Sign in Subscribe
📰 News

SEC Charges Royal Bank of Canada with Internal Accounting Controls Violations. Penalty? A $6 million fine...

SEC Charges Royal Bank of Canada with Internal Accounting Controls Violations.
SEC Charges Royal Bank of Canada with Internal Accounting Controls Violations.
Summary
Source: https://www.sec.gov/files/litigation/admin/2023/34-98849.pdf

Wut Mean?:

  • Royal Bank of Canada had internal accounting control deficiencies in accounting for internally developed software (IDS) costs from 2008 to 2020.
  • Despite the growth in IDS spending, the bank's control environment development lagged.
    • These deficiencies impacted the bank's cost capitalization accounting for IDS projects.
    • The bank used a single capitalization rate for certain IDS project costs without a proper mechanism to determine the correct rate.
    • As a result, the bank capitalized some costs that were not eligible for capitalization according to standard accounting practices.
  • The bank also lacked adequate internal controls to detect impairment indicators and to initiate amortization when assets were ready for use.
  • Consequently, certain capitalized IDS assets were carried on the balance sheet that should have been impaired or amortized over their useful life.
Background

Wut Mean?:

  • Internally Developed Software (IDS) is software created internally by a firm instead of being purchased from an external provider.
  • Under International Accounting Standard 38 (IAS 38), certain costs incurred in creating an IDS application can be capitalized as an intangible asset and amortized over its estimated useful life.
  • To be classified as an intangible asset under IAS 38, the IDS must provide probable future economic benefits and its development cost must be reliably measurable.
  • Costs outside of the development phase, such as maintenance or decommissioning costs, must be expensed according to IAS 38.
  • The costs associated with developing IDS typically include employee salaries, benefits, and third-party contractor fees, but not all these costs are eligible for capitalization.
  • Costs incurred during the "research phase" of an IDS project must be expensed, while those in the "development phase" can be capitalized.
  • International Accounting Standard 36 (IAS 36) mandates entities to assess at the end of each reporting period whether there are indications that assets, including IDS, may be impaired.
  • IAS 36 lists indicators of impairment, such as the risk of asset obsolescence.
  • If an asset's carrying amount exceeds its recoverable amount, it must be written down to the recoverable amount, which is to zero if the IDS application is no longer in use.
Background

Wut Mean?:

  • During the relevant period, Royal Bank of Canada's IDS accounting, including capitalization, aimed to align with International Accounting Standards 38 and 36.
  • Royal Bank of Canada's process for capitalizing IDS project costs varied based on the Canadian dollar-value of the project. Projects over CAD $5 million (later increased to CAD $10 million in 2020) were considered "large program" projects and individually assessed for capitalization eligibility.
  • Smaller projects, initially under CAD $5 million and later under CAD $10 million, were grouped using the "Pool Method," which applied a single capitalization rate to the aggregate costs for administrative ease.
  • By 2020, the Pool Method encompassed over 1,200 individual software projects.
  • The Pool Method was an accounting convention, treating the capitalization rate as an estimate that was reviewed annually and adjusted if necessary. Costs capitalized under this method were amortized over three years, starting one year from the date of incurrence.
  • Royal Bank of Canada's spending on IDS and the capitalization of associated costs increased significantly over the years, from CAD $658 million in 2011 to CAD $1.1 billion in 2021.
  • The amount spent on pooled projects also grew significantly, from around CAD $100 million at the pool's inception to CAD $600–700 million in 2020.
  • Despite the increase in IDS spending to support organizational growth, Royal Bank of Canada's control environment development lagged, leading to internal accounting control deficiencies in cost capitalization accounting for IDS projects.
Background

Wut Mean?:

  • Royal Bank of Canada's internal accounting controls over its IDS capitalization rate were insufficient, not fully complying with IAS 38 from 2008 through 2016.
  • Initially, in 2008, a capitalization rate of 78 percent was set and maintained through 2016 using a simple calculation that was insufficient for IAS 38 compliance, as it didn't properly differentiate between capitalizable and non-capitalizable costs.
  • From 2017 onwards, Royal Bank of Canada stopped the simple calculation and began conducting capitalization rate studies by sampling projects and surveying employee tasks, except for 2018.
    • These studies were meant to validate the 78 percent rate but remained insufficient until 2021.
  • The capitalization rate studies lacked reliability due to issues with methodology, unreliable sampling and response rates, incomplete information, lack of documentation for third-party contracts, and inclusion of ineligible or obsolete projects.
  • Royal Bank of Canada lacked proper systems to identify and exclude ineligible or obsolete projects from the pool. There was also no effective process to determine if a project should remain in the pool.
  • Due to these issues, Royal Bank of Canada couldn't assess if the estimated 78 percent capitalization rate was reasonable or compliant with IAS 38, yet it maintained this rate through 2020.
Background

Wut Mean?:

  • From 2017 to 2020, large program projects lacked sufficient internal accounting controls over impairment and amortization of IDS assets.
  • The process for identifying impaired IDS assets relied on business units and the budgeting team to report to the accounting team, which was not effective.
  • Under IAS 38, capitalized costs should begin to amortize once the project application is available for use, but Royal Bank of Canada did not have an effective process to identify the proper starting point for amortization.
  • If an application is available for use but not amortized, it results in an overstatement of assets and an understatement of period expenses.
  • Royal Bank of Canada did not have an effective process for identifying and reporting impaired IDS assets within large program projects, nor did it properly segregate duties, which did not provide reasonable assurance of compliance with IAS 36 and IAS 38.

Penalty?:

$6 million fine

Press Release:

The Securities and Exchange Commission today announced that Canada’s largest bank, Royal Bank of Canada, will pay a $6 million penalty to settle charges that it violated the books and records and internal accounting controls provisions of the securities laws relating to its accounting for its costs of internally developed software.
The SEC’s order finds that, from 2008 through 2020, Royal Bank of Canada’s accounting controls failed to ensure that the firm accurately accounted for its internally developed software project costs. The order finds that, for a portion of its internally developed software projects, Royal Bank of Canada applied a single rate to determine how much of those projects’ costs to capitalize, but it lacked a reliable method for determining the appropriate rate to apply, in part because it could not adequately differentiate between capitalizable and noncapitalizable costs. This resulted in, among other things, the bank using the same capitalization rate each year without a sufficient basis and capitalizing certain costs that were ineligible under the appropriate accounting methodology.
“Royal Bank of Canada had longstanding internal accounting control deficiencies that it failed to adequately address,” said Nicholas P. Grippo, Regional Director of the Philadelphia Regional Office. “Properly functioning internal accounting controls are a front-line defense and help ensure accurate financial disclosures—the backbone of our capital markets.”
The SEC’s order finds that Royal Bank of Canada violated the internal accounting controls and books and records provisions of the Securities Exchange Act of 1934. Without admitting or denying the findings, Royal Bank of Canada has agreed to cease and desist from committing or causing any violations or any future violations of these provisions. Royal Bank of Canada also agreed to pay a $6 million civil penalty, offset by amounts paid to Canadian regulatory authorities as a result of the same conduct. The SEC considered Royal Bank of Canada’s remedial acts in determining to accept the settlement.
The SEC's investigation was conducted by Norman P. Ostrove and was supervised by Julia C. Green, Scott A. Thompson, and Mr. Grippo, all with the Philadelphia Regional Office. The SEC appreciates the assistance of the Ontario Securities Commission and Quebec’s Autorité des Marchés Financiers.
jelly gif

TLDRS:

  • Royal Bank of Canada had deficiencies in internal accounting controls for capitalizing internally developed software (IDS) costs from 2008 to 2020, resulting in some costs being inappropriately capitalized.
  • The bank used a single capitalization rate for IDS project costs without a reliable mechanism to determine the correct rate, leading to non-compliant capitalization practices under International Accounting Standard 38 (IAS 38).
  • Inadequate internal controls led to failure in detecting impairment indicators and initiating amortization for IDS assets when ready for use, causing certain assets to be incorrectly carried on the balance sheet.
  • Despite significant growth in IDS spending, the bank's control environment development lagged, exacerbating the internal accounting control deficiencies.
  • Penalty? A $6 million fine...
Good Day!

Reddit Post

Tweet

Read next
Korea's Act on the Protection of Virtual Asset Users to Take Effect from 7/19: "those who are found to have engaged in unfair trading activities may be subject to criminal punishment or penalty surcharge."

Korea's Act on the Protection of Virtual Asset Users to Take Effect from 7/19: "those who are found to have engaged in unfair trading activities may be subject to criminal punishment or penalty surcharge."

Korea's new Act on the Protection of Virtual Asset Users comes into force on July 19, 2024, marking a significant step in safeguarding users and regulating virtual asset service providers (VASPs). This follows a revision in March 2021, which required VASPs to register with financial authorities and introduced
dismal-jellyfish
Credit Suisse engaged in naked short sales

Korea's SFC Imposes Penalty Surcharges on Global Investment Banks for Violating Short Sale Regulations. Credit Suisse engaged in naked short sales in the amount of about KRW60.33 billion (162,365 shares on 20 stock items).

The Securities and Futures Commission, a sub-commission within the Financial Services Commission responsible for overseeing the securities and futures markets, held the thirteenth regular meeting on July 3 and decided to impose penalty surcharges amounting to KRW27.173 billion in total on two former Credit Suisse affiliated investment banks for
dismal-jellyfish
CFTC Awards Over $8 Million to Whistleblower

CFTC Awards Over $8 Million to Whistleblower who "helped the CFTC establish that one or more derivatives market participants deceived clients about key aspects of trades."

The Commodity Futures Trading Commission today announced it awarded over $8 million toa whistleblower who provided significant information and assistance that led the CFTC and other agencies to bring multiple enforcement actions. The whistleblower helped the CFTC establish that one or more derivatives market participants deceived clients about key aspects
dismal-jellyfish