Managing the Tension – the protection of privilege in a company audit

5 min read

The recent case of Financial Reporting Council Limited v Sports Direct International Plc1 serves as a reminder of the tension between companies wishing to protect privileged information and auditors receiving and relying upon privileged information to assess potential liabilities during an independent audit. We consider what (if anything) can be done to ease this tension.

The conundrum continues...

As part of an audit process, independent auditors must assess all liabilities, including litigation provisions and the adequacy of a company's management of other legal issues. Documents including notes of advice relating to pending or anticipated litigation, regulatory or law enforcement matters, internal investigations and/or other potential liabilities are useful to an auditor assessing the reasonableness of the company's view on its contingent liabilities. While these documents are usually provided to auditors on a confidential basis, this does very little to quell concerns over whether privilege in these documents or the advice within them might be lost on disclosure.

The matter of privilege in an audit context was considered in the recent case of Financial Reporting Council Limited v Sports Direct International Plc. In this case, the Financial Reporting Council ("FRC") sought an order requiring Sports Direct International Plc ("SDI") to produce documents relevant to an FRC investigation into SDI's auditor, Grant Thornton LLP ("Grant Thornton") and an individual related to Grant Thornton in relation to their audit of SDI's 2016 financial statements. The documents requested were provided to Grant Thornton during the process of its independent audit of SDI. Some of the documents were privileged, with SDI having waived privilege in these documents on a limited basis for the purposes of that audit. Despite these privileged documents being provided to Grant Thornton as part of the audit process, SDI sought to rely on privilege to withhold them from onward disclosure to the FRC.

The Court considered2 whether the production of the documents to the FRC would infringe any right SDI had to claim privilege over them. It concluded that the disclosure of a client's privileged documents to a regulator, solely for the purposes of a confidential investigation by that regulator into the conduct of a regulated person, was not an infringement of any legal professional privilege of the client. SDI is appealing this decision and the appeal is due to be heard before October 2019.

Damage Limitation

The case against SDI is the first of its kind – in the past the courts have considered this question in the context of documents provided to a regulated body for solicitors or a tax authority – but it potentially has wider ramifications. In the future it may be that financial irregularities result in investigations by the FCA and FRC into the same events. Could a firm realistically seek to withhold information from the FCA that had been shared with the FRC and might the documentation be shared between the regulators via a gateway in any event? To what extent will other regulators, like the FCA, rely on this decision to obtain information that might otherwise have been protected irrespective of the FRC’s involvement? Is it possible for these documents to be used in respect of other investigations or public hearings? Will confidentiality (and therefore privilege) be lost in the doc uments if they are shared or used in this way?

All these considerations perhaps increase companies' nervousness when providing auditors with privileged material. Given the decision in SDI, is there anything companies can do to limit any risk associated wi th disclosing privileged material to auditors?

  1. Terms of engagement: The provisions governing the auditor / auditee relationship will likely include provisions preserving the confidentiality of documents disclosed to auditors as part of an audit. Care should be taken to ensure this confidentiality is preserved in practice.
  2. Identifying privileged documents and assessing the risk in disclosure: Companies should take care to identify documents as privileged and seek to disclose only those privileged documents that are strictly necessary to comply with an auditor’s request. Before passing on privileged documents, a company should consider the risk in providing these documents and the potential contagion risk in relation to the documents it wishes to disclose (e.g. do the proposed disclosed documents refer to other privileged material?) Companies should also make clear the basis on which they are waiving privilege so not to inadvertently widen the number of documents that might be discoverable at a later date.
  3. Consider the medium in which documents are provided: Companies should consider whether there are alternative mediums in which to provide necessary information to its auditors. It may be that firms can provide the required information verbally or provide auditors access to the information, without taking possession of them. While this may limit the amount of documents disclosed to auditors (and potentially other regulators), it is unclear how successful this approach would be. For example, to what extent will auditors' notes of verbal communications with companies and the document referred to in these notes be discoverable?
  4. Distinguish the SDI case or limit any required disclosure: Where a request for privileged material is made by a regulator, companies should consider the extent to which it might be able to resist such a request and, if there are no avenues to resist the request, what (if any) limitations can be placed on the disclosure to the relevant regulator. For example, is it possible to limit onward circulation of this information to other regulators via the usual information sharing gateways?


Click here to download PDF.


1 [2018] EWHC 2284 (Ch)
2 In addition to the question discussed in this article, the Court also considered two other questions namely whether: (i) legal privilege would apply to documents purely by virtue of those documents having been attached to emails passing between SDI or its subsidiaries and SDI's lawyers; and (ii) SDI's waiver of privilege by sending the documents to Grant Thornton for the purposes of the audit extends to the FRC.


This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.
© 2019 White & Case LLP