Financial Services (Annual Audits of Banks) Directive, 2018

GOVERNMENT NOTICE NO. 20

FINANCIAL SERVICES ACT  
(CAP. 44:05)  

FINANCIAL SERVICES (ANNUAL AUDITS OF BANKS) DIRECTIVE, 2018  
ARRANGEMENT OF PARAGRAPHS  

PARAGRAPH  
PART I—PRELIMINARY  
1. Citation  
2. Interpretation  

PART II—OBJECTIVES  
3. Objectives  

PART III—REQUIREMENTS ON ANNUAL AUDITS  
4. Responsibilities of the Board  
5. Appointment of external auditors  
6. Approval process  
7. Evaluation process  
8. Board Audit Committee  
9. Functions of the Board Audit Committee  
10. Submission of audit report and management letter  
11. Communication between Registrar and external auditors  

PART IV—ENFORCEMENT  
12. Monetary penalties  
13. Administrative penalties  
14. Revocation  

IN EXERCISE of the powers conferred by section 34 (2) (I) of the Financial Services Act,  
I, DR. DALITSO KABAMBE, Registrar of Financial Institutions, make the following Directive—  

PART I—PRELIMINARY  
Citation  
1. This Directive may be cited as the Financial Services (Annual Audits of Banks) Directive, 2018.  

---

27th April, 2018  
275  

Interpretation  
Cap. 44:01  
2. In this Directive, unless the context otherwise requires—  
“banking business” has the meaning ascribed to that term in the Banking Act;  
“Board of Directors” means the highest body of authority in a bank responsible for strategically guiding the bank, effectively monitoring management and properly accounting to shareholders;  
“external auditor” means registered audit firm whose partners are registered by the Malawi Accountants Board and are approved by the Registrar;  
“home country supervisor” means the competent authority that supervises banking activities in the country where the head office of a bank’s foreign parent bank is located; and  
“International Financial Reporting Standards” means standards and interpretations issued by the International Accounting Standards Board.  

PART II—OBJECTIVES  
Objectives  
3. The objectives of this Directive are to—  
(a) promote discipline in the management of banks by enhancing modern corporate governance principles and risk management systems;  
(b) ensure that external auditors of banks discharge their functions more effectively; and  
(c) ensure that every bank maintains a level of transparency adequate to enable depositors and the general public to make informed decisions.  

PART III—REQUIREMENTS ON ANNUAL AUDITS  
Responsibilities of the Board  
Cap. 44:01  
4. The Board of Directors shall—  
(a) ensure that the shareholders of a bank appoint an external auditor annually in accordance with the requirements of the Act and this Directive;  
(b) advise the external auditor to use this Directive in conjunction with provisions contained in sections 57, 58 and 59 of the Act and section 17 of the Banking Act;  
(c) ensure that the financial statements of a bank are prepared in accordance with International Financial Reporting Standards;  
(d) ensure change of the external auditor every five years; and  
(e) ensure that where there is a change in the external auditor before the expiration of the five years, the Registrar is informed of the change within thirty days after the change takes effect.  

Appointment of external auditors  
5. A bank shall appoint an external auditor to fulfill the requirements of section 56 of the Act annually during the annual general meeting of the bank.  

---

27th April, 2018  
276  

Approval process  
6.—(1) The appointment of an external auditor referred to in paragraph 5 shall not take effect unless the bank obtains written approval from the Registrar in accordance with section 56 (1) of the Act.  
(2) An application for approval of an external auditor to the Registrar shall contain the following information—  
(a) name of the external auditor;  
(b) physical and postal address of the local office of the external auditor;  
(c) names, qualifications and experience of each partner;  
(d) details of the partner-in-charge of the audit of the bank;  
(e) name, qualifications and experience of the manager to be engaged in the audit of the bank;  
(f) details of the experience of the external auditor in other financial institutions or banks;  
(g) quality review report of the previous audit by an independent review team;  
(h) details of any existing business relationship between the bank and the partner-in-charge of the audit and between the bank and the audit firm;  
(i) confirmation that neither the external auditor nor the partners or staff involved in the audit are holding past due or non-performing loans in the bank;  
(j) copy of practicing certificates of each of the partners in the audit firm; and  
(k) any other information considered by the bank as necessary in support of the application.  

Evaluation process  
7.—(1) In assessing the application for approval of an external auditor, the Registrar shall among other things be satisfied that—  
(a) the external auditor is licensed or registered by an appropriate body or authority in Malawi;  
(b) the partners and lead audit manager have relevant professional experience and competence in banking audit;  
(c) the external auditor or its partners do not have any business association with shareholders or directors of the bank;  
(d) if the external auditor, its partners or staff have been subject to disciplinary action by any professional body, written clearance has been obtained from that body;  
(e) there has been no element of misconduct in the performance of the duties of the external auditor in other entities, banking or non-banking;  
(f) the external auditor has arrangements to source personnel to audit specialized areas of the operations of the bank including Anti-Money Laundering and Combating Financing of Terrorism,  

---

27th April, 2018  
277  

Information and Communication Technology (ICT) audit, e-banking, Basel II; and  
(g) the partners, lead audit manager and supervisor are members of the Institute of Chartered Accountants in Malawi (ICAM).  
(2) The Registrar may verify any information submitted by the bank or seek additional information on the external auditor before granting approval.  
Board Audit Committee  
8.—(1) A bank shall have a Board Audit Committee consisting of at least three (3) members appointed by the board of directors.  
(2) Membership to the Board Audit Committee shall be restricted to non-executive directors with knowledge in accounting, audit, finance, economics, law, ICT or risk management.  
(3) The chairperson of the board of directors and senior management officials shall not be members of the Board Audit Committee.  
(4) A member of the Board Audit Committee shall not serve as a member of another committee of the Board.  
Functions of the Board Audit Committee  
9. The functions of the Board Audit Committee shall include—  
(a) establishing and ensuring compliance with accounting standards and internal controls of the bank;  
(b) assisting the board of directors in its evaluation of the adequacy and efficiency of the internal control systems, accounting practices, information systems, and auditing processes of the bank;  
(c) facilitating and promoting communication regarding the bank’s internal control systems, accounting practices, information systems, auditing processes, risk management, or any other related matters between the board of directors, senior management officials, internal auditor and external auditors;  
(d) approving the appointment and dismissal of internal auditors;  
(e) recommending appointment and dismissal of external auditors;  
(f) providing oversight of the internal and external auditors and taking measures to enhance their independence by ensuring among other things that the auditors report directly to the board of directors or to the Board Audit Committee;  
(g) reviewing and approving the internal audit plans, scope and frequency;  
(h) receiving and reviewing internal and external audit reports including management letters;  
(i) ensuring that senior management officials take appropriate and timely action to correct weaknesses in internal control, non-compliance with policies, laws, regulations and directions, and other problems disclosed by both external and internal auditors;  
(j) introducing necessary measures to enhance the credibility and objectivity of financial statements and reports of the bank; and  

---

27th April, 2018  
278  

(k) delivering opinions on any matters submitted to it by the board of directors or that it wishes to address.  
Submission of audit report and financial statements and management letter  
10.—(1) A bank shall submit to the Registrar a copy of its audited financial statements and management letter within three (3) months after close of its financial year.  
(2) A bank shall publish audited financial statements containing at a minimum a copy of its statement of financial position, statement of comprehensive income, and cash flow statement in at least two (2) newspapers in line with the requirements of the Directive on Disclosure of Information by Banking Institutions.  
(3) A bank shall present a copy of its audited annual report to all shareholders at their annual general meeting.  
Communication between Registrar and external auditors  
11.—(1) The Registrar may hold meetings with external auditors of a bank to share notes and discuss specific issues pertaining to the bank.  
(2) The Registrar may appoint any external auditor to carry out specific assignments relating to a bank.  
(3) The bank shall bear the costs of the assignments in sub paragraph (2).  
(4) The Registrar shall communicate the reason for the assignments to the bank in advance.  
(5) The Registrar may hold tripartite meetings with the bank and external auditors.  
(6) The external auditor shall report any or all of the issues stipulated under section 17 (1) (f) of the Banking Act, to the Registrar.  
PART V—ENFORCEMENT  
Monetary penalties  
12.—(1) The Registrar shall impose the following monetary penalties for violations of this Directive—  
(a) for banks, up to fifty million Kwacha (K50, 000,000); and  
(b) for natural persons who are members of the Board of Directors or senior management, up to ten million Kwacha (K10,000,000).  
(2) With respect to banks, the Registrar shall—  
(a) debit the penalty in subparagraph (1) (a) from the main account of the bank maintained at the Reserve Bank of Malawi; and  
(b) notify the bank in writing prior to debiting the account.  
(3) With respect to natural persons or where the bank does not maintain an account with the Reserve Bank of Malawi, the natural person or the bank shall pay the penalty through a bank certified cheque or electronic transfer payable to the Reserve Bank of Malawi within ten working days after being notified by the Registrar.  
Administrative penalties  
13. In addition to monetary penalties in paragraph 12, the Registrar shall disqualify and withdraw his approval of an external auditor, if the  

---

27th April, 2018  
279  

external auditor fails to comply with the requirements of this Directive, financial services law or international standards of auditing.  
Revocation of G.N. 32/2012  
14. The Financial Services (Annual Audits for Banks) Directive, 2012 is hereby revoked.  
Made this 3rd day of April, 2018.  
D. KABAMBE, PhD  
Registrar of Financial Institutions  
(FILE NO. FIN/PFSPD/03/04)