LONDON (Reuters) - Internal auditors, slammed by regulators for failing to spot how banks were rigging the Libor benchmark, should report directly to the board and have enough resources to do the job, a British industry body said on Monday.
Internal auditors are employed by companies but are not directly regulated and have become discredited due to a string of banking scandals.
The Chartered Institute of Internal Auditors' draft code, written in consultation with the Bank of England and the Financial Services Authority (FSA), goes out to public consultation until mid-April.
Internal auditors should not be barred from assessing the management of any risk and their scope should be unlimited, it says.
"The new code is an important contribution to strengthening internal audit's role in improving the management of risk, in response to the financial crisis and more recent examples of failure to exercise proper control," said Roger Marshall.
Marshall helped to draft the code, specifically designed to give guidance to the financial industry. He chairs the audit committee at insurer Old Mutual.
Internal auditors assess if big risks in a company have been properly identified, controlled and reported. This is separate from the independent, external audit listed companies must have.
Andrew Bailey, executive director at the Bank which sat in as an observer at meetings of the committee that drafted the code, said the expectations of internal audit within financial services firms have hitherto been set too low.
"The regulatory authorities expect firms to have robust internal audit functions... I hope that this guidance will help internal audit functions position themselves to achieve that," he said.
Last week, Royal Bank of Scotland was fined 387 million pounds pounds for rigging the London interbank offered rate or Libor for several years under the nose of internal auditors.
In 2011 the bank's internal auditors told the FSA that issues raised by a review of Libor setting were being addressed and "adequate systems and controls" were in place, the FSA has said.
In December, the FSA fined Swiss bank UBS for similar abuses, saying the "routine and widespread manipulation of submissions was not detected by compliance, nor was it detected by group internal audit, which undertook five audits of the relevant business area".
U.S. regulators ordered JPMorgan to improve internal auditing after its 3.9 billion pounds loss in 2012 linked to its "London Whale" trade that went wrong.
"To ensure its independence and authority, the primary reporting line of internal audit should be to the chairman of the board of directors, not to the chief executive," the code says.
Senior management could be tempted to block or slow down the flow of any problematic findings to the board. Internal audit should also be adequately resourced, the draft says.
Many of the changes to the existing code reflect new guidance from the global Basel Committee on Banking Supervision issued in June last year. Internal auditors say privately that regulatory scrutiny will help strengthen their role and make them more "relevant".
(Editing by Louise Ireland)