A Story that Will Not Tell Itself: The PCAOB’s Role in the Protection of Customers of Broker-Dealers

I. Introduction[1]

Thank you, James [Apostales], for that kind introduction.[2]

And my thanks to the North American Securities Administrators Association (NASAA) for inviting me to be here with you today.

Before I begin, I need to remind you that the views I am expressing today are my own and do not necessarily reflect the views of my fellow Board members or the staff of the PCAOB.

It is an absolute honor to be here with a dedicated group of public servants. NASAA members have been serving the U.S. capital markets for over 100 years. What started out as Joseph Dolley's quest to "protect the people of Kansas from fakers with worthless stock to sell" has become the oldest international investor protection organization in the U.S. Each of you has a critical role in preserving NASAA's legacy.

Many of you are responsible for protecting customers and other investors of broker-dealers and the public through your oversight and enforcement.[3] Together, we share a common mission. The PCAOB contributes to the customer protection regime through oversight of firms that audit broker-dealers registered with the U.S. Securities and Exchange Commission (SEC or Commission). A high-quality audit improves the reliability of information filed with regulators, helps deter fraud by broker-dealers, and contributes to the protection of customers and their assets.

While the PCAOB was created in response to financial frauds at Enron and Worldcom, our oversight role of auditors of broker-dealers directly resulted from the frauds perpetrated by Bernie Madoff[4] and Allen Stanford.[5] Madoff's Ponzi scheme was facilitated by an accounting firm not registered with the PCAOB that had only three employees.[6]

Congress expanded the PCAOB's oversight authority to include firms that audited brokers and dealers in order to help prevent the recurrences of similar frauds.[7] With this authority, the existing system of registration and reporting applicable to auditors of issuers was expanded to include firms that audited SEC-registered broker-dealers.[8] The result was readily accessible and public information about these firms,[9] an inspection program designed specifically for audit firms of broker-dealers, an enforcement regime,[10] and a system of collaboration and coordination with other regulators.

Today, I want to first talk about the integral role played by the PCAOB in the protection of investors, particularly customers, who have accounts at the over 3,600 registered broker-dealers in the U.S.[11] I want to discuss some additional steps the PCAOB could take to further advance this mission.

In particular, I will talk about how the PCAOB can work more closely with NASAA and state securities regulators to further promote our shared mission of protecting investors, including customers, and the public. But to do so, we need your help.

II. Get your facts first, then you can distort them as you please[12]

Broadly speaking, audits of broker-dealers have been described as a "powerful component of investor confidence and [broker] compliance."[13] Customers rely on audit firms to, among other things, provide assurance on a broker-dealer's compliance with regulatory requirements designed to ensure liquidity and protect customer assets.[14] Regulators rely on audit firms to provide assurance on the reliability of information submitted to them by broker-dealers and for other insights learned during the audit about regulatory and legal compliance, all of which aid in ensuring a system that protects both investors and customers.[15]

In playing a role in the customer protection regime applicable to broker-dealers,[16] the PCAOB has put in place an inspections program that addresses a number of factors particularly relevant to audits of broker-dealers.[17]

First, broker-dealers are often small and privately held.[18] As a result, many of them do not have public investors. Our investor protection mission in this context, therefore, can require that we act primarily in the best interest of customers.[19]

Second, the assurance provided by auditors of broker-dealers extends beyond the historical financial statements.[20] The SEC put in place a complex and thorough set of rules designed to, among other things, protect customers of broker-dealers and their assets. The Commission specifically required audits as an important part of that regime.[21] As a result, auditors are charged with, among other things, examining compliance with a number of the regulatory requirements that make up the system of customer protection.[22]

Third, while all audits must take into account the risk of fraud,[23] those conducted for broker-dealers warrant particular focus on the risk of misappropriation of customer assets.[24] This can occur where funds received by a broker-dealer are not credited to a customer account or funds already in the account are improperly withdrawn. Audit firms, therefore, play an important role in detecting and deterring this type of fraud.[25]

Fourth, a significant portion of the auditor's work concerns information filed with regulators that not otherwise required to be made public. The annual reports that broker-dealers file with the Commission include financial statements with supplemental schedules and one of two reports, a compliance report or an exemption report.[26] The full annual report, however, is often not publicly available.[27] In effect, much of the information is for the regulators' eyes only. The audit, therefore, "enhance[s] the reliability" of the information provided to regulators.[28]

Fifth, audit firms can effectively provide an early warning system for concerns that can adversely affect customers. Material weaknesses in the controls designed to protect customer assets[29] or noncompliance with certain other financial responsibility rules[30] have to be reported "immediately" to the CFO. The noncompliance may trigger mandatory reporting obligations to regulators by the broker-dealer[31] or the audit firm.[32]

In addition to these factors, audit firms of broker-dealers have varied sizes, practices, and organization, something that can also impact the structure of the inspection program. For example, over 40 percent of the broker-dealers are examined by audit firms that performed 20 or fewer of those type of audits during the year.[33] Smaller audit firms, therefore, audit a sizable number of the nation's broker-dealers.

III. Fewer things are harder to put up with than the annoyance of a good example: The Lessons of Madoff, Stanford and Securities Fraud[34]

The PCAOB contributes to the customer protection regime applicable to broker-dealers in a number of ways.

Firms that conduct required audits of SEC-registered broker-dealers must register with the PCAOB and provide basic information to the public.

Firms conducting required audits of registered broker-dealers are also subject to inspection and enforcement by the PCAOB, without meaningful exception. While only a small percentage are inspected each year, firms nonetheless know that any audit they conduct of a broker-dealer may be selected for review by the PCAOB.[35]

The public is made aware of the results of the inspection process through the publication of an annual report that provides information about deficiencies in audits on an anonymized basis.[36]

Finally, the PCAOB shares relevant information with certain regulators of broker-dealers, both with respect to deficiencies in the audit and possible legal and regulatory violations by broker-dealers.[37]

Let me provide a bit more detail on each of these points.

A. Universal Registration

Before Dodd-Frank, the public often had a difficult time obtaining basic information about firms auditing broker-dealers. Bernie Madoff's fraud was facilitated by an unregistered audit firm that operated with limited public visibility.[38] The lack of accessible information made even the discovery of a broker-dealer's use of a fictitious auditor difficult.[39]

After the Madoff scandal, all firms auditing SEC-registered broker-dealers, without meaningful exception, were required to register with the PCAOB and file certain reports (e.g., annual and special reports) disclosing specified information about the firm, the firm's clients, and certain disciplinary actions brought against the firm or its professional staff.[40] The reporting resulted in a one stop shop for easily accessible information about the firms through the PCAOB's web site and a source of useful information to the public.[41]

B. Universal Inspection Regime

Congress also had concerns about the investor confusion that could result from a broker-dealer's use of an audit firm registered with the PCAOB.[42] Investors may not have realized that while the firm was subject to inspection, the broker-dealer audit was not.[43] This was the case with an introducing broker used by Alan Stanford.[44] The approach created a possible appearance of oversight where none actually existed.[45] The PCAOB addressed this issue by subjecting all required audits of broker-dealers to possible inspection.[46]

At the same time, however, the PCAOB does not have the resources to inspect every audit firm or every audit of a broker-dealer each year. Instead, each year we inspect around 16% of the firms. Moreover, in doing so, we usually select only a sampling of the audits conducted by each firm.

In deciding which firms to inspect, the PCAOB primarily uses a risk-based selection process.[47] In addition, we may inspect certain firms annually or may make selections on a random basis.[48] In 2019, 66 of the 411 registered firms that performed audits of the registered broker-dealers were inspected.[49]

Universal inclusion yielded early benefits. In the first few years of the interim broker-dealer inspection program, the PCAOB uncovered a significant number of firms that lacked or appeared to lack independence, particularly those that audited non-clearing and non-carrying brokers, often as a result of performing incompatible services, such as bookkeeping or preparation of the financial statements.[50] Many of these firms were also subject to enforcement action, with sanctions including prohibitions on accepting new clients, censures, and monetary penalties.[51]

C. Public Accountability and Reporting

When we uncover deficiencies in an audit of a broker-dealer, we tell the firms but are not permitted to share the information with the broker-dealer.[52]

For the public, we provide a single, aggregated annual report that broadly describes the results of all inspections of broker-dealer audits, without identifying the names of the audit firms or the relevant broker-dealers where the deficiencies occurred. As a result, customers and other investors don't receive information about specific audit firms or broker-dealers. The information, therefore, has limited use for customers and prospective customers in deciding where to open an account.

The results disclosed in the annual public report on broker-dealer inspections, including the most recent one issued in August 2020, raise concerns over audit quality[53] and indicate, in the prosaic language of a regulator, that "there is room for improvement."[54] Only around 10% of the firms and about 30% of the audit engagements were free from deficiencies.[55] In other words, a broker-dealer has been more likely than not to have experienced an audit that failed to meet our standards.[56] Many of the audit deficiencies were related to the regulatory requirements designed to protect customers, including net capital[57] and reserve[58] calculations. In conducting an examination of the compliance report,[59] deficiencies were identified in nearly 70% of those engagements.[60] We also found a high deficiency rate in the work by auditors concerning the assertions made by non-carrying broker-dealer in their exemption reports.[61] Among other things, review could conceivably identify cases where a compliance report, instead of an exemption report, should have been filed by a broker-dealer.

Deficiencies were also noted with respect to fraud procedures and failures to make the required communications about significant deficiencies or material weaknesses.[62] This year we also saw a spike findings concerning the lack of independence by audit firms.[63]

D. Referrals and Regulators

Our role is limited to oversight of firms that audit SEC-registered broker-dealers. We do not have any direct authority over broker-dealers. Nonetheless, what we learn can be useful to regulators that do have this authority. As a result, we have a system in place designed to provide regulators with useful information uncovered during the inspection process.

Broadly speaking, we uncover two types of information that can be important to regulators.

Foremost, our inspections identify audit firms that performed the audit where deficiencies occurred. A deficient audit could reduce the reliability of the audited financial statements and other compliance information provided to regulators. Deficiencies can include the failure to sufficiently assess the risk of fraud, particularly the risks associated with the misappropriation of customer assets, the failure to adequately examine a broker-dealer's compliance with the customer protection rule, or, in the case of an introducing broker, the failure to sufficiently review the contents of the exemption report.[64]

We also routinely uncover violations or possible violations of regulatory and other legal requirements by broker-dealers. The financial statements may not have been prepared in accordance with the U.S. generally accepted accounting principles. If the financial statements are inaccurate, the net capital calculations may not be correct. We might also uncover possible violations of the regulatory requirements designed to protect customers and their assets.

We are allowed under the statute to make referrals to the SEC and appropriate state regulatory authority,[65] as well as FINRA and certain other federal and state regulators.[66]

IV. A Clear Conscience Is The Sure Sign of A Bad Memory: Lessons Learned[67]

The PCAOB plays an important role in the customer protection regime for broker-dealers but more can be done. As our public annual reports indicate, serious concerns continue to exist about the quality of broker-dealer audits even after nine years of PCAOB inspections.[68]

The absence of public disclosure of audit deficiencies on a firm-specific basis may take away a significant incentive for audit firms to improve audit quality. Broker-dealers also can be left unaware of the deficiencies in their own audits. Improved public disclosure could, therefore, provide benefits to customers, broker-dealers, and the market.

We should also give some thought to whether the high deficiency rate could be addressed through changes to our standards. As I mentioned, the PCAOB has explicit authority over standard setting for audit work related to broker-dealers. We are currently considering potential revisions to the PCAOB's quality control standards, providing an opportunity to improve audit quality.

Finally, we could work more closely with other regulators to maximize the benefits of our role in the customer protection regime. As part of that effort, we should establish regular interaction with state securities regulators and NASAA.

A. Disclosure and Audit Quality

With respect to audits of public companies, the PCAOB publishes a report for each inspected firm. Posted on our website, the reports identify the deficiencies, if any, in, and certain violations of, our rules and standards[69] uncovered during an inspection.[70] The deficiency rates disclosed in these reports is followed closely by audit committees, investors and other participants in the capital markets. Public disclosure therefore can provide an incentive for audit firms to improve audit quality.

In the broker-dealer space, no similar public disclosure occurs. We do not issue an individual report for each inspected firm. This has a number of consequences. The absence of public information with respect to a specific firm removes an incentive for the firm to improve audit quality.[71] Current and prospective customers do not obtain information that may be useful in assessing the quality of a broker-dealer audit.[72] Even the broker-dealer may be unaware of a deficient audit.

We may be able to implement this change quickly.[73] While our existing interim rule requires an annual report about the overall results of the program, other types of reports are permitted.[74] When we adopted the rule,[75] we acknowledged that firm-specific inspection reports were allowed, at least in "unusual circumstances. . . "[76] In my view, years of problematic inspection results warrant and justify the issuance of firm-specific reports in order to help improve audit quality.

Were we to issue these individualized reports, the content should emphasize information particularly useful to regulators, customers, the public and the broker-dealers that retain the audit firm. For audits of privately held broker-dealers, particular emphasis on deficiencies directly relating to the protection of customers and customer assets would likely be the most useful, including deficiencies in the fraud assessment.[77] In addition, we should also strongly consider disclosing the identity of the broker-dealer where the deficiency occurred.[78]

Even if we decide not to resort to individualized inspection reports, we should consider enhancing the disclosure in our annual reports by providing more useful data. We could, for example, identify the names of the relevant audit firms with respect to each deficiency and publish a table that listed the audit firms inspected and their deficiency rate.[79] The data would at least provide some insight into audit quality of the firms, something useful both to regulators, broker-dealers, and the public.

B. Quality Control and Audit Quality

Another possible way to improve audit quality is to consider changes to our standards. The PCAOB recently issued a concept release asking for views on whether and how the standards governing quality control systems at audit firms should be revised.[80] Quality control is something that we rely on every day. We are able to board a plane, take medicine or eat wholesome foods with little concern about safety because we know, behind the scenes, a system of quality control is functioning. In the audit space, quality control is intended to ensure that audits are properly conducted.

Our inspections of audits of broker-dealers continue to show a high deficiency rate in many areas. This suggests that the firms' current approach to quality control may not be adequate. As we think about possible revisions to our quality control standards, we should consider whether this high deficiency rate can be addressed through specific requirements applicable to audits of broker-dealers.

This approach would run counter to the usual way standards are formulated. Since the days of audit firm self-regulation, standards have been principles based. This approach results in standards that are phrased generally and, for the most part, applicable to all firms and all audits. The general justification for this approach is that the standards need to be "scalable."[81]

The current standards governing quality control do not specifically address unique concerns that can arise in the context of audits of broker-dealers.[82] The high deficiency rate among broker-dealer audits, however, suggests that this "one size for all" approach may not be effective.[83]

Our concept release on quality control asked whether a future quality control standard should have requirements for auditors of broker-dealers different from those applicable to auditors of issuers.[84] Letters from audit firms generated universal opposition to the idea of specific requirements for audits of broker-dealers in a quality control standard.[85] Although expressing opposition, none of the letters from firms addressed the high deficiency rate for audits of broker-dealers or suggested alternative mechanisms for improving audit quality.

The deficiency rate in broker-dealer audits demands improvement. A more effective system of quality control may be one possible way to address the concern. As the PCAOB continues to consider revisions of the standards governing quality control, additional thought should be given as to whether specific provisions can and should be included that are designed to improve audit quality by firms auditing broker-dealers.

C. Regulatory Coordination and Audit Quality

Our ability to make referrals of possible violations by broker-dealers to other regulatory authorities is limited by our enabling statute. We are allowed to do so with the Commission and FINRA. We can also sometimes give the information to certain other federal and state regulators[86] and the Department of Justice.[87]

The Sarbanes-Oxley Act does require that we share certain information with the "appropriate" state regulator,[88] which applies to state agencies with responsibility for regulating the practice of accounting.[89] When assigning the PCAOB authority to oversee audits of broker–dealers in 2010, Congress did not amend this definition to explicitly include state securities regulators. This was, in my opinion, an unintended omission that should be addressed in any future revisions of the PCAOB's enabling statute.

In the meantime, we may have some flexibility within the current statutory framework. State agencies that oversee accounting practice and accountants often oversee other professionals. This can sometimes include broker-dealers. In Colorado, my home state, for example, the Department of Regulatory Affairs (DORA) houses the Board of Accountancy and the Securities Commission.[90]

Presumably, referrals of potential violations by broker-dealers to DORA in Colorado could be shared within the DORA and therefore with the Colorado Securities Commission. For other states with the same or similar structure, referrals presumably could be made to securities commissions in these states.[91] The PCAOB could consider, therefore, providing referrals or other information to these agencies.

D. Audit Quality and Improved Coordination

Facilitating the oversight of other regulators in the protection of customers means more than disclosure and information sharing. In my view, periodic meetings between the PCAOB and NASAA would benefit both organizations.

We should also consider making public some of what we learn on customer protection issues through roundtables attended by the PCAOB and those regulators that oversee broker-dealers. The public would benefit from this.

V. Conclusion: Continuous improvement is better than delayed perfection[92]

We have a lot more to do in this space. Audit quality needs to improve. Public disclosure should be enhanced. We also need to work more closely with other regulators, including state securities regulators and NASAA.

Some of the impetus should come from the PCAOB. Some, however, needs to come from stakeholders like you.

I strongly encourage NASAA as a whole and each individual state securities regulator to increase the interaction with the PCAOB. At a minimum, we should meet with you more often to share concerns and keep you informed about how the PCAOB can help in your mission to protect customers and the public.

Reach out. Request a meeting with the Board or the staff. I'm happy to arrange a conversation, whether with me, our staff or other Board members.[93]

Follow what we do. When we put out a rule proposal, I strongly encourage you to send in your comments. You represent customers and the public interest. We can always benefit from hearing more from that perspective.[94]

I look forward to these conversations and ways in which the PCAOB can better assist you in your important mission.

[1] "There is only one right form for a story and if you fail to find that form the story will not tell itself." — Mark Twain, Quotes From Twain, Mark Twain Performs (available at http://marktwainperforms.com/quotes.html).

[2] Board Member, Public Company Accounting Oversight Board, see PCAOB, J. Robert Brown, Jr. (available at https://pcaobus.org/About/Board/Pages/J-Robert-Brown.aspx). This statement is based upon remarks made to members of the NASAA on October 7, 2020. I want to thank Clara Fryer, an intern in my office during the fall of 2020, for her valuable work on this statement.

[3] Those of you on this call are "cop[s] on the beat," protecting retail investors and the public interest. NASAA Broker Dealer Section Coordinated Examination Report, NASAA (Sept. 2018) (available at https://www.nasaa.org/wp-content/uploads/2018/09/BD-Coordinated-Examination-Report-2018.pdf).

[4] The SEC charged the audit firm used by Madoff with falsely representing to investors that Bernard L. Madoff Investment Securities LLC (BLMS) was financially sound and that the firm was independent in the conduct of the audits of BLMS each year. According to the SEC's charges, the firm did not perform "a meaningful audit" and, critically, "did not perform procedures to confirm that the securities BMIS purportedly held on behalf of its customers even existed." See SEC v. David G. Friehling, C.P.A., et al., Litigation Release No. 20959, 2009 WL 700803 (Mar. 18, 2009) (available at https://www.sec.gov/litigation/litreleases/2009/lr20959.htm).The charges were not contested. See SEC v. David G. Friehling, C.P.A., et al., Litigation Release No. 21274, 2009 WL 3633866 (Nov. 3, 2009) (available at https://www.sec.gov/litigation/litreleases/2009/lr21274.htm).

[5] See James R. Doty, Chair, PCAOB, Myths and Realities — The PCAOB and Its Role in Broker-Dealer Auditor Regulation, AICPA/SIFMA National Conference on the Securities Industry, New York, New York (Oct. 27, 2011) ("The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 vested the PCAOB with new oversight authority over the firms that perform the audits of brokers and dealers registered with the SEC. This new authority was driven in part by the revelation of the Madoff and Stanford Ponzi schemes, including reports of allegedly lax audit work related to those firms.") (available at https://pcaobus.org/News/Speech/Pages/10272011_DotyKeynote.aspx).

[6] See The Madoff Investment Securities Fraud: Regulatory and Oversight Concerns and the Need for Reform, Hearings Before the S. Comm. on Banking, Hous., and Urban Aff., 107th Cong. (Jan. 27, 2009) Testimony by John C. Coffee, Jr., Adolf A. Berle Professor of Law, Columbia University Law School (available at https://www.govinfo.gov/content/pkg/CHRG-111shrg50465/html/CHRG-111shrg50465.htm) ("Madoff was audited by a small auditing firm, Friehling & Horowitz, which only had three employees. Of these three, one . . . was David Friehling, who was not subject to even the peer review process mandated by New York State because he claimed not to conduct audits.…It has escaped almost no one's attention that Madoff Securities was 'audited' by effectively a one-person auditing firm that was not registered with the Public Company Accounting Oversight Board.").

[7] S. Rep. No. 111-176 (2010) (available at https://www.congress.gov/congressional-report/111th-congress/senate-report/176/1) ("Currently, every SEC-registered broker and dealer is required . . . to file with the SEC a balance sheet and income statement certified by a public accounting firm that is registered with the PCAOB. However, the PCAOB's authority to write professional standards, inspect audits, investigate audit deficiencies, and bring disciplinary proceedings for audit deficiencies extends to audits of 'issuers,' . . . . Therefore, the PCAOB does not have the authority to regulate and inspect audits of brokers and dealers unless a broker or dealer is an issuer (which is typically not the case) or its financial statements are part of the consolidated financial statements of an issuer.").

[8] In 2002, the Sarbanes-Oxley Act amended Section 17(e) of the Securities Exchange Act to require all SEC-registered broker-dealers to use a PCAOB-registered audit firm. Beginning in August 2003, the Commission issued a series of orders granting temporary exemptions to non-public broker-dealers from the obligation to file financial statements that have been audited by a registered public accounting firm. The latest order, issued on December 12, 2006, extended the exemption to cover financial statements for fiscal years ending before January 1, 2009. See PCAOB Registration of Auditors of Non-Public Broker-Dealers Frequently Asked Questions, SEC (available at https://www.sec.gov/divisions/marketreg/faq-pcaobregbdauditors.htm).

[9] The Sarbanes-Oxley Act and PCAOB Rules provide that audit firms that prepare or issue audit reports or play a "substantial role" in the preparation or furnishing of an audit report of an issuer, broker, or dealer must register with the Board. See PCAOB Rules 1001(b)(iii), 1001(d)(iii), and 1001(p)(ii).

[10] In 2010, the Dodd-Frank Act amended the Sarbanes-Oxley Act to, among other things, expand the PCAOB's oversight of the auditors of the SEC-registered broker-dealers to include inspection and disciplinary authority. On July 30, 2013, the SEC amended its Rule 17a-5 to require, in part, that audits of broker-dealers' financial statements and supplemental information, as well as the auditor's examination of the compliance report or the auditor's review of the exemption report, be conducted in accordance with PCAOB standards. Before the SEC amendments to Rule 17a-5, audits of brokers and dealers were required to be performed under generally accepted auditing standards established by the American Institute of Certified Public Accountants (AICPA). See PCAOB Adopts Standards for Broker-Dealer Audits and for Auditing Supplemental Information, PCAOB (Oct. 10, 2013) (available at https://pcaobus.org/News/Releases/Pages/10102013_BrokerDealer.aspx).

[11] The SEC listed 3,633 active registered broker-dealers as of September 2020. See SEC, Company Information About Active Broker-Dealer, Forms BD (available at https://www.sec.gov/help/foiadocsbdfoiahtm.html).

[12] "Get your facts first, and then you can distort them as much as you please."

— Mark Twain, Quotes From Twain, Mark Twain Performs (available at http://marktwainperforms.com/quotes.html).

[13] James L. Kroeker, Testimony Concerning Accounting and Auditing Standards: Pending Proposals and Emerging Issues, Before the Subcommittee on Capital Markets, Insurance, and Government Sponsored Enterprises of the House Committee on Financial Services, SEC (May, 21 2010) (available at https://www.sec.gov/news/testimony/2010/ts052110jlk.htm).

[14] Amendment to Single Issuer Exemption for Broker-Dealers, Exchange Act Release No. 86073, 2019 WL 2617449 (June 10, 2019) (available at https://www.sec.gov/rules/final/2019/34-86073.pdf) ("The requirement that the annual reports [of broker-dealers] be covered by reports prepared by an independent public accountant is intended to enhance the reliability of the information filed by the broker-dealer, including information relevant to its financial condition, ability to continue as a going concern, and its handling of customer securities and cash. This also benefits investors who are customers or potential customers of the broker-dealer and who do not have access to the same level of information about the financial condition and operations of the broker-dealer as the independent public accountant engaged by the broker-dealer. These investors rely on the independent public accountant to audit this information.").

[15] Id. ("Broker-dealer annual reports are one of the primary means of monitoring compliance with the Commission's broker-dealer financial responsibility rules, and the requirement that the annual reports be certified by a PCAOB-registered independent public accountant is intended to help enhance the reliability of the information filed by the broker-dealer.").

[16] James L. Kroeker, supra note 13 ("Clarifying the PCAOB's oversight authority with respect to auditors who perform audits of broker-dealers will improve the quality of broker-dealer audits and strengthen both investor protection and broker-dealer compliance.").

[17] As the legislative history noted, differentiation among auditors of broker-dealers within an inspection program was expected. Id. ("The Board's current inspection program takes into account the size and complexity of each issuer when determining the scope of the inspection, and it will be capable of implementing a program for auditors of broker-dealers of varying size and complexity.").

[18] Nearly half (47%) of the registered broker-dealers reported 10 or fewer registered representatives. See 2020 FINRA Industry Snapshot (available at https://www.finra.org/sites/default/files/2020-07/2020-industry-snapshot.pdf).

[19] See supra note 6 ("Although a privately held firm may have few shareholders who need properly audited financial statements, it may have many customers (and the SEC) who have an interest in knowing that appropriate auditing procedures have been followed.").

[20] The standards applicable to firms auditing broker-dealers is also set by the SEC. In the early days of the inspection program, audits for broker-dealers were subject to the standards set by the AICPA. The Commission amended Rule 17a-5 to make mandatory the application of PCAOB standards. See Rule 17a-5(g)(1); 17 C.F.R § 240.17a-5(g)(1).

[21] Oversight of the U.S. Securities and Exchange Commission: Evaluating Present Reforms and Future Challenges, Hearing Before the S. Comm. on Cap. Mkts., Ins., and Gov't Sponsored Enters. of the Comm. on Fin. Servs., U.S. House of Representatives, 111th Congress, 2nd Sess., Serial No. 111-144 (July 20, 2010) (available at https://www.govinfo.gov/content/pkg/CHRG-111hhrg61848/html/CHRG-111hhrg61848.htm) (statement by SEC Chair Mary Schapiro) ("The approach we have taken with respect to Madoff quite generally is to bring together protections that we think will help prevent, to the greatest extent possible, another Madoff from ever occurring. So, for example, contained in the Dodd-Frank bill is a requirement for broker-dealers to be audited by a PCAOB-registered accounting firm and for that accounting firm to, in fact, be overseen by the PCAOB. That will help with the issue with respect to a no-name accounting firm that is clearly not up to the task.").

[22] In re MKM Partners LLC For Review of Disciplinary Action Taken by BATS Exchange, Inc., Exchange Act Release No. 79700, 2016 WL 7473302 (Dec. 28 2016) (available at https://www.sec.gov/litigation/opinions/2016/34-79700.pdf) ("The annual 'audit of a broker or dealer is not a mere "balance sheet audit,"' but is rather 'an examination of accountabilities and responsibilities of [the] firm resulting in a report to regulatory bodies concerning that firm's fiduciary obligations to customers.'"). See also Bill Gradison, Board Member, PCAOB, What Lies Ahead for the PCAOB, American Accounting Association, Auditing Section, Albuquerque, NM (Jan. 15, 2011) (available at https://pcaobus.org/News/Speech/Pages/01152011_GradisonWhatLiesAhead.aspx) ("Investors already have an important degree of protection from broker-dealer frauds through SIPC. Since SIPC protection is capped, I think it's fair to say that PCAOB's role will be not only to protect SIPC, but more specifically, to protect investors from losses that exceed the SIPC limits.").

[23] See AS 2401: Consideration of Fraud in a Financial Statement Audit, PCAOB (available at https://pcaobus.org/Standards/Auditing/Pages/AS2401.aspx).

[24] Staff Guidance for Auditors of SEC-Registered Brokers and Dealers, PCAOB (June 26, 2014) (available at https://pcaobus.org/Standards/Documents/06262014_Staff_Guidance.pdf) ("Brokers and dealers, however, also have other fraud risks that warrant audit attention, specifically, the risk of misappropriation of customer assets.").

[25] Bill Gradison, supra note 22 ("For those broker-dealers not permitted to handle customer cash or securities, a well-executed audit would help to confirm that these broker-dealers are not handling such cash or securities or potentially misappropriating customer funds."). See also James L. Kroeker, supra note 13 (noting that an audit by an independent public accountant "can be one of the most effective deterrents to fraud.").

[26] Financial statements (Statement of Financial Condition, Statement of Income, Statement of Changes in Stockholders' or Partners' or Sole Proprietor's Equity, and Statement of Changes in Liabilities Subordinated to Claims of General Creditors) must be accompanied by Supporting Schedules, such as a Computation of Net Capital, a Computation for Determination of the Reserve Requirements (if applicable), and Information Relating to the Possession or Control Requirements (if applicable) and either a compliance report or an exemption report (as applicable). See Rule 17a-5(d)(2)(i), 17 CFR 240.17a-5(d).

[27] The Commission allows for the filing of public and non-public portions of the annual reports. The broker-dealer could attach one document containing all of elements of the annual reports as a public document or the broker-dealer could attach two documents to its filing with the SEC: a public document containing the Statement of Financial Condition (i.e., balance sheet), the notes to the Statement of Financial Condition, and the audit report which covers the Statement of Financial Condition; and a non-public document containing all of the components of the annual reports. Broker-dealers must make their balance sheets public. Other information such as the income statement is not required to be made public. See Rule 17a-5(e)(3); see also Broker-Dealer Reports, Exchange Act Release No. 70073, 106 SEC Docket 4165 (July 30, 2013) (available at https://www.sec.gov/rules/final/2013/34-70073.pdf).

[28] See supra note 14.

[29] See Broker-Dealer Reports, supra note 27 ("if the accountant determines in connection with the audit of a carrying broker-dealer's annual reports that any material weakness (as defined in paragraph (d)(3)(iii) of Rule 17a-5) exists, the independent public accountant must immediately notify the broker-dealer's CFO of the nature of the material weakness."). See also Financial Responsibility Rules for Broker-Dealers, Exchange Act Release No. 70072 (July 30, 2013) (available at https://www.sec.gov/rules/final/2013/34-70072.pdf).

[30] See Broker-Dealer Reports, supra note 27 ("the final rule amendments require that, if the independent public accountant determines that the broker-dealer "is not in compliance with" any of the financial responsibility rules during the course of preparing the accountant's reports, the independent public accountant must immediately notify the broker-dealer's CFO of the nature of the non-compliance.").

[31] Id. ("Consequently, the final rule requires that any instance of non-compliance identified by the accountant will trigger a notification by the broker-dealer to the Commission and the firm's DEA [designated examining authority] to the same extent that notification is required if discovered by the broker-dealer other than in connection with its annual audit."). Id. Failure of the broker-dealer to do so may trigger notification obligations on the part of the audit firm.

[32] See Rule 17a-5(h); 17 C.F.R § 240.17a-5(h) ("If the independent public accountant does not receive the notification within one business day, or if the independent public accountant does not agree with the statements in the notification, then the independent public accountant must notify the Commission and the designated examining authority within one business day.").

[33] Annual Report on the Interim Inspection Program Related to Audits of Brokers and Dealers, PCAOB Release No. 2020-001 (Aug. 20, 2020) (available at https://pcaobus.org/Inspections/Documents/2019-Broker-Dealer-Annual-Report.pdf).

[34] — Mark Twain

Quotes From Twain, Mark Twain Performs (available at http://marktwainperforms.com/quotes.html).

[35] Rule 17a5(d)(1)(iv) provides an exception from the annual reporting provisions for a broker or dealer that is a member of a national securities exchange, has transacted a business in securities solely with or for other members of a national securities exchange, and has not carried any margin account, credit balance, or security for any person who is defined as a customer. To the extent broker-dealers voluntarily file such annual reports, if any, that topic is beyond the scope of these remarks.

[36] See PCAOB Rule 4020T(d).

[37] See 15 U.S.C. § 7215(b)(4); Id. § 7215(b)(5); PCAOB Rules 4004, 5108 and 5112.

[38] S. Rep. No. 111-176 (2010) (available at https://www.congress.gov/congressional-report/111th-congress/senate-report/176/1) ("An example of the type of harm that might be avoided in the future by extending PCAOB authority is the investor reliance on the fraudulent audit of the broker-dealer Bernard L. Madoff Investment Securities LLC by Friehling & Horowitz, a firm that was not registered with the PCAOB.").

[39] The issue came up in the hearings on Dodd-Frank. The Madoff Investment Securities Fraud: Regulatory and Oversight Concerns and the Need for Reform, Hearings Before the S. Comm. on Banking, Hous., and Urban Aff., 107th Cong. (Jan. 27, 2009) (available at https://www.govinfo.gov/content/pkg/CHRG-111shrg50465/pdf/CHRG-111shrg50465.pdf) ("had the auditor for the Bayou Funds been required to have been registered with the PCAOB, it would have been comparatively simple for investors to check and ascertain whether they were dealing with a legitimate auditor (instead of an entirely bogus firm). Nor would Israel have dared to invent a bogus auditor.").

[40] Form 2 — Annual Report Form, PCAOB (available at https://pcaobus.org/Rules/Pages/Form_2.aspx); Form 3 - Special Reporting Form, PCAOB (available at https://pcaobus.org/Rules/Pages/Form_3.aspx).

[41] See supra note 9. See also Oversight of the U.S. Securities and Exchange Commission: Evaluating Present Reforms and Future Challenges, Hearing Before the S. Comm. on Cap.Mkts., Ins., and Gov't Sponsored Enters. of the Comm. on Fin. Servs., U.S. House of Representatives, 111th Congress, 2nd Sess., Serial No. 111-144 (July 20, 2010) (available at https://www.govinfo.gov/content/pkg/CHRG-111hhrg61848/html/CHRG-111hhrg61848.htm) (testimony of Mary Schapiro, Chair, SEC) ("This approach we have taken with respect to Madoff quite generally is to bring together protections that we think will prevent, to the greatest extent possible, another Madoff from ever occurring. So, for example, contained in the Dodd-Frank bill is a requirement for broker-dealers to be audited by a PCAOB-registered accounting firm and for that accounting firm to, in fact, be overseen by the PCAOB. That will help with the issue with respect to a no-name accounting firm is clearly not up to the task.").

[42] Audit firms can voluntarily register with the PCAOB even if they do not issue audit reports or play a substantial role in the audit of an issuer or broker-dealer.

[43] S. Rep. No. 111-176 (2010) (available at https://www.congress.gov/congressional-report/111th-congress/senate-report/176/1) ("Under the current situation, where auditors of brokers and dealers register with the PCAOB but their audits of brokers and dealers are not subject to the PCAOB's standard setting, inspections, and disciplinary authority, investors may expect that PCAOB-registered auditors of brokers and dealers are subject to inspections and oversight when, in fact, the PCAOB has no authority to govern the conduct or monitor the quality of their audit work."). See also Daniel L. Goelzer, Acting Chairman, PCAOB, Testimony Concerning Accounting and Auditing Standards: Pending Proposals and Emerging Issues, United States House of Representatives Financial Services Committee, Subcommittee on Capital Markets, Insurance and Government Sponsored Enterprises, Washington, DC (May 21, 2010) (available at https://pcaobus.org/News/Speech/Pages/05212010_Goelzer_HFSC_Testimony.aspx) ("This creates a risk that brokerage firm clients may believe that, because broker-dealer auditors are registered with the PCAOB, we are exercising oversight of the audit work of those firms, especially as it relates to the auditor's review of the procedures the broker employs to protect client cash and securities.").

[44] Stanford relied on an introducing broker, Stanford Group Company. See Analysis of Securities Investor Protection Act Coverage For Stanford Group Company, SEC (available at https://www.sec.gov/rules/other/2011/stanford-sipa-analysis.pdf) ("SGC is a broker-dealer registered under Section 15 of the Securities Exchange Act of 1934 and a member of SIPC. R. Allen Stanford ("Stanford") was the sole owner, directly or indirectly, of more than 130 related entities, including SGC . . . As of February 16, 2009, SGC had approximately 32,000 active accounts for which it acted as an introducing broker, and those accounts were cleared and carried by Pershing LLC or J.P. Morgan Clearing Corporation.").

[45] See James L. Kroeker, Chief Accountant, Office of the Chief Accountant, U.S. Securities and Exchange Commission, Remarks Before the 2009 AICPA National Conference on Current SEC and PCAOB Developments, Washington, D.C. (Dec. 7, 2009) (available at https://www.sec.gov/news/speech/2009/spch120709jlk.htm) ("Auditors of broker dealers are statutorily required to register with the PCAOB, however the application of the inspection, investigation, and disciplinary processes is less certain. In this state of affairs, I have concerns that an expectations gap is being created. That is, registration in the absence of inspection and disciplinary authority has the potential to communicate a false impression to the market that I believe should be avoided.").

[46] A modest number of broker-dealers are audited by overseas affiliates and other non-US firms. The PCAOB has so far not inspected any non-US firms that audit registered broker-dealers. See, e.g., Report on The Progress of The Interim Inspection Program Related to Audits of Brokers and Dealers, PCAOB Release No. 2012-005 (Aug. 20, 2012) (available at https://pcaobus.org/Inspections/Documents/BD_Interim_Inspection_Program.pdf).

[47] In 2019, for example, we inspected 66 of the 411 firms currently registered with the PCAOB. Of that number, we inspected only 10 of the 123 firms that conduct audits of a single broker-dealer. At this pace, it would take 12 years to cycle through the entire population, not taking into account any new entries into the market. For firms that audit 2-20 broker-dealers (245), we inspected 32 of them in 2019, a roughly 8 year cycle. The tables are attached as an appendix. Annual Report on the Interim Inspection Program Related to Audits of Brokers and Dealers ("2020 Report"), PCAOB Release No. 2020-001 (Aug. 20, 2020) (available at https://pcaobus.org/Inspections/Documents/2019-Broker-Dealer-Annual-Report.pdf).

[48] 2020 Report, supra note 47 ("During 2019, we selected 15 broker-dealers whose audits and attestation engagements were covered by the inspections at random.").

[49] Id.

[50] The lack of auditor independence was a concern raised in connection with the firm used by Madoff. See SEC v. David G. Friehling, C.P.A., et al., Litigation Release No. 20959, supra note 4 ("The SEC's complaint alleges that Friehling enabled Madoff's Ponzi scheme by falsely stating, in annual audit reports, that F&H audited BMIS financial statements pursuant to Generally Accepted Auditing Standards (GAAS), including the requirements to maintain auditor independence and perform audit procedures regarding custody of securities.").

[51] Auditor independence is critical for the reliability of a broker-dealer's financial reports, but it also could impact the regulatory compliance of the broker-dealer and investment adviser. For example, in 2018, the SEC found that an audit firm violated the SEC's independence standards, which resulted in violations of the reporting requirements by the audit firm's four broker-dealer clients and violations of the Advisers Act by its four investment adviser clients. See Audit Firm Settles Charges for Violating Auditor Independence Rules, Administrative Proceeding, File No. 3-18762, SEC (Sept. 13, 2018) (available at https://www.sec.gov/enforce/34-84118-s).

[52] See Temporary Rule for an Interim Program of Inspection Related to Audits of Brokers and Dealers, PCAOB Release No. 2011-001 (June 14, 2011) (available at https://pcaobus.org/Rulemaking/Docket032/PCAOB_Release_2011-001_Rule.pdf) ("PCAOB inspectors may at any time discuss issues with the audit engagement team or other representatives of the firm. When PCAOB inspectors identify what appears to them to be a potentially significant issue, they typically describe their observations in a written comment provided to the firm. The firm then has an opportunity to respond in writing and describe its perspective on any aspect of the inspection observation. Firm responses to written comments are carefully considered and, depending upon the circumstances, may result in further dialogue to clarify issues.").

[53] 2020 Report, supra note 47 ("While our 2019 inspections revealed modest improvement in the rate of deficiencies, we continue to see a high rate of deficiencies in certain areas of engagement performance. We continue to observe similar deficiencies each year despite few changes to auditing and attestation standards.").

[54] Id. ("The results of our 2019 inspections indicate, however, that there is room for improvement. Our observations indicate that firms' systems of quality control did not appear to provide reasonable assurance that firm personnel will comply with applicable professional standards in the areas of: 1) engagement performance; 2) monitoring; 3) independence, integrity, and objectivity; and 4) personnel management, which are required elements of a system of quality control.").

[55] Id. Seven out of the 66 firms had no deficiencies; 31 of the 106 audit engagements had no deficiencies.

[56] Id. ("On an overall basis, the percentages of audits, areas, and attestation engagements with deficiencies identified in 2019 remained high, though the percentages of audits, areas, and examination engagements with deficiencies decreased when compared to 2018 and 2017. The percentage of review engagements with deficiencies decreased in 2019 when compared to 2018, but increased when compared to 2017. The percentage of audits with independence findings in 2019 increased when compared to 2018 and 2017.").

[57] Thirty-one (31%) of the engagement deficiencies related to auditing the Net Capital Rule Supporting Schedules. Id. ("Firms did not perform, or sufficiently perform, procedures to evaluate whether the following aspects of net capital computations were determined in compliance with the Net Capital Rule: (AS 2701.04) Adjustments to net worth, specifically the addition of discretionary and subordinated liabilities; Allowable assets and assets not readily convertible into cash, including commissions and concessions receivable; Haircuts for securities positions and undue concentration charges; or Operational charges and other deductions, including failed security transactions.").

[58] Id. ("Firms did not perform, or sufficiently perform, procedures to test whether the information in the customer and PAB reserve computations was complete, accurate, and compliant with relevant regulatory requirements. This includes whether the notification obtained from the banks applicable to the special reserve bank account for the exclusive benefit of customers met the requirements of the Reserve Requirements Rule, and procedures related to stock record allocation adjustments. (AS 2701.04)").

[59] Id. ("The auditor must plan and perform an examination of statements made by the broker-dealer in its compliance report in accordance with AT No. 1.").

[60] Of the 29 examination engagements reviewed by the PCAOB staff, 20 had deficiencies. Id.

[61] Audit firms review the exemption reports and make inquiries about the broker-dealer's controls necessary to maintain compliance with the exemption provisions. The PCAOB staff identified deficiencies 38 of the 74 selected review engagements. Id

[62] The PCAOB staff identified deficiencies concerning risk of material misstatement due to fraud in 38% of the audit engagements. Id.

The PCAOB staff identified 5 deficiencies in the area of communications about control deficiencies out of 106 audits reviewed. Id.

[63] The PCAOB staff identified 5 deficiencies in the area of auditor independence out of the 29 audits reviewed. Id. ("Firms assisted in the preparation of broker-dealer financial statements and supplemental information, which impaired their independence. Assistance by the auditor with the preparation of financial statements and supplemental information being audited is not a permissible service as prescribed by Rule 2-01(c)(4)(i) of Regulation S-X.").

[64] Bill Gradison, supra note 22 ("For those broker-dealers not permitted to handle customer cash or securities, a well-executed audit would help to confirm that these broker-dealers are not handling such cash or securities or potentially misappropriating customer funds.").

[65] See 15 U.S.C. § 7214(c); Id. § 7215(b)(4); Id. § 7215(b)(5).

[66] See Inspection of Registered Public Accounting Firms, PCAOB Release No. 2003-019 (Oct. 7, 2003) (available at https://pcaobus.org/Rulemaking/Docket%20006/Release2003-019.pdf)

("While Section 104(c) requires the Board to report such information to the Commission and the appropriate state regulatory authority, other parts of the Act, such as Section 105(b)(5), clearly contemplate that the Board is permitted to make information from its inspections available to other regulatory authorities. Similarly, other parts of the Act, such as Section 105(b)(4), clearly contemplate that the Board is permitted to make referrals to other regulatory authorities.").

[67] — Mark Twain, Mark Twain – Quotes, Goodreads (available at https://www.goodreads.com/quotes/33155-a-clear-conscience-is-the-sure-sign-of-a-bad).

[68] Inspections began in 2011. See supra note 46 ("The program commenced in August 2011 in response to the Board's new authority with respect to inspections, standards-setting, investigations, and disciplinary proceedings over auditors of brokers and dealers provided in the Dodd-Frank Wall Street Reform and Consumer Protection Act").

[69] The PCAOB has recently added a new section to the public portion of the inspection report that reveals a number of instances where audit firms did not comply with our rules that were unrelated to the sufficiency and appropriateness of audit evidence or ICFR testing. See J. Robert Brown, Jr., Board Member, PCAOB, Seeing Through the Regulatory Looking Glass: PCAOB Inspection Reports, CFA Institute's Corporate Disclosure Policy Council and Capital Markets Policy Council, Virtual (July 23, 2020) (available at https://pcaobus.org/News/Speech/Pages/Brown-Seeing-Through-Regulatory-Looking-Glass-PCAOB-Inspection-Reports.aspx).

[70] The reports are posted on the PCAOB website. See Firm-Inspection Reports, PCAOB (available at https://pcaobus.org/Inspections/Reports/Pages/default.aspx).

[71] See supra note 52 ("Some commenters suggested that the Board include in the report sufficient details on the nature and types of brokers and dealers inspected and group the inspection observations based on these classifications to help public accounting firms understand the specific issues identified in the report. The Board will take those suggestions into consideration when preparing the progress reports.").

[72] The Statement of Financial Condition must be included in the public portion of the broker-dealer's annual report. See 17 C.F.R § 240.17a-5(d). Specific inspection reports could provide insight into audit quality with respect to this financial disclosure.

[73] Although we are operating under an "interim" rule, the provision would permit this innovation. See supra note 52 ("As with firms that audit brokers or dealers but not issuers, the Board, absent unusual circumstances, would not incorporate any evaluation of the firm's broker and dealer practice into the public portion of a firm-specific report before the report on the first inspection of the firm that occurs after a permanent program takes effect and would not include observations from the interim program procedures in the nonpublic portion of any such report.").

[74] See Rule 4020T(d) ("No less frequently than every twelve months, beginning twelve months after the date this rule takes effect and continuing until rules for a permanent program of inspection in connection with audits of brokers and dealers take effect, the Board will publish a report that describes the progress of the interim program, including data about the number of registered public accounting firms and the number of broker or dealer audits that have been subjected to inspection procedures and any significant observations from those procedures.").

[75] See Proposed Temporary Rule for an Interim Program of Inspection Related to Audits, PCAOB Release No. 2010-008, at 11, n.21 (Dec. 14, 2010) (available at https://pcaobus.org/Rulemaking/Docket032/PCAOB_Release_2010-008.pdf) (noting that the interim rule would not "necessarily preclude the Board from issuing a firm-specific inspection report on, or including, inspection observations from the interim program before a permanent program takes effect.").

[76] See supra note 52 ("The Board intends for inspection procedures performed on a firm as part of the interim program to constitute a foundational portion of the first inspection of the firm's audit practice related to brokers and dealers, which would be completed after a permanent program is established. This means that, for firms that audit brokers or dealers but not issuers, the Board does not expect to issue a firm-specific inspection report unless and until a permanent program replaces the interim program, the firm is included in the scope of the permanent program, and the firm has been inspected under the permanent program. Unusual circumstances, however, could give rise to exceptions. As a precaution in light of that possibility, the Board has incorporated in the final version of Rule 4020T the provisions of PCAOB Rule 4007, Procedures Concerning Draft Inspection Reports, PCAOB Rule 4008, Procedures Concerning Final Inspection Reports, and PCAOB Rule 4009, Firm Response to Quality Control Defects.").

[77] For the audits of these broker-dealers, the inspection process and any subsequent report should, therefore, focus primarily on the effectiveness of the audit with respect to the detection of fraud, including the misappropriation of customer assets, and compliance with the financial responsibility rules.

[78] In putting in place the interim program, the Board opted not to disclose the identity of the broker-dealers. See supra note 52 ("As is typical of Board inspection reports, consistent with restrictions imposed by the Act, the reports will not identify brokers or dealers the audits of which are the subject of observations described in the report. As is also typical of general Board reports collecting observations from numerous inspections, the reports will not identify the registered public accounting firm or firms to which the observations relate."). Given our experience, that decision should be reexamined. See supra note 69.

[79] At a minimum, we could use a more granular breakdown of deficiency rates. Right now we mostly provide data based upon whether the audit is for a broker-dealer subject to the customer protection rule or not. We could, for example, break the data down by a broader set of categories (for example, based upon categories that divide firms by the number of broker-dealers audited).

[80] Concept Release: Potential Approach to Revisions to PCAOB Quality Control Standards, PCAOB Release No. 2019-003 (Dec. 17, 2020) (available at https://pcaobus.org/Rulemaking/Docket046/2019-003-Quality-Control-Concept-Release.pdf).

[81] See J. Robert Brown, Jr., Board Member, PCAOB, Maintaining Investor Trust: Independent Oversight in the System of Quality Control, Massachusetts Public Employee Retirement Administration Commission (Sept. 17, 2020) (available at https://pcaobus.org/News/Speech/Pages/Brown-Maintaining-Investor-Trust-Independent-Oversight-System-Quality-Control.aspx) (discussing differences in approach to standards between investors and audit firms).

[82] Id. The standard was written in the era of self-regulation and adopted by the PCAOB in 2003 on an "interim" basis.

[83] Indeed, there have been some instances where standards applicable to issuer audits do not function in the same manner with respect to broker-dealer audits. For example, audit firms are required to communicate certain specified information to audit committees of their clients or, in the absence of an audit committee, to the full board. See AS 1301. For most listed companies, only independent directors can serve on audit committees and must have boards with a majority of independent directors. Many broker-dealers, however, do not have audit committees and some may lack boards of directors. In such cases, the communications should be made to the "person(s) who oversee the accounting and financial reporting processes of the entity and [the] audits of the financial statements of the entity. . . " See Appendix A, AS 1301.A2.

[84] See supra note 80, at 13 ("Should a future PCAOB QC standard have additional or alternative requirements for firms that audit brokers and dealers? If so, what?").

[85] Letter from PwC to PCAOB, PCAOB Release No. 2019-003, Rulemaking Docket Matter No. 046, Concept Release- Potential Approach to Revisions to PCAOB Quality Control Standards (Mar. 16, 2020) (available at https://pcaobus.org/Rulemaking/Docket046/030_PwC.pdf) ("We do not see a need for additional or alternative requirements for firms that audit brokers and dealers, or issuers in specialized industries."); Letter from Deloitte & Touche LLP to PCAOB, PCAOB Release No. 2019-003, Rulemaking Docket Matter No. 046, Concept Release- Potential Approach to Revisions to PCAOB Quality Control Standards (Mar. 16, 2020) (available at https://pcaobus.org/Rulemaking/Docket046/031_DT.pdf) ("Application of a risk-based approach within a system of quality control inherently encompasses industry specific considerations, including those considerations related to audits of brokers and dealers."); Letter from MAZARS to PCAOB, PCAOB Release No. 2019-003, Rulemaking Docket Matter No. 046, Concept Release- Potential Approach to Revisions to PCAOB Quality Control Standards (Mar. 16, 2020) (available at https://pcaobus.org/Rulemaking/Docket046/029_MAZARS_US.pdf) ("No incremental or alternative requirements are needed for firms that audit broker dealers. The objective for audit quality is the common goal across all industries, therefore, one scalable revised PCAOB QC standard is adequate and ideal."); Letter from Crowe to PCAOB, PCAOB Release No. 2019-003, Rulemaking Docket Matter No. 046, Concept Release- Potential Approach to Revisions to PCAOB Quality Control Standards (Mar. 16, 2020) (available at https://pcaobus.org/Rulemaking/Docket046/025_Crowe.pdf) ("Therefore, we do not believe it is necessary for alternative or additional requirements to be implemented as part of a future PCAOB QC standard for firms that audit broker dealers."); Letter from Moss Adams to PCAOB, PCAOB Release No. 2019-003, Rulemaking Docket Matter No. 046, Concept Release- Potential Approach to Revisions to PCAOB Quality Control Standards (Mar. 16, 2020) (available at https://pcaobus.org/Rulemaking/Docket046/023_Moss_Adams.pdf) ("The principles of any risk based system of quality management should have broad applicability across all engagements and allow firms to tailor elements of its system to address any specified risks based on the unique operating characteristics of a given industry. We do not believe a future PCAOB QC standard needs to have additional or alternative requirements for firms that audit brokers and dealers."); Letter from EY to PCAOB, PCAOB Release No. 2019-003, Rulemaking Docket Matter No. 046, Concept Release- Potential Approach to Revisions to PCAOB Quality Control Standards (Mar. 16, 2020) (available at https://pcaobus.org/Rulemaking/Docket046/021_EY.pdf) ("We do not believe any future PCAOB quality control standard should have requirements that apply only to broker-dealers. We believe a QC standard that is risk-based could be appropriately tailored regardless of the type of audit."); Letter from KPMG to PCAOB, PCAOB Rulemaking Docket No. 46: Concept Release: Potential Approach to Revisions to PCAOB Quality Control Standards (Mar. 16, 2020) (available at https://pcaobus.org/Rulemaking/Docket046/020_KPMG.pdf) ("No additional or alternative requirements should be added for firms that audit brokers and dealers. A properly designed and implemented system of quality control under a principles-based standard should be scalable to various firms' structures and composition. The requirements in the standard itself should not be driven by the industries of the issuers that a firm serves."); Letter from Grant Thornton to PCAOB, PCAOB Release No. 2019-003, Rulemaking Docket Matter No. 046, Concept Release- Potential Approach to Revisions to PCAOB Quality Control Standards (Mar. 16, 2020) (available at https://pcaobus.org/Rulemaking/Docket046/017_GT.pdf) ("Further, we are of the view that additional or alternative requirements for firms that audit brokers and dealers are unnecessary. We believe a system of quality control applies to audit and attest engagements, regardless of industry, and a set of quality control standards that is risk- and principles-based will enable firms to identify industry-specific risks, as appropriate, and respond based on the assessed level of risk."); Letter from Baker Tilly to PCAOB, PCAOB Release No. 2019-003, Rulemaking Docket Matter No. 046, Concept Release- Potential Approach to Revisions to PCAOB Quality Control Standards (Mar. 16, 2020) (available at https://pcaobus.org/Rulemaking/Docket046/011_Bakertilly.pdf) ("We do not believe this is necessary or desirable. The differences related to brokers and dealers relate primarily to reporting issues (attestation) and should be handled in the audit and attest standards."); Letter from RSM US LLP to PCAOB, PCAOB Release No. 2019-003, Rulemaking Docket Matter No. 046, Concept Release- Potential Approach to Revisions to PCAOB Quality Control Standards (Mar. 13, 2020) (available at https://pcaobus.org/Rulemaking/Docket046/009_RSM-US-LLP.pdf) ("We do not believe it is necessary or appropriate for a future PCAOB QC standard to have additional or alternative requirements for firms that audit brokers and dealers or for firms that audit companies in any other specialized industry. We do not believe there are foundational QC system differences for audits in any particular industry. A future PCAOB QC standard should be principles-based and scalable, driving risk assessments – not dictating responses – by individual firms. Using such an approach, upon performing its risk assessment, an individual firm may determine, for example, that, to have an effective system of quality control, additional tools or training requirements are needed for auditors of broker-dealers (or other specialized industries).").

[86] Any other Federal functional regulator (as defined in section 509 of the Gramm-Leach-Bliley Act (15 U.S.C. § 6809)), in the case of an investigation that concerns an audit report for an institution that is sub­ject to the jurisdiction of such regulator.

[87] PCAOB Rule 5108(a)(2)(a).

[88] 15 U.S.C. § 7214(g); Id. § 7215(b)(4); Id. § 7215(b)(5).

[89] Id. § 7201(a)(1).

[90] Department of Regulatory Affairs, State of Colorado (available at https://www.dora.state.co.us/templates/doratemplatewithnavig.dwt).

[91] For example, in New Jersey, both the State Board of Accountancy and the Bureau of Securities are in the New Jersey Division of Consumer Affairs in the Office of the Attorney General. Office of the Attorney General, The State of New Jersey (available at https://nj.gov/oag/). In Michigan, the State Board of Accountancy is in the Department of Licensing and Regulatory Affairs, which is responsible for the regulation of securities. Department of Licensing and Regulatory Affairs, Michigan.gov (available at https://www.michigan.gov/lara/0,4601,7-154-89334_72600_72602_72731_72855---,00.html).

[92] — Mark Twain

Quotes From Twain, Mark Twain Performs (available at http://marktwainperforms.com/quotes.html).

[93] You can email me at brownj@pcaobus.org.

[94] If you send written correspondence, ask us to post what you send and any response if you believe it appropriate. The PCAOB is not subject to many of the disclosure obligations applicable to government agencies, including the Freedom of Information Act. See J. Robert Brown, Jr., Board Member, PCAOB, Grading the PCAOB: Transparency, Accountability and Investor Protection, Fall Conference of the Council of Institutional Investors, Minneapolis, MN (Sept. 17, 2019) (available at https://pcaobus.org/News/Speech/Pages/Brown-Grading-the-PCAOB-Transparency,-Accountability-and-Investor-Protection.aspx). As a result, we typically do not post letters sent to the PCAOB, except in specified circumstances such as rulemaking.