The Ontario Securities Commission and Royal Bank of Canada recently reached a settlement under which the bank agreed to make a voluntary payment of $2,000,000 to the OSC.

Arising out of the same conduct, the bank agreed to pay $2,000,000 to Québec’s Autorité des Marchés Financiers, and $8,000,000 to the United States SEC (although receiving an offset credit relating to the $4 million paid to the Canadians). Here’s how the news release summarized the underlying issue:

• “For an extended time, RBC recorded the costs of its internally developed software projects in a manner that was inconsistent with applicable accounting standards and contrary to Ontario securities law,” said Jeff Kehoe, Director of Enforcement at the OSC. “The books and records requirements are a critical component of our compliance and enforcement work, and longstanding failures such as these undermine investor confidence in Ontario’s capital markets.”
• The OSC alleges that, from 2008 through 2020, RBC’s books and records and internal accounting controls and processes were deficient. It is alleged that RBC incorrectly recorded certain costs related to internally developed software projects as intangible assets when they should have been expensed. The OSC further alleges that RBC lacked the necessary controls and procedures to effectively identify and report impaired assets associated with the development of this software.
• The OSC does not allege, and has found no evidence of, dishonest or abusive conduct by RBC. Additionally, the investigation did not uncover evidence of harm or loss to investors, and there was no material impact on RBC’s financial statements. RBC has taken corrective actions designed to address the deficiencies and prevent the re-occurrence of similar events in the future.

The statement of allegations provides more detail:

• Under accounting rules, certain costs associated with creating such internally developed software (IDS) may be eligible for capitalization and recorded as intangible assets on RBC’s balance sheet rather than being recorded as expenses. However, such costs must meet certain criteria including that they relate to the development of assets which, among other things, are expected to generate future economic benefits.
• IDS includes all software applications developed using RBC staff and other internal resources as opposed to the purchase of an “off the shelf” application from a third-party vendor.
• Although there was no material impact on RBC’s financial statements, RBC’s books and records and internal accounting controls and processes relating to the capitalization of IDS were deficient because they failed to provide support for RBC’s capitalized IDS costs.
• For many years, RBC applied a practical expedient whereby it aggregated the costs of its smaller IDS projects into a single pool and capitalized a percentage of those costs by applying a single capitalization rate to all projects in the pool (the Pool Method). The Pool Method had a number of control and process deficiencies. From 2008 through 2020, RBC included projects in the pool that were ineligible for capitalization. Also, during this period, the Pool Method suffered from additional shortcomings:
  • (a) From 2008 to 2016, RBC estimated the capitalization rate to be 78% with limited supporting analysis; and
  • (b) Starting in 2017, RBC instituted a “rate study” to determine whether its continued use of the 78% capitalization rate remained appropriate. The rate studies were intended to be a key control in support of RBC’s IDS cost capitalization estimation process, but the studies were unreliable and did not provide sufficient support for the 78% capitalization rate due to a number of deficiencies with respect to key inputs into the study and the lack of documentation to support project costs.
• Finally, RBC also lacked effective impairment assessment and amortization controls and procedures, which resulted in RBC carrying capitalized IDS assets in the large programs (defined as projects estimated to cost more than $5 million; this was increased to more than $10 million in 2020) on its balance sheet at full book value when those assets should have been amortized over time commencing when they became available for use or written off, if they were impaired.

Like all such cases, it’s interesting reading, if only as a reference point for preparers and auditors in what not to do. It’s always impressive when regulators can reach into the financial statements and systems of the largest and most complex companies and identify a violation. On the other hand, it’s hard to be too excited about a books-and-records deficiency that didn’t result in a material misstatement of any kind. Further, if a user were listing all the elements of a bank’s financial statements in order of importance and decision-making relevance, capitalized software would have to come close to the bottom (the amount of capitalized IDS reached $1.3 billion by 2022, but that’s relative to total assets of $1.9 trillion). So far from undermining investor confidence, the focus on such a second-tier issue (however applause-worthy) might seem to convey that the overall state of Canadian financial reporting (at least insofar as regulators can grapple with it) can’t be too bad…

The opinions expressed are solely those of the author.