15.7.2016   

EN

Official Journal of the European Union

L 190/83

(1)

Under Article 47(1) of Directive 2006/43/EC, the competent authorities of Member States may allow the transfer of audit working papers or other documents held by statutory auditors or audit firms approved by them and of inspection or investigation reports relating to the audits in question to the competent authorities of a third country only if those authorities meet requirements that have been declared adequate by the Commission and there are reciprocal working arrangements between them and the competent authorities of the Member States concerned.

(2)

By Implementing Decision 2013/280/EU (2), the Commission considered that the competent authorities of the United States, namely the Public Company Accounting Oversight Board of the United States of America and the Securities and Exchange Commission of the United States of America, meet requirements that are adequate for the purposes of Article 47(1)(c) of Directive 2006/43/EC. That Implementing Decision is applicable since 1 August 2013 and will cease to apply on 31 July 2016. Therefore, it is necessary to determine whether the competent authorities of the United States continue to meet requirements which are adequate for the purpose of having audit working papers or other documents held by statutory auditors or audit firms and inspection or investigation reports transferred to them.

(3)

The limitation in time of the application of Implementing Decision 2013/280/EU was due to the lack of mutual reliance on each other's oversight systems. Therefore, in particular, the mechanism of cooperation between the competent authorities of the Member States and the competent authorities of the United States has been reviewed in order to assess the progress made towards reaching mutual reliance. Since the adoption of Implementing Decision 2013/280/EU, certain forms of reliance have been established, including a commitment to avoid unnecessary duplication of work and to define approaches to cooperation leading to a higher degree of reliance in the future.

(4)

A decision on adequacy under Article 47(3) of Directive 2006/43/EC does not address other specific requirements for the transfer of audit working papers and other documents held by statutory auditors or audit firms and of inspection or investigation reports, such as the agreement on reciprocal working arrangements between the competent authorities set out in Article 47(1)(d) of that Directive, or the requirements for the transfer of personal data set out in Article 47(1)(e) of that Directive.

(5)

A transfer of audit working papers or other documents held by statutory auditors or audit firms and of inspection or investigation reports to the competent authority of a third country reflects the substantial public interest in carrying out independent public oversight. Accordingly, the competent authorities of Member States should, in the framework of the working arrangements referred to in Article 47(2) of Directive 2006/43/EC, ensure that the competent authorities of the United States use any documents transferred to them in accordance with Article 47(1) of that Directive only to exercise their functions of public oversight, external quality assurance and investigations of auditors and audit firms.

(6)

The transfer of audit working papers or other documents held by statutory auditors or audit firms to the competent authority of a third country includes the granting of access to or transmission of such papers to such an authority by the statutory auditor or audit firm holding the paper upon prior agreement of the competent authority of the Member State concerned or by that authority itself.

(7)

When inspections or investigations are carried out, statutory auditors and audit firms are not allowed to grant access to or to transmit their audit working papers or other documents to the competent authorities of the United States under any other conditions than those set out in Article 47 of Directive 2006/43/EC and in this Decision.

(8)

Without prejudice to Article 47(4) of Directive 2006/43/EC, Member States should ensure that, for the purposes of public oversight, quality assurance and investigations of statutory auditors and audit firms, contacts between the statutory auditors or audit firms approved by them and the competent authorities of the United States take place via the competent authorities of the Member States concerned.

(9)

Member States should ensure that the working arrangements required by Directive 2006/43/EC to transfer audit working papers or other documents held by statutory auditors or audit firms and of inspection or investigation reports between their competent authorities and the competent authorities of the United States are agreed on the basis of reciprocity and include protection of any professional secrets and sensitive commercial information contained in such papers relating to the entities audited, including their industrial and intellectual property, or to the statutory auditors and audit firms that audited those entities.

(10)

Where a transfer of audit working papers or other documents held by statutory auditors or audit firms and of inspection or investigation reports to the competent authorities of the United States involves the disclosure of personal data, such a disclosure is lawful only if it also complies with the requirements for international data transfers laid down in Directive 95/46/EC of the European Parliament and of the Council (3). Article 47(1)(e) of Directive 2006/43/EC therefore requires Member States to ensure that the transfer of personal data between their competent authorities and the competent authorities of the United States complies with Chapter IV of Directive 95/46/EC. Member States should ensure that there are appropriate safeguards for the protection of personal data transferred, in particular through binding agreements between their competent authorities and the competent authorities of the United States, and that the competent authorities of the United States will not further disclose personal data contained in the documents transferred without the prior agreement of the competent authorities of the Member States concerned.

(11)

Member States may decide to accept that in exceptional circumstances inspections by their competent authorities are carried out jointly with the competent authorities of the United States where this is necessary to ensure effective supervision. Member States may allow that cooperation with the competent authorities of the United States takes place under the form of joint inspections or through observers without inspection or investigation powers and without access to the confidential audit working papers, to other documents held by statutory auditors or audit firms, or to inspection or investigation reports. Such cooperation should always take place under the conditions set out in Article 47(2) of Directive 2006/43/EC and in this Decision, in particular as regards the need to respect sovereignty, confidentiality and reciprocity. Member States should ensure that any joint inspections carried out in the Union by their competent authorities and the competent authorities of the United States under Article 47 of Directive 2006/43/EC are, as a general rule, under the leadership of the competent authority of the Member State concerned.

(12)

The Securities and Exchange Commission of the United States of America has competence in investigating auditors and audit firms; this Decision should only cover the competences of the Securities and Exchange Commission of the United States of America to investigate auditors and audit firms. The Securities and Exchange Commission of the United States of America implements adequate safeguards prohibiting and sanctioning disclosure by its current and former employees of confidential information to any third person or authority. Under the laws and regulations of the United States, the Securities and Exchange Commission may transfer to the competent authorities of the Member States documents equivalent to those referred to in Article 47(1) of Directive 2006/43/EC which relate to investigations it may perform on such auditors and audit firms. On that basis, the Securities and Exchange Commission of the United States of America meets requirements which should be declared adequate for the purposes of Article 47(1)(c) of Directive 2006/43/EC.

(13)

The Public Company Accounting Oversight Board of the United States of America has competence in the public oversight, external quality assurance and investigation of auditors and audit firms. It implements adequate safeguards prohibiting and sanctioning disclosure by its current and former employees of confidential information to any third person or authority. Under the laws and regulations of the United States, the Public Company Accounting Oversight Board may transfer to the competent authorities of the Member States documents equivalent to those referred to in Article 47(1) of Directive 2006/43/EC. On that basis, the Public Company Accounting Oversight Board of the United States of America meets requirements which should be declared adequate for the purposes of Article 47(1)(c) of Directive 2006/43/EC.

(14)

This Decision does not affect the cooperation arrangements referred to in Article 25(4) of Directive 2004/109/EC of the European Parliament and of the Council (4).

(15)

Any conclusion on the adequacy of the requirements met by the competent authorities of a third country pursuant to the first subparagraph of Article 47(3) of Directive 2006/43/EC does not pre-empt any decision that the Commission may adopt on the equivalence of the public oversight, quality assurance, investigation and penalty systems for auditors and audit entities of that third country pursuant to Article 46(2) of that Directive.

(16)

This Decision aims to facilitate effective cooperation between the competent authorities of the Member States and those of the United States. Its purpose is to allow those authorities to exercise their functions of public oversight, external quality assurance and investigations and, at the same time, to protect the rights of the parties concerned. Member States are under the obligation to communicate to the Commission the reciprocal working arrangements concluded with the competent authorities of the United States to allow the Commission to assess whether cooperation is in accordance with Article 47 of Directive 2006/43/EC.

(17)

The ultimate objective of cooperation on audit oversight between Member States' competent authorities and the competent authorities of the United States is to reach mutual reliance on each other's oversight systems. In that way, transfers of audit working papers or other documents held by statutory auditors or audit firms and of inspection or investigation reports should become the exception. Mutual reliance would be based on the equivalence of auditor oversight systems of the Union and of the United States.

(18)

The competent authorities of the United States intend to further evaluate the auditor oversight systems in the Member States before deciding to fully rely on the oversight performed by their competent authorities. Therefore, the mechanism of cooperation between the competent authorities of the Member States and the competent authorities of the United States should be reviewed to assess the progress made towards reaching mutual reliance on each other's oversight systems. For that reason, this Decision should be applicable for a limited period of time.

(19)

Notwithstanding the time limitation, the Commission will monitor developments in the supervisory and regulatory cooperation on a regular basis. This Decision will be reviewed as appropriate in light of the supervisory and regulatory changes in the Union and in the United States, taking into account available sources of relevant information. That review may lead to the withdrawal of the declaration of adequacy.

(20)

The European Data Protection Supervisor delivered an opinion on 27 May 2016.

(21)

The measures provided for in this Decision are in accordance with the opinion of the Committee established by Article 48(1) of Directive 2006/43/EC,