this subsection the competent authority must, without undue delay, also publish on its website information on the status and outcome of any appeal.
(7) The competent authority shall ensure that any publication in accordance with this section is of proportionate duration and remains on the competent authority’s website for a minimum of five years after all rights of appeal have been exhausted or have expired; but that personal data is only retained on the website for so long as is necessary, in accordance with the Data Protection Act 2004.
Restoration.
30M.(1) A person whose–
(a) approval under Part II or section 45 as a statutory auditor or audit firm has been suspended or withdrawn; or
(b) registration under Part XI as a non-EEA auditor or non EEA- audit entity has been suspended or revoked;
may apply to the competent authority for the suspension, withdrawal or revocation to be rescinded and, in consequence, for the person’s name to be restored to the public register.
(2) The competent authority, in its discretion, may either allow or refuse an application under this section.
Appeals.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
31.(1) A person who is the subject of any of the decisions in subsection (2) may appeal against that decision to the Supreme Court.
(2) Those decisions are a decision by the competent authority to–
(a) refuse an application for approval under Part II or section 45;
(b) refuse an application for registration under Part XI;
(c) withdraw approval under section 5;
(d) refuse an application for restoration under section 30M; and
(e) issue a decision notice under this Part.
(3) An appeal under this section shall be made within 28 days beginning with the date on which notice of the decision is served.
(4) On an appeal under this section the Supreme Court may–
(a) dismiss the appeal;
(b) allow the appeal and quash the decision appealed against;
(c) substitute for the decision appealed against any other decision which the competent authority could have made; or
(d) remit the case to the competent authority for disposal in accordance with the directions of the court;
and may make such order as to costs as it thinks fit.
(5) The Chief Justice may make rules of court governing appeals under this section.
Reporting of breaches.
32.(1) The competent authority shall establish appropriate arrangements for the reporting of breaches of this Act or the Audit Regulation to the competent authority by any person.
(2) The arrangements established under subsection (1) shall include–
(a) specific procedures for the receipt and investigation of reported breaches;
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(b) arrangements which accord with the Data Protection Act 2004 for the protection of the personal data of—
(i) the person who reports a breach; and
(ii) any natural person who is allegedly responsible for a breach;
(c) appropriate procedures to ensure that a person who is accused of a breach—
(i) has the right to present a defence and be heard before any decision is reached concerning that alleged breach; and
(ii) is informed of the right to appeal under section 31 in the event that the person is found to have committed a breach.
(3) Audit firms shall establish appropriate procedures for their employees to report potential or actual breaches of this Act or the Audit Regulation internally through a specific channel.
Exchange of information.
32A.(1) The competent authority shall–
(a) immediately inform CEAOB of any prohibition order imposed under section 30E; and
(b) provide CEAOB annually with aggregated information regarding all administrative measures and sanctions imposed under this Part.
PART VIII
PUBLIC OVERSIGHT AND REGULATORY ARRANGEMENTS BETWEEN MEMBER STATES
Principles of public oversight.
33.(1) All statutory auditors and audit firms shall be subject to public oversight, and the competent authority shall be responsible for the effective public oversight of statutory auditors and audit firms based on the principles set out in this section.
(2) In the discharge of all functions and duties under this Act, the competent authority shall be answerable and accountable to the Minister and
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
shall, in so far as is not inimical to the requirements of this Act, act in accordance with the policy of the government.
(3) Subject to subsection (3A), the competent authority shall be governed by non-practitioners who are knowledgeable in the areas relevant to statutory audit, appointed following selection in accordance with an independent and transparent nomination procedure.
(3A) Where, in accordance with section 6A of the Financial Services Commission Act 2007, the Financial Services Commission arranges for its functions as the competent authority to be exercised by its Auditors Regulatory Committee, subsection (3) shall apply to that committee rather than the Commission as a whole.
(3B) The competent authority may engage practitioners to carry out specific tasks and may also be assisted by experts when this is essential for the proper fulfilment of its tasks, but such practitioners and experts shall not be involved in any decision-making of the competent authority.
(4) Without limiting subsection (1), the competent authority shall have the ultimate responsibility for the oversight of–
(a) the approval and registration of statutory auditors and audit firms;
(b) the adoption of standards on professional ethics, internal quality control of audit firms and auditing;
(c) continuing education;
(d) quality assurance systems; and
(e) investigative and administrative disciplinary systems.
(5) The competent authority shall have the right, where necessary, to initiate and conduct investigations in relation to statutory auditors and audit firms and the right to take appropriate action.
(6) Where the competent authority engages an expert to carry out a specific assignment, it shall ensure that–
(a) there is no conflict of interest between the expert and the statutory auditor or audit firm in question; and
(b) the expert meets the requirements of section 29(3)(a).
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(7) The competent authority shall be organised in a manner that avoids conflicts of interests and shall carry out its duties in a transparent manner, including by the publication of annual work programmes and activity reports.
(8) The Minister shall ensure that the competent authority is adequately funded and has adequate resources to initiate and conduct investigations in accordance with subsection (5) and that those funding arrangements are secure and free from any undue influence by statutory auditors or audit firms.
Cooperation between public oversight systems at Community level.
34. The Minister shall ensure that regulatory arrangements by the competent authority pursuant to section 33 permit effective cooperation with equivalent bodies in other EEA States regarding such matters.
Mutual recognition of regulatory arrangements between EEA States.
35.(1) The competent authority shall carry out its duties under this Act in a manner which honours the principle of home-country regulation and oversight by the EEA State in which the statutory auditor or audit firm is approved and the audited entity has its registered office.
(2) Without limiting subsection (1), where an audit firm approved in another EEA State performs audit services in Gibraltar based upon recognition under section 3A, it shall be subject to quality assurance review in its home State and oversight in Gibraltar of any audit carried out there.
(3) Where a statutory audit of consolidated financial statements is to be carried out under the Companies Act 2014, no additional requirements concerning registration, quality assurance review, auditing standards, professional ethics and independence may be imposed on a statutory auditor or audit firm carrying out a statutory audit of a subsidiary established in another EEA State.
(4) Where a company whose securities are traded on a regulated market in Gibraltar does not have its registered office in Gibraltar, neither the Minister nor the competent authority may impose any additional requirements in relation to the statutory audit concerning registration, quality assurance review, auditing standards, professional ethics and independence on a statutory auditor or audit firm carrying out the statutory audit of the annual or consolidated financial statements of that company.
(5) A statutory auditor or audit firm that is registered in accordance with section 3 or 45 and provides audit reports of the kind referred to in section
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
46(1) shall be subject to the competent authority’s systems of oversight, quality assurance and investigation and sanctions.
Regulatory cooperation between Member States.
36.(1) The competent authority, whenever necessary for the purpose of carrying out its responsibilities under this Act or the Audit Regulation, shall cooperate with and assist the competent authorities in other EEA States and the relevant European Supervisory Authorities in matters falling within the scope of this Act or that Regulation and, in particular, shall exchange information and cooperate in investigations related to the carrying-out of statutory audits.
(2) The competent authority shall inform the Minister of all requests for cooperation that it receives.
(3) The competent authority shall, on request, and without undue delay
(a) supply any information required for the purpose referred to in subsection (1); and
(b) take the necessary measures to gather the required information,
and information thus supplied shall be covered by the obligation of professional secrecy to which the persons employed or formerly employed by the competent authorities that received the information are subject; and that obligation of professional secrecy shall also apply to any person to whom the competent authorities have delegated any task for any purpose set out in this Act or the Directive.
(4) Where the competent authority is not able to supply the required information without undue delay, it shall notify the requesting competent authority of the reasons therefor.
(5) The competent authority may refuse to act on a request for information where
(a) the Minister certifies that supplying information might adversely affect the sovereignty, security or public order of Gibraltar or breach national security; or
(b) judicial proceedings have already been initiated in Gibraltar in respect of the same actions and against the same person; or
(c) final judgment has already been passed in Gibraltar in respect of the same actions and on the same person.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(6) Without prejudice to the obligations to which they are subject in judicial proceedings, when receiving information pursuant to a request for assistance the competent authority and European Supervisory Authorities may use it only for the exercise of their functions within the scope of this Act, the Directive or the Audit Regulation and in the context of administrative or judicial proceedings specifically related to the exercise of those functions.
(7) Where the competent authority concludes that activities contrary to the provisions of this Act are being or have been carried out on the territory of another EEA State, it shall notify the competent authority of the other EEA State of that conclusion in as specific a manner as possible.
(8) Where the competent authority has been notified by the competent authority of another EEA State that it concludes that activities contrary to provisions equivalent to this Act in the territory of that State are being or have been carried out in Gibraltar, the competent authority shall take appropriate action and shall inform the notifying competent authority of the outcome of any investigation and, to the extent possible, of significant interim developments.
(9) With the consent of the Minister, the competent authority shall also grant the following assistance where it is requested, that is to say
(a) that an investigation be carried out by the competent authority of another EEA State in Gibraltar; and
(b) that some of the personnel of the requesting authority be allowed to accompany the personnel of the competent authority in the course of the investigation,
but any investigation shall be subject throughout to the overall control of the competent authority.
(10) The competent authority shall refuse to act on a request for an investigation to be carried out, or on a request for its personnel to be accompanied by personnel of a competent authority of another EEA State where 
(a) the Minister certifies that such an investigation might adversely affect the sovereignty, security or public order of Gibraltar; or
(b) judicial proceedings have already been initiated in Gibraltar in respect of the same actions and against the same person; or
(c) final judgment has already been passed in Gibraltar in respect of the same actions and on the same person.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
Professional secrecy.
37.(1) The duty of confidentiality and professional secrecy under this Act applies to all persons who are employed or who have been employed by the competent authority. Information covered by professional secrecy may not be disclosed to any other person or authority except according to law.
(2) Subsection (1) shall not prevent the competent authority from exchanging confidential information pursuant to this Act. Information thus exchanged shall be covered by the obligation of professional secrecy, to which persons employed or formerly employed by competent authorities shall also be subject.
PART IX
APPOINTMENT AND DISMISSAL
Appointment of statutory auditors or audit firms.
38.(1) Statutory auditors or audit firms shall be appointed by a general meeting of shareholders or members of the audited entity.
(2) The Minister may make regulations allowing alternative systems or modalities for the appointment of the statutory auditors or audit firms, provided that those systems or modalities are designed to ensure the independence of the statutory auditor or audit firm from the board of directors or other managerial body of the audited entity.
(3) Any term in a contract which restricts the choice of auditor under subsection (1) by a general meeting of shareholders or members of an audited entity to certain categories or lists of statutory auditors or audit firms shall have no effect.
Dismissal and resignation of statutory auditors or audit firms.
39.(1) Statutory auditors or audit firms may be dismissed by an audited entity only where there are proper grounds. Divergence of opinions on accounting treatments or audit procedures shall not be proper grounds for dismissal.
(2) Audited entities and the statutory auditor or audit firm shall inform the competent authority of the dismissal or resignation of a statutory auditor or audit firm during its term of appointment, and give the competent authority an adequate explanation of the reasons therefor.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(3) In the case of a statutory audit of a public-interest entity, where there are proper grounds for doing so, a petition for the dismissal of the statutory auditor or audit firm may be presented to the Supreme Court by–
(a) shareholders representing 5% or more of the voting rights or share capital;
(b) persons representing 5% or more of the equivalent rights in an entity without shareholders; or
(c) the competent authority.
(4) Nothing in the Companies Act 2014 limits the operation of this Part.
PART X AUDIT COMMITTEE
Audit committee.
40.(1) A public-interest entity shall have an audit committee which–
(a) shall be either–
(i) a stand-alone committee; or
(ii) a committee of its administrative body or supervisory body;
(b) comprises any of the following–
(i) non-executive members of the administrative body;
(ii) members of the supervisory body; and
(iii) members appointed by a general meeting of its shareholders or an equivalent body for entities without shareholders.
(2) The members of an audit committee as a whole shall have competence relevant to the sector in which the public-interest entity is operating and–
(a) at least one member shall have competence in accounting or auditing;
(b) a majority of the members shall be independent of the audited entity; and
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(c) the committee chair shall be independent of the audited entity and appointed–
(i) from among its members by the committee; or
(ii) by the audited entity’s supervisory body.
(3) In the case of a public-interest entity which meets the criteria set out in points (f) and (t) of Article 2(1) of Directive 2003/71/EC of the European Parliament and of the Council, the functions assigned to the audit committee may be performed by its administrative or supervisory body as a whole, but if the chair of that body is an executive member, that person shall not act as chair whilst the body is performing the functions of the audit committee.
(4) Where an audit committee forms part of the administrative body or supervisory body of an audited entity in accordance with subsection (1)(a)(ii), that administrative body or supervisory body may perform the functions of the audit committee for the purposes of this Act and the Audit Regulation.
(5) Where all of the members of an audit committee are members of the administrative or supervisory body of an audited entity, the committee is exempt from the requirements of subsection (2)(b) and (c)(i).
(6) The following public-interest entities are not required to have an audit committee–
(a) any public-interest entity which is a subsidiary undertaking within the meaning of Directive 2013/34/EU, if the entity complies at group level with subsections (1) to (5) and Articles 11(1), 11(2) and 16(5) of the Audit Regulation;
(b) any public-interest entity which is–
(i) a UCITS within the meaning of the Financial Services (Collective Investment Schemes) Act 2011; or
(ii) an alternative investment fund (AIF) within the meaning of the Financial Services (Alternative Investment Fund Managers) Regulations 2013;
(c) any public-interest entity the sole business of which is to act as an issuer of asset backed securities as defined in Article 2(5) of Commission Regulation (EC) No 809/2004;
(d) any credit institution within the meaning of the Financial Services (Banking) Act whose shares are not admitted to
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
trading on a regulated market in an EEA State within the meaning of Directive 2004/39/EC of the European Parliament and of the Council of 21 April 2004 and which has, in a continuous or repeated manner, issued only debt securities admitted to trading on a regulated market, provided that the total nominal amount of all such debt securities remains below EUR 100,000,000 and that it has not published a prospectus under the Prospectuses Act 2005;
(e) any public-interest entity which has a body performing equivalent functions to an audit committee, established and functioning in accordance with the law of the EEA State in which the entity is registered.
(7) A public-interest entity to which–
(a) subsection (6)(c) applies shall explain to the public why it considers that it is not appropriate for the entity to have an audit committee or an administrative or supervisory body entrusted to carry out the functions of an audit committee; and
(b) subsection (6)(e) applies shall disclose which body within the entity performs the equivalent functions to an audit committee and how that body is composed.
(8) The audit committee of a public-interest entity shall, among other things–
(a) inform the administrative or supervisory body of the audited entity of the outcome of the statutory audit and explain how the statutory audit contributed to the integrity of financial reporting and what the role of the audit committee was in that process;
(b) monitor the financial reporting process and submit recommendations or proposals to ensure its integrity;
(c) monitor the effectiveness of the audited entity's internal quality control and risk management systems and, where applicable, its internal audit, regarding the financial reporting of the audited entity, without breaching its independence;
(d) monitor the statutory audit of the annual and consolidated financial statements, in particular, its performance, taking into account any findings and conclusions by the competent authority pursuant to Article 26(6) of the Audit Regulation;
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(e) review and monitor the independence of the statutory auditor or audit firm in accordance with section 22, 22A, 22B, 24A and 24B and with Article 6 of the Audit Regulation and, in particular, the appropriateness of the provision of any non-audit services to the audited entity in accordance with Article 5 of that Regulation;
(f) be responsible for the procedure for selecting the statutory auditor or audit firm and recommend the statutory auditor or audit firm to be appointed in accordance with Article 16 of the Audit Regulation, except when paragraph (8) of that Article applies.
(9) Subsection (8) applies without prejudice to the responsibility of the members of the administrative, management or supervisory body, or other members appointed by the general meeting of shareholders of the audited entity.
PART XI
INTERNATIONAL ASPECTS
Approval of auditors from non-EEA countries as statutory auditors
45.(1) Subject to reciprocity, the competent authority may approve a non- EEA auditor as a statutory auditor if that person has furnished proof that he or she complies with requirements equivalent to those laid down in sections 4 and 6 to 13.
(2) The competent authority shall apply the requirements laid down in section 14 before approving a non-EEA auditor who meets the requirements of sub-section (1).
Registration and oversight of non-EEA auditors and audit entities.
46.(1) The competent authority shall, in accordance with sections 15, 16 and 17, register a non-EEA auditor or audit entity that provides an audit report concerning the annual or consolidated financial statements of an undertaking incorporated outside the EEA whose transferable securities are admitted to trading on a regulated market in Gibraltar within the meaning of Directive 2004/39/EC of the European Parliament and of the Council of 21 April 2004.
(2) Subsection (1) does not apply where the undertaking in question is an issuer exclusively of outstanding debt securities admitted to trading on a regulated market in an EEA State (within the meaning of point (c) of Article 2(1) of Directive 2004/109/EC) and which were admitted to trading–
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(a) prior to 31 December 2010 and the denomination per unit of which is, at the date of issue, at least EUR 50,000 or if denominated in another currency, equivalent at that date, to at least EUR 50,000; or
(b) on or after 31 December 2010 and the denomination per unit of which is, at the date of issue, at least EUR 100,000 or, if denominated in another currency, equivalent at that date, to at least EUR 100,000.
(3) Sections 18 and 19 shall apply in the context of this section.
(4) Registered non-EEA auditors and audit entities shall be subject to the system of controls, the quality assurance systems and the systems of investigation and penalties in force pursuant to the provisions of this Act. The Minister may make regulations to exempt a registered non-EEA auditor or audit entity from being subject to the quality assurance system set out in this Act if another EEA State’s or non-EEA State’s system of quality assurance has been assessed as equivalent in accordance with section 47 and there has been carried out a quality review of the non-EEA auditor or audit entity concerned during the previous three years.
(5) Without prejudice to section 47, audit reports concerning annual accounts or consolidated accounts referred to in this section issued by non- EEA auditors or audit entities that are not registered in Gibraltar shall have no legal effect in Gibraltar.
(6) The competent authority may register a non-EEA audit entity under this section only if–
(a) the majority of the members of its administrative or management body meet requirements which are equivalent to those laid down in sections 4 to 10;
(b) the non-EEA auditor carrying out the audit on behalf of the non-EEA audit entity meets requirements which are equivalent to those laid down in sections 4 to 10;
(c) the audits of the annual or consolidated accounts referred to in subsection (1) are carried out in accordance with international auditing standards as referred to in section 26, as well as the requirements laid down in sections 22, 22B and 25, or with equivalent standards and requirements;
(d) it publishes on its website an annual transparency report which includes the information referred to in Article 13 of the Audit
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
Regulation or complies with equivalent disclosure requirements.
(7) The competent authority may register a non-EEA auditor only if that auditor meets the requirements set out in subsections (6)(b), (c) and (d).
(8) The competent authority–
(a) may assess the equivalence referred to in subsection (6)(c) unless the European Commission has taken a decision in respect of the matter under Article 45(6) of the Directive; and
(b) must take account of any general equivalence criteria established by the European Commission in accordance with that Article.
Derogation in the case of equivalence.
47.(1) The competent authority may modify or disapply the requirements in section 46(1) and (4) on the basis of reciprocity, but only if the non-EEA auditor or audit entity is subject to systems of public oversight, quality assurance and investigations and penalties in its home state that meet requirements equivalent to those in sections 29, 30 and 33.
(2) In assessing equivalence under subsection (1) the competent authority–
(a) may rely upon–
(i) any decision upon equivalence adopted by the European Commission in accordance with Article 46(2) of the Directive; or
(ii) assessments carried out by other EEA States, as long as the European Commission has not taken such a decision; and
(b) must take account of any general equivalence criteria which are to be used in assessing the equivalence of public oversight, quality assurance, investigation and sanctions systems in a non- EEA State and which are established by the European Commission in accordance with that Article.
(3) The competent authority shall ensure that the European Commission is notified of–
(a) its assessments of equivalence under subsection (2); and
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(b) the main elements of its cooperative arrangements with non- EEA State systems of public oversight, quality assurance and investigations and penalties, based upon subsection (1).
Cooperation with competent authorities from non-EEA State.
48.(1) The competent authority may allow the transfer to the competent authorities of a non-EEA State of audit working papers or other documents held by a statutory auditor or audit firm approved by that authority, and of inspection or investigation reports relating to the audit in question, where–
(a) those audit working papers or other documents relate to the audit of a company which has issued securities in that non- EEA State or which forms part of a group issuing statutory consolidated financial statements in that State;
(b) the transfer takes place via the competent authority to the competent authorities of that non-EEA State and at their request;
(c) the competent authorities of the non-EEA State concerned meet requirements which have been declared adequate in accordance with subsection (3);
(d) there are working arrangements on the basis of reciprocity agreed between the competent authorities concerned;
(e) the transfer of personal data to the non-EEA State is not contrary to the provisions of the Data Protection Act 2004.
(2) The working arrangements referred to in subsection (1)(d) shall ensure that
(a) justification as to the purpose of the request for audit working papers and other documents is provided by the competent authority;
(b) the persons employed or formerly employed by the competent authority of the non-EEA that receives the information are subject to obligations of professional secrecy;
(ba) the protection of the commercial interests of the audited entity, including its industrial and intellectual property, is not undermined;
(c) the competent authorities of the non-EEA State use audit working papers and other documents only for the exercise of
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
their functions of public oversight, quality assurance and investigations that meet requirements equivalent to those of sections 29, 30 and 33;
(d) the request from a competent authority of a non-EEA State for audit working papers or other documents held by a statutory auditor or audit firm are refused
(i) where the provision of those working papers or documents would adversely affect the sovereignty, security or public order of the Community or of Gibraltar; or
(ii) where judicial proceedings have already been initiated in Gibraltar in respect of the same actions and against the same persons; or
(iii) where final judgment has already been passed in Gibraltar in respect of the same actions and on the same statutory auditors or audit firms.
(3) The competent authority must–
(a) comply with any decision on the adequacy referred to in subsection (1)(c) which is taken by the European Commission in accordance with Article 47(3) of the Directive; and
(b) take account of any general equivalence criteria established by the European Commission in accordance with that Article.
(4) In exceptional cases and by way of derogation from subsection (1), the competent authority may allow statutory auditors and audit firms approved by it to transfer audit working papers and other documents directly to the competent authorities of a non-EEA State, provided that
(a) investigations have been initiated by the competent authorities in that non-EEA State;
(b) the transfer does not conflict with the obligations with which statutory auditors and audit firms are required to comply in relation to the transfer of audit working papers and other documents to their home competent authority;
(c) there are working arrangements with the competent authorities of that non-EEA State that allow the competent authority reciprocal direct access to audit working papers and other documents of that non-EEA State's audit entities;
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(d) the requesting competent authority of the non-EEA State informs in advance the competent authority of the statutory basis of each direct request for information, indicating the reasons therefor;
(e) the conditions referred to in subsection (2) are respected.
(6) The Minister shall ensure the European Commission is communicated the working arrangements referred to in subsections (1) and (4).
Application of Regulation (EU) No 537/2014.
48A.(1) The Audit Regulation has effect in Gibraltar subject to subsections (2) to (6).
(2) At the request of a statutory auditor or audit firm, the competent authority may allow that statutory auditor or audit firm, on an exceptional basis and in respect of a specific audited entity, to be exempt for a period not exceeding two financial years from the requirements in the first subparagraph of Article 4(2) of the Audit Regulation (which imposes a limit on the fees that may be paid to audit entities for non-audit services).
(3) Article 5(1) of the Audit Regulation (which prohibits the provision of certain non-audit services to an audited entity for a certain time) is to apply subject to the derogations and requirements in Article 5(3) of that Regulation.
(4) Any additional report submitted by a statutory auditor or audit firm in accordance with Article 11(1) of the Audit Regulation to the audit committee (or equivalent body) of an audited entity, shall also be submitted to the administrative or supervisory body of the audited entity.
(5) For the purposes of Article 16 of the Audit Regulation (appointment of statutory auditors or audit firms), an audited entity which has a nomination committee in which shareholders or members have a considerable influence and which has the task of making recommendations on the selecting of auditors–
(a) may perform the functions of an audit committee as set out in that Article; but
(b) shall submit the recommendation referred to in paragraph 2 of that Article to the shareholders or members in general meeting.
Financial Services (Auditors)
© Government of Gibraltar (www.gibraltarlaws.gov.gi)
2009-18
(6) For the purposes of paragraphs 1 and 2(b) of Article 17 of the Audit Regulation (duration of the audit engagement), the maximum duration of an engagement shall be as specified in paragraph (4)(a) or (b) of that Article.
PART XII
TRANSITIONAL AND FINAL PROVISIONS
Repeal of the Financial Services (Auditors Approval and Registration) Act 1998.
49. The Financial Services (Auditors Approval and Registration) Act 1998 is repealed.
Transitional provision.
50. Statutory auditors or audit firms that are approved pursuant to the provisions of the Financial Services (Auditors Approval and Registration) Act 1998 are considered as having been approved in accordance with this Act.
Regulations.
51.(1) The Minister may, by regulations, prescribe anything requiring to be prescribed and generally do anything requiring to be done pursuant to the provisions of this Act.
(2) Without prejudice to the generality of subsection (1) the Minister may, by regulations,
(a) provide for applications for authorisations, approvals, permits, fees, forms and offences as he may deem appropriate in order to make better provision for the execution of this Act;
(b) make such provision as he deems appropriate in cases where a condition subject to which an authorisation, approval or permit is granted has been breached, including penalties, withdrawal or suspension thereof or other sanctions.
Offences.
52. A person found guilty of an offence under this Act shall be liable on summary conviction to a fine not exceeding twice level 5 on the standard scale, to imprisonment, or to both.