WTA Explained: What the Audit Firms Supervision Act Means for Your Firm

What the WTA actually regulates

The Dutch parliament adopted the WTA on 28 June 2005. It came into force on 1 October 2006. Before that date, audit quality supervision was handled through professional bodies (the NBA’s predecessor organisations). The WTA transferred that responsibility to an independent public authority: the AFM.

The core principle is straightforward. No audit firm may perform a statutory audit (wettelijke controle) in the Netherlands without holding a valid AFM licence. Article 5 of the Wta establishes the licence requirement. Article 6 specifies the additional requirements for firms auditing public interest entities (OOBs). A sole practitioner operating as an external accountant counts as an audit firm under the Wta by legal fiction (Wta article 1).

The WTA doesn’t exist in isolation. It sits within a stack of four interconnected laws governing the Dutch audit profession: the Wta itself, the Besluit toezicht accountantsorganisaties (Bta) which details the quality and organisational requirements, the Wet op het accountantsberoep (Wab) governing individual accountants, and the Wet tuchtrechtspraak accountants (Wtra) covering disciplinary proceedings. For your daily practice, the Wta and Bta are the two that matter most.

The scope of “statutory audit” is broader than most people assume. It covers any audit required by law, including the audit of financial statements under BW2 article 2:393 (the most common), audits required by sector-specific legislation, audits of public-sector entities, and audits mandated by industry regulators such as DNB or the AFM. If the law mandates an audit, the firm performing it needs a Wta licence.

One common point of confusion: the Wta applies to the firm, not to the individual accountant. An RA (registeraccountant) holds their personal qualification under the Wab. But an RA cannot perform a statutory audit unless they’re associated with a firm that holds a Wta licence. A sole practitioner is treated as a firm under the Wta’s legal fiction, so they need their own licence. If an RA works at a firm without a Wta licence (for instance, an advisory-only practice), that RA cannot sign a statutory audit opinion, regardless of their personal qualifications.

The Wta also interacts with the professional framework set by the NBA (Koninklijke Nederlandse Beroepsorganisatie van Accountants). The NBA issues the NV COS (Nadere Voorschriften Controle- en Overige Standaarden), which are the Dutch auditing standards based on the ISAs. Compliance with the NV COS is a professional obligation under the Wab, but the AFM tests audit quality against the NV COS during its Wta inspections. In practice, a deficiency in applying ISA 315 (risk assessment) on an engagement is simultaneously a professional standards violation and a potential Wta compliance issue.

The SRA (Samenwerkende Registeraccountants en Accountants-Administratieconsulenten) plays a different role. It’s a voluntary association of mid-tier audit firms that provides its members with shared methodology, quality review programmes, and practice guidance. SRA membership is not a legal requirement, and the SRA is not a regulator. But the AFM has referenced SRA member data in its supervisory analysis and has worked with the SRA on sector-wide quality improvement initiatives. Approximately 370 firms are SRA members, representing the bulk of the mid-tier statutory audit market. For auditors working at these firms, the WTA is the legal backdrop to every engagement.

Regular licence vs. PIE licence: what the distinction means in practice

The AFM maintains a public register of licensed audit firms. Two categories exist. A regular licence (reguliere vergunning) permits the firm to perform statutory audits at non-PIE entities. A PIE licence (OOB-vergunning) permits audits at both PIE and non-PIE entities, but comes with substantially more requirements under EU Regulation 537/2014.

Public interest entities in the Dutch context include listed companies with securities traded on an EU/EEA regulated market, banks, insurers, and pension funds. The definition lives in Wta article 1, paragraph 1, sub l.

For the roughly 370 SRA member firms and other mid-tier practices, the regular licence is the relevant one. But “regular” doesn’t mean light. The AFM has been building up its supervision of regular-licence holders since 2013, when it launched its first thematic review across a cross-section of the approximately 450 non-PIE firms. Since 2022, the AFM considers all audit firms operating in the Netherlands to be de facto under its active supervision.

The practical difference between the two licence types shows up in four areas. Mandatory firm rotation applies to PIE firms (every ten years, with limited extension). A ban on providing most non-audit services to audit clients applies under Wta articles 24b and 86a. The firm must publish an annual transparency report. And the AFM inspection cycle is more frequent (at least every six years for OOB firms, compared to risk-based scheduling for regular-licence holders).

If your firm is considering taking on a PIE audit client, you need the expanded licence before signing the engagement letter. The AFM will not grant retroactive approval.

How the CSRD changes the Wta

The Dutch government is implementing the CSRD partly through direct amendments to the Wta and the Wab. Under the amended legislation, assurance on sustainability reports will be classified as a statutory engagement. A firm performing this work needs a Wta licence.

For firms that currently only perform financial statement audits, this means the Wta licence they already hold will extend to cover CSRD limited assurance engagements as well. But the amended Wta will also require that the external accountants performing sustainability assurance have sufficient knowledge of relevant sustainability regulation. The Bta is expected to include updated competence requirements for sustainability assurance once the implementing legislation is finalised.

The timing matters. Large entities (exceeding two of the medium-sized Title 9 thresholds) that are PIEs entered CSRD scope for financial years starting on or after 1 January 2024. Large non-PIE entities follow for financial years starting on or after 1 January 2025. For regular-licence firms auditing large non-PIE clients, the question of whether your firm has the capacity and competence to provide sustainability assurance is becoming urgent. If you can’t provide it, another firm will, and that firm may also take the financial statement audit.

The AFM’s supervisory scope will expand accordingly. Sustainability assurance engagements will be subject to the same quality requirements as financial statement audits. The AFM has already signalled that it intends to include sustainability assurance in its inspection programme once a sufficient number of engagements have been completed.

Bta requirements your firm must meet continuously

The Bta translates the Wta’s general quality obligations into specific organisational requirements. These aren’t one-time checks at the point of licence application. The AFM expects continuous compliance, and its inspections test whether these requirements function in practice, not just on paper.

The requirements cluster around four areas.

First, integrity and reliability: the Bta requires that every policymaker (beleidsbepaler) within the audit firm is trustworthy and has sufficient expertise. The AFM screens policymakers during the licence process and can re-assess at any time. A change in the firm’s management structure triggers a notification obligation. This isn’t limited to partners. If your firm appoints a new head of quality or a new compliance officer, or if any person who co-determines the firm’s day-to-day policy changes, the AFM expects notification. The assessment covers both professional qualifications and personal integrity (the so-called “betrouwbaarheidstoets”).

Second, quality management: the firm must maintain a system of quality control that covers engagement acceptance and continuance, human resources (including PE requirements), engagement performance, and monitoring. Since the introduction of ISQM 1 (effective 15 December 2022), this aligns closely with the international standard, but the Bta’s legal requirements exist independently. Your firm can be non-compliant with the Bta even if you believe you’ve implemented ISQM 1 correctly. A concrete example: ISQM 1 requires the firm to establish quality objectives and identify quality risks. The Bta goes further in specifying that the firm must designate a compliance officer and maintain documented procedures for handling complaints and incidents. If your ISQM 1 implementation doesn’t address these Bta-specific obligations, the AFM will flag it.

Third, independence: Wta article 24 and the Bta require the firm to protect the independence of every external accountant associated with the firm. This covers financial interests, business relationships, employment relationships, and non-audit services. For PIE firms, the restrictions are substantially tighter under EU Regulation 537/2014. For regular-licence firms, the ViO (Verordening inzake de onafhankelijkheid) provides the detailed rules that the AFM tests against.

The independence requirement has a firm-wide dimension that’s easy to underestimate. It’s not enough for each engagement partner (EP) to be independent of their own clients. The firm must have a system that identifies threats to independence across all engagements and all personnel. When a new staff member joins from a client entity, or when a partner’s spouse takes a board position at an audit client, the firm’s monitoring system must catch it. The AFM has published findings where firms had policies on paper but no functioning process to detect breaches in practice.

Fourth, documentation and reporting: the firm must maintain an incident register, comply with fraud reporting obligations under Wta article 26, report certain events to the AFM within specified timeframes, and keep PE records for all policymakers current and available for inspection. The Bta treats missing PE documentation as evidence of a broken quality system, not as a paperwork footnote.

Wta article 26 deserves specific attention. When an external accountant discovers or suspects fraud of material significance during a statutory audit, the client must be informed and given the opportunity to report it. If the client fails to do so, the accountant must report the fraud to law enforcement (the Korps Landelijke Politiediensten). This is not a discretionary judgment call. The Wta imposes a duty to report, and failure to comply is a separate violation from any audit quality issue.

The AFM doesn’t announce every inspection. Routine supervision follows a risk-based schedule informed by data the AFM collects from firms. But if the AFM receives a signal (from a client, a whistleblower, its own data analysis, or a referral from the NBA), it can initiate an incident investigation or even conduct an unannounced on-site inspection.

How the AFM supervises non-PIE firms

For most of the Wta’s history, the AFM focused its resources on PIE firms (the Big 4 and the other PIE-licence holders). That changed in 2013 with the first large-scale thematic review of non-PIE firms. The AFM selected a cross-section of firms from the approximately 450 regular-licence holders, pulled completed audit files, tested sample engagements against NV COS, and assessed whether the financial statements complied with reporting requirements.

Results were not encouraging. The AFM found quality issues across a majority of reviewed files and published its findings publicly, including recommendations for the entire sector (AFM, Sector in Beeld 2024, Accountancy en Verslaggeving, 28 November 2024). It explicitly gave the NBA and SRA a role in driving improvement.

The AFM subsequently reviewed 20 SRA firms in a separate exercise and published the combined findings. These publications didn’t just report deficiencies. They set a benchmark. Firms that weren’t selected for review were expected to read the findings, assess their own practices against them, close any gaps proactively, and document the steps taken. The AFM made this expectation explicit.

Since then, the AFM’s approach to non-PIE supervision has matured. It now operates on a risk-based, data-driven model. Firms submit data to the AFM periodically (the exact data requests vary by year and firm size). The AFM uses this data to identify risk indicators and prioritise which firms to inspect next. If your firm has never been inspected, that’s a function of risk prioritisation, not exemption.

The inspection process itself follows a predictable pattern. The AFM selects a number of completed audit files, typically from the most recent two financial years. It reviews the documentation against the applicable auditing standards (NV COS, based on the ISAs) and Wta/Bta requirements. It also assesses the firm’s system of quality control: does it function in practice, do monitoring findings lead to actual changes, does the tone at the top support quality. At firms like the ones we see most often, this last question is where inspections turn. A quality manual that looks fine on paper but is treated as a tick box exercise at acceptance meetings generates more review notes than any single engagement-file error.

The enforcement toolkit available to the AFM under the Wta includes formal warnings, instructions to take specific corrective actions, periodic penalty payments (dwangsommen), administrative fines, and ultimately licence revocation. The AFM has used all of these. Licence revocation is rare but not theoretical.

One aspect of AFM enforcement that mid-tier firms should understand: the AFM publishes certain enforcement actions. A published instruction or fine is visible to clients, to competitors, to the Dutch business press, and to the NBA. Reputational damage from a published AFM finding often exceeds the financial penalty. The AFM uses this transparency deliberately as a supervisory tool.

Worked example: what a Wta compliance gap looks like at a mid-tier firm

Scenario: Vermeer & Partners Accountants B.V., a regular-licence firm in Utrecht with 14 partners and 85 staff, performs approximately 120 statutory audits per year. Annual revenue is €9.2M. The firm has held its Wta licence since 2007.

1. The trigger. One of the firm’s founding partners retires mid-year. He was designated as the firm’s compliance officer and one of four policymakers registered with the AFM.

Documentation note: record the partner’s departure date and confirm whether the AFM was notified of the change in policymakers within the required timeframe. Cross-reference against Bta article 19.

2. The gap. The remaining partners redistribute the retiring partner’s responsibilities informally. Nobody files the policymaker change notification with the AFM. Nobody formally reassigns the compliance officer role. The firm’s quality manual still lists the departed partner.

Documentation note: flag the period between the partner’s departure and the formal reassignment as an undocumented gap in the quality management system. This is the kind of finding the AFM flags during inspections.

3. The inspection. Eight months later, the AFM includes the firm in a routine data request. The AFM’s records show four policymakers. The firm’s response references only three. This triggers a follow-up inquiry.

Documentation note: the AFM’s follow-up letter will reference Wta article 15 (notification obligations) and Bta article 19 (requirements for policymakers). Record the date of the AFM inquiry and the firm’s response.

4. The remediation. The firm appoints a new partner as compliance officer and fourth policymaker, files the notification, updates its quality manual, and circulates the revised policymaker list to all EPs. The AFM issues a formal instruction requiring the firm to conduct a full review of its notification procedures and report back within 90 days.

Documentation note: the formal instruction goes on the firm’s AFM record. Future licence renewals and inspections will reference it.

The cost of the compliance gap: zero financial penalty in this scenario, but a formal instruction on the firm’s AFM record, 90 days of remediation work, and a higher likelihood of being selected for the next round of file inspections. All of it avoidable with a one-page notification filed within the required timeframe.

What a reviewer would see in this scenario: a firm that functioned normally for eight months with an outdated quality manual and an unregistered policymaker change. No individual audit was affected. But the firm’s organisational compliance was broken, and the AFM’s register was incorrect. For the AFM, that’s a governance failure, not just a paperwork issue.

Practical checklist for Wta compliance

1. Confirm your firm’s policymaker registrations match the AFM’s records. Check this annually and within five business days of any management change (Wta article 15).
2. Verify that every external accountant associated with your firm has current PE records that meet the Wab requirements. The AFM can request these at any time.
3. Review your firm’s quality manual for references to named individuals. When someone leaves, the manual must be updated before the next engagement acceptance decision, not at the next annual review.
4. Test your fraud reporting procedures against Wta article 26 annually. Run a tabletop scenario with your engagement partners. If nobody can describe the reporting steps without checking the manual, the procedure isn’t embedded.
5. Confirm your independence monitoring covers non-audit services to all statutory audit clients, not only PIE clients. The ViO applies to regular-licence firms too, and the AFM tests it.

Common mistakes

• Treating Wta compliance as a one-time licensing event rather than continuous. The AFM’s 2013 thematic review of non-PIE firms found quality and organisational shortcomings across a majority of reviewed firms, many of which had held licences for years (AFM, Sector in Beeld 2024, Accountancy en Verslaggeving, 28 November 2024). The corollary: failing to notify the AFM of changes in the firm’s organisational structure or policymakers. The AFM revoked Baker Tilly Berk B.V.’s PIE licence specifically because an organisational restructure broke Wta compliance.
• Assuming that ISQM 1 implementation automatically satisfies Bta requirements. The Bta’s legal obligations exist independently of the international standards, and the AFM assesses compliance against the Bta, not ISQM 1.

Related content

• Independence in audit (glossary). Covers the ViO independence framework that the AFM tests during Wta inspections.
• ISA 320 Materiality Calculator (tool). Document your materiality determination with industry benchmarks and ISA 320 paragraph references for Wta inspection readiness.
• ISQM 1 practical implementation for mid-tier firms (blog). The firm-level quality management standard that overlaps with (but does not replace) Bta requirements.

Related tools and reading

Put audit concepts into practice with these free tools:

Frequently asked questions

Further reading and source references

• Wet toezicht accountantsorganisaties (Wta): The full legislative text available via wetten.overheid.nl.
• Besluit toezicht accountantsorganisaties (Bta): The implementing decree detailing quality and organisational requirements.
• AFM Register of Licensed Audit Firms: Public register at afm.nl showing all regular and PIE licence holders.
• EU Regulation 537/2014: Additional requirements for PIE audit firms, directly applicable in the Netherlands.