The opinions expressed here are those of the authors. They do not necessarily reflect the views or positions of UK Finance or its members.

Any such platform needs to apply rigorous validation and encryption processes to protect clients’ sensitive data and ensure that banks and auditors meet – and exceed –  their industries’ security standards.

Advanced tech solutions must also encapsulate business requirements as they evolve over time. Business analysts working in this environment have to acquire a detailed understanding of how auditors verify the financial information provided by their clients. 

A well-run digital process also relies on a wider context – clear regulatory frameworks that impose high levels of probity on member firms. 

Managing the risk of financial crime

Regulatory standards in banking have developed extensively over the past 20 years, initially under the Financial Services Authority and – since the 2012 Financial Services Act – through the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA). 

Neither authority explicitly mandates how banks respond to audit confirmation requests, but the wider regulatory environment dictates the prompt and accurate disclosure of audit evidence. 

We share their ambition to encourage transparent, efficient financial markets and promote integrity and accountability – and above all, to control risk and eliminate fraud. 

Where encouragement is not enough, enforcement takes over. For example, in July 2023, the PRA imposed a heavy fine on a major bank for “significant failures in risk management and governance”, leaving the bank exposed to fraudulent losses through an “unsound risk culture”. 

In March, the FCA issued a general warning about banks’ shortcomings in financial crime controls, including “a failure to risk-assess their own or their customers’ activities” in respect of money laundering. Its publication followed fines imposed on global banks and others for non-compliance with anti-money laundering legislation.

In August, the FCA broke new ground by sanctioning an auditor, in this instance for “failing to alert the FCA to suspected fraudulent activity”. In the words of the FCA’s Andrea Bowe, the case established a precedent that withholding “potentially vital information can lead to enforcement action”.

Supervising the audit profession

Auditors are more directly subject to the UK’s Financial Reporting Council (FRC), which publishes and enforces standards for the audit, accountancy and actuarial professions. 

Handling digital confirmations is addressed in the FRC’s longstanding and recently revised International Standard on Auditing (UK) 505. Its emphasis on the “techniques for validating the identity of a sender of information in electronic form”, including  “encryption and electronic digital signatures”, encapsulates a vital aspect of our work.

Along with many other interested parties, we made detailed submissions to the FRC in response to their Invitation to Comment on draft revisions to ISA (UK) 505. This was because exacting standards are crucial to industry participants’ shared mission – increased audit quality. 

The FRC has legal powers to impose sanctions on auditors when their practice  falls below the required level  – as in many decided cases such as Carillion, London Capital and Finance, and Serco.

The breaches identified in these judgments include a lack of professional scepticism and a failure “to consider and respond to the risk of fraud”, critical omissions when it comes to auditing financial statements.

Pursuing shared goals of data security and fraud detection

It is in banks’ as well as auditors’ interests to comply with FRC standards, for example in responding to audit confirmation requests accurately and securely. In doing so, they minimise the risk of loss to themselves and their clients, and ensure more efficient financial transactions. 

The frameworks constructed by the PRA, FCA and FRC have similar aims to digital confirmation platforms – facilitating the rapid, secure communication of data between market participants, and combating the dangers of financial crime. 

Thomson Reuters Confirmation is the leading digital platform and global network for confirming financial data.