Frequently Asked Questions - Security-Based Swap Trading Relationship Documentation Audits Under Exchange Act Rule 15Fi-5(c)

The Staff (“Staff”) of the Division of Trading and Markets (“TM”) and the Office of the Chief Accountant (“OCA”) of the Securities and Exchange Commission (“Commission”) has prepared the following responses to questions about audits of trading relationship documentation for security-based swaps in accordance with Rule 15Fi-5(c) under the Securities Exchange Act of 1934 (“Exchange Act”). These responses represent the views of the Staff of TM and OCA. They are not a rule, regulation, or statement of the Commission. The Commission has neither approved nor disapproved this content. These responses, like all staff statements, have no legal force or effect: they do not alter or amend applicable law, and they create no new or additional obligations for any person.

The Staff[1] may update these questions and responses periodically. In each update, the questions added after publication of the last version will be marked with “MODIFIED” or “NEW.” “Staff” and “our” are used throughout these FAQs to refer collectively to the Staff of TM and OCA, unless otherwise indicated.

Background

Rule 15Fi-5(a)(2) under the Exchange Act requires, among other things, that each security-based swap (“SBS”) dealer and major security-based swap participant (each, an “SBS Entity”) establish, maintain, and follow written policies and procedures reasonably designed to ensure that the SBS Entity executes written SBS trading relationship documentation with its counterparty that complies with the requirements of Rule 15Fi-5. Rule 15Fi-5(b) sets out requirements for security-based swap trading relationship documentation.

Rule 15Fi-5(c) requires each SBS Entity to have an independent auditor conduct periodic audits sufficient to identify any material weakness in its documentation policies and procedures required by Rule 15Fi-5 and to retain a record of the results of each audit.

The Staff has received questions about the audit requirement in Rule 15Fi-5(c), including (1) whether the “independent auditor” must be an accountant; (2) whether the audit must be conducted pursuant to a specific framework; (3) the required frequency of the audit; (4) whether and how to apply Rule 2-01 of Regulation S-X (the “Independence Rule”) and related guidance when selecting the “independent auditor”; (5) whether the auditor can be an internal auditor and still be considered independent; and (6) the meaning of “material weakness” in the context of Rule 15Fi-5(c).

Service Provider

Question 1: Does Rule 15Fi-5(c) require that the party performing the audit be an accountant?

Answer: No, Rule 15Fi-5(c) does not require the auditor to be an accountant. However, an SBS Entity should consider whether the auditor can successfully conduct an audit under Rule 15Fi-5(c).

Scope of Services

Question 2: Is a specific framework required to be followed when conducting an audit pursuant to Rule 15Fi-5(c)?

Answer: No. Rule 15Fi-5(c) does not specify a particular framework that must be followed when conducting the audit; however, the rule does require that the audit be conducted in a manner that is “sufficient to identify any material weakness” in the SBS Entity’s documentation policies and procedures. In other words, in the staff’s view, the auditor’s process should provide reasonable assurance that such material weakness(es) are identified.

The audit should include procedures that are appropriate under the facts and circumstances for the relevant SBS Entity. As examples, the auditor generally should consider performing the following audit procedures:

• Gap analyses between the policies and procedures of the SBS Entity and the documentation requirements of Rule 15Fi-5 to assess whether the SBS Entity’s policies and procedures are designed appropriately, and
• Examination of trading relationship documentation and transaction records with respect to a sufficient number of counterparties and transactions from the audited period to determine whether the SBS Entity complied with its policies and procedures and to assess whether the policies and procedures were operating as designed.

In addition to retaining a record of the results of the audit as required by Rule 15Fi- 5(c), an SBS Entity may want to consider documenting why the auditor who conducted the audit was considered independent and competent to perform the audit, and what audit procedures were performed in order to identify any material weakness unless such procedures are evident from the report or other documentation prepared by the auditor and retained by the SBS Entity.

Question 3: Rule 15Fi-5(c) requires the audits conducted be “periodic”. How frequently should audits be conducted?

Answer: The frequency of audits would depend on the SBS Entity’s particular facts and circumstances, including factors that may impact the risk of a material weakness in the SBS Entity’s documentation policies and procedures going undetected.[2] These factors may include the following: (1) whether the SBS Entity previously conducted an audit and the results of the most recent audit; (2) the length of time that has passed since the most recent audit; (3) changes during the period to (i) the nature of the SBS Entity’s SBS business; (ii) trading relationship documentation policies; (iii) the process or procedures for SBS trading relationship documentation (e.g., a new system implementation); or (iv) personnel responsible for complying with Rule 15Fi-5; or (4) the size and complexity of the SBS Entity’s SBS business (e.g., number of trades, counterparties, notional value). SBS Entities may also consider cycling through different business lines/asset classes (e.g., the credit default swap desk or equity swap desk) or locations such that targeted audits are taking place on a more frequent basis, even if the collective SBS business is not auditedwith the same frequency. The SBS Entity may wish to consider documenting how the frequency of its audits “is designed to reduce the prevalence of discrepancies during the course of [SBS] transactions,”[3] including consideration of relevant factors above.

Independence

Question 4: Does the requirement in Rule 15Fi-5(c) that an “independent auditor” perform the audit require that the auditor be independent under the Independence Rule?

Answer: No, Rule 15Fi-5(c) does not require that the auditor comply with the Independence Rule.[4] However, the Independence Rule can provide an informative framework for evaluating auditor independence for purposes of Rule 15Fi-5(c). For example, in the Staff’s view, the auditor would not be independent if they were not, or a reasonable party with knowledge of all relevant facts and circumstances would conclude that they are not, capable of exercising objective and impartial judgment on all issues encompassed within the audit. In determining whether an auditor is independent, all relevant circumstances should be considered.

Considerations that may be relevant to determining whether the auditor is independent should include whether a relationship or the provision of a service:

• creates a mutual or conflicting interest between the auditor and management,
• places the auditor in the position of assessing their own work,
• results in the auditor acting as management or an employee of management, or
• places the auditor in a position of being an advocate for management.

Questions on Rule 15Fi-5(c) auditor independence may be directed to TM Staff.

Question 5: Can the auditor be an internal auditor and still be considered independent for purposes of Rule 15Fi-5(c)?

Answer: Possibly. Just because an auditor is internal does not preclude it from being considered independent for purposes of Rule 15Fi-5(c). As stated in the proposing release, “the proposed rule would still encompass any auditor, whether external or internal, that is in fact independent.”[5] Furthermore, in the Adopting Release, the Commission stated that “there could be alternative structures to the typical ‘internal’ auditor employment relationship that, if structured properly, could be consistent with the Commission's auditor independence rules.”[6]

In the Staff’s view, the following characteristics present in the structure and scope of an internal audit function would support it being considered independent for purposes of an audit pursuant to Rule 15Fi-5(c):

• The internal auditor functionally reports directly to a committee of the board of directors that is made up entirely of independent directors (e.g., an audit committee). In the Staff’s view, if the internal auditor functionally, rather than solely administratively, reports to any member of management or a governance body that includes members of management, it could impair the internal auditor’s ability to exercise objective and impartial judgment due to creating a mutuality of interest with, or by placing the auditor in an advocacy role for, management.
• The internal auditor is not involved in designing or executing the policies and procedures necessary to comply with the requirements of Rule 15Fi-5, other than performance of the audit pursuant to Rule 15Fi-5(c), so the internal auditor would not be put in the position of auditing or assessing their own work or acting as management. For example, the Staff would not consider an internal auditor to be independent if it is involved in preparing the policies and procedures or processing SBS trading relationship documentation or SBS transactions subject to those policies and procedures.

The absence of the foregoing characteristics, however, would not automatically result in the conclusion that the internal auditor is not independent for purposes of an audit pursuant to Rule 15Fi-5(c). Each audit relationship has particular facts and circumstances that may bear on its independence and should be considered in addition to the two characteristics above to assess whether an SBS Entity’s internal auditor is independent for purposes of an audit pursuant to Rule 15Fi-5(c). Questions on Rule 15Fi-5(c) auditor independence may be directed to TM Staff.

Other

Question 6: What would be considered a “material weakness” for purposes of Rule 15Fi-5(c)?

Answer: In considering what would be considered a “material weakness” for purposes of the audit required under Rule 15Fi-5(c), the Staff is guided by the Commission’s definition of material weakness in the context of a registrant’s financial reporting[7] as well as the term’s use in the audit of internal control over compliance of a broker or dealer. [8]

In the Staff’s view, an auditor conducting an audit under Rule 15Fi-5(c) generally should consider whether any deficiency, or combination of deficiencies, they have identified in the SBS Entity’s security-based swap trading relationship documentation policies and procedures creates a reasonable possibility that material non-compliance with the requirements of Rule 15Fi-5 would not be prevented or detected on a timely basis. Such deficiency could include noncompliance with an SBS Entity’s policies and procedures as compared to the requirements of Rule 15Fi-5 and/or the SBS Entity’s non-compliance with its own policies or procedures.

[1] “Staff” and “our” are used throughout these FAQs to refer collectively to the Staff of TM and OCA, unless otherwise indicated.

[2] See Risk Mitigation Techniques for Uncleared Security-Based Swaps, Release No. 34-87782, 85 Fed. Reg. 6359, 6409 (Feb.4, 2020) (“Adopting Release”) (“As adopted, there is flexibility on behalf of the SBS Entity as to how and when those audits occur.” Furthermore, the Commission considered requiring a once per year audit of trading relationship documentation by only external auditors and stated that although such a requirement would not materially amend the primary benefits related to the audit of SBS Entities’ policies and procedures related to trading relationship documentation, it anticipated this alternative could increase compliance costs by reducing operational flexibility).

[3] See Adopting Release, 85 Fed. Reg. at 6375.

[4] The Independence Rule serves as the authoritative framework for evaluating an accountant’s independence from its audit client in the context of a financial statement audit, which differs in scope, purpose, and scope of stakeholders from an audit pursuant to Rule 15Fi-5(c).

[5] See Risk Mitigation Techniques for Uncleared Security-Based Swaps, Release No. 34-84861, 84 Fed. Reg. 4614, 4668 (Feb. 15, 2019).

[6] See Adopting Release, 85 Fed. Reg. at 6375.

[7] Under Exchange Act Rule 12b-2, a “material weakness”is a deficiency, or a combination of deficiencies, in internal control over financial reporting such that there is a reasonable possibility that a material misstatement of the registrant’s annual or interim financial statements will not be prevented or detected on a timely basis. 17 CFR 240.12b-2.

[8] Public Company Accounting Oversight Board (“PCAOB”) Attestation Standard No. 1, Examination Engagements Regarding Compliance Reports of Brokers and Dealers, defines a material weakness as “a deficiency, or a combination of deficiencies, in Internal Control Over Compliance such that there is a reasonable possibility that non-compliance with 17 CFR 240.15c3-1 or 17 CFR 240.15c3-3(e) will not be prevented or detected on a timely basis or that non-compliance to a material extent with 17 CFR 240.15c3-3, except for paragraph (e), 17 CFR240.17a-13, or any rule of the designated examining authority of the broker or dealer that requires account statements to be sent to the customers of the broker or dealer will not be prevented or detected on a timely basis.” See also 17 CFR 240.17a-5(d)(3)(iii) (in relevant part, “A material weakness is a deficiency, or a combination of deficiencies, in Internal Control Over Compliance such that there is a reasonable possibility that non-compliance with § 240.15c3-1, § 240.15c3-3(e), or § 240.15c3-3(p)(3) will not be prevented or detected on a timely basis or that non-compliance to a material extent with § 240.15c3-3, except for paragraph (e), § 240.15c3-3(p), except for paragraph (p)(3), § 240.17a-13, or any Account Statement Rule will not be prevented or detected on a timely basis.”).