Skip to Main Content

Best practices for financial institution contracts with technology providers

As the financial services sector moves in an increasingly digital direction, you cannot overstate the need for robust and relevant information security programs. Financial institutions place more reliance than ever on third-party technology vendors to support core aspects of their business, and in turn place more reliance on those vendors to meet the industry’s high standards for information security. These include those in the Gramm-Leach-Bliley Act, Sarbanes Oxley 404, and regulations established by the Federal Financial Institutions Examination Council (FFIEC).

LIBOR is leaving—is your financial institution ready to make the most of it?

In July 2017, the UK’s Financial Conduct Authority announced the phasing out of the London Interbank Offered Rate, commonly known as LIBOR, by the end of 20211. With less than two years to go, US federal regulators are urging financial institutions to start assessing their LIBOR exposure and planning their transition. Here we offer some general impacts of the phasing out, specific actions your institution can take to prepare, and, finally, some background on how we got here (see Background at right).

Best Practices for Educating Your Financial Institution’s Board of Directors on Cybersecurity

According to Cybersecurity Ventures, cybercrime will account for $6 trillion annually by 2021—that’s more than the global trade of all major illegal drugs combined.  Data breaches and other information security events adversely impact organizations through significant losses in revenue, erosion of customer trust, substantial remediation costs, increased insurance premiums, and more.

In auditing, the concept of professional skepticism is ubiquitous. Just as a Jedi in Star Wars is constantly trying to hone his understanding of the “force”, an auditor is constantly crafting his or her ability to apply professional skepticism. 

All teams experience losing streaks, and all franchise dynasties lose some luster. Nevertheless, the game must go on. 

Reading through the 133-page exposure draft for the Proposed Statement on Auditing Standards (SAS) Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA, issued back in April 2017, and then comparing it to the final 100+ page standard approved in September 2018, may not sound like a fun way to spend a Sunday morning sipping a coffee (or three), but I disagree.

Artificial Intelligence, or AI, is no longer the exclusive tool of well-funded government entities and defense contractors, let alone a plot device in science fiction film and literature. Instead, AI is becoming as ubiquitous as the personal computer. 

The world of professional sports is rife with instability and insecurity. Star athletes leave or become injured; coaching staff make bad calls or public statements. The ultimate strength of a sports team is its ability to rebound. The same holds true for other groups and businesses.

Any sports team can pull off a random great play. Only the best sports teams, though, can pull off great plays consistently — and over time. The secret to this lies in the ability of the coaching staff to manage the team on a day-to-day basis, while also continually selling their vision to the team’s ownership.

A professional sports team is an ever-changing entity. To have a general perspective on the team’s fluctuating strengths and weaknesses, a good coach needs to trust and empower their staff to discover the details. Chapter 5 in BerryDunn’s Cybersecurity Playbook for Management looks at how discovery can help managers understand their organization’s ever-changing IT environment. 

Just as sports teams need to bring in outside resources — a new starting pitcher, for example, or a free agent QB — in order to get better and win more games, most organizations need to bring in outside resources to win the cybersecurity game.

It may be hard to believe some seasons, but every professional sports team currently has the necessary resources — talent, plays, and equipment — to win. The challenge is to identify and leverage them for maximum benefit.

It’s one thing for coaching staff to see the need for a new quarterback or pitcher. Selecting and onboarding this talent is a whole new ballgame. Various questions have to be answered before moving forward: 

For professional baseball players who get paid millions to swing a bat, going through a slump is daunting. The mere thought of a slump conjures up frustration, anxiety and humiliation, and in extreme cases, the possibility of job loss.

On June 16th the FASB issued the final standard for credit losses. We’ve analyzed the new standard and pulled together some key items you’ll need to know:

When last we blogged about the Financial Accounting Standards Board’s (FASB) new “current expected credit losses” (CECL) model for estimating an allowance for loan and lease losses (ALLL), we reviewed the process for developing reasonable and supportable forecasts for use in establishing the ALLL. 

Recently, federal banking regulators released an interagency financial institution letter on CECL, in the form of a Q&A. Read it here

By now, pretty much everyone in the banking industry has heard plenty of talk about CECL – the forthcoming “Current Expected Credit Loss” model of accounting for an institution’s allowance for loan losses (ALL).

Financial fraud by the numbers. In a June 2016 Gallup poll, 72 percent of respondents said they had “very little” or only “some” confidence in banks.

By now you have heard that the Financial Accounting Standards Board’s (FASB) answer to the criticism the incurred-loss model for accounting for the allowance for loan and lease losses faced during the financial crisis has been released in its final form. 

Why it can happen to you and how to protect yourself. We’ve all seen the headlines. Stories about not-for-profit fraud have been popping up in the news, and the statistics confirm what you might have suspected: fraud in the not-for-profit sector is on the rise.

Read this if you are responsible for your bank’s fraud risk management.

Fraud in the banking industry is a persistent and evolving threat that has significant implications for financial institutions and their customers. As technology advances, so do the methods employed by fraudsters, making it crucial for banks to stay vigilant and proactive in their fraud prevention efforts. This article explores the current trends in banking fraud, highlighting traditional schemes, emerging threats, and effective preventive measures.

Introduction to banking fraud

Banking fraud is the illegal act of deceiving a financial institution or its customers for financial gain. This type of fraud has been a significant problem for centuries, impacting the banking sector in various ways. The consequences of banking fraud can be severe, including financial losses, damaged reputations, and legal repercussions. Moreover, it can erode trust in the banking system and affect the overall economy.

Traditional banking fraud schemes

One of the oldest and most common forms of banking fraud is check fraud. Despite the decline in the use of checks, they remain a prevalent payment method, making them a target for fraudsters. Check fraud can take several forms, including forgery, alteration, and counterfeiting. For instance, check washing involves stealing a check, erasing the original details, and altering the payee name and amount before cashing it. Another method is creating counterfeit checks using real account numbers but depositing them under fake identities.

The statistics are alarming. In 2022, there were 680,000 reports of check fraud, nearly double the number reported in 2021. The surge in mail-theft-related check fraud has also been significant, with a 161% increase in mail theft complaints from March 2020 to February 2021. Criminals have even resorted to armed robberies of postal carriers to obtain master keys that open mailboxes, providing easy access to checks.

Emerging banking fraud trends for 2025

As technology evolves, so do the methods employed by fraudsters. Identity theft and synthetic identity fraud are two emerging trends that pose significant threats to the banking industry. Identity theft involves stealing someone's personal information to obtain credit or other financial benefits, while synthetic identity fraud involves creating a fictitious identity using a combination of real and fake information. Both types of fraud can have serious consequences for victims, including financial losses and damage to their credit scores.

Phishing and social engineering attacks are also on the rise. Phishing attacks use email, messaging, or other means to trick individuals into divulging sensitive information, such as passwords or credit card numbers. Spear phishing attacks are more targeted, using personal information to make the attack seem more legitimate. Social engineering attacks manipulate individuals psychologically to obtain sensitive information.

The rise of artificial intelligence (AI) has introduced new dimensions to banking fraud. Fraudsters use AI-driven techniques, such as deep learning and natural language processing, to perpetrate fraud, including phishing and account takeover attacks. For example, deepfakes, a form of AI-generated media, can impersonate individuals and trick employees into transferring funds. In January 2024, a Hong Kong-based firm lost $25 million to fraudsters who used deepfake technology to impersonate the firm's chief financial officer on a video call.

Banking fraud: Preventive measures and detection techniques

Preventing and detecting banking fraud requires a multi-faceted approach. Traditional methods, such as signature verification and positive pay, remain effective in combating check fraud. Positive pay involves companies informing their bank about issued checks ahead of time, allowing the bank to verify the checks before processing them. Fraud detection software, which uses algorithms to analyze check data and identify potential instances of fraud, is also a valuable tool.

For emerging fraud trends, constant training and testing are essential. Periodic self-study trainings and fake phishing emails can help keep fraud red flags front of mind for employees. Acknowledging and celebrating individuals who follow bank policies and prevent fraudulent activity can also reinforce good practices.

AI-powered analytics tools can analyze large amounts of data and identify patterns and anomalies that may indicate fraudulent activity. Some banks are already using AI to automate fraud detection processes and send investigations to the appropriate teams. For instance, JPMorgan uses large language models to detect signs of fraud in email compromises, while Mastercard's Decision Intelligence tool scans a trillion data points to predict if a transaction is genuine.

Banking fraud is a complex and evolving challenge that requires continuous vigilance and adaptation. By understanding traditional fraud schemes and emerging trends, financial institutions can implement effective preventive measures and detection techniques to protect themselves and their customers. As fraudsters become more sophisticated, the banking industry must leverage technology, such as AI, to stay one step ahead and ensure the security and integrity of the financial system. As always, please don’t hesitate to reach out to the BerryDunn financial services team should you have any questions.

Article
Fraud trends in banking: What to look out for

As energy costs continue to rise, rural businesses and agricultural producers face increasing pressure to find cost-effective, sustainable solutions. The Rural Energy for America Program (REAP) Grant offers a unique opportunity to help businesses reduce energy expenses by investing in renewable energy systems or improving energy efficiency. Administered by the US Department of Agriculture (USDA), the REAP Grant provides financial support that can significantly ease the burden of upgrading or modernizing energy systems.

In this guide, we’ll explore the key benefits of the REAP Grant, explain who should consider applying, and highlight the important tax implications to help you make informed decisions about whether this program is right for your business.

What is the REAP Grant?

The REAP Grant, provided by the US Department of Agriculture (USDA), provides financial support that can significantly ease the burden of upgrading or modernizing energy systems through renewable energy projects such as solar, wind, geothermal, and biomass, as well as energy efficiency improvements such as HVAC upgrades, insulation, and lighting.

  • Grant amount: Covers up to 25% of eligible project costs, with a cap of $500,000 for renewable energy projects and $250,000 for energy efficiency projects.
  • Loan guarantees: USDA loan guarantees cover up to 75% of the project cost, making larger projects more accessible.

Who should consider a REAP Grant?

The REAP Grant is ideal for:

  • Agricultural producers who generate at least 50% of their income from farming or related activities and want to reduce energy costs, such as those related to irrigation, heating, or grain drying.
  • Rural small businesses located in areas with populations under 50,000. These businesses can benefit from cutting utility costs through energy efficiency upgrades or renewable energy systems.

If your business plans to invest in renewable energy or update inefficient equipment, the REAP Grant could be a valuable resource.

How can a REAP Grant benefit your business?

A REAP Grant has many benefits for your business, including: 

  • Reducing energy costs: Improve energy efficiency or install renewable systems to lower utility bills and enhance profitability.
  • Increasing energy independence: Renewable energy systems reduce reliance on fluctuating energy prices, offering long-term savings.
  • Enhancing market appeal: Sustainable practices attract eco-conscious customers and improve your brand image.
  • Accessing financing for larger projects: Loan guarantees make financing for significant energy projects easier to obtain.

What are the requirements for a REAP Grant?

To apply, you must be an agricultural producer or rural small business, and your project must involve renewable energy systems or energy efficiency improvements. The application requires:

  • A detailed project proposal
  • Financial projections showing cost savings
  • An energy audit or assessment for energy efficiency projects
  • Environmental compliance documentation

Grants cover up to 25% of project costs, but you must provide the remaining 75% through self-funding or other financing.

When are the application deadlines?

  • Small projects (under $80,000): Deadlines are typically October 31 and March 31.
  • Larger projects: The deadline is March 31.

Loan guarantees are available year-round, but early submission is recommended due to limited funding.

What are the tax implications of receiving a REAP Grant?

Receiving a REAP Grant has tax consequences:

  1. Taxable income: The grant is considered taxable income and must be reported on your federal tax return.
  2. Interaction with tax credits: If your project qualifies for the Investment Tax Credit (ITC), the portion funded by the REAP Grant must be subtracted from the ITC-eligible project costs. For example:
    Solar project cost $400,000
    REAP Grant received $100,000
    ITC-eligible amount $300,000

  3. Depreciation: You can depreciate the project under the Modified Accelerated Cost Recovery System (MACRS), but the depreciable basis is reduced by the grant amount.

What tax incentives are available? 

In addition to the REAP Grant, you can take advantage of tax incentives such as:

  • Investment Tax Credit (ITC): Up to 30% of eligible renewable energy costs.
  • MACRS depreciation: Accelerated depreciation of energy assets over five years.
  • State-level incentives: Many states offer additional tax benefits, such as sales tax exemptions or property tax relief for renewable energy projects.

Why should I work with a tax professional?

Due to the complexity of integrating the REAP Grant with federal and state tax incentives, consulting a tax professional is highly recommended. BerryDunn has specialized tax professionals in place to help determine if the REAP Grant is right for your business. They can help you maximize your benefits while ensuring compliance with tax regulations.

The REAP Grant provides a significant opportunity for rural businesses and farms to reduce energy costs, increase sustainability, and secure financing for larger projects. Although the grant is taxable, combining it with federal tax incentives like the ITC and MACRS can greatly reduce the cost of energy upgrades. With careful planning and expert guidance, the REAP Grant can be a smart investment in your business's future.

Article
REAP Grant: Key benefits and tax implications for businesses

From workforce shortages to rising costs to regulatory changes, today’s healthcare organizations face greater challenges than ever. By properly managing the revenue cycle, healthcare providers can reduce operational costs, improve patient satisfaction, and ultimately reinvest in better care and services.

The revenue cycle is an intricate system involving interdependent functions. Like an ecosystem, each component plays an important role. To optimize your revenue cycle, it helps to understand these four components of the ecosystem and the roles they play.

The role of patient access in the revenue cycle

Patient access is the first point of contact a patient has with your organization. It’s one of the most critical interactions your team will have, setting the tone for the patient’s experience and ensuring that information is collected accurately. Key aspects of the patient access component include:

  • Scheduling appointments, registration, and gathering essential patient information
  • Verifying insurance coverage and benefits, a vital step in preventing claim denials and ensuring provider reimbursement
  • Financial counseling, helping patients understand their financial obligations and reducing the likelihood of unpaid bills
  • Accurate data collection, eliminating errors that can lead to claim denials, delays, and additional administrative work

The role of coding and compliance in the revenue cycle

The process of translating medical diagnoses, procedures, and services into standardized codes is a fundamental part of revenue cycle management and an essential means of ensuring compliance with various federal, state, and payer-specific regulations. Proper coding and compliance play a vital role in:

  • Accurate billing and reimbursement, ensuring that healthcare providers are paid correctly for their services and reducing billing errors and claim denials
  • Adherence to legal requirements, ensuring that medical records are correctly documented and billed, reducing the risk of fraud and legal issues
  • Data analysis and research, providing a standardized way to record patient information, track health trends, and evaluate treatment outcomes

The role of billing in the revenue cycle

The billing component of the healthcare revenue cycle plays a critical role in optimizing your organization’s financial performance. Proper billing management can reduce administrative costs and improve patient satisfaction by ensuring transparency and accuracy in financial transactions. Important aspects of the billing process include:

  • Creating and submitting accurate and properly coded claims for reimbursement to insurance companies
  • Tracking and processing payments from insurers and patients, including posting payments to patient accounts and managing discrepancies
  • Billing patients, generating bills for out-of-pocket expenses, and ensuring that patients are aware of their financial responsibilities
  • Following up on accounts receivables and promoting timely collection of outstanding amounts

The role of denial management in the revenue cycle

Despite your best efforts to ensure accuracy at every point in the revenue cycle, claims can be denied for a variety of reasons. Effective denial management includes a proactive process for reviewing denied claims, understanding the reasons for the denial, making necessary corrections, resubmitting claims, and appealing if necessary. The denial management process plays a role in:

  • Maintaining your organization’s financial health by reducing revenue loss and delays in reimbursement
  • Identifying and addressing the underlying coding, coverage, billing, or other issues related to each claim denial in order to reduce future denials
  • Improving coding accuracy through ongoing staff training and education, real-time reviews, and automated coding tools

BerryDunn’s revenue cycle consultants engage with your healthcare organization to objectively review existing processes and develop actionable strategies for short- and long-term performance improvement. With experts along the entire continuum of care, our approach focuses on cash acceleration, revenue integrity, and helping to ensure that every dollar owed is collected. Based on best practices, we help bolster performance and improve the efficiency and effectiveness of your revenue cycle. Learn more about our services and meet our team.  

Article
Exploring the healthcare revenue cycle ecosystem

Communities are constantly adapting to the demographic shifts, economic fluctuations, social trends, and other factors that influence how they evolve, grow, and prosper over time. Fortunately, there is a powerful tool to harness that change and shape your community’s future: your economic development strategic plan.

The seven key success factors outlined below address the essential elements of an economic development strategy––a roadmap for the actions your community will take to encourage economic growth, create jobs, and improve the quality of life.

1. Understand the current economic landscape

The first step in planning for your community’s future economic growth is to undertake a comprehensive assessment of the current economic landscape. What are the local economic conditions, demographics, and industry trends impacting your community today? Use a data-driven approach to highlight what is working, what needs attention, and what is possible. Tell the story of your community in a way that fosters a shared narrative and invites community engagement.

2. Build effective stakeholder partnerships

For your strategy to be effective, it’s essential to nurture meaningful collaboration and partnerships with stakeholders in your community. Actively engage with local business owners, government agencies, educational institutions, community organizations, residents, and others with an interest in how your community grows and develops. Integrate these diverse interests into your plan to ensure greater buy-in and support for your economic development strategy.

3. Develop a shared economic vision

The purpose of your plan is to help your community achieve its goals for a prosperous economic future. By laying out a clear vision that is backed by well-defined strategic goals and actions, your plan will bring the community together and direct investments toward meaningful economic growth. It’s essential to develop your economic vision using a methodical approach that links the vision to key focus areas to ensure that all efforts align with your community’s aspirations.

4. Create an effective implementation plan

Your implementation plan is an essential tool for delegating responsibilities, tracking progress, and supporting the long-term sustainability of your community’s economic development efforts. An effective plan will include actionable steps and clear timelines that transform goals into manageable tasks. Detail the resources, partners, timelines, and actions necessary to execute your plan and establish measurable performance metrics and benchmarks to gauge its success.

5. Build resilience through scenario analysis

Scenario analysis is a forward-looking “what if” approach that helps communities evaluate the potential impact of future events and develop plans that can withstand uncertainty. Anticipating and preparing for future economic changes enhances your community's ability to adapt and remain resilient in the face of challenges. Recognize that your economic development strategic plan is not just a set of static objectives but a living framework that evolves with changing circumstances.

6. Establish key performance indicators (KPIs)

Establishing well-defined KPIs is essential for monitoring and measuring progress toward economic goals and enabling your community to make informed decisions about ongoing initiatives. Select relevant and impactful KPIs and regularly monitor them to enable timely assessment of progress and effectiveness. This data-driven approach facilitates transparency and accountability, ensuring that initiatives remain aligned with your community's economic objectives.

7. Be willing to pivot

Having a process for continually evaluating and adapting your strategies based on feedback ensures that the economic development plan remains effective. Design your plan to facilitate adaptability, enabling organizations and participants to respond effectively to changing circumstances. By being proactive, communities can transform a static plan into a dynamic playbook that provides direction to all stakeholders when conditions change, and their roles and responsibilities need to evolve.

BerryDunn’s economic development team can help you analyze, strategize, and plan for both the known and the unknown to create a thriving community in any economy. From strategic planning to market analyses to community outreach and engagement, we have firsthand experience in local government and understand what you need and how to best achieve your goals. Learn more about our services and meet our team.

Article
Economic development strategic planning: Seven keys to success

Read this if you're a broker-dealer. 

On July 25, 2024, the Public Company Accounting Oversight Board (PCAOB) issued its 2023 Annual Report on the Interim Inspection Program Related to Audits of Brokers and Dealers. The PCAOB can essentially be considered “the auditor of the auditor” and thus performs various inspections of audit firms that conduct broker-dealer audits on an annual basis. These inspections are conducted with the intent of enhancing audit quality to ultimately protect investors. Each year, the PCAOB summarizes their inspection results for the previous year within its annual report. Although these inspections are conducted of audit firms and thus the results primarily relate to deficiencies in audit procedures performed, this annual report can still provide useful information to broker-dealers, as it provides insight into the expectations of audit firms, which will ultimately drive the requests and expectations from audit firms during broker-dealer audits. Therefore, we share our key takeaways from the annual report: 

  • The PCAOB continued to identify a high deficiency rate in the audits that they inspected. At least one deficiency was identified in 70% of the 103 audit engagements on broker-dealer financial reports reviewed during 2023. This was an increase from 58% in 2022. However, one of the reasons for the increase, as cited by the PCAOB, was an increase in the number of inspections performed of audit firms that have not been previously inspected. The PCAOB typically sees higher deficiency rates in audit firms that are being inspected for the first time. 
  • The areas with the highest numbers of deficiencies were, in order: revenue, evaluating audit results, net capital, and related party relationships and transactions. The PCAOB identified deficiencies in revenue in 48% of the audits inspected in 2023, which was by far the largest deficiency rate for those areas inspected – 42 of 87 audits had deficiencies in the revenue area. Consideration of an entity’s ability to continue as a going concern had the next highest deficiency rate at 33%; however, only 2 of 6 audits had a deficiency in this area. This was also the first year that the PCAOB broke out journal entry testing as its own audit area. Journal entry testing, as required by AS 2401, has been a heightened area of focus for the PCAOB not only in their broker-dealer audit inspections but also their issuer audit inspections. Auditors are not only required to test specific journal entries but are also required to obtain an understanding of a broker-dealer’s controls over journal entries. We often find requiring an independent review of journal entries to be an effective internal control. And many accounting systems now require journal entries to have evidence of preparation and review before posting. 

    Testing the accuracy of the amount of the revenue recorded, including the accuracy of inputs that determine revenue was determined to be a common deficiency for revenue, regardless of the type of revenue (the annual report specifically mentions commissions, investment advisory fees, merger and acquisition and other advisory fees, and other revenues). ASC 606, which was adopted back in 2018, continues to remain an area of focus for the PCAOB, with particular focus on testing of performance obligations and ASC 606 disclosure requirements. Learn more about ASC 606 here. 

    Related party relationships and transactions are often a significant audit area given the subjectivity and judgement involved with such relationships and transactions. The PCAOB identified audits where audit procedures were not performed to evaluate whether allocated revenues and expenses were consistent with the terms of the written agreements between the related parties, and the financial capability of the broker-dealer’s affiliate to satisfy a significant uncollected balance. Read more about expense sharing in this previous article.  
  • Most of the deficiencies on examination engagements related to testing the design and operating effectiveness of controls important to the auditor’s conclusion regarding the effectiveness of internal control over compliance for financial responsibility rules. Broker-dealers that do not claim an exemption from Exchange Act Rule 15c3-3 are required to file a compliance report. Broker-dealers that typically cannot claim an exemption are those that carry customer accounts, maintain custody or control of customer cash and securities, or clear securities transactions on behalf of customers. The audit firm must perform an examination engagement over this compliance report that is filed by the broker-dealer. The examination engagement primarily involves testing the broker-dealer’s internal controls over compliance with the financial responsibility rules.  

    One particular deficiency was surrounding “testing controls with a review element, particularly the nature and extent of management’s review, including criteria used by management to identify matters for investigation and how such matters were resolved.” This appears to be a common focus area for the PCAOB, as we have seen this deficiency surface in the PCAOB’s inspections of issuer audit engagements as well. Specific to broker-dealers, two common areas that have management review controls are the review of the net capital computation and review of the customer reserve calculation. Management should clearly document its review process, including how it identified any items for further investigation. 
  • Many broker-dealers rely on service organizations for various facets of their operations. These service organizations are often integral to the broker-dealer’s operations and thus to their financial statements and possibly even the financial responsibility rules. The PCAOB identified certain deficiencies in audit firms’ procedures over these service organizations. It is important for audit firms to gain an understanding as to how broker-dealers are utilizing service organizations and what implications this usage may have on the audit firms’ audit procedures. There will likely be an expectation that, for service organizations integral to the broker-dealer’s operations, a SOC 1 report is being retained and reviewed by management, including complementary user entity controls, on at least an annual basis. To learn more about SOC reports and review best practices, read this article. 
  • Audit firms did not perform, or sufficiently perform, tests of compliance with the Reserve Requirement Rule as of the end of the broker-dealer’s fiscal year, including testing the accuracy and completeness of the stock record allocation reports and other information used to prepare the customer reserve computation. Although an examination engagement primarily involves testing internal controls over compliance, it also includes testing compliance with the Net Capital and Reserve Requirement Rules as of the end of the broker-dealer’s fiscal year. This should involve detailed testing of the various inputs into these calculations. For the Reserve Requirement Rule, this will likely include detailed testing of free credit balances, including gaining an understanding of their sources, as well as free debit balances, if any. The audit firm should also be testing the balance held in the broker-dealer’s special reserve bank account. 
  • Audit firms did not perform required inquiries as part of their review procedures over a broker-dealer’s claimed exemption from Exchange Act Rule 15c3-3. For those broker-dealers that do not file a compliance report, they will file an exemption report, claiming their exemption from Exchange Act Rule 15c3-3. Audit firms are still required to perform procedures over this exemption report; however, they are less in-depth than those procedures performed over a compliance report. With a compliance report, an audit firm performs an examination engagement. With an exemption report, an audit firm performs a review engagement. This review engagement primarily consists of inquiries of the broker-dealer. These inquiries primarily include gaining an understanding of the broker dealer’s operations to determine if there were any exceptions to the exemption provisions during the broker-dealer’s fiscal year and gaining an understanding of the controls the broker-dealer has in place to maintain compliance with its claimed exemption. The audit firm is also required to consider any evidence obtained during the financial statement audit to determine if it contradicts any of the responses received from management as part of the review engagement. For instance, the audit firm could identify that the broker-dealer did hold customer cash through its cash audit procedures. If such evidence were to be identified, this would need to be considered when conducting the review engagement and modifications to the broker-dealer’s exemption report may be necessary. 
  • Audit firms did not perform, or sufficiently perform, procedures to evaluate whether allowable assets and assets not readily convertible into cash, including commissions receivable and cash equivalents held in a securities account with a clearing broker-dealer, were appropriate. Read more about allowable assets, particularly unsecured receivables. This evaluation is essential because, if an audit firm were to identify an asset that was inappropriately being treated as allowable, it could have implications on the broker-dealer’s compliance with the Net Capital Rule.  

We hope you find these takeaways useful – again, although they specifically relate to deficiencies identified by the work performed by audit firms, they still do provide useful information for broker-dealers and can provide management indications of some of the questions or procedures audit firms will likely ask or perform. As always, if you have any questions, please don’t hesitate to reach out to the BerryDunn broker-dealer team. We’re here to help! 

Article
Audits of broker-dealers: The PCAOB's 2023 annual report