Accreditation of External Auditors for Regulated Institutions

Home / Regulatory Digest & Market Consultation / Regulatory digest / Accreditation of External Auditors for Regulated Institutions



The recent financial crisis not only revealed weaknesses in risk management, control and governance processes at banks, but also highlighted the need to improve the quality of external audits of banks given the central role banks play in contributing to financial stability, and therefore the need for market confidence in the quality of external audits of banks' financial statements (BIS, March 2014).

Having reviewed the regulation Nº 14/2017 of 23/11/2017 on accreditation requirements and other conditions for external auditors for financial institutions; the amended regulation no 44/2022 of 02/06/2022 determining requirements and other conditions for accreditation of external auditors for regulated institutions aims at establishing requirements and other conditions for accrediting external auditors for regulated institutions.

Regulatory Key Highlights

The current regulation is applicable to all regulated institutions. This regulation under its chapter I classifies external auditors into three categories and these are:

Tier I audit Firm: Any audit firm with at least two active partners with Practicing Certificates issued by the Institute of Certified Public Accountants of Rwanda (ICPAR) accredited to audit all regulated institutions.

Tier II audit firm:Any audit firm with at least a sole partner with a practicing certificate issued by the Institute of certified public accountants of Rwanda (ICPAR) accredited to audit regulated institutions determined supervisory authority.

Tier III external Auditor:Any natural person accredited to audit regulated institutions determined by the supervisory authority.

Details on the regulated institutions audited by Tier II audit firm and Tier III External Auditor and criteria for accreditation of Tier III external Auditor can be found in the directive 4230/2022-00029[613] determining the regulated Institutions audited by Tier II audit firm and Tier III External Auditor and setting criteria for accreditation of Tier III external Auditor.  

Chapter II of this regulation provides details on application requirements where an applicant has to fill and submit prescribed form, pay applicable fees and send other required information depending on the category applied for. The specific requirements for Tier III are detailed in the directive 4230/2022 referred to above. This chapter also sets   conditions for assessing applicant (Article 5). In addition, it specifies that the supervisory authority can grant or reject the application providing the notification and grounds for rejection in case the application for accreditation is rejected.  In case the accreditation is granted, the accredited external auditor will be subject to annual accreditation fees as specified in the regulation (Article 9).

 Unlike the previous regulation, this regulation also provides the grounds for suspension or revocation of External Auditor’s accreditation (Article 10&11).

Chapter III includes requirements for regulated institutions to appoint external auditors from the list of external auditors published on the website of the supervisory authority, the failure of which the Supervisory authority shall appoint one on behalf of the regulated institution and all expenses incurred shall be paid by the audited regulated institution.

Another change brought by this regulation is the duration of appointment. As per the current regulation, the duration of appointed external auditor shall be three years (3) unless extended by the supervisory authority upon request by the audited financial institution. However, the granted extension cannot exceed two (2) consecutive fiscal years. This chapter also details the duties and responsibilities of the appointed external auditor and the obligations of the accredited external auditor to the supervisory authority.

Chapter IV on miscellaneous and final provisions provides among others disciplinary sanctions to accredited external auditor, cases of incompatibility with functions of accredited external auditor, the provision of non-audit services, the continuous monitoring of the quality of audit of a regulated institution, and the possibility that supervisory authority may organize meeting with accredited external auditor either alone or along with the audited regulated institution.

Other implications for concerned stakeholders

  •  If the external auditor fails to satisfy any of the requirements of this regulation, the supervisory authority may revoke or suspend the accreditation granted as it may apply other sanctions provided by this regulation in its Article 24.

  •  An accredited auditor for an insurer or pension scheme must have actuarial expertise to evaluate actuarial valuation (Article 22).      

  •  Accreditations issued under repealed regulation remain valid until their respective expiration dates.