SUP 3A.10 Review of auditor’s safeguarding report

A relevant institution should ensure that:

1. (1) it considers the draft safeguarding report provided to the institution by its auditor in accordance with SUP 3A.9.10R(1) in order to provide an explanation of:

2.     (a) the circumstances that gave rise to each of the breaches identified in the draft report; and

3.     (b) any remedial actions that it has undertaken or plans to undertake to correct those breaches; and

4. (2) the explanation provided in accordance with (1):

5.      (a) is submitted to its auditor in a timely fashion and in any event before the auditor is required to deliver a report to the FCA in accordance with SUP 3A.9.7R; and

6.      (b) is recorded in the relevant field in the draft report submitted to it by its auditor.

A relevant institution must ensure that the final safeguarding report delivered to it in accordance with SUP 3A.9.10R(2) is reported to the institution’s governing body.

The FCA expects a relevant institution to use the safeguarding report as a tool to evaluate the effectiveness of the systems it has in place for the purpose of complying with the requirements in SUP 3A.9.2R. Accordingly, a relevant institution should ensure that the report is integrated into its risk management framework and decision-making.

SUP 3A.4.2R provides that a relevant institution must take reasonable steps to ensure that its auditor has the required skill, resources and experience to perform its functions. The FCA expects a relevant institution to keep under review the adequacy of the skill, resources and experience of its auditor and critically assess the content of the safeguarding report as part of that ongoing review.