KPMG signed up to a Corporate Governance Code for Chartered Accountants How well did this protect it against the illegal actions of one of its partners?
KPMG earlier this month resigned as auditor of two Californian public companies, Herbalife and Skechers, saying that its independence had been compromised. This followed the revelation that its senior audit engagement partner for these clients had admitted to passing confidential information about these companies to a golfing friend, who then traded on the “inside” information. KPMG consequently withdrew its audit reports for Herbalife for the preceding three years and for Skechers for the preceding two years due to the “impairment” of its independence.
The KPMG Corporate Governance Background
What has this got to do with Corporate Governance? Well, in January 2010 the “Big Four” accounting firms signed up to something called The Audit Firm Governance Code and John Griffith-Jones, then Senior Partner of KPMG, was a member of the Working Group which drew up the Code. This Code mirrored the UK Corporate Governance Code for listed companies and its declared purpose was “to provide a formal benchmark of good governance practice against which firms which audit listed companies can report for the benefit of shareholders in such companies”. The benefits were held to include “…helping to reduce the risk of a firm exiting the market for large audits because it has lost public trust.” Additional roles for the Code included “enhance the stature of firms as highly visible exemplars of best practice governance” and “encourage changes in governance which improve the way that firms are run”.
One of the key features of the Code is the recommended appointment, by firms, of independent non-executives, recognising the degree to which audit is already significantly regulated and “reflecting the belief that regulation is not a substitute for effective governance, and that good governance complements regulation in promoting audit quality”. The Code suggests that audit firms “often share operations, brands and reputations with businesses that are subject to little or no regulation and this can pose significant risks to the reputation and continuing existence of the firm including its audit practice. The Code envisages independent non-executives playing a role in helping to address those risks, as well as enhancing confidence in firms’ decision making….” This is a clear reference to the demise of Arthur Anderson and the hope that this Code would reduce the risk of the “Big Four” being reduced to the “Big Three”.
In Section D of the Code addressing Operations, Principle D2 deals with Risk Management. It states “a firm should maintain a sound system of internal control and risk management over the operations of the firm as a whole to safeguard the owners’ investment and the firm’s assets”.
The Audit Firm Governance Code was applied to the Big Four accounting firms with effect from 1 June 2010, and in December 2010 KPMG announced the appointment of three independent non-executives. These were, naturally, drawn from the ranks of the great and good with impeccable pedigrees. Sir Steve Robson was a former Second Permanent Secretary in the UK Treasury, Tom De Swaan was a former member of the managing board and chief financial officer at ABN AMRO Bank, and Dr Alfred Tacke was a former Director General at the Ministry of Economics in Berlin. Rolf Nonnenmacher and John Griffith-Jones, Joint Chairmen of KPMG Europe LLP, are quoted as saying: “…These are significant new appointments which we believe will provide a strong additional benchmark against which to assess the governance and risk management of our ELLP operations. We want to take the opportunity to use the expertise of our new non-executives on a pan European basis, thereby helping us with our own integration. We hope the investor community will respond positively as we seek to support the professional and ethical way in which we manage our businesses. We believe that building even stronger two-way relationships with the major investor groups is important to support additional public confidence in financial reporting and governance.”
KPMG US scandal
Scott London was a KPMG “lifer” joining KPMG after graduating in 1984 with a degree in accountancy from California State University. He appears to have been a sound, well respected and effective employee who rose steadily through the firm and established himself as a popular and well-regarded member of the local community. He was the senior partner in charge of the client relationships with Herbalife and Skechers, amongst other clients, and ran these audits for a number of years. He became friends, apparently though golf, with Bryan Shaw, who was running a family jewellery business, and the relationship grew ever closer from 2007 onwards. The story appears to be that Mr Shaw’s business hit trouble after the 2008 financial crisis and Mr London felt impelled, as a friend, to do something to help him out.
Unfortunately, the method he appears to have chosen was to give his friend privileged information regarding the financial results of his quoted company clients, presumably in the knowledge that his friend would benefit financially from this. He denies knowing from the beginning that Mr Shaw was trading in these shares prior to publication of the results, but the relationship seems to have settled fairly soon into a pattern. Mr London gave confidential information to Mr Shaw, Mr Shaw made profits from insider trading and Mr London received a proportion of those profits.
By mid-2012 the authorities had Mr Shaw in their sights and, though the pair ceased trading for the next few months, when they recommenced in early 2013, the FBI pounced on Mr Shaw. Mr Shaw was allowed to continue his conversations with Mr London, but under the surveillance of the FBI and in March they called on Mr London and told him the game was up. In early April Mr London is reported as confessing to the FBI, the SEC and prosecutors and his lawyer told KPMG, who promptly fired him. He had been with the firm for twenty nine years.
KPMG then had to sort out the immediate ramifications and promptly resigned as auditors of the two clients in whose shares Mr Shaw had been trading. Presumably on the basis of the years whose results had been leaked by Mr London, they further withdrew their audit reports on the grounds that the independence of their relationship had been “impaired” as they put it. The firms concerned were then put in a difficult position and stressed that they stood by the declared results and nothing in the audit reports or related statements indicated any criticism of their firms. They are both now seeking replacement auditors.
Implications for KPMG
KPMG has clearly taken a hit to its reputation as this story has gone round the globe. It may seem unfair, since the firm did not benefit financially or in any other way from the episode. Nevertheless, if we look back at the section above relating to the Audit Firm Governance Code, to which its then senior partner was a founder signatory, there are surely questions to be asked. Here are some suggestions:
- Anyone who has ever been involved in auditing public companies knows that the temptation exists to profit from inside information. Principle D2 of the Code signed by John Griffith Jones addresses risk management
- what were KPMG’s internal controls to guard against the unprofessional but clearly foreseeable risk that one of its staff would leak valuable information?
- why did it take so long for the criminal behaviour to be discovered?
- why was it discovered by outside bodies rather than by tight internal controls?
- The appointment of independent non-executives was held by the Code to protect against guilt by association with unprincipled clients; this case inverts this problem, so
- what role were the non-execs playing, or expected to play here, to justify their fees?
Implications for the big 4 audit firms
The Code is supposed to prevent bad behaviour, not simply to provide cover after something goes wrong on the basis that the right rules were in place but one renegade ignored them, so the firm cannot be held responsible. In this case, the wall has been breached and reputation damaged by a relatively minor infringement. As a prime signatory and supporter of the Code, what would the current management of KPMG think about the whole edifice of the Code? Is it anything more than a Maginot Line against a major infringement? And if it is as vulnerable against a minor infringement like this, how useful would it be to protect the existence of the Big Four when, not if, another Enron comes along?