THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 50 thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Economic and Social Committee(1),

Acting in accordance with the ordinary legislative procedure(2),

Whereas:

(1) Directive 2006/43/EC of the European Parliament and of the Council(3) lays down the conditions for the approval and registration of persons that carry out statutory audits, the rules on independence, objectivity and professional ethics applying to those persons, and the framework for their public oversight. However, it is necessary to further harmonise those rules at Union level in order to allow for greater transparency and predictability of the requirements applying to such persons and to enhance their independence and objectivity in the performance of their tasks. It is also important to increase the minimum level of convergence with respect to the auditing standards on the basis of which the statutory audits are carried out. Moreover, in order to reinforce investor protection, it is important to strengthen public oversight of statutory auditors and audit firms by enhancing the independence of Union public oversight authorities and conferring on them adequate powers, including investigative powers and the power to impose sanctions, with a view to detecting, deterring and preventing infringements of the applicable rules in the context of the provision by statutory auditors and audit firms of auditing services.

(2) Because of the significant public relevance of public-interest entities, which arises from the scale and complexity of their business or from the nature of their business, the credibility of the audited financial statements of public-interest entities needs to be reinforced. Consequently, the special provisions for the statutory audits of public-interest entities set out in Directive 2006/43/EC have been further developed in Regulation (EU) No 537/2014 of the European Parliament and of the Council(4). The provisions on statutory audits of public- interest entities laid down in this Directive should be applicable to statutory auditors and audit firms only in so far as they carry out statutory audits of such entities.

(3) In accordance with the Treaty on the Functioning of the European Union (TFEU), the internal market comprises an area without internal frontiers in which the free movement of goods and services and the freedom of establishment are ensured. It is necessary to enable statutory auditors and audit firms to develop their statutory audit service activities within the Union by making it possible for them to provide such services in a Member State other than that in which they were approved. Enabling statutory auditors and audit firms to provide statutory audits under their home-country professional titles in a host Member State addresses, in particular, the needs of groups of undertakings which, owing to the increasing trade flows resulting from the internal market, draw up financial statements in several Member States and are required to have them audited under Union law. The elimination of barriers to the development of statutory audit services between Member States would contribute to the integration of the Union audit market.

(4) Statutory audit requires adequate knowledge of matters such as company law, fiscal law and social law which may vary from one Member State to another. Consequently, in order to ensure the quality of the statutory audit services provided on its territory, it should be possible for a Member State to impose a compensation measure where a statutory auditor approved in another Member State wishes to be approved also on the territory of that Member State in order to set up a permanent establishment there. Such measure should take account of the professional experience of the statutory auditor concerned. It should not lead to the imposition of a disproportionate burden on the statutory auditor nor hinder or render less attractive the provision of statutory audit services in the Member State imposing the compensation measure. Member States should be allowed to approve applicant statutory auditors on the basis either of an aptitude test or of an adaptation period such as that defined in Directive 2005/36/EC of the European Parliament and of the Council(5). At the end of the adaptation period, the statutory auditor should be able to integrate into the profession in the host Member State after the assessment that he possesses professional experience in that Member State.

(5) Whilst the primary responsibility for delivering financial information should rest with the management of the audited entities, statutory auditors and audit firms play a role by actively challenging the management from a user's perspective. In order to improve audit quality, it is therefore important that the professional scepticism exercised by statutory auditors and audit firms vis-à-vis the audited entity be reinforced. Statutory auditors and audit firms should recognise the possibility that a material misstatement due to fraud or error could exist, notwithstanding the auditor's past experience of the honesty and integrity of the audited entity's management.

(6) It is particularly relevant to reinforce independence as an essential element when carrying out statutory audits. In order to enhance the independence of statutory auditors and audit firms from the audited entity when they are carrying out statutory audits, a statutory auditor or an audit firm, and any natural person in a position to directly or indirectly influence the outcome of the statutory audit, should be independent of the audited entity and should not be involved in the audited entity's decision-making process. In order to maintain that independence, it is also important that they keep records of all threats to their independence and of the safeguards applied to mitigate those threats. Moreover, where the threats to their independence, even after the application of safeguards to mitigate those threats, are too significant, they should resign or abstain from the audit engagement.

(7) Statutory auditors and audit firms should be independent when carrying out statutory audits of audited entities, and conflicts of interest should be avoided. In order for the independence of statutory auditors and audit firms to be determined, the concept of a network in which statutory auditors and audit firms operate has to be taken into account. The independence requirement should at least be fulfilled during the period covered by the audit report, including both the period covered by the financial statements to be audited and the period during which the statutory audit is carried out.

(8) Statutory auditors, audit firms and their employees should in particular refrain from carrying out the statutory audit of an entity if they have a business interest or financial interest in it, and from trading in financial instruments issued, guaranteed or otherwise supported by an audited entity, other than holdings in diversified collective investment schemes. The statutory auditor or the audit firm should abstain from participating in the internal decision-making processes of the audited entity. Statutory auditors, audit firms and their employees directly involved in the statutory audit engagement should be prevented from taking up duties in the audited entity at managerial or board level until an appropriate period has elapsed since the end of the audit engagement.

(9) It is important that statutory auditors and audit firms respect the rights to private life and data protection of their clients. They should therefore be bound by strict rules on confidentiality and professional secrecy which should not, however, impede the proper enforcement of this Directive and of Regulation (EU) No 537/2014 or cooperation with the group auditor during the performance of the audit of consolidated financial statements when the parent undertaking is in a third country, provided that Directive 95/46/EC of the European Parliament and of the Council(6) is complied with. However, such rules should not allow a statutory auditor or an audit firm to cooperate with third-country authorities outside the cooperation channels provided for in Chapter XI of Directive 2006/43/EC. Those confidentiality rules should also apply to any statutory auditor or audit firm that has ceased to be involved in a specific audit task.

(10) Adequate internal organisation of statutory auditors and audit firms should help to prevent any threats to their independence. Thus, owners or shareholders of an audit firm, as well as those managing it, should not intervene in the carrying-out of a statutory audit in any way which jeopardises the independence and objectivity of the statutory auditor who carries out the statutory audit on behalf of the audit firm. Additionally, statutory auditors and audit firms should establish appropriate internal policies and procedures in relation to employees and other persons involved in the statutory audit activity within their organisations, in order to ensure compliance with their statutory obligations. Those policies and procedures should in particular seek to prevent and address any threats to independence and should ensure the quality, integrity and thoroughness of the statutory audit. Those policies and procedures should be proportionate, in view of the scale and complexity of the business of the statutory auditor or the audit firm.

(11) The statutory audit results in the expression of an opinion that the financial statements give a true and fair view of the audited entities in accordance with the relevant financial reporting framework. Stakeholders, however, might be unaware of the limitations of an audit, as regards, for example, materiality, sampling techniques, the role of the auditor in the detection of fraud and the responsibility of managers, which can lead to an expectation gap. In order to reduce that gap, it is important to provide greater clarity as to the scope of the statutory audit.

(12) It is important to ensure high-quality statutory audits within the Union. All statutory audits should therefore be carried out on the basis of the international auditing standards adopted by the Commission. As international auditing standards are designed to be usable for entities of all sizes, of all types and in all jurisdictions, the competent authorities in Member States should take into account the scale and complexity of the business of small undertakings when assessing the scope of application of international auditing standards. Any provision or measure adopted by a Member State in this regard should not result in statutory auditors or audit firms being unable to carry out statutory audits in compliance with the international auditing standards. Member States should be allowed to impose additional national audit procedures or requirements only if they stem from specific national legal requirements relating to the scope of the statutory audit of annual or consolidated financial statements, meaning that those requirements have not been covered by the adopted international auditing standards, or if they add to the credibility and quality of annual financial statements and consolidated financial statements. The Commission should continue to be involved in the monitoring of the content of the international auditing standards and the process for their adoption by the International Federation of Accountants (IFAC).

(13) In the case of consolidated financial statements, it is important that there be a clear definition of the responsibilities of statutory auditors who audit different entities within the group concerned. For this purpose, the group auditor should bear full responsibility for the audit report.

(14) In order to enhance the credibility and transparency of the quality assurance reviews performed in the Union, Member States' quality assurance systems should be governed by the competent authorities designated by the Member States to ensure public oversight of statutory auditors and audit firms. Quality assurance reviews are designed to prevent or address potential deficiencies in the manner in which statutory audits are carried out. In order to ensure that the quality assurance reviews are sufficiently comprehensive, the competent authorities, when carrying out such reviews, should take into account the scale and complexity of the activity of the statutory auditors and the audit firms.

(15) In order to improve compliance with the requirements of this Directive and of Regulation (EU) No 537/2014, and in the light of the Commission Communication of 8 December 2010 entitled ‘Reinforcing sanctioning regimes in the financial services sector’, the power to adopt supervisory measures by, and the sanctioning powers of, competent authorities should be enhanced. Provision should be made for the imposition of administrative pecuniary sanctions on statutory auditors, audit firms and public-interest entities for identified infringements of the rules. The competent authorities should be transparent about the sanctions and measures that they apply. The adoption and publication of sanctions should respect fundamental rights as laid down in the Charter of Fundamental Rights of the European Union, in particular the right to respect for private and family life, the right to the protection of personal data, and the right to an effective remedy and to a fair trial.

(16) Competent authorities should be able to impose administrative pecuniary sanctions that have a real deterrent effect, for instance in an amount of up to one million euros or higher in the case of natural persons and up to a percentage of total annual turnover in the preceding financial year in the case of legal persons or other entities. That goal is better achieved by relating the pecuniary sanction to the financial situation of the person committing the breach. Without prejudice to the possibility of withdrawing the approval of the statutory auditor or audit firm concerned, other types of sanctions which have a suitable deterrent effect should be envisaged. In any case, Member States should apply identical criteria when determining the sanction to be imposed.

(17) Whistleblowers can bring new information to the attention of competent authorities which may assist them in detecting and imposing sanctions for irregularities, including fraud. However, whistleblowers may be deterred from doing so for fear of retaliation, or may lack incentives to do so. Member States should therefore ensure that adequate arrangements are in place to encourage whistleblowers to alert them to possible infringements of this Directive or of Regulation (EU) No 537/2014 and to protect them from retaliation. Member States should also be able to provide them with incentives for doing so; however, whistleblowers should only be eligible for such incentives where they bring to light new information which they are not already legally obliged to notify and where that information results in a sanction for an infringement of this Directive or of Regulation (EU) No 537/2014. However, Member States should also ensure that whistleblowing schemes implemented by them include mechanisms that provide appropriate protection for the reported persons, particularly as regards the right to the protection of their personal data and procedures to ensure their right of defence and their right to be heard before the adoption of a decision concerning them, as well as the right to seek an effective remedy before a tribunal against such a decision. The mechanisms established should also provide appropriate protection for whistleblowers, not only as regards the right to the protection of personal data but also by ensuring that they are not victims of undue retaliation.

(18) The public oversight of statutory auditors and audit firms encompasses the approval and registration of statutory auditors and audit firms, the adoption of standards in respect of professional ethics and internal quality control of audit firms, continuing education, and the systems of quality assurance, investigation and sanctions for statutory auditors and audit firms. In order to enhance the transparency of auditor oversight and to allow for greater accountability, each Member State should designate a single authority to be in charge of public oversight of statutory auditors and audit firms. The independence of such public oversight authorities from the audit profession is a core prerequisite for the integrity, efficiency and orderly functioning of public oversight of statutory auditors and audit firms. Consequently, the public oversight authorities should be governed by non-practitioners and Member States should establish independent and transparent procedures for the selection of such non-practitioners.

(19) Member States should be able to create exemptions to the requirements imposed on auditing services when they are provided to cooperatives and savings banks.

(20) Member States should be able to delegate or allow competent authorities to delegate the tasks of those competent authorities to other authorities or to bodies authorised or designated by law. Such delegation should be subject to several conditions and the competent authority concerned should bear the ultimate responsibility for the oversight.

(21) Public oversight authorities should be vested with sufficient powers to fulfil their tasks in an effective manner. In addition, they should be provided with sufficient human and financial resources to perform their tasks.

(22) Adequate oversight of statutory auditors and audit firms that engage in cross-border activities or are part of networks necessitates exchange of information between the public oversight authorities of the Member States. In order to protect the confidentiality of the information that may be thus exchanged, Member States should subject to the obligation of professional secrecy not only the employees of the public oversight authorities but also all persons to whom the public oversight authorities may have delegated tasks.

(23) Where there are proper grounds for acting, shareholders, other bodies of the audited entities when defined by national law or the competent authorities responsible for the oversight of statutory auditors and audit firms or, when provided for by national law, the competent authorities responsible for the supervision of the public-interest entity should be empowered to bring a claim before a national court for the dismissal of the statutory auditor.

(24) Audit committees, or bodies performing an equivalent function within the audited public-interest entity, have a decisive role to play in contributing to high-quality statutory audit. It is particularly important to reinforce the independence and technical competence of the audit committee by requiring that a majority of its members be independent and that at least one of its members have competence in auditing and/or accounting. The Commission Recommendation of 15 February 2005 on the role of non-executive or supervisory directors of listed companies and on the committees of the (supervisory) board(7) sets out the way in which audit committees should be established and the manner in which they should function. However, in view of the size of boards in companies with reduced market capitalisation and in small and medium-sized public-interest entities, it is appropriate to provide that the functions assigned to the audit committee for such entities, or to a body performing equivalent functions within the audited entity, may be performed by the administrative or supervisory body as a whole. Public-interest entities which are undertakings for collective investment in transferable securities (UCITS) or alternative investment funds should also be exempted from the obligation to have an audit committee. This exemption takes into account the fact that, where those funds function merely for the purpose of pooling assets, the employment of an audit committee is not appropriate. UCITS and alternative investments funds, as well as their management companies, operate in a strictly defined regulatory environment and are subject to specific governance mechanisms, such as controls exercised by their depositary.

(25) The ‘Small Business Act’ adopted by the Commission Communication of 25 June 2008 entitled ‘“Think Small First”- A “Small Business Act” for Europe’ and revised by the Commission Communication of 23 February 2011 entitled ‘Review of the “Small Business Act” for Europe’, recognises the central role played by small and medium-sized enterprises in the Union's economy and aims at improving the overall approach to entrepreneurship and anchoring the ‘Think Small First’ principle in policy-making. The Europe 2020 Strategy adopted in March 2010 also calls for an improvement of the business environment, especially for small and medium-sized enterprises, including through reducing the transaction costs of doing business in the Union. Article 34 of Directive 2013/34/EU of the European Parliament and of the Council(8) does not require small undertakings to have their financial statements audited.

(26) In order to preserve the rights of the parties concerned when the competent authorities of Member States cooperate with the competent authorities of third countries on the exchange of audit working papers or other relevant documents for the assessment of the quality of the audit performed, Member States should ensure that the working arrangements entered into by their competent authorities on the basis of which any such exchange takes place include sufficient safeguards to protect the business secrecy and commercial interests, including the industrial and intellectual property rights, of the audited entities. Member States should ensure that those arrangements comply and are compatible with the provisions of Directive 95/46/EC.

(27) The threshold of EUR 50 000 laid down in Article 45(1) of Directive 2006/43/EC was aligned on points (c) and (d) of Article 3(2) of Directive 2003/71/EC of the European Parliament and of the Council(9). The thresholds set out in Directive 2003/71/EC have been increased to EUR 100 000 by Article 1(3) of Directive 2010/73/EU of the European Parliament and of the Council(10). For that reason, corresponding adjustments should be made to the threshold set out in Article 45(1) of Directive 2006/43/EC.

(28) In order to give full effect to the new legal framework provided for in the TFEU, it is necessary to adapt and replace the implementing powers provided for under Article 202 of the Treaty establishing the European Community with the appropriate provisions in accordance with Articles 290 and 291 TFEU.

(29) The alignment of the procedures for the adoption of delegated and implementing acts by the Commission to the TFEU and, in particular, to Articles 290 and 291 thereof, should be done on a case-by-case basis. In order to take into account the developments in auditing and the audit profession, and to facilitate the oversight of statutory auditors and audit firms, the power to adopt acts in accordance with Article 290 TFEU should be delegated to the Commission. In the field of auditor oversight, the use of delegated acts is necessary in order to develop the procedures for cooperation between the competent authorities of Member States and those of third countries. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level. The Commission, when preparing and drawing up delegated acts, should ensure a simultaneous, timely and appropriate transmission of relevant documents to the European Parliament and to the Council.

(30) In order to ensure uniform conditions for the implementation of the declarations on the equivalence of third-country auditor oversight regimes or the adequacy of third-country competent authorities, in so far as they concern individual third countries or individual competent authorities of third countries, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council(11).

(31) Since the objective of this Directive, namely to reinforce investor confidence in the truth and fairness of the financial statements published by undertakings by further enhancing the quality of statutory audits that are performed within the Union, cannot be sufficiently achieved by Member States but can rather, by reason of its scale and effects, be better achieved at Union level, the Union may adopt measures in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Directive does not go beyond what is necessary in order to achieve that objective.

(32) Directive 2006/43/EC should therefore be amended accordingly.

(33) The European Data Protection Supervisor was consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 of the European Parliament and of the Council(12) and delivered an opinion on 23 April 2012(13).

(34) In accordance with the Joint Political Declaration of 28 September 2011 of Member States and the Commission on explanatory documents(14), Member States have undertaken to accompany, in justified cases, the notification of their transposition measures with one or more documents explaining the relationship between the components of a directive and the corresponding parts of national transposition instruments. With regard to this Directive, the legislator considers the transmission of such documents to be justified,

HAVE ADOPTED THIS DIRECTIVE: