• Governance I Risk I Compliance Management

Five years ago, Rolls Royce, the UK’s luxury engine and carmaker, reached a settlement with UK, US and Brazil authorities to settle investigations into widespread corruption allegations. Rolls Royce agreed at the time to pay £671m in penalties.

A joint Guardian and BBC Panorama investigation identified at the time 12 countries in which Rolls-Royce hired commercial agents or advisors to help it land lucrative corrupt contracts: Brazil, India, China, Indonesia, South Africa, Angola, Iraq, Iran, Kazakhstan, Azerbaijan, Nigeria and Saudi Arabia.

Today (24 may) KPMG has been fined £3.4m (approx. $4.2m) by the Financial Reporting Council (FRC), the UK’s accounting regulator, for serious failings in its audit of Rolls-Royce’s 2010 accounts.

Anthony Sykes, KPMG’s Audit Engagement Partner, was additionally fined £112,500 for the same misconduct. Sykes was the Statutory Auditor of Rolls-Royce and signed the FY2010 Audit report on behalf of KPMG.

KPMG’s Failures in the Audit

It is worth noting that the list of misconduct allegations against KPMG and Big Four accountants is getting longer by the day. In the UK alone, and just this year, this is the fourth significant fine imposed on KPMG by the UK regulator. Other penalties this year involved KPMG’s audits of Conviviality, Revolution Bars and a fine for misleading regulators during an inspection of its audits of Carillion.

But what’s particularly concerning about this case is that the Financial Reporting Council found KPMG had failed to deal properly with indications of corruption at Rolls-Royce.

In particular, it found that KPMG was not complying with legal requirements concerning bribery payments made by Rolls Royce to agents in India.

These payments were part of the criminal investigation of Rolls-Royce by the UK’s Serious Fraud Office (SFO) in 2017, which resulted in the £497mn settlement with the SFO.

According to the regulator, allegations of bribery and malpractice were prominent at the time of the Rolls-Royce audit. Allegations of bribery and malpractice through intermediaries and “advisers” by large multi-national companies in the defence sector were a common scheme in the years leading up to 2010.

In particular, the UK regulator refers to an “unnamed FTSE 100 UK defence-sector company” that appointed a committee to review its compliance with anti-corruption legislation following malpractice allegations and UK and US investigations in 2007.

The Committee issued a report in April 2008. Its report noted that “The Company is not alone in having to focus on these issues”.

According to the regulator, KPMG and its auditing partner Sykes who also audited this “unnamed defence company”, were “well aware” of the report.

KPMG and the partner were also aware that in March 2010, the defence company paid a fine of £0.5 million in the UK and a fine of $400 million in the US to settle criminal investigations resulting from the use of intermediaries.

I don’t know why the UK is suddenly developing an appetite for keeping certain companies “unnamed”, but the notable enforcement action I can think of against a prominent UK Defense company in 2010 is the US enforcement action against BAE Systems. The UK Defense company pleaded guilty to conspiring to defraud the United States by impairing and impeding its lawful functions, making false statements about its Foreign Corrupt Practices Act (FCPA) compliance program and violating the Arms Export Control Act (AECA) and International Traffic in Arms Regulations (ITAR).

According to the UK regulator, KPMG was also well aware the “unnamed defence company” had paid large fines to settle US and UK criminal investigations into the use of intermediaries and “advisers”, a common structure for bribery payments.

With regards to the Rolls Royce audit and the payments to agents in India, the Adverse Findings against each of KPMG and its auditing partner were determined by the regulator to be failures to address matters identified in the audit, which indicated the risk of non-compliance by the Company with laws and regulations.

The respondents accepted the Adverse Findings amounted to serious failures to exercise professional scepticismobtain sufficient, appropriate audit evidence and document this on the audit file, and achieve sufficient Engagement Quality Control.

Claudia Mortimore, Deputy Executive Counsel to the FRC, said:

It is essential that auditors are alive to the risks of companies’ non-compliance with laws and regulations and conduct work in this area with care and sufficient professional scepticism. This is particularly so when the audited entity is in a sector where such risks are prevalent. The package of financial and non-financial sanctions imposed in this case should help to improve the quality of future audits.

The Penalties

The watchdog did not find that Rolls-Royce’s 2010 accounts were materially misstated because of the audit failures. It also investigated the audits from 2011 to 2013 but did not find any wrongdoing.

Because the breaches were considered serious in this case, the FRC’s Executive Counsel decided to initially impose financial sanctions of £4.5 million and £150,000 on KPMG and Sykes, respectively.

However, considering aggravating and mitigating factors, the sanctions were discounted for admissions and early disposal by 25% to £3,375,000 and £112,500, respectively.

A severe reprimand was issued concerning both.

KPMG will also pay the Executive Counsel’s investigation costs (£726,000).


Rolls Royce Case Study & Anti-bribery Anti-corruption Policies eBook

Widespread Corruption at Rolls Royce: the Case Study

This report analyses the performance of Rolls-Royce in terms of anti-bribery and anti-corruption policies within the scope of the ISO 37001 provisions. This organisation has been involved in several large-scale investigations in recent years, which makes it especially interesting to explore how it has changed its policies in this sphere to address the identified deficiencies. The findings indicate that Rolls-Royce has addressed these problems by cooperating with a globally recognised external auditor, revising its corporate policies, and implementing additional employee training. In terms of risks, the scope of company operations presumes high degrees of risk since it operates in 150 countries and experiences severe rivalry in the defence contracts industry, the energy sector, and the aerospace industry.

The presently utilised measures imply an efficient system of internal reporting and the supervision of financial processes performed by several departments, which provides for the right level of transparency. However, the effectiveness of the REACH monitoring programme may depend on the availability of corporate resources since the legal team, the governance team, and the export team have to supervise all potentially fraudulent operations in multiple countries. This suggests the need to prioritise the contexts characterised by high corruption levels.

Download the case study that includes a significant guide to anti-corruption and anti-bribery policies for your organisation.


Business objectives can only be achieved if risks are managed effectively – implementing Anti-bribery & Anti-corruption policies help any business maximise returns while managing reputation.

There are some critical questions being posed to business leaders today: Has your organisation implemented reasonable and proportionate measures to prevent bribery? How will you know if your anti-bribery and anti-corruption controls are adequate? Are you aware of the latest best practices in preventing corruption? In short, are you ready for ISO 37001?


Download your FREE "Rolls-Royce Case Study & ABAC Policies: Lessons Learned" ebook here!

About ABAC®

Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence is an independent certification body that provides education and certification services for individuals and organisations on a wide range of disciplines and ISO standards, including:

ABAC® offers a complete suite of solutions designed to help organisations mitigate the internal and external risks associated with operating in multi-jurisdiction and multi-cultural environments while assisting in developing frameworks for strategic compliance programs.

ABAC® is accredited by the United Kingdom Accreditation Service (UKAS CB number: 10613) against ISO/IEC 17021-1:2015 Conformity assessment — Requirements for bodies providing audit and certification of the scheme’s management systems of ISO 37001:2016 Anti-Bribery Management Systems (ABMS). This makes ABAC® Certification the leading accreditated certification body specialising in global anti-bribery and anti-corruption, risk and compliance management system standards. ABAC® experts audit any existing compliance and anti-bribery anti-corruption management systems to assess effectiveness and vulnerabilities while ensuring your organisation complies with Internal Standards, FCPA, UK Bribery Act, Anti-Money Laundering regulations, and all other global, regional and local regulations while maintaining a competitive edge in the world marketplace.

If you seek to validate or expand your existing compliance frameworks to maintain a competitive edge in the world marketplace, ABAC® can help you. Our experts audit your existing compliance and anti-bribery anti-corruption management systems to assess effectiveness and vulnerabilities while ensuring your organisation complies with Internal Standards, FCPA rules, UK Bribery Act laws, Anti-Money Laundering regulations, and all other global, regional and local regulations.