SEC Charges Royal Bank of Canada with Internal Accounting Controls Violations. Penalty? A $6 million fine...

SEC Charges Royal Bank of Canada with Internal Accounting Controls Violations.
SEC Charges Royal Bank of Canada with Internal Accounting Controls Violations.

Wut Mean?:

  • Royal Bank of Canada had internal accounting control deficiencies in accounting for internally developed software (IDS) costs from 2008 to 2020.
  • Despite the growth in IDS spending, the bank's control environment development lagged.
    • These deficiencies impacted the bank's cost capitalization accounting for IDS projects.
    • The bank used a single capitalization rate for certain IDS project costs without a proper mechanism to determine the correct rate.
    • As a result, the bank capitalized some costs that were not eligible for capitalization according to standard accounting practices.
  • The bank also lacked adequate internal controls to detect impairment indicators and to initiate amortization when assets were ready for use.
  • Consequently, certain capitalized IDS assets were carried on the balance sheet that should have been impaired or amortized over their useful life.

Wut Mean?:

  • Internally Developed Software (IDS) is software created internally by a firm instead of being purchased from an external provider.
  • Under International Accounting Standard 38 (IAS 38), certain costs incurred in creating an IDS application can be capitalized as an intangible asset and amortized over its estimated useful life.
  • To be classified as an intangible asset under IAS 38, the IDS must provide probable future economic benefits and its development cost must be reliably measurable.
  • Costs outside of the development phase, such as maintenance or decommissioning costs, must be expensed according to IAS 38.
  • The costs associated with developing IDS typically include employee salaries, benefits, and third-party contractor fees, but not all these costs are eligible for capitalization.
  • Costs incurred during the "research phase" of an IDS project must be expensed, while those in the "development phase" can be capitalized.
  • International Accounting Standard 36 (IAS 36) mandates entities to assess at the end of each reporting period whether there are indications that assets, including IDS, may be impaired.
  • IAS 36 lists indicators of impairment, such as the risk of asset obsolescence.
  • If an asset's carrying amount exceeds its recoverable amount, it must be written down to the recoverable amount, which is to zero if the IDS application is no longer in use.

Wut Mean?:

  • During the relevant period, Royal Bank of Canada's IDS accounting, including capitalization, aimed to align with International Accounting Standards 38 and 36.
  • Royal Bank of Canada's process for capitalizing IDS project costs varied based on the Canadian dollar-value of the project. Projects over CAD $5 million (later increased to CAD $10 million in 2020) were considered "large program" projects and individually assessed for capitalization eligibility.
  • Smaller projects, initially under CAD $5 million and later under CAD $10 million, were grouped using the "Pool Method," which applied a single capitalization rate to the aggregate costs for administrative ease.
  • By 2020, the Pool Method encompassed over 1,200 individual software projects.
  • The Pool Method was an accounting convention, treating the capitalization rate as an estimate that was reviewed annually and adjusted if necessary. Costs capitalized under this method were amortized over three years, starting one year from the date of incurrence.
  • Royal Bank of Canada's spending on IDS and the capitalization of associated costs increased significantly over the years, from CAD $658 million in 2011 to CAD $1.1 billion in 2021.
  • The amount spent on pooled projects also grew significantly, from around CAD $100 million at the pool's inception to CAD $600–700 million in 2020.
  • Despite the increase in IDS spending to support organizational growth, Royal Bank of Canada's control environment development lagged, leading to internal accounting control deficiencies in cost capitalization accounting for IDS projects.

Wut Mean?:

  • Royal Bank of Canada's internal accounting controls over its IDS capitalization rate were insufficient, not fully complying with IAS 38 from 2008 through 2016.
  • Initially, in 2008, a capitalization rate of 78 percent was set and maintained through 2016 using a simple calculation that was insufficient for IAS 38 compliance, as it didn't properly differentiate between capitalizable and non-capitalizable costs.
  • From 2017 onwards, Royal Bank of Canada stopped the simple calculation and began conducting capitalization rate studies by sampling projects and surveying employee tasks, except for 2018.
    • These studies were meant to validate the 78 percent rate but remained insufficient until 2021.
  • The capitalization rate studies lacked reliability due to issues with methodology, unreliable sampling and response rates, incomplete information, lack of documentation for third-party contracts, and inclusion of ineligible or obsolete projects.
  • Royal Bank of Canada lacked proper systems to identify and exclude ineligible or obsolete projects from the pool. There was also no effective process to determine if a project should remain in the pool.
  • Due to these issues, Royal Bank of Canada couldn't assess if the estimated 78 percent capitalization rate was reasonable or compliant with IAS 38, yet it maintained this rate through 2020.

Wut Mean?:

  • From 2017 to 2020, large program projects lacked sufficient internal accounting controls over impairment and amortization of IDS assets.
  • The process for identifying impaired IDS assets relied on business units and the budgeting team to report to the accounting team, which was not effective.
  • Under IAS 38, capitalized costs should begin to amortize once the project application is available for use, but Royal Bank of Canada did not have an effective process to identify the proper starting point for amortization.
  • If an application is available for use but not amortized, it results in an overstatement of assets and an understatement of period expenses.
  • Royal Bank of Canada did not have an effective process for identifying and reporting impaired IDS assets within large program projects, nor did it properly segregate duties, which did not provide reasonable assurance of compliance with IAS 36 and IAS 38.


$6 million fine

Press Release:

The Securities and Exchange Commission today announced that Canada’s largest bank, Royal Bank of Canada, will pay a $6 million penalty to settle charges that it violated the books and records and internal accounting controls provisions of the securities laws relating to its accounting for its costs of internally developed software.
The SEC’s order finds that, from 2008 through 2020, Royal Bank of Canada’s accounting controls failed to ensure that the firm accurately accounted for its internally developed software project costs. The order finds that, for a portion of its internally developed software projects, Royal Bank of Canada applied a single rate to determine how much of those projects’ costs to capitalize, but it lacked a reliable method for determining the appropriate rate to apply, in part because it could not adequately differentiate between capitalizable and noncapitalizable costs. This resulted in, among other things, the bank using the same capitalization rate each year without a sufficient basis and capitalizing certain costs that were ineligible under the appropriate accounting methodology.
“Royal Bank of Canada had longstanding internal accounting control deficiencies that it failed to adequately address,” said Nicholas P. Grippo, Regional Director of the Philadelphia Regional Office. “Properly functioning internal accounting controls are a front-line defense and help ensure accurate financial disclosures—the backbone of our capital markets.”
The SEC’s order finds that Royal Bank of Canada violated the internal accounting controls and books and records provisions of the Securities Exchange Act of 1934. Without admitting or denying the findings, Royal Bank of Canada has agreed to cease and desist from committing or causing any violations or any future violations of these provisions. Royal Bank of Canada also agreed to pay a $6 million civil penalty, offset by amounts paid to Canadian regulatory authorities as a result of the same conduct. The SEC considered Royal Bank of Canada’s remedial acts in determining to accept the settlement.
The SEC's investigation was conducted by Norman P. Ostrove and was supervised by Julia C. Green, Scott A. Thompson, and Mr. Grippo, all with the Philadelphia Regional Office. The SEC appreciates the assistance of the Ontario Securities Commission and Quebec’s Autorité des Marchés Financiers.
jelly gif


  • Royal Bank of Canada had deficiencies in internal accounting controls for capitalizing internally developed software (IDS) costs from 2008 to 2020, resulting in some costs being inappropriately capitalized.
  • The bank used a single capitalization rate for IDS project costs without a reliable mechanism to determine the correct rate, leading to non-compliant capitalization practices under International Accounting Standard 38 (IAS 38).
  • Inadequate internal controls led to failure in detecting impairment indicators and initiating amortization for IDS assets when ready for use, causing certain assets to be incorrectly carried on the balance sheet.
  • Despite significant growth in IDS spending, the bank's control environment development lagged, exacerbating the internal accounting control deficiencies.
  • Penalty? A $6 million fine...
Good Day!

Reddit Post