Strategic Shareholder Climate and Risk Financial Financial Barclays PLC 411 report information sustainability report Governance review review statements Annual Report 2022 KPMG LLP’s independent auditor’s report to the members of Barclays PLC (continued) Our risk assessment also considered Most significant indirect law/ statements, as disclosed by management regulation areas instances of non-compliance with laws and in note 26, and which resulted in a restatement of the 2021 comparatives. regulations and enforcement actions Secondly, the Group is subject to many against the Group during the year and Our audit approach in respect of the over- other laws and regulations where the specifically those that could reasonably be issuance included the following consequences of non-compliance could expected to have a material effect on the procedures and we reported the results of have a material effect on amounts or financial statements. We considered these to the Board Audit Committee disclosures in the financial statements, for management’s assessment of how these instance through the imposition of fines, • Performance of risk assessment occurred, their assessment of whether the remediation payments or litigation, or the procedures which included inspecting risk could be more pervasive, and actions loss of the Group’s permission to operate correspondence with regulators and taken to remediate and prevent in countries where the non-adherence to making enquires of Barclays internal and recurrences or similar issues. laws could prevent trading in such external counsel. countries. As the Group operates in a highly regulated • Testing the design and operating environment, our assessment of risks of We identified the following areas as those effectiveness of the controls covering material misstatement also considered the most likely to have such an effect: the calculation and utilisation of the control environment, including the Group’s recission right provision and the • Specific aspects of regulatory capital higher-level procedures for complying with identification of debt-issuance and liquidity regulatory requirements. Our assessment programme issuance limits and the • Other banking laws and regulations, included inspection of key frameworks, monitoring of the utilisation against including securities issuance law policies and standards in place, these. • Customer conduct rules understanding and evaluating the role of • Performing substantive procedures the compliance function in establishing • Money laundering over the determination and utilisation of these and monitoring compliance and • Sanctions list and financial crime the recission right provision. testing of related controls around • Market abuse regulations whistleblowing and complaints. Context of the ability of the audit to detect fraud or breaches of law or • Certain aspects of company legislation Risk communication regulation recognising the financial and regulated Our identified laws and regulations risks nature of the Group’s activities. Owing to the inherent limitations of an was communicated throughout our team audit, there is an unavoidable risk that we Auditing standards limit the required audit and we remained alert to any indications of may not have detected some material procedures to identify non-compliance non-compliance throughout the audit. misstatements in the financial statements, with these laws and regulations to enquiry This included communication from the even though we have properly planned and of the directors and other management Group to component audit teams of performed our audit in accordance with and inspection of regulatory and legal relevant laws and regulations identified at auditing standards. For example, the correspondence, if any. If a breach of Group level. further removed non-compliance with operational regulations is not disclosed to Direct laws context and link to audit laws and regulations is from the events and us or evident from relevant The potential effect of these laws and transactions reflected in the financial correspondence, an audit will not detect regulations on the financial statements statements, the less likely the inherently that breach. varies considerably. limited procedures required by auditing Audit response standards would identify it. Firstly, the Group is subject to laws and In relation to the legal, competition and regulations that directly impact the In addition, as with any audit, there regulatory matters disclosed in note 26 we financial statements including: remained a higher risk of non-detection of performed audit procedures which fraud, as these may involve collusion, • financial reporting legislation (including included making enquiries of Barclays forgery, intentional omissions, related companies’ legislation); internal counsel and inspection of minutes misrepresentations, or the override of • distributable profits legislation; and of meetings and of regulatory internal controls. Our audit procedures are correspondence. For a subset of these • taxation legislation (direct and indirect). designed to detect material misstatement. matters which we deemed to be more We assessed the extent of compliance We are not responsible for preventing significant we also made enquiries of with these laws and regulations as part of non-compliance or fraud and cannot be external counsel and obtained legal our procedures on the related financial expected to detect non-compliance with confirmations from Barclays’ external statement items. all laws and regulations. counsel. In respect of regulatory matters relating to conduct risk as disclosed in note 41 our procedures included inspection of regulatory correspondence, independent enquiry of the Group’s main regulators and performing audit procedures to respond to risks of material misstatement identified in recognised conduct provisions. We also specifically considered the sale of securities in excess of the amount of securities registered with the SEC under Barclays Bank PLC’s shelf registration