Second KPMG conduct matter outside of ASIC's regulatory scope, says chair

Speaking before a parliamentary joint committee last week, ASIC said that one of the more recent conduct matters reported by KPMG, concerning an inappropriate remark about sharing client information, does not fall within its regulatory oversight.

In a letter to the Parliamentary Joint Committee on Corporations and Financial Services, KPMG said that after identifying a matter involving the inappropriate internal sharing of client documents, it also reported a second matter concerning an inappropriate remark in a team setting about the sharing of client information.

KPMG said that it was continuing to investigate this second matter and that disciplinary action had been taken.

Incoming ASIC chair and accountable authority, Sarah Court, told the committee that ASIC had sufficient information to understand that the person involved in the conduct was not a registered company auditor and therefore did not fall within ASIC's regulatory oversight.

"But, if we get further information that suggests that there is something that connects to the provisions that we administer that can be considered further," Court said.

Court noted that information about the conduct matters at KPMG was emerging rapidly through the government's inquiry and more broadly.

"We'll obviously be taking away from this committee both the correspondence to the committee, the correspondence to us that we've received, and the further broader context, and be working out the various ways in which ASIC may respond," she said.

ASIC is already investigating KPMG conduct matters that were first raised by a whistleblower in relation to client documents being inappropriately shared.

Court noted that KPMG had informed ASIC that it was conducting its own investigation and had decided to sanction four individuals.

"Three of those individuals are registered company auditors and ASIC does have jurisdiction in relation to registered company auditors so we have now commenced our own investigation into those allegations about the conduct of those registered company auditors."

ASIC, she said, was hopeful that KPMG would also disclose to the corporate regulator the findings from its own investigation to support the work ASIC is undertaking.

"Once we've concluded our work, we will make decisions as to whether to impose any formal sanctions or undertake enforcement activity in relation to those three registered company auditors."

KPMG revealed in its letter to the inquiry that its ongoing investigation had uncovered another incident in which internal documents containing client information were inappropriately shared.

"KPMG has reported this new finding to impacted clients, regulators, the Committee and, in this letter, is reporting to ASIC," the firm said.

"Should new findings emerge, this information will be shared with clients, the Committee, regulators and ASIC. We commit to learning from this process to ensure we create an environment where it is safe and easy to surface concerns that will be acted upon."