Regulatory developments
Get up to speed with key regulatory changes in Canada and around the world with our annual update. Covering topics from environmental, social, and governance standards to new regulatory developments and audit industry inspection findings, our expert insights help you understand and navigate these developments with confidence.
Environmental, social and governance (ESG)
Canadian Audit Quality Roundtable
CPAB big four firm inspection findings
US regulatory developments
Following stakeholder feedback that urged greater alignment with future standards issued by the International Sustainability Standards Board (ISSB) and SEC disclosure rules, the Proposed National Instrument 51-107 Disclosure of Climate-related Matters, published in October 2021, has not yet been issued. The Canadian Securities Administrators (CSA) staff intend to conduct further consultations to adopt disclosure standards based on ISSB Standards, with modifications as considered necessary and appropriate in the Canadian context. At the same time the International Organization of Securities Commissions (IOSCO), whose members have been reported to regulate over 95% of the world’s financial markets, endorsed the ISSB’s disclosure standards. A further market update from the CSA is expected in the coming months.
In April 2023, the CSA announced that it was seeking public comment on proposed amendments to corporate governance disclosure rules and policy relating to the director nomination process, board renewal and diversity. The proposed amendments would require disclosure on aspects of diversity beyond the representation of women, while retaining the current disclosure requirements with respect to women. Following an extension to the comment period as requested by stakeholders, this closed in September 2023.
In June 2023, the Canadian Sustainability Standards Board (CSSB) became operational. The CSSB will work with the ISSB to support the uptake of ISSB standards in Canada, highlight key issues for the Canadian context, and facilitate interoperability between ISSB standards and any forthcoming CSSB standards. Several member appointments have already been made to the CSSB, with the Board having held its inaugural meeting in September 2023. Additional member appointments are expected in the near future, focusing on climate change expertise from the user community.
The Office of the Superintendent of Financial Institutions (OSFI) published Final Guideline B-15, Climate Risk Management. Guideline B-15 sets out expectations for the sound management of climate-related risks for federally regulated financial institutions (FRFIs). The Guideline is to be read, and implemented, from a risk-based perspective that allows FRFIs to compete effectively while managing their climate-related risks prudently. Guideline B-15 will be effective for fiscal year-end 2024 for Domestic Systemically Important Banks and Internationally Active Insurance Groups headquartered in Canada, and fiscal year-end 2025 for all other in-scope FRFIs.
On June 26, 2023, the ISSB issued its first two IFRS Sustainability Disclosure Standards :
IFRS S1: General Requirements for Disclosure of Sustainability-related Financial Information
IFRS S2: Climate-related Disclosures
These standards require adoption by authorities in the local jurisdictions before compliance would be mandatory in that jurisdiction, similar to other IFRS. Several jurisdictions including the United Kingdom and Australia, have indicated they expect to require the adoption of the standards. The type of entity to which the standards would apply is left to the discretion of the authorities in that particular jurisdiction. The standards are effective for annual reporting periods beginning on or after January 1, 2024, although jurisdictions can choose their own effective dates.
The ISSB standards require disclosure of Scope 1 and Scope 2 greenhouse gas (GHG) emissions and generally require an entity to use the GHG Protocol to calculate such emissions, unless a jurisdictional authority or relevant listing exchange requires otherwise. The standards also require entities to separately disclose aggregate Scope 1 and Scope 2 emissions in metric tons of CO2e, but entities aren’t required to report emissions for each of the seven GHGs. An entity is to report its Scope 2 emissions using a location-based method and provide relevant information about contractual instruments related to the source of those emissions.
The ISSB standards also require entities to disclose Scope 3 emissions, including the categories of upstream/downstream activities, subject to a general materiality assessment based on the definition included in the standards (which aligns with IFRS Accounting Standards). Entities participating in commercial banking, asset managers and insurance entities are also required to report on financed emissions. There is certain relief available to address the practical challenges of disclosing Scope 3 emissions.
For climate resilience, the ISSB standards require an entity to use climate-related scenario analysis, considering the entity’s exposure to climate-related risks and opportunities and the skills, resources and capabilities available to it. An entity is required to disclose quantitative and qualitative information about the results of the analysis and how it was conducted. The ISSB standards also require an entity to disclose, as part of its sustainability-related disclosures, the effects of climate-related risks and opportunities on its financial position, financial performance and cash flows for the reporting period, and the anticipated effects over the short, medium and long term, including quantitative information, unless it is unable to do so.
The above disclosures are required to be included as part of an entity’s general purpose financial report (not required in the audited financial statements) or an entity can cross-reference to disclosures that meet the requirements in another report, subject to certain specifications. For further information on the scope, materiality and requirements of the ISSB standards, refer to IFRS Sustainability Developments (Issue 5).
We note that the ISSB is currently consulting on which other topics should be included in its standard-setting agenda.
Canadian entities should consider whether they will fall within the scope of climate disclosure requirements that have been finalized by the European Union (EU) and that will begin to take effect in the next several years. The EU Corporate Sustainability Reporting Directive (CSRD) includes a mandate to disclose sustainability information that applies to a wide range of entities operating in the EU, including subsidiaries of non-EU entities and non-EU subsidiaries of EU holding companies. Refer to the EY Technical Line for additional information on the CSRD.
US developments are covered in the SEC regulatory agenda section below.
Jump ahead
In October 2023, the Canadian Public Accountability Board (CPAB), the Office of the Superintendent of Financial Institutions (OSFI) and the Canadian Securities Administrators (CSA) co-hosted the Canadian Audit Quality Roundtable which brought together Canadian capital markets stakeholders, including regulators, standard-setters and audit firms to share perspectives on recent developments in audit quality in Canada.
The topics discussed included:
Risks impacting external audits
The role of governance and culture within an audit firm, particularly with regards to audit quality
Observations on the implementation of the new Canadian auditing standard on quality management systems
Fraud detection and prevention
Developments in sustainability and climate disclosure reporting standards and practices
Risks related to emerging technologies, including artificial intelligence
IFRS 17 Insurance Contracts implementation
It was noted that a continuing shift in the risk environment may lead to increased risk in credit, liquidity and going concern issues. Sufficient consideration of the impact of these stressors is an important component of audit quality. Roundtable participants reaffirmed their shared commitment to fostering a robust Canadian financial system by maintaining open and proactive engagement, acting on issues early and in a coordinated manner.
CPAB issued its 2023 Interim Inspections Report (the “CPAB report”) in October 2023 and noted that to date it has inspected 53 of 63 files across Canada’s four largest audit firms and identified significant findings in seven of those files. This compares to eight significant inspection findings across 67 inspections in 2022. One firm that did not meet the target of no more than 10 per cent of files with significant findings in 2022 had four of the seven files with significant findings to date and will not meet the target in 2023.
The common themes identified in CPAB’s report relate to:
The auditor’s identification and assessment of the risks of material misstatement in the financial statements.
Significant inspection findings in audits of companies that use third-party service organizations to perform significant aspects of business activities.
The adequacy of audit procedures when cycle counts are performed on perpetual inventory systems.
The quality of audit documentation and the effectiveness of the engagement team’s supervision and review.
CPAB’s report also highlights questions that audit committees may want to ask their auditors, including related to risk assessment, climate, fraud and use of artificial intelligence in audits.
Market participants should continue to expect regulatory changes in 2024 as the SEC works through its rulemaking agenda. As has been widely observed, the SEC under Chair Gary Gensler has issued more rule proposals than other SEC chairs at this point during their tenures. The SEC is now in the process of finalizing some rules as well as planning new proposals. Chair Gensler also remains focused on a vigorous enforcement program. The Public Company Accounting Oversight Board (PCAOB) also has a number of standard setting initiatives planned for 2024.
In 2023, the SEC issued a number of final rules that impact public companies. These include final rules on cybersecurity risk management, strategy, governance and incident governance; share repurchase disclosure modernization; and recovery of erroneously awarded compensation (clawbacks). Still pending is action on climate-related and several other ESG disclosure matters (e.g., board diversity, human capital) as reflected on the SEC’s rulemaking agenda, which is updated semi-annually.
Climate-related disclosures: One of the major areas of expected activity in 2024 relates to climate-related disclosures. The SEC continues to consider the public’s feedback on its proposal to enhance and standardize disclosures that public companies make about climate-related risks, their climate-related targets and goals, their greenhouse gas (GHG) emissions and how the board of directors and management oversee climate-related risks. The proposal would also require registrants to quantify the effects of certain climate-related events and transition activities in their audited financial statements. There is no clear indication of when a final rule may be issued, although Chair Gensler has indicated that it remains high on the SEC’s agenda.
In the meantime, US companies should also consider whether they will fall within the scope of climate disclosure requirements that have been finalized by California and the European Union (EU) and that will begin to take effect in the next several years.
California passed several bills (the Climate Corporate Data Accountability Act and the Greenhouse gases: climate-related financial risk law) that will require both public and private entities doing business in the state that exceed certain revenue thresholds to disclose greenhouse gas emissions, information recommended by the Task Force on Climate-Related Financial Disclosures and measures adopted to reduce and adapt to identified climate related risks. Refer to EY’s Technical Line for additional information on the California climate-related reporting developments. Also, in consideration of Foreign Private Issuers (FPIs) and Multijurisdictional Disclosure System (MJDS) filers, the SEC had included questions in their request for comment on whether FPIs should be able to use ISSB standards and whether MJDS filers could apply local CSA requirements – albeit the CSA staff now intend to conduct further consultations to adopt disclosure standards based on ISSB Standards with certain localizations. While these questions have not been resolved, their inclusion in the request for comment was a positive start in efforts to increase jurisdictional interoperability.
Cybersecurity disclosure rule: The SEC issued final rules requiring registrants to disclose information about material cybersecurity incidents on Form 8-K within four business days of determining that an incident is material, with a delay only when the US Attorney General concludes that disclosure would pose a substantial risk to national security or public safety. The rules also require disclosures about cybersecurity risk management, strategy and governance in annual reports (e.g., Form 10-K, Form 20-F). The rules apply to nearly all registrants that are required to file periodic reports with the SEC, including smaller reporting companies (SRCs) and FPIs, except for Canadian FPIs under the MJDS. All issuers other than SRCs must begin to report cybersecurity incidents as of December 18, 2023 and provide the other information in 2023 annual reports. Refer to EY’s To the Point and Technical Line for additional information.
“Clawback” listing standards: The SEC approved listing standards for the New York Stock Exchange (NYSE) and Nasdaq that require listed companies to recover or “claw back” incentive-based compensation erroneously received by current and former executive officers in the event of a required accounting restatement. The standards became effective on October 2, 2023, and registrants listed on those exchanges are required to have adopted compliant clawback policies by December 1, 2023. The NYSE and Nasdaq were required to establish these listing standards under the SEC’s clawback rules adopted in October 2022. Refer to EY’s To the Point for further information.
The SEC Division of Enforcement also continues to be active. SEC Chair Gensler has discussed five themes that capture his priorities for the enforcement program, including holding accountable both individuals and entities for securities law violations as well as prioritizing high-impact cases. This approach has meant that the SEC regularly imposes high fines and mandates corrective actions in its enforcement actions. Gensler also has focused on accountability for gatekeepers, including lawyers, auditors, underwriters and others, on whom he says trust in the markets depends. Division of Enforcement Director Gurbir Grewal also has highlighted the SEC’s expectations for compliance personnel, including that they will create a culture of proactive compliance.
Audit committees should consider how their companies are preparing for regulatory changes, which could impact reporting requirements, disclosures, and policies and procedures.
Key actions for the audit committee may include:
Evaluate the implications arising from SEC rulemaking related to cybersecurity risk and whether the company has adequate disclosure controls and procedures.
Evaluate the potential impact of the SEC’s proposed rule on climate-related disclosures, as well as whether the company falls under the scope of the EU CSRD and the California climate bills. This includes whether the company has adequate disclosure controls and procedures over the company’s existing climate-related disclosures (including any potential need for third-party assurance).
Continue to monitor how the company is addressing existing requirements for disclosures about human capital resources as well as how those disclosures may evolve. Additionally, inquire as to ways management can enhance data and information gathering practices to further enhance the overall quality of these disclosures.
In 2023, the PCAOB significantly expanded its standard setting agenda and is expected to continue advancing on it through 2024. The PCAOB currently plans to propose or finalize 10 standards and rules in 2024. Audit committees, external auditors and SEC registrants should keep abreast of related developments and the impact they can have on the execution of audits and overall audit quality.
Planned standard setting for 2024 includes:
Finalizing a new quality control standard
Finalizing a new standard on non-compliance with laws and regulations (NOCLAR)
Proposing a new standard on firm and engagement performance metrics
