LogoRegulatory Alerts
2019-11-29

Regulation on the External Audit of Non-Bank Financial Institutions

The Central Bank of Kosovo issued this regulation to establish the regulatory framework for the external audit of non-bank financial institutions, defining the licensing, approval, and operational requirements for external auditors. The document mandates strict criteria for auditor independence, ethical conduct, and risk assessment, while outlining specific duties regarding audit scope, reporting, and confidentiality. It further details the Central Bank's authority to conduct quality reviews, withdraw approvals, and impose sanctions for non-compliance with the established standards.

Central Bank of the Republic of Kosovo logo

Kosovo

Central Bank of the Republic of Kosovo

Click to view thumbnail

1 of 9 Based on Article 35, paragraph 1, sub-paragraph 1.1, of Law No. 03/L-209 on the Central Bank of the Republic of Kosovo (Official Gazette of the Republic of Kosovo, No. 77/16 August 2010), as well as Article 103, paragraph 1, and Article 114 of Law No. 04/L-093 on Banks, Microfinance Institutions, and Non-Bank Financial Institutions (Official Gazette of the Republic of Kosovo, No. 11/11 May 2012), the Board of the Central Bank, at the meeting held on 27 December 2018, approved this:

REGULATION ON THE EXTERNAL AUDIT OF NON-BANK FINANCIAL INSTITUTIONS

Article 1 Purpose and Definition

  1. The purpose of this regulation is to define the regulatory framework concerning the external auditors of non-bank financial institutions (hereinafter: NBFIs) and to define the quality of services provided by external auditors, in relation to the specific risks of NBFIs and the financial sector in general. This regulation defines the requirements for the approval of external auditors, the conduct of the external audit of NBFIs, and the relationships between external auditors, NBFIs, and the CBK.
  2. This regulation applies to all NBFIs registered by the CBK to operate in the Republic of Kosovo, with the exception of NBFIs registered with the sole activity of currency exchange, for which the provisions of this regulation apply only upon special request of the CBK for the audit of financial statements or if the audit of financial statements is required by the law in force on financial reporting.

Article 2 Definitions

  1. All terms in this regulation have the same meaning as the terms defined in Article 3 of Law No. 04/L-093 on Banks, Microfinance Institutions, and Non-Bank Financial Institutions (hereinafter: Law on Banks, MFIs, and NBFIs) and/or as defined below for the purpose of this regulation: 1.1. Audit firm means a legal person or any other entity, regardless of legal form, that is licensed in accordance with the Law on Accounting, Financial Reporting, and Audit to perform statutory audit.

2 of 9 1.2. Financial statements mean the statement of financial position, the income statement, the statement of cash flows, the statement of changes in equity, the accompanying notes, and the explanatory materials of the financial statements.

Article 3 General Conditions

  1. The external auditor of an NBFI registered by the CBK to operate in Kosovo must be licensed by the Kosovo Council for Financial Reporting (KCFR) and approved by the CBK.
  2. Based on the written application, the CBK will approve an external auditor of an NBFI only if the following conditions are met: 2.1. An external auditor licensed in Kosovo in accordance with the Law on Accounting, Financial Reporting, and Audit. 2.2. An external auditor who has at least 3 (three) years of experience in the field of auditing financial statements of NBFIs or other financial institutions, or whose participating staff performing the audit has such experience.

Article 4 Specific Conditions and Requirements

  1. The approval granted to the external auditor is limited to a specific NBFI and is valid for one financial year.
  2. Applications for approval must be submitted to the CBK before 30 June of each year.
  3. The NBFI, together with the application for approval, must provide the CBK with: 3.1. The proposal of the Audit Committee and the Board of Directors for the appointment of the external auditor; 3.2. The audit program of the NBFI; 3.3. A description of the utilization of resources during the audit service; 3.4. The engagement letter of the external auditor or the service contract provided; 3.5. The document proving the sufficient experience of the external auditor or his staff who performs the audit in the field of auditing NBFIs and/or other financial institutions; 3.6. The certificate issued by the Kosovo Council for Financial Reporting (KCFR) regarding the results of the latest quality control for the external auditor (this certificate will not be required by the CBK until the KCFR starts issuing such a certificate); and 3.7. The written declaration of the external auditor regarding the fulfillment of the criteria defined in Article 7 of this regulation.
  4. The audit program and utilization of resources during the audit service must be appropriate in relation to the nature and size of the NBFI.

3 of 9 5. The continuous employment of the same external auditor is limited to three years or three consecutive audits.

Article 5 Good Reputation The CBK will approve as external auditor of an NBFI, external auditors who have a good reputation and who are not engaged in any activity that is inconsistent with the functions of external audit.

Article 6 Re-audit The CBK has the right to request a re-audit by another external auditor, at the expense of the NBFI, in cases where the existing external auditor of the NBFI has performed an audit or submitted a report that is not in compliance with the requirements of the Law on Banks, MFIs, and NBFIs, CBK regulations, International Standards on Auditing (hereinafter: ISA), and does not express the true and accurate financial position of the NBFI.

Article 7 Professional Ethics External auditors must adhere to the principles of professional ethics defined by the International Federation of Accountants: "Code of Ethics for Professional Accountants".

Article 8 Independence and Objectivity

  1. During the performance of the audit, external auditors must be independent from the entity being audited and must in no way be involved in the management decisions of the NBFI being audited. External auditors must not perform the audit if there is any direct or indirect financial, employment, or any other relationship, including remuneration for additional non-audit services, between the external auditors and the NBFI being audited, from which a third party, objective, reasonable, and informed would conclude that the independence of the external auditors is compromised.
  2. Approved external auditors must also comply with the provisions of the European Commission Recommendation of 16 May 2002 on the Statutory Independence of Auditors in the EU: The Structure of Fundamental Principles. Furthermore, the CBK will ensure compliance with Chapter IV of EU Directive 2006/43 on statutory audits of annual accounts and consolidated accounts.
  3. External auditors must document in the audit working papers all intrusions on their independence as well as the safeguards they have taken to mitigate such intrusions.

4 of 9 Article 9 Independence and Objectivity of Auditors Performing an Audit on Behalf of Audit Firms The owners or shareholders of an approved audit firm, as well as the members of the administrative, management, and supervisory bodies of that firm, or of a branch thereof, must not interfere in the execution of any audit in any way that would risk the independence and objectivity of the auditor performing the audit on behalf of the audit firm.

Article 10 Audit Fees Audit service fees:

  1. Must be adequate to enable the proper quality of the audit;
  2. Must not be influenced or determined by the remuneration for supplementary services of the NBFI being audited; and
  3. Cannot be based on any form of contingency.

Article 11 Requirements for External Auditors in Performing the Annual Accounts Audit External auditors must perform audits in NBFIs in accordance with ISA.

Article 12 Content of the Audit

  1. External auditors must assess whether the annual accounts of NBFIs are prepared and finalized in accordance with International Financial Reporting Standards (hereinafter: IFRS), the Law on Banks, MFIs, and NBFIs, CBK regulations, and assess whether the management of NBFIs has fulfilled its obligation to provide clear and appropriate notes and documentation of accounting information in accordance with the Law on Banks, MFIs, and NBFIs and CBK regulations.
  2. External auditors must assess whether the information in the annual reports regarding the annual accounts, assumptions regarding the going concern, and proposals regarding the utilization of surpluses or covering losses are in compliance with the Law on Banks, MFIs, and NBFIs, CBK regulations, and whether the information is in compliance with the annual accounts.
  3. External auditors must assess the adequacy of the risk management systems of NBFIs based on the assessment of: 3.1. Compliance with requirements for organizational structures regarding the management of any specific risk; 3.2. Policies and procedures for the management of any specific risk and their implementation; 3.3. Adequacy of the identification, measurement, and monitoring of any specific risk;

5 of 9 3.4. Adequacy and efficiency of the internal audit system regarding the management of any specific risk. 4. Specific risks include credit risk, market risk, operational risk, liquidity risk, and other risks to which NBFIs are exposed. 5. External auditors must perform an assessment for NBFIs regarding the manner of managing assets and the establishment of appropriate internal controls. 6. The audit of NBFIs must cover areas such as the credit portfolio, provisions for credit losses, non-performing assets, asset valuation, and the adequacy of internal controls over financial reporting. 7. External auditors must, through audits, contribute to the prevention and disclosure of irregularities and errors.

Article 13 Duties of External Auditors

  1. External auditors must perform audits according to their best judgment, including the assessment of the risk that the inclusion of incorrect information in the annual accounts due to irregularities and errors presents.
  2. External auditors must ensure that they have a sufficient basis to assess whether any violation of the Law on Banks, MFIs, and NBFIs, as well as CBK regulations, which are material with respect to the annual accounts, has occurred.
  3. External auditors must check the regularity, accuracy, and completeness of the NBFI's reports submitted to the CBK, in accordance with the valid regulatory requirements approved by the CBK. Based on the control exercised, external auditors must assess whether the reports have been prepared or are in compliance with the Law on Banks, MFIs, and NBFIs and CBK regulations, and whether they realistically and objectively reflect the financial position of the NBFI.
  4. External auditors must submit in writing to the Board of Directors of the NBFI the following circumstances: 4.1. Deficiencies regarding the obligation to ensure proper recording, clear disclosure, and documentation of accounting information; 4.2. Errors and deficiencies in the organization and control of asset management; 4.3. Irregularities and errors that may cause incorrect information in the annual accounts.

Article 14 Documentation of Performance of Duties As required by ISA 230 "Audit Documentation", external auditors must document how an audit was performed and the results of an audit. Issues that indicate that irregularities or errors may be present must be documented separately.

6 of 9 Article 15 Maintenance of Audit Working Papers Audit working papers must be prepared and maintained in accordance with the relevant ISA.

Article 16 Report of External Auditors

  1. External auditors must prepare an annual audit report with an audit opinion in accordance with IFRS and, in case of material differences, also an audit report with an audit opinion in accordance with CBK regulations.
  2. The audit report must confirm that the audit services were performed in accordance with the provisions of the Law on Accounting, Financial Reporting, and Audit, this regulation, and other relevant CBK regulations.
  3. The audit report must verify and disclose the following issues: 3.1. Whether the annual accounts are prepared and finalized in accordance with IFRS, the Law on Accounting, Financial Reporting, and Audit, and relevant CBK regulations, and whether they present a fair and true view of the financial position and activities of the NBFI; 3.2. Whether the management of the NBFI has fulfilled its obligation to provide clear and appropriate notes and documentation of accounting information; and 3.3. Whether the information in the annual report regarding the annual accounts, assumptions regarding the going concern, and proposals regarding the utilization of surpluses or covering losses are in compliance with the Law on Accounting, Financial Reporting, and Audit, and relevant CBK regulations.
  4. If the accounts do not provide information regarding the result and position of the NBFI, which must be provided, external auditors must emphasize this, or determine auditor's reservations and possibly provide necessary supplementary information in the audit report.
  5. If external auditors conclude that the accounts should not be finalized in their current form, this must be clearly emphasized.
  6. External auditors must assess the implementation of recommendations given by external auditors for the previous financial year.

Article 17 Management Letter

  1. Auditors must, in accordance with primary and secondary legislation of the CBK, prepare the management letter for the financial institution, for the conclusions of the audit process. The management letter must include all conclusions to which the auditor has arrived regarding the activity or financial position of the financial institution, as well as information regarding the care performed in the audit mission.
  2. In the management letter, auditors must give a specific statement regarding the internal control system with the aim of giving specific assurance on, and for the purpose of disclosure of material issues in the internal control structure. The specific statement must also include the function of internal audit.

7 of 9 Article 18 Obligation of Confidentiality

  1. External auditors and collaborators of external auditors have the duty to maintain confidentiality regarding any knowledge obtained during their activities, unless otherwise provided by law, or in cases where the information concerns a person whose duty does not require professional secrecy. External auditors and collaborators of external auditors cannot use that information for their own activities, for service, or employment of others.
  2. External auditors, regardless of the limitations presented in paragraph 1 of this article or the confidentiality agreement, may give explanations and present documentation regarding the audit performed, in cases where required by the legislation in force in Kosovo.
  3. The obligation of confidentiality continues to apply even after the duty has ended.

Article 19 Obligation to Inform

  1. The external auditor within the framework of his duty must provide information regarding issues concerning the NBFI, which the external auditor has learned during the time of the audit, when this is required by the general meeting of shareholders, the board of directors, senior management, the audit committee, or by a person authorized by the CBK.
  2. The external auditor must immediately notify the audit committee or the board of directors of the NBFI and the CBK, in cases where during the performance of the audit of the NBFI he notices: 2.1. A serious conflict within the decision-making bodies or the unexpected departure of a manager who had a key function; 2.2. Information indicating that there may be material violations of laws in force and regulations, instructions, and orders of the CBK, as well as the statute and sub-legislative acts of the NBFI; or 2.3. The intention of the internal auditor to resign or his departure; and negative or material changes that pose a risk to the work of the NBFI and the possibility that the risk will continue.
  3. The external auditor must, based on the request of the CBK, provide the CBK with any information during the entire audit mission, regarding his performance in audit services in an NBFI.
  4. The CBK maintains regular contacts and may initiate meetings with the external auditor of the NBFI at any time, when such contacts are considered necessary.

8 of 9 Article 20 Quality Control and Its Review

  1. External auditors approved by the CBK must apply adequate quality control policies and procedures which address all significant aspects of the audit.
  2. External auditors approved by the CBK will be subject to a review of the assurance provision quality, by the CBK.
  3. The quality review of an approved external auditor must include a specific audit task and must be performed by the CBK or by a reviewer designated by the CBK.
  4. During the quality review, the CBK or the reviewer must determine to what extent the external auditor has applied adequate rules and procedures of quality control in all significant aspects of the audit. During the review, the CBK or the reviewer must have access to all documents of the external auditor's working papers, to the extent necessary to perform an adequate quality control.
  5. Taking into account the obligations for confidentiality, Article 18 of this regulation applies equally to the CBK and to the reviewer.
  6. The summarized results of the review of the assurance provision quality will be published by the CBK, including recommendations, implementation of recommendations, and if any case occurs, sanctions.

Article 21 Dismissal and Resignation

  1. External auditors of NBFIs may be dismissed if there are sufficient grounds for this. Differences in opinions on accounting treatments or audit procedures cannot be considered as sufficient grounds for dismissal.
  2. Both the audited NBFIs and the external auditors must inform the CBK in case of dismissal or resignation and must provide sufficient explanations for the reasons for such a decision.

Article 22 Withdrawal of Approval The approval of the external auditor will be withdrawn if the good reputation of that audit firm is seriously compromised or if one of the requirements of this regulation is no longer met.

Article 23 Implementation, Improvement Measures, and Civil Penalties

  1. If external auditors of NBFIs violate the auditor's duties, defined by the relevant legal framework in force, the provisions of this regulation, as well as other relevant CBK regulations, the CBK may issue a written warning to the external auditor, a copy of which will be sent to the audited NBFI.

9 of 9 2. If the violations described in paragraph 1 of this article are repeated, the CBK has the right to: 2.1. Refuse approval of the external auditor to engage in the performance of the audit of financial institutions licensed by the CBK to operate in the Republic of Kosovo; the ban on approval of the external auditor may be up to three (3) years; 2.2. Request the removal or replacement of an auditor; 2.3. Directly appoint, remove, or replace an auditor; or 2.4. Request a re-audit according to Article 6 of this regulation.

Article 24 Repeal After the entry into force of this regulation, the Amended Rules on external audit and external auditors of financial institutions, approved on 18 February 2008, are repealed with respect to the external audit of NBFIs.

Article 25 Entry into Force This regulation enters into force 15 days after approval.

Flamur Mrasori Chairman of the Board of the Central Bank

Share