Serba Dinamik – Auditors and Reporting Irregularities

In May 2021, KPMG, who were the external auditors of Serba Dinamik, flagged audit issues in respect of sales, trade payables and material on site balances involving 11 parties, which accounted for total sales transactions of RM2.32 billion, a trade receivables balance of RM652 million, and materials on site balance of RM569 million. In order to verify the irregularities identified by KPMG, Serba Dinamiksubsequently appointed EY as a special independent reviewer.

However, the Securities Commission commenced an investigation against SerbaDinamik after receiving a “Section 320 of the Capital Markets and Services Act 2007 (“CMSA”) Notice” from KPMG. Bursa Malaysia subsequently suspended the trading of Serba Dinamik’s shares in October 2021.

The legal suits which Serba Dinamik launched in response to this saga raisedseveral interesting legal issues concerning the roles and responsibility of auditors. For context, these suits are:

(a) a suit against KPMG for alleged negligence and breach of contractual and statutory duties to Serba Dinamik (the “KPMG Suit”);

(b) a suit against Bursa Malaysia for allegedly acting in excess of its authority following Bursa’s directives concerning the requirement of a special independent review and that the findings of the said special independent review be disclosed (the “Bursa Malaysia Suit”); and

(c) a suit against EY seeking to nullify EY’s appointment and letter of engagement. In this suit, Serba Dinamik is alleging that EY was not registered as an auditor with the Audit Oversight Board and that EY misled the company into thinking it met the criteria to be appointed as the special independent reviewer. SerbaDinamik was also seeking to prevent EY from disclosing its findings from the special independent review (the “EY Suit”).

Issue 1 – Who is an Auditor or Special Auditor?

In the case of Serba Dinamik, one of the remedies or reliefs Serba Dinamik sought was a declaration that EY did not come under the definition of an “auditor” pursuant to the Main Market Listing Requirements (“MMLR”). For this, Chapter 1 of MMLR sets out that an auditor is one who is registered as a registered auditor or recognised under section 31O of the Securities Commission Malaysia Act 1993 (“SCM 1993”).Essentially, Section 31O of SCM 1993 provides for the application for registration or recognition as an auditor of a public interest entity or schedule fund. On the other hand, the grounds of refusal to register or to grant recognition is provided under section 31P of SCM 1993. One of these grounds being that the applicant is not or has ceased to be an auditor approved under section 8 of the Companies Act 1965 (“CA 1965”) or section 263 of the Companies Act 2016 (“CA 2016”).

Furthermore, pursuant to Section 264 CA 2016, an auditor can only act for a company if he is independent from the company he has been appointed by. In other words, the appointed or hired auditor cannot have any link or connection to the company he was appointed by or its members.

As for ‘special auditors’, it is worth discussing what a special auditor is and how theydiffer from ‘ordinary’ auditors per se. For this, Paragraph 2.24 of the MMLR stipulates that a special auditor is any auditor other than –

1. The statutory auditor of the listed issuer appointed pursuant to the Companies Act or in relation to a foreign corporation, pursuant to the relevant laws of the place of incorporation; or
2. In relation to a collective investment scheme or business trust, the auditor appointed to audit and report of the financial statements of the collective investment scheme or business trust annually.

Solely from the above statutory provisions, it appears that there is an additional requirement that the special auditor be an approved auditor who had not been part of the initial auditing of the company’s internal affairs or projects. This is in line with the role of special auditors who are expected to maintain a position of neutrality and without bias when presenting a full and accurate report of the accounts or financial status of a company.

In the event that the Court finds that EY does come under the Chapter 1 MMLR definition of an auditor, the Court would then have to consider the extent of an auditor’s duty or obligation in reporting their findings to the authorities, or in this case, particularly the Securities Commission of Malaysia.

Issue 2 - Are auditors obliged to report their findings to the Securities Commission of Malaysia?

In the face of the purported irregularities flagged by EY in the Serba Dinamik case, EY allegedly sent a “Factual Finding Update” to the SC without seeking SerbaDinamik’s consent. As a result, Serba Dinamik sought an order from the Court to restrain or reveal any findings, and / or reports about Serba Dinamik and its group of companies, whether in whole or in part, pending the determination of its appointment.

Pursuant to the reading of Section 354(1)(a) of the CMSA together with Section 276(3)(b) of the CMSA, auditors appear to have a duty to immediately report to the Securities Commission, irregularities highlighted in their Independent Auditors’ Report for the company’s Audited Financial Statements.

These irregularities pursuant to Section 276 of the CMSA (previously section 50 of Securities Industry Act 1983) are those concerning issues of fraud, theft and/or material breaches of fiduciary duties that came to the attention of an auditor in the course of an audit. Section 276(3)(b) of the CMSA further stipulates that those irregularities must be of such nature “that may have a material effect on the ability of the borrower to repay any amount under the debenture”.

In examining the scope of this duty, the Court of Appeal decision of CIMB Investment Bank Bhd v Ernst & Young & Another Appeal [2014] 6 CLJ 438,which considered Section 50 of the Securities Industry Act 1983 (which was replaced by Section 276(3) of the CMSA) held that an auditor does have a duty of care to report the fraud it detected immediately to the Securities Commission. A more recent High Court decision of Deloitte PLT v Securities Commission of Malaysia [2021] MLJU 1163 discussed at length the application and interpretation of Section 276 of the CMSA and found that the Applicant, as the auditor in charge, bore the responsibility of reporting the irregularities found in their report to the Securities Commission immediately.

However, the legal actions filed by Serba Dinamik now appear to challenge the above authorities and it would be interesting for observers to see how they make a case to support their position that the “auditor” or “special independent reviewer” would have to first obtain the company’s consent before submitting their findings to the SC, despite the present irregularities.

Issue 3 – Contracting out of a Statutory Duty or Right

Section 276 of the CMSA clearly provides that an auditor is required to immediately report irregularities to the SC. From the above authorities, it could be inferred that this should be done immediately upon the discovery of such irregularities. However, Serba Dinamik claims that prior consent ought to be obtained as EY had to first “fact check” and confirm the report with Serba Dinamik before the same may be disclosed to the regulatory bodies.

If the Court disagrees with Serba Dinamik and finds that consent of the company is not required before an auditor reports its findings of irregularities to the regulatory bodies, the next consideration would then be whether auditors can be bound by contractual obligations which bar them from immediately disclosing the report to the regulatory bodies?

Another angle in this legal saga is whether the contract between EY and SerbaDinamik would cause the statutory duties of EY to be waived. While the general position is that parties are allowed to contract out of statutory duties, the Court of Appeal case of Danaharta Hartanah Sdn Bhd v KSL Reality Sdn Bhd & BenuaKurnia Sdn Bhd & Neraca Prisma Sdn Bhd (Pencelah) [2008] MLJU 460 found that there are exceptions to this rule:

“The other issue which arises for the determination of this court in relation to section 72 of the Danaharta Act is whether the parties to the SPA could contract out of or wave the provisions thereunder…The answer to the question depends on the answer to the question whether one can contract out of a statutory provision. As a general rule, any person can enter into a binding contract to waive benefits conferred on him by an Act of Parliament, or as it is said, can contract himself out of the Act, unless it can be shown that it would be contrary to public policy to allow such an agreement…”

In deliberating on the said issue, the Court of Appeal considered the Federal Court case of Kimlin Housing Development Sdn Bhd v Bank Bumiputra [1997] 2 MLJ 805 where it was held:

“…Whether a statutory right is waivable depends on the overall purpose of the statute and whether this purpose would be frustrated by permitting waiver.”

Based on the above authorities, it would appear and it may be possible that a contract between Serba Dinamik and EY could have waived EY’s obligation undersection 276 CMSA. If the auditors were to argue that the statutory duty was not waivable, then it would need to show that the need to flag out irregularities in a report immediately upon discovery if waived would frustrate the overall purpose of the statute and contradicts public policy. If the Court were to agree with Serva Dinamikthat EY’s contractual obligations waives supersedes its statutory obligations, the Court would then grant the order sought by Serba Dinamik to ultimately halt the circulation or disclosure of the report.