CSA Notice of Consultation: Draft Regulation to Amend Regulation 52-108 Respecting Auditor Oversight

-1- CSA Notice of Consultation Draft Regulation to amend Regulation 52-108 respecting Auditor Oversight Draft Amendments to Policy Statement to Regulation 52-108 respecting Auditor Oversight October 3, 2019 Introduction The Canadian Securities Administrators (the CSA or we) are publishing for a 90-day comment period the following materials: • Draft Regulation to amend Regulation 52-108 respecting Auditor Oversight (the Proposed Regulation Amendments); • Draft Amendments to Policy Statement to Regulation 52-108 respecting Auditor Oversight (the Proposed Policy Statement Amendments); (collectively, the Proposed Amendments). The Proposed Regulation Amendments require actions by reporting issuers and participating audit firms that will assist the Canadian Public Accountability Board (CPAB) in accessing audit working papers of component auditors, particularly in certain foreign jurisdictions. The Proposed Policy Statement Amendments provide guidance on how we will interpret and apply the Proposed Regulation Amendments. The Proposed Amendments are published with this Notice and will also be available on the websites of CSA jurisdictions, including: www.bcsc.bc.ca www.albertasecurities.com www.fcaa.gov.sk.ca www.mbsecurities.ca www.osc.gov.on.ca www.lautorite.qc.ca www.fcnb.ca nssc.novascotia.ca Substance and Purpose The Proposed Amendments aim to respond to challenges CPAB has had in getting access to inspect audit work performed by an audit firm in a foreign jurisdiction that forms part of the audit evidence

-2- supporting an auditor’s report issued by a participating audit firm (a PAF). An audit firm performing such audit work is commonly referred to as a ‘component auditor’. The Proposed Regulation Amendments require a reporting issuer to direct a component auditor that meets significant thresholds (a significant component auditor) to enter into an agreement with CPAB governing access for file inspection (a CPAB access agreement) if the component auditor does not voluntarily provide access to CPAB, upon request, to inspect the audit work it has performed for a reporting issuer audit. If, despite such request, the component auditor does not enter into a CPAB access agreement, a PAF would, after a prescribed period of time for transition, not be permitted to use the audit firm as a significant component auditor. Background Several reporting issuers have operations in foreign jurisdictions that differ from the jurisdictions where their head offices are located. This may present challenges for the reporting issuer’s auditor due to different languages, laws and business practices in a foreign jurisdiction. In responding to those challenges, a PAF may ask a component auditor to perform work that forms part of the audit evidence supporting the PAF’s auditor’s report. A component auditor could be a member of the PAF’s international network, or an unrelated foreign or domestic audit firm. If a PAF decides to use the work of a component auditor, the PAF must comply with Canadian Auditing Standard 600 Special Considerations – Audits of Group Financial Statements (Including the Work of Component Auditors) (CAS 600), which specifies that the PAF is responsible for the direction, supervision and performance of the overall audit. Although CAS 600 requires the PAF to document the type of work performed by a component auditor and the PAF’s review of such work, there is no requirement for the PAF to retain in its files a copy of the work performed by the component auditor. In order to assess whether sufficient audit evidence has been obtained to support the PAF’s audit opinion, CPAB has determined that it needs access to a substantial portion of the audit work performed. However, CPAB has encountered some instances where a substantial portion of the audit work has been performed by a component auditor in a foreign jurisdiction, and CPAB was not allowed access to inspect such audit work. CSA Consultation Paper 52-403 Auditor Oversight Issuers in Foreign Jurisdictions In April 2017, we published a consultation paper asking for views on whether certain component auditors should be required to register with CPAB. In its comment letter, CPAB took the position that a registration requirement would provide it a legal basis to access audit working papers in most foreign jurisdictions, although there would continue to be a small number of foreign jurisdictions where barriers to access may not be resolved. We also received responses from six audit firms. While most firms were supportive of resolving CPAB’s challenges in obtaining access, some questioned whether a registration requirement was needed. Some commented that, rather than registration, efforts should instead be made to develop an international solution with regulators and standard setters.

-3- Most of the audit firms noted that, if some form of registration regime was to be introduced, then the focus should be on CPAB access to component auditor working papers. The regime should not include other oversight aspects applicable to a PAF, such as the inspection of an audit firm’s system of controls. Some commenters also stated that some foreign laws would likely restrict access even if some form of registration was required. The consultation paper also asked for views on whether it would be useful to require additional transparency about situations where CPAB has been prevented from inspecting the work of a PAF or component auditor. The commenters did not support a requirement for additional disclosure and noted concerns about the potential for disclosure to be misleading or misunderstood. Based on the responses received, we decided not to develop proposals of this nature. Summary of the Proposed Regulation Amendments The Proposed Regulation Amendments: • introduce the definition of a significant component auditor, namely a component auditor that o performs audit work involving financial information related to a component, whose activities the reporting issuer has the power to direct on its own or jointly with another person, and o meets one of the quantitative metrics relating to hours of work, fees paid, or relative size of the component’s assets or revenue; • require a reporting issuer to take all reasonable steps to direct a significant component auditor to provide CPAB with access to inspect the records relating to the component auditor’s audit work performed for a reporting issuer audit; • require a reporting issuer to take all reasonable steps to direct a significant component auditor involved in the audit of its financial statements to enter into a CPAB access agreement if the reporting issuer receives a copy of a notice from its PAF stating that a significant component auditor has failed to provide CPAB access to inspect the significant component auditor’s records related to audit work performed. A CPAB access agreement is a written agreement between CPAB and a significant component auditor governing access by CPAB to inspect the significant component auditor’s records relating to audit work it has performed in relation to a component of a reporting issuer. The terms and conditions set out in a CPAB access agreement, including the manner and conditions for when access is to be provided, must be agreed to by CPAB and the significant component auditor; • require a PAF to no longer use a public accounting firm as a significant component auditor after a prescribed period of time, if the PAF receives notice that the public accounting firm has failed to enter into a CPAB access agreement after being requested to do so by a reporting issuer. Summary of the Proposed Policy Statement Amendments The Proposed Policy Statement Amendments provide guidance on how we will interpret and apply the Proposed Regulation Amendments and include, among other things, illustrative examples of

-4- how to apply the quantitative metrics that form part of the definition of significant component auditor. Anticipated Benefits and Costs of the Proposed Regulation Amendments Benefits Auditors play an important role in the capital markets by providing reasonable assurance that the annual financial statements filed by a reporting issuer are presented fairly in all material respects. To ensure that high quality audits are performed on the financial statements of reporting issuers, we are introducing securities requirements that will reduce the number of situations in which CPAB is not given access to inspect the work performed by component auditors to support audit opinions. If adopted in their current form, the Proposed Regulation Amendments will create a legal requirement for a component auditor to enter into a CPAB access agreement if the component auditor has not provided access voluntarily. We expect that this requirement will address situations where a component auditor will only permit access to a component auditor’s records if required by law. The Proposed Regulation Amendments will also provide CPAB a tool to address situations where a significant component auditor prevents CPAB from inspecting its audit work for a reporting issuer audit despite there being no legal restriction. Costs If a significant component auditor voluntarily provides CPAB access to inspect its records related to audit work it has performed with respect to a reporting issuer audit, the Proposed Regulation Amendments would have no cost implications for a reporting issuer or its PAF. If a significant component auditor does not voluntarily provide access but enters into a CPAB access agreement after being directed to do so by a reporting issuer, the cost implications are small for the reporting issuer and the PAF. Such costs relate to the requirements for a PAF to forward a notice from CPAB to specified parties, and the reporting issuer to direct the significant component auditor to enter into a CPAB access agreement. If a significant component auditor fails to enter into a CPAB access agreement with CPAB after being requested to so by a reporting issuer, and the PAF can no longer use the firm as a significant component auditor, there would be a one-time cost for any reporting issuer and PAF that previously used that component auditor. Incremental costs may relate to efforts to identify a new significant component auditor or audit fees for work performed by a PAF or a new component auditor. Alternatives Considered In CSA Consultation Paper 52-403 we identified other potential alternatives, such as a more comprehensive component auditor registration requirement or the development of a disclosure￾based regime that highlighted access restrictions. After considering the comments received, we concluded that the development of the Proposed Amendments would be an effective way to

-5- respond to restrictions that CPAB faces in inspecting audit work performed by component auditors. Reliance on Unpublished Studies In developing the Proposed Amendments, we are not relying on any significant unpublished study, report or other written material. Request for Comments We welcome your comments on the Proposed Amendments. We invite comments on the following specific question:

1. The proposed definition of significant component auditor captures audit work on financial information related to a component, whose activities the reporting issuer has the power to direct on its own or jointly with another person. Are there specific limitations or concerns with the inclusion of components where the reporting issuer has power to directly jointly with another person? If so, please explain. Deadline for Comments Please submit your comments in writing on or before January 2, 2020. If you are not sending your comments by email, please send us an electronic file containing submissions provided (in Microsoft Word format). Address your submission to all of the CSA as follows: British Columbia Securities Commission Alberta Securities Commission Financial and Consumer Affairs Authority of Saskatchewan Manitoba Securities Commission Ontario Securities Commission Autorité des marchés financiers Financial and Consumer Services Commission (New Brunswick) Superintendent of Securities, Department of Justice and Public Safety, Prince Edward Island Nova Scotia Securities Commission Securities Commission of Newfoundland and Labrador Superintendent of Securities, Northwest Territories Superintendent of Securities, Yukon Territory Superintendent of Securities, Nunavut

-6- Deliver your comments only to the addresses below. Your comments will be distributed to the other participating CSA. Me Philippe Lebel Corporate Secretary and Executive Director, Legal Affairs Autorité des marchés financiers Place de la Cité, tour Cominar 2640, boulevard Laurier, bureau 400 Québec (Québec) G1V 5C1 Fax: 514-864-6381 consultation-en-cours@lautorite.qc.ca The Secretary Ontario Securities Commission 20 Queen Street West 19th Floor, Box 55 Toronto ON M5H 3S8 Fax: 416 593-2318 comments@osc.gov.on.ca Please refer your questions to any of the following: Autorité des marchés financiers Rosetta Gagliardi, Analyste expert à la réglementation, Autorité des marchés financiers 514 395-0337 Ext: 4365| rosetta.gagliardi@lautorite.qc.ca British Columbia Securities Commission Carla-Marie Hait, Chief Accountant and CFO, British Columbia Securities Commission 604 899-6726 | chait@bcsc.bc.ca Anita Cyr, Associate Chief Accountant, British Columbia Securities Commission 604 899-6579 | acyr@bcsc.bc.ca Alberta Securities Commission Janice Anderson, Acting Chief Accountant and CFO, Alberta Securities Commission 403 297-2520 | janice.anderson@asc.ca Ontario Securities Commission Cameron McInnis, Chief Accountant, Ontario Securities Commission 416 593-3675 | cmcinnis@osc.gov.on.ca Mark Pinch, Associate Chief Accountant, Ontario Securities Commission 416 593-8057 | mpinch@osc.gov.on.ca We cannot keep submissions confidential because securities legislation in certain provinces requires publication of the written comments received during the comment period. All comments received will be posted on the websites of each of the Alberta Securities Commission at www.albertasecurities.com, the Autorité des marchés financiers at www.lautorite.qc.ca and the

-7- Ontario Securities Commission at www.osc.gov.on.ca. Therefore, you should not include personal information directly in comments to be published. It is important that you state on whose behalf you are making the submission.