Articles Mat Young Feb 06, 2023
The U.S House and Senate are expected to tackle a host of issues that may impact the profession, including crypto regulation, cybersecurity, privacy, ESG, and government oversight.
The U.S. election in November was one of the most unusual midterm elections in recent memory. In the lead-up to election day, many pundits had predicted a “red tsunami” where Republicans would win back the U.S. House of Representatives by a large margin. That wave did not come to pass, but Republicans did wrestle back the Speaker’s gavel by a handful of seats.
Meanwhile, in the Senate, the Democrats held their own, gaining one seat and defying the typical midterm losses seen by the party in control of the White House. Their new 51-49 majority will give Senate Majority Leader Chuck Schumer, D-N.Y., a modestly larger margin both in committees and on the Senate floor. It also will mean that Vice President Kamala Harris will be called to the Senate less often to break any 50-50 ties.
The change in control of the House and a newly divided government will radically shift the policy priorities and political landscape in Washington D.C. for the next two years. What does this new political dynamic mean for internal auditors as new members of Congress are sworn in, committee assignments are finalized, and the 2024 presidential campaign is already showing early signs of starting? Here are five major issues that U.S. lawmakers will tackle in the coming months that may impact the internal audit profession.
In the last Congress, many lawmakers sought to bring greater clarity to unregulated cryptocurrency markets and enact legislation to better protect crypto investors. Several bills were introduced, including a bipartisan proposal by Sens. Debbie Stabenow, D-Mich., and John Boozman, R-Ark., the chair and ranking member of the Senate Agriculture Committee, respectively.
One ongoing point of contention among crypto advocates has been who should regulate cryptocurrencies. The Stabenow-Boozman bill would give that power to the Commodities Futures Trading Commission. Conversely, some lawmakers would prefer to empower the Securities and Exchange Commission with that authority, and SEC Chair Gary Gensler has already aggressively pursued enforcement actions and sued several companies under the theory that certain cryptocurrencies are securities.
On Nov. 11, the entire political debate over crypto oversight was radically upended by the massive bankruptcy of cryptocurrency exchange FTX. The exchange, lacking internal controls and fundamental accounting processes, left more than one million customers without access to their assets and a long list of creditors with unpaid debts estimated to exceed $3.1 billion.
FTX co-founder Sam Bankman-Fried was arrested in December in the Bahamas, and faces eight U.S. federal criminal charges, including wire and securities fraud and money laundering. New CEO John Ray III, who took over after the bankruptcy, called the company’s implosion “a complete failure of corporate controls and … a complete absence of trustworthy information.”
On Dec. 5, IIA President and CEO Anthony Pugliese wrote to congressional leaders pointing out the critical role internal audit could have played in identifying and mitigating material risks at FTX, thereby protecting investors and customers. In his letter, he called for Congress to enact legislation requiring crypto exchanges operating in the U.S. to possess a “sufficiently resourced and highly qualified internal audit function.” Moreover, such legislation should require senior management of those exchanges to certify that their exchanges’ “internal controls are adequate and appropriate based on an independent internal audit assessment,” he wrote.
Lawmakers held three hearings on FTX in December, and more hearings and efforts to pass legislation protecting crypto investors are expected in 2023. The IIA will continue to push for internal audit-based protections.
Data privacy legislation has been one of the few areas of bipartisan consensus in the last few years that significantly increases the chances for legislative action in the new Congress. One recent bill, the American Data Privacy and Protection Act, is championed by outgoing House Energy and Commerce Committee Chair Frank Pallone, D-N.J., and ranking member Cathy McMorris Rodgers, R-Wash. The legislation would establish a uniform, national privacy standard for the first time and add safeguards to how consumers’ data is managed and shared. The bill passed out of the House Energy and Commerce Committee in July 2022 by a 53-2 vote.
Despite the momentum from the committee vote, the proposal never made it to the House floor last year because of a provision in the bill that would preempt existing state privacy laws. Outgoing House Speaker Nancy Pelosi did not want to overrule the privacy protections in a law enacted in her home state of California.
However, with Pelosi no longer in a position to decide what bills come before the House, proponents of the bill say its chances for floor consideration have improved considerably this year. That is especially true as both Democrats and Republicans look for a few issues of bipartisan consensus they can tout to voters.
While last year’s bill does not mention internal audit, The IIA’s Advocacy team in Washington will be talking to lawmakers this year about the need to provide objective assurance around large data holders’ internal controls over customer data (see “Advocates for Auditors” on this page).
Like data privacy, cybersecurity remains one of the few issues that have not become polarized along party lines. Lawmakers across the political spectrum understand the need to protect government agencies, schools, critical infrastructure, businesses, and private citizens from data breaches, viruses, ransomware, and other cyber risks. With the expected release of the president’s latest National Cybersecurity Strategy in early 2023, lawmakers will likely renew their focus on developing solutions that protect the U.S. economy and national security.
The IIA’s Advocacy Team will spend more time in 2023 educating lawmakers about the critical role that independent objective assurance over cyber internal controls can serve in advancing The IIA’s shared cybersecurity policy goals. However, it is unclear what major cybersecurity bills may be poised to move in the new Congress.
The umbrella topic of environmental, social, and governance may be one of the most controversial issues of the new Congress. Democrats have generally been interested in advancing policies related to ESG, particularly climate and sustainability disclosures by companies. However, many Republicans have a visceral reaction to the concept, dismissing it as a form of “woke capitalism” that is harmful to the economy.
ESG proponents expect a hostile climate this year for ESG proposals. Incoming House Financial Services Committee Chair Patrick McHenry, R-N.C., was a lead advocate of a resolution to repeal the SEC’s pending climate disclosure regulations. Other Republicans have pushed legislation that would force investment advisors to prioritize financial returns over “fake ESG factors.”
Much of the policymaking related to ESG — and climate disclosures in particular — may move from the halls of Congress back to boardrooms and the C-suite. Near-term drivers for global ESG adoption will most likely come from European Union standards that are slated to go into effect in 2024, as well as from efforts to create global climate disclosure standards through the private sector International Sustainability Standards Board.
With majority control comes the ability to perform oversight over a broad array of topics. The new House Republican leadership plans to seize this new opportunity, indicating that oversight hearings will be a centerpiece of their agenda over the next two years.
Some of the higher profile and more controversial investigations being pushed by the most conservative members of the caucus include hearings on the possible impeachment of the president and the Homeland Security Secretary, Alejandro Mayorkas, as well as looking at the business dealings of the president’s son, Hunter Biden. However, GOP moderates from swing districts are more likely to want to look at government spending, fraud and abuse, and perceived examples of regulatory overreach.
Launched in 2022, The IIA’s U.S. Advocacy team is responsible for supporting the internal audit profession through direct engagement with key U.S. policymakers. The staff consists of professionals with vast experience in Washington, D.C., having served in senior-level positions on both Capitol Hill and in the executive branch.
The Advocacy team is charged with forging relationships with officials at the White House, in Congress, and at regulatory agencies to ensure internal auditors are effectively represented in relevant public policy discussions. These efforts include:
One powerful resource intended to support the efforts of IIA Advocacy is IIA PAC, a political action committee established in October. IIA PAC complements The Institute’s advocacy efforts by supporting federal elected officials
and candidates, regardless of party affiliation, who have demonstrated a commitment to the internal audit profession.
For more information on IIA PAC, or to learn more about IIA U.S. Advocacy, visit theiia.org/pac.
Some of the higher profile and more controversial investigations being pushed by the most conservative members of the caucus include hearings on the possible impeachment of the president and the Homeland Security Secretary, Alejandro Mayorkas, as well as looking at the business dealings of the president’s son, Hunter Biden. However, GOP moderates from swing districts are more likely to want to look at government spending, fraud and abuse, and perceived examples of regulatory overreach.
One regulator who is likely to be in the line of fire is SEC Chair Gensler, who recently has pursued an ambitious regulatory agenda on topics ranging from cybersecurity to climate disclosures. Republicans on the House Financial Services Committee are particularly frustrated that Gensler has not testified before the committee in more than a year, an absence incoming Chair McHenry is likely to rectify quickly.
The IIA’s Advocacy team will stay out of the fray on the most contentious, partisan oversight issues in the new Congress. Areas the team will be watching closely include any oversight proposals that might impact the role and responsibilities of government auditors, inspectors general, or the congressional watchdog agency, the Government Accountability Office.
Although a divided government suggests increased partisanship and rancor, the 118th Congress presents a unique opportunity for The IIA to advance the interests of the internal audit profession through public policy. Many of The Institute’s signature issues — including data privacy, cybersecurity, and cryptocurrency regulation — transcend party affiliation and have a substantial likelihood of being addressed this year. The IIA’s U.S. Advocacy team will continue monitoring the political environment in Washington and will pursue any legislative or regulatory opportunity to promote the work of internal auditors.