The Securities and Exchange Commission recently announced two settled enforcement actions against Prager Metis CPAs, one of the audit firms connected to FTX, the failed crypto trading firm whose founder and former CEO, Sam Bankman-Fried, is now sharing quarters with Sean “Diddy” Combs at the Metropolitan Detention Center in Brooklyn.
There are three clear considerations from the SEC’s enforcement actions here for auditors and accountants: the SEC’s view of auditor independence, consideration of who’s doing the audits in emerging industries, and the importance of what you do—and don’t—put in writing.
Be aware of the SEC’s aggressive view of auditor independence. In our experience, audit firms are keenly attuned to independence—maybe more than any other issue. But the allegation here—that independence was impaired by an indemnity provision in the engagement agreements—is one that could easily be missed.
The SEC’s claim that independence was impaired hinges on its “view” that indemnity agreements impair independence. The Commission articulated this view 20 years ago, through an FAQ and an interpretation. But in 2006, a standing advisory group of the American Institute of Certified Public Accountants said that independence isn’t necessarily impaired if the engagement letter includes certain types of indemnity provisions.
The same opinion went on to say that auditors must comply with the SEC’s (contradictory) independence guidance when auditing public companies. This could lead to confusion, so standard engagement letters should be reviewed to account for these differences when an SEC-regulated entity is audited.
Be careful that only experienced professionals staff audits involving emerging industries. This is especially true in areas such as blockchain and digital assets. The SEC alleged this was one of the key failings here.
In a nascent industry such as digital assets, this raises a chicken-or-egg question: How can a firm staff an engagement with experienced people if the industry itself just came into existence?
The Public Company Accounting Oversight Board’s AS 1010, which addresses training and proficiency, provides some guidance. It requires an audit to be performed by people with adequate technical training and proficiency in auditing. It also recognizes this proficiency may be attained through a combination of formal education, professional experience, and training.
Consequently, a firm should consider whether all these factors, taken together, mean that an engagement is properly staffed. This may require education or technical training, paired with experience auditing comparable clients in similar industries.
For instance, while the SEC acknowledged that two outside contractors for Prager Metis had experience auditing cryptocurrency trading platforms, it alleged they hadn’t audited clients of the size and complexity of FTX. More important, the SEC alleged that the engagement partner who supervised their work had “fundamental deficiencies in knowledge and competence.”
Moving quickly without a clearly defined plan of how to establish or obtain the proper qualifications comes with a bigger risk after these enforcement actions. Finally, firms should ensure that the team’s bona fides are well-documented so they can’t be questioned later.
Be aware that everything you put in writing is potential evidence in a regulatory investigation. The SEC alleged that the Prager Metis engagement partner acknowledged staffing would be “somewhat on the fly,” but still pushed for proceeding quickly. Based on our experience, there is likely more context to this statement, which may have been cherry-picked out of a significant body of evidence. But that context isn’t in the SEC’s complaint, and as the saying goes, winners write history.
In hindsight, giving the SEC this quote—especially coming from the engagement partner and especially in an audit of a highly scrutinized industry—likely made the SEC’s job much easier. So before putting anything in writing, ask, “Would I want to explain this to a regulator?” This advice applies not just to lower-level employees, but all the way up to the highest levels of the organization.
This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law and Bloomberg Tax, or its owners.
Author Information
Joshua D. Smeltzer, a former Justice Department trial attorney, and Chris Davis, a former SEC senior trial counsel, co-chair Gray Reed’s blockchain and digital asset practice.
Write for Us: Author Guidelines
To contact the editors responsible for this story:
Learn more about Bloomberg Law or Log In to keep reading:
Learn About Bloomberg Law
AI-powered legal analytics, workflow tools and premium legal & business news.
Already a subscriber?
Log in to keep reading or access research tools.