Guidance on the SME banking audit report template
Updated 31 October 2023
© Crown copyright 2023
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/sme-banking-audit-reporting-template-and-guidance/guidance-on-the-sme-banking-audit-report-template
The CMA includes below some general guidance and clarification points which banks could find useful when completing the Audit Report template. This is for guidance purposes only.
Banks should refer to the 2014 Agreement (and Directions if applicable) and previous CMA SME Banking Reports on Compliance for more information:
SME Banking 2002 behavioural undertakings report on compliance
- audit reviews should continue to be conducted as agreed or required in the 2014 Agreement, and subject to any Directions issued
- banks should submit audit reports in the format of the finalised template
- the template aims to provide a standardised way that the banks can add the necessary information in the boxes provided
- should your bank find duplication in the information provided in the Sections, please mark up on your submission and the CMA will review and consider revisions for the template Sections for the next reporting round
- the template will be reviewed on an annual basis by the CMA to ensure it continues to be effective
- some banks have introductions and summaries at the beginning of their audit reports. The CMA would like banks to summarise upfront in the Audit Report template their level of compliance
- the CMA has broken down the information requested in the template to make it more specific and focussed on the information the CMA needs to monitor and assess the audit reporting information from banks. This should reduce the follow up questions with banks subsequent to submission of audit reports
- the template aims to provide a standardised way that the banks can add the necessary information in the boxes provided. Where banks have in previous reporting rounds reported on the areas, the CMA has included Sections on the template so that the CMA facilitates for the types of information previously provided
Section A: Bank Information (bank name and relevant contacts)
Section B: Compliance Statement by the bank’s internal audit (summaries on bank’s overall levels of compliance)
- this audit report template will be used as part of the publication of the CMA’s report on compliance, and the CMA would like banks to summarise their compliance with the undertakings, 2014 Agreement and, where relevant, any Directions issued
Section C: Policies, practices and procedures (1(a)(i) of the 2014 Agreement)
Section D: Policies, practices and procedures relating to internal communications on compliance (1(a)(i) of the 2014 Agreement)
Section E: Policies, practices and procedures relating to external communications on compliance (1(a)(i) of the 2014 Agreement)
Section F: Staff awareness training (1(a)(ii) of the 2014 Agreement)
- banks are asked to provide information on relevant staff who are provided training and which business areas or Departments they work in. Banks can also give us information on any other staff who are included in training but are not relevant staff
- the CMA wants to know if any other staff that are not relevant staff also received the training and test results, if applicable
- the CMA expects to receive quantitative data on the results of training, for example, the percentage of relevant staff who received training and completed training. This can enable meaningful comparisons between levels of awareness of bank’s staff
- interviewing staff is one way that banks can test staff awareness levels. The CMA would like banks to provide information on the methods used to test and demonstrate staff awareness levels
Section G: Incidences of non-compliance (1(a)(iii) of the 2014 Agreement)
Section H: Other evidence – reviews of loan applications, files and facility letters (1(a)(iii) of the 2014 Agreement)
Section I: Other evidence – review of customer complaints or appeals procedures (1(a)(iii) of the 2014 Agreement).
In I3, ‘appeals process’ means either complaint appeals or lending appeals. Some banks review these appeals and have provided findings as part of evidencing compliance with the bundling undertakings.
Section J: Other evidence – internal complaints escalation processes (1(a)(iii) of the 2014 Agreement)
Section K: Other evidence – review of any new products (1(a)(iii) of the 2014 Agreement)
Section L: Summary and evidence of any changes or improvements, including best practices, made by the bank during the reporting period (1(a)(iii) of the 2014 Agreement)
- as this template will be used as part of the publication process, the CMA would like banks to summarise any self-initiated changes/improvements and best practice
Section M: Additional evidence demonstrating compliance with Clause 17 of the Undertakings, 2014 Agreement and Directions (1(a)(iii) of the 2014 Agreement)
- as this template will be used as part of the publication process, the CMA would like banks to summarise any additional evidence that has not been covered by the other sections
Section N: Banks subject to Directions
- Banks subject to Directions should fill in Section N to provide details on the level of compliance with each part of the Directions issued to it