Out-Law Analysis | 21 Jul 2022 | 1:29 pm | 6 min. read
Long-term uncertainty over the application of legal professional privilege (LPP) to documents held by UK auditors should cause businesses to think carefully about what privileged information they need to disclose to their auditors, and how they disclose it.
The UK government recently confirmed that it will not press ahead with plans to give the new Audit, Reporting and Governance Authority (ARGA) statutory powers to override audit clients’ LPP, for now at least. However, there remains uncertainty over how the government will balance the need for effective regulation of, and the application of LPP in, the audit market in the longer-term.
The UK government published a white paper in March 2021, which outlined proposed reforms to strengthen the UK’s audit, corporate reporting and corporate governance systems. The aim of the government’s ongoing work in this area is to improve the quality, accuracy and reliability of the information published by the largest companies, but some of the far-reaching regulatory measures proposed were controversial.
One of the issues raised by the government in the white paper was the fact that it is not possible for the audit regulator – currently the Financial Reporting Council (FRC) – to require production of, in the exercise of its supervisory functions, documents covered by LPP belonging to an audited company in the UK, which have been provided to and reviewed by the company’s external auditor for the purposes of carrying out its audit. This might include documents containing legal advice or otherwise created for the purpose of litigation.
In its white paper, the government asked whether consultees agreed that this lack of access on the part of the regulator was “problematic”. While the question was posed in fairly open terms, it caused concern that, as and when the FRC is replaced with ARGA, ARGA may be given increased statutory powers to override audit clients’ LPP.
In May this year the government published its response to the March 2021 white paper. Many auditors, legal professionals, and audit clients will welcome the fact that the government has noted the concerns raised in response to the consultation question on privilege, and seemingly decided to abandon – at least for now – any proposed strengthening of ARGA’s powers to access privileged documents, in favour broadly of maintaining the status quo.
However, tensions are likely to continue to arise between client, auditor and regulator over access to an audit client’s privileged documents shared with the auditor in the course of its external audit, and therefore there remains a need for clients and auditors alike to exercise caution in the handling of privileged material in the context of an audit.
The FRC has long been frustrated that its ability to exercise its supervisory functions are, as it sees it, impeded by auditors withholding their clients’ documents on the basis of those clients’ LPP. It is a matter of professional and contractual duty for auditors to withhold such documents from the regulator absent the client’s consent or a court order.
In 2020, the Court of Appeal in England and Wales, in a case involving Sports Direct International plc and the FRC, confirmed that the limited waiver of privilege under which Sports Direct shared privileged material with its auditors should not be extended so as to enable the FRC to access those documents for the benefit of its investigation into the external auditors. The message was clear: the courts are mindful to uphold the rule of law in ensuring the principle of LPP is kept intact.
Section 9.4 of the government’s white paper endorsed the Court of Appeal’s judgment in the Sports Direct case to some extent by emphasising the importance of LPP “as an indispensable component of an effective and fair justice system”. However, it also raised the spectre of new laws enabling the audit regulator to access material in the possession of the audit firm in respect of which the audit client is entitled to the benefit of privilege. The concern was that the regulator needs such information to investigate properly the external audits of companies where auditors have relied on the audited entity’s privileged material in reaching their opinion. Access would, some argued, enable a more accurate assessment of the auditor’s compliance with relevant regulatory requirements.
Respondents to the consultation, particularly legal professionals, emphasised that LPP was a fundamental cornerstone of the UK legal system. For example, the joint response submitted by the City of London Law Society (CLLS) and Law Society of England & Wales pointed out that even criminal prosecutors are not entitled to compel disclosure of communications protected by LPP, and highlighted the risk that privileged information in the hands of a regulator may come into the public domain and so lose the protection of privilege altogether, potentially leading to collateral litigation and investigations.
Some respondents, including audit firms, business representative groups and, notably, the Law Society and CLLS, suggested that inroads into LPP might have a chilling effect on companies’ willingness, going forward, to share privileged materials with their auditors, thereby reducing the quality of audit.
In responding to the concerns raised, the UK government recognised that it would be challenging to come to a resolution that does not dilute the principle of LPP whilst still being workable on a practical level. As such, at this moment in time, it appears unlikely that the government will go ahead with any proposals to enact statutory overrides enabling ARGA to access audit clients’ privileged documents.
However, the government response continues to emphasise the potential for issues to arise where privileged documents shared with an auditor are not made available to the regulator. The government has encouraged legal and audit professionals to work with the regulator to resolve any issues that arise from instances where privileged documents shared with the auditor are not available to the regulator’s quality review and enforcement system.
For example, the government suggests that, should an auditor who cannot share documents find it hard to demonstrate the quality of their audit to the regulator, persuading its client to provide access to such documents via a secured data room could be a viable alternative. The rationale is that this would allow the regulator to see the documents but not retain copies.
If privilege and lack of access to audit documents continue to present problems, the government has said that it would expect this to be raised as part of its planned post-implementation review following the introduction of ARGA and other reforms in this area.
The government’s corporate governance and audit market reforms continue to move forward – the latest development is the publication of a position paper by the FRC that details the work it intends to undertake to support reform prior to the introduction of new legislation.
At this stage of the reform process, however, the government’s proposals in respect of LPP in the audit market leave considerable scope for tension between ARGA, which is likely to want as comprehensive documentary disclosure as possible from auditors it is investigating; audit clients, who will generally be concerned to restrict access to their privileged information as much as possible and may well not be comfortable with it being shared with their auditors’ regulators; and auditors, who may find themselves ‘between a rock and a hard place’ as they strive to comply with their duties to both their clients and their regulator.
Whether this is likely to be problematic will depend on the audit in question and the client’s attitude to the protection of their LPP. It is important therefore that the context of each case is considered.
Even proposed solutions such as providing a regulator with access to privileged material via a secure data room may lead to some loss of control by the audited entity over their privileged material – for example, because regulators may take notes about what they have seen. At the very least, it could lead to concern on the part of businesses and therefore an unwillingness to agree to this course of action. Auditors may find themselves having to engage in ever more complex and costly privilege reviews and redaction exercises as they seek to navigate a course which is as acceptable as possible to all stakeholders while managing their own audit risk.
It may well be, therefore, that – as the government response foreshadows – this issue will be revisited in due course, with a view to developing more concrete practical suggestions which balance the need for efficiency in the regulation of statutory audit with upholding the sanctity of LPP.
It would be unfortunate if the ongoing possibility of future reform in this area has an unintended effect on an audited entity’s willingness and capacity to be transparent with its auditor, and in turn the auditor’s ability to audit effectively. However, it has always been, and remains, prudent for businesses to think carefully about what privileged information they need to provide to their auditors and how that information is provided.
There may, for example, be circumstances where highly sensitive information can appropriately be shared with auditors in a way which keeps it closely under the control of the audited entity, for example by showing auditors material without handing over a copy which is then committed to the auditors’ document management systems. Legal advice on an appropriate practical approach should be sought if in doubt.