Enforcement News: KPMG Agrees to Pay A $50 Million Penalty for Improper Use of Confidential PCAOB Data and Information

• Posted on: Jun 24 2019

On June 17, 2019, the Securities and Exchange Commission (“SEC” or the “Commission”) announced (here) that KPMG LLP (“KPMG”) agreed to settle charges that it altered prior audit work after receiving information about inspections of the firm by the Public Company Accounting Oversight Board (“PCAOB”). 

In connection with the settlement, KPMG agreed to pay a $50 million penalty and comply with a set of remedial measures to prevent the conduct at issue, including retaining an independent consultant to review and assess the firm’s ethics and integrity controls and its compliance with various undertakings.

“High-quality financial statements prepared and reviewed in accordance with applicable accounting principles and professional standards are the bedrock of our capital markets.  KPMG’s ethical failures are simply unacceptable,” said SEC Chairman Jay Clayton.  “The resolution the Enforcement Division has reached holds KPMG accountable for its past failures and provides for continuing, heightened oversight to protect our markets and our investors.”

“The breadth and seriousness of the misconduct at issue here is, frankly, astonishing,” said Steven Peikin, Co-Director of the SEC’s Enforcement Division. “This settlement reflects the need to severely punish this sort of wrongdoing while putting in place measures designed to prevent its recurrence.”

“This conduct was particularly troubling because of the unique position of trust that audit professionals hold,” said Stephanie Avakian, Co-Director of the SEC’s Enforcement Division. “Investors and other market professionals rely on these gatekeepers to fulfill a critical role in our capital markets.”

Last year, the SEC alleged that former senior members of KPMG’s Audit Quality and Professional Practice Group – which is responsible for the firm’s system of quality control – improperly obtained and used confidential data and information belonging to the PCAOB to detect audit deficiencies at the firm.  The data and information obtained included lists of the specific audit engagements the PCAOB planned to inspect, the criteria the PCAOB used to select engagements for inspection, and the focus areas of the inspections. According to the SEC, those now-former partners sought and obtained the PCAOB data and information to address KPMG’s high rate of audit deficiency findings in prior inspections. Armed with the information and data, those partners oversaw a program to review and revise certain audit work papers after the audit reports had been issued to reduce the likelihood of deficiencies being found during inspections. [Ed. Note: This Blog wrote about the matter here.]

In addition, the SEC announced that numerous KPMG audit professionals were found to have cheated on internal training exams by improperly sharing answers and manipulating test results. The exams at issue related to continuing professional education and training mandated by a prior SEC order finding audit failures.  According to the SEC, those professionals, which included engagement partners, not only sent exam answers to other partners, but also solicited answers from and sent answers to their subordinates.

After discovering the training-related misconduct, KPMG reported the matter to Commission staff and appointed a Special Committee of its Board of Directors to oversee an internal investigation. The Special Committee retained an outside law firm to investigate the extent of such conduct within the past three years and recommend employment actions to KPMG management as appropriate.

Further, the SEC found that certain KPMG audit professionals manipulated an internal server hosting training exam to lower the score required for passing.  By changing a number embedded in a hyperlink, those professionals manually selected the minimum passing scores required for exams.  According to the SEC, at times, audit professionals achieved passing scores while answering less than 25 percent of the questions correctly.

“The sanctions will protect our markets by promoting an ethical culture at KPMG,” said Melissa Hodgman, Associate Director of the SEC’s Enforcement Division.  “To that end, KPMG will take additional remedial steps to address the misconduct and further strengthen its quality controls, all of which will be reviewed and assessed by an independent consultant.”

In addition to paying a $50 million penalty, KPMG is required to evaluate its quality controls relating to ethics and integrity, identify audit professionals who violated ethics and integrity requirements in connection with training examinations within the past three years, and comply with a cease-and-desist order.  The SEC’s order requires KPMG to retain an independent consultant to review and assess the firm’s ethics and integrity controls and its investigation.

Notably, KPMG admitted the facts in the SEC’s order. It also acknowledged that its conduct violated a PCAOB rule requiring the firm to maintain integrity in the performance of a professional service and provides a basis for the SEC to impose remedies against the firm pursuant to Sections 4C(a)(2) and (a)(3) of the Securities Exchange Act of 1934 and Rules 102(e)(1)(ii) and (iii) of the Commission’s Rules of Practice.

A copy of the SEC Order can be found here.

Tagged with: PCAOB, SEC Enforcement Proceedings, Securities, Securities and Exchange Commission