Deutsche Bank

Annual Report 2017

Independent Auditors’ Report

To Deutsche Bank Aktiengesellschaft, Frankfurt am Main

Report on the Audit of the Consolidated Financial Statements and of the Group Management Report

Opinions

We have audited the consolidated financial statements of Deutsche Bank Aktiengesellschaft, Frankfurt am Main, and its subsidiaries (the Group), which comprise the consolidated balance sheet as at December 31, 2017, and the consolidated statement of income, consolidated statement of comprehensive income, consolidated statement of changes in equity and consolidated statement of cash flows for the financial year from January 1 to December 31, 2017, and notes to the consolidated financial statements, including a summary of significant accounting policies. In addition, we have audited the group management report of Deutsche Bank Aktiengesellschaft, Frankfurt am Main, for the financial year from January 1 to December 31, 2017.

In our opinion, on the basis of the knowledge obtained in the audit,

  • the accompanying consolidated financial statements comply, in all material respects, with IFRSs as adopted by the EU, and the additional requirements of German commercial law pursuant to Section 315e (1) HGB [Handelsgesetzbuch – German Commercial Code] and, in compliance with these requirements, give a true and fair view of the assets, liabilities, and financial position of the Group as at December 31, 2017, and of its financial performance for the financial year from January 1 to December 31, 2017, and
  • the accompanying group management report as a whole provides an appropriate view of the Group’s position. In all material respects, this group management report is consistent with the consolidated financial statements, complies with German legal requirements and appropriately presents the opportunities and risks of future development.

Pursuant to Section 322(3) sentence 1 HGB, we declare that our audit has not led to any reservations relating to the legal compliance of the consolidated financial statements and of the group management report.

Basis for the Opinions

We conducted our audit of the consolidated financial statements and of the group management report in accordance with Section 317 HGB and the EU Audit Regulation No 537/2014 (referred to subsequently as “EU Audit Regulation”) and in compliance with German Generally Accepted Standards for Financial Statement Audits promulgated by the Institut der Wirtschaftsprüfer [Institute of Public Auditors in Germany] (IDW). Our responsibilities under those requirements and principles are further described in the “Auditor's Responsibilities for the Audit of the Consolidated Financial Statements and of the Group Management Report” section of our auditor’s report. We are independent of the group entities in accordance with the requirements of European law and German commercial and professional law, and we have fulfilled our other German professional responsibilities in accordance with these requirements. In addition, in accordance with Article 10 (2) point (f) of the EU Audit Regulation, we declare that we have not provided non-audit services prohibited under Article 5 (1) of the EU Audit Regulation. We believe that the evidence we have obtained is sufficient and appropriate to provide a basis for our opinions on the consolidated financial statements and on the group management report.

Key Audit Matters in the Audit of the Consolidated Financial Statements

Key audit matters are those matters that, in our professional judgment, were of most significance in our audit of the consolidated financial statements for the financial year from January 1 to December 31, 2017. These matters were addressed in the context of our audit of the consolidated financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters.

Valuation of Level 3 Financial Instruments and Unobservable Inputs therein

With regard to significant accounting policies and critical accounting estimates, we refer to Note 1 of the consolidated financial statements (sections “Financial Assets and Liabilities at Fair Value through Profit or Loss” and “Financial Assets Classified as Available for Sale”). For information on level 3 financial instruments, we refer to Note 13 of the consolidated financial statements.

The Financial Statement Risk
Level 3 financial instruments consist of financial assets and liabilities. As of the reporting date, the Group reports level 3 financial assets held at fair value in the amount of € 22.0 billion, representing 3.2 % of the financial assets at fair value and 1.5 % of total assets. Level 3 financial liabilities amount to € 7.1 billion, representing 1.5 % of the financial liabilities at fair value and 0.5 % of total assets, respectively.

By definition, market prices are not observable for the valuation of these financial instruments. The fair values are therefore to be determined on the basis of accepted valuation methods. These valuation methods may consist of complex models and can include assumptions and estimates over unobservable inputs which require judgment.

The financial statement risk arises particularly with respect to complex valuation models or unobservable valuation parameters that are used in determining fair values leading to level 3 financial instruments not being in accordance with accounting principles.

Our Audit Approach
To determine our audit approach, we initially evaluated the general suitability and the potential for misstatements in models and parameters including unobservable inputs and, where applicable, associated valuation adjustments used for the valuation of level 3 financial instruments.

Based on our risk assessment, we established an audit approach including control and substantive testing.

In order to assess the adequacy of the Group’s internal controls regarding the valuation of financial instruments and determination of unobservable inputs therein we evaluated the design and implementation and tested operating effectiveness of key controls. We also made use of KPMG-internal valuation specialists as needed. Audit procedures included but were not limited to controls over:

  • monthly independent price verification (IPV) procedures performed by the Group to assure the adequacy of input parameters used for level 3 financial instruments,
  • model validation of valuation models used by the Group including respective governance,
  • calculation and recording of valuation adjustments for credit risk, funding cost, and others required by accounting standards to determine fair values, and
  • collateral disputes arising from counterparty valuation disagreements.

Where we had findings regarding design or effectiveness of controls, we tested additional compensating controls. We considered our audit results when designing nature and scope of additional substantive audit procedures.

We performed substantive procedures on a risk-based sample of level 3 financial instruments. These include in particular:

  • performance of independent price verification (IPV), with usage of KPMG-internal valuation specialists on selected individual transactions of financial instruments,
  • independent recalculation of selected valuation adjustments
  • performance of procedures to determine adequacy of models used, including key inputs and their usage in the respective pricing models, and
  • testing whether the non-observability of key inputs to level 3 financial instruments with reference to active markets was accurately assessed as required by the accounting standards.

Our Observations
Based on the results of our key controls testing and substantive audit procedures, we consider models and related parameters used for valuing level 3 financial instruments to be reasonable.

Loan Loss Allowances in Credit Portfolios of certain Industries

For a qualitative and quantitative description of the management of credit risks, including the valuation of loans, we refer to the Risk Report section in the group management report. With regard to significant accounting policies and critical accounting estimates we refer to note 1 of the consolidated financial statements (section “Impairment of Loans and Provision for Off-balance Sheet Positions”). For information on loans and allowance levels, we refer to notes 19 and 20 of the consolidated financial statements.

The Financial Statement Risk
As of the reporting date, the Group reports loans – net of loan loss provisions of € 3.9 billion – in the amount of € 401.7 billion, representing 27 % of total assets. In the financial year 2017, the Group recorded an amount of € 525 million as provision for credit losses in the consolidated statement of income.

As part of our risk assessment, we identified loans for borrowers in the segments of Shipping, Oil & Gas, as well as Metals, Mining & Steel as bearing a higher valuation risk due to industry-specific challenges. The gross exposure of loans in these higher-risk industries amounted to approximately € 15 billion. Of the related loan loss provision shown in the consolidated statement of income for the financial year 2017, € 198 million or 38 % of the provision in the lending business recognized in 2017 are applicable to the shipping portfolio.

The financial statement risk arises particularly from estimation uncertainties in the calculation of individually assessed loan loss allowance which are, especially in these industries, based upon judgmental assumptions and scenarios (i.e. recovery scenario, going concern scenario etc.), including assessments of proceeds from collateral.

Our Audit Approach
In order to perform a risk assessment and to plan our audit procedures, we conducted a portfolio analysis to assess the inherent valuation risks and to identify higher-risk industries. In addition, we assessed the Group’s methodologies and key inputs used to derive individually assessed loan loss provisions.

Based on our risk assessment, we established an audit approach including control and substantive testing.

In our controls testing, we evaluated design, implementation and operating effectiveness of controls over valuation of loans. These include but are not limited to controls over:

  • the review and approval of impairment policies and general methodology,
  • the review for loans under enhanced monitoring,
  • regular valuation of collateral, and
  • the calculation and recording of individually assessed loan loss allowance.

In addition, we performed substantive audit procedures for a selection of loans in the identified higher-risk industries to test that the cash flows used for calculating the individually assessed loan loss provisions were derived appropriately. In assessing the adequacy of expected cash flows, we considered industry specific market expectations and the respective engagement strategy (e.g. restructuring, liquidation). For selected engagements, we also recalculated the individually assessed loan loss provisions.

Our Observations
Based on the results of our key controls testing and substantive audit procedures, we consider the assumptions and scenarios to determine individually assessed loan loss allowance for loans relating to the identified higher-risk industries to be reasonable.

Recognition and Measurement of Deferred Tax Assets

For a description of the significant accounting policies and critical accounting estimates as well as underlying assumptions for the recognition and measurement of deferred tax assets, we refer to Note 1 of the consolidated financial statements “Significant Accounting Policies and Critical Accounting Estimates” (section “Income Taxes”). For information on deferred tax assets, we refer to Note 36 of the consolidated financial statements.

The Financial Statement Risk
The consolidated financial statements contain deferred tax assets of € 6.8 billion. In the reporting period, the Group has reduced the carrying amount of deferred tax assets by € 1.4 billion due to the US tax reform.

Recognition and measurement of deferred tax assets contain judgment and besides objective factors also numerous estimates regarding future taxable profit and the usability of unused tax losses and tax credits.

The financial statement risk arises particularly from future usability of the benefits being estimated inappropriately. The estimation of future usability depends on future taxable profit potential based on the business plan and taking into account the expected development of key value-determining assumptions and parameters included therein, all being subject to uncertainty. These include in particular assumptions on the development of pre-tax earnings, the influence of potential special items, and permanent effects which determine the taxable profit available in the future. Such estimates must also consider current political and economic developments and jurisdiction specific considerations, including but not limited to US tax reform.

Our Audit Approach
We conducted a risk assessment to gain an understanding of the applicable tax laws and regulations relevant to the Group. Based on that, we performed both tests of related internal key controls and substantive audit procedures with the assistance of KPMG-internal tax specialists. We performed the following audit procedures as part of our controls testing including, but not limited to:

  • evaluation of the policies used for recognition and measurement of deferred tax assets in accordance with IAS 12 and
  • test of design, implementation and operating effectiveness of internal controls with respect to recognition of deferred tax assets in the Group.

Furthermore, we performed substantive audit procedures for a risk-based sample of deferred tax assets in different countries. This included, but was not limited to:

  • assessment of the appropriateness of parameters applied to the business plans, including sub-plans for relevant countries where appropriate. In doing so, we scrutinized the appropriateness of the planning parameters applied that are relevant to the Group's significant subdivisions by considering potential positive and negative indicators regarding recoverability or occurrence of planning parameters and assumptions, and
  • review of the bridge from pre-tax income to the planned taxable profit for certain countries.

Our Observations
Based on the results of our key controls testing and substantive audit procedures we consider recognition and measurement of deferred tax assets in particular regarding the assumptions and parameters to develop the taxable profit and usability of tax losses and credits to be reasonable.

Presentation of Legal Risks in the Financial Statements

For a qualitative and quantitative description of significant litigations we refer to Note 29 of the consolidated financial statements.

The Financial Statement Risk
As of the reporting date, the Group reports provisions for legal risks in the amount of € 2.0 billion. They consist of provisions for civil litigations amounting to € 1.1 billion and provisions for regulatory enforcement amounting to € 0.9 billion.

The financial statement risk arises particularly from failure to appropriately reflect potential financial obligations (provisions or contingent liabilities) resulting from non-compliance with applicable laws, regulatory requirements or contractual agreements, or asserted claims, including consideration of disclosure in the Group’s financial statements. The identification of those matters, the evaluation of its likelihood, and the valuation of potential financial obligations resulting thereof is subject to judgment and estimation uncertainty.

Our Audit Approach
We conducted a risk assessment regarding potential obligating events in designing our audit approach. This was based on an assessment of the internal controls regarding the complete and accurate recording of legal risks as well as inquiries with management and departments that are responsible to identify, evaluate and monitor legal risks. It further consisted of a review of internal and external documentation and publicly available information and inspection of accounts regarding legal expenses.

Based on our risk assessment, we established an audit approach including control and substantive testing.

To test the adequacy of the internal control system, we identified controls designed to assure the completeness and accuracy of valuation of provisions and contingent liabilities for legal risks and tested the design and the implementation, as well as the operating effectiveness of such controls.

Additionally, we have conducted substantive audit procedures for a risk-based sample of cases, and sent legal confirmation letters to the lawyers dealing with material litigation.

We evaluated the recognition and valuation of material provisions and contingent liabilities of the Group based on facts and circumstances available regarding compliance with the accounting standards.

In order to determine the facts and circumstances of the individual cases, we performed inspection of relevant documents and we inquired with the Group’s internal and external legal counsel. We assessed the material assumptions made and key judgements applied including the evaluation of disconfirming evidence. Specifically, for matters where potential obligations existed but the exposure was considered less than probable, we considered audit evidence regarding the lack of recognition and the disclosure thereof.

Additionally, we considered whether the Group’s disclosures of the application of judgement in estimating provisions and contingent liabilities is adequately reflected. Also, we considered whether the Group’s disclosures in relation with the individual cases reflect the uncertainties associated with legal and regulatory matters appropriately.

Our Observations
Based on the results of our key controls testing and substantive audit procedures, we considered the identification of matters and the evaluation of its likelihood and estimated provision for potential obligations as reasonable. The notes appropriately disclose the estimation uncertainty in valuation.

IT Access Management in the financial reporting process

For a description of internal controls over the financial reporting process including IT access management controls, we refer to the group management report in section “Internal Control over Financial Reporting”.

The Financial Statement Risk
The financial reporting process is highly dependent on information technology and the availability of complete and accurate electronic data due to the size and the complexity of the Group. The inappropriate granting of or ineffective monitoring of access rights to IT systems therefore presents a risk to the accuracy of financial reporting. This risk applies in particular to systems with access rights which do not correspond to a “need to know” or “need to have” principle, i.e. access is granted solely based on the requirements of the role and no further authorization requirement is in place, or the segregation of duties principle, i.e. between IT and specialist departments as well as between development and application operations.

Unauthorized or extensive access rights and a lack of segregation of duties cause a risk of intended or unintended manipulation of data that could have a material effect on the completeness and accuracy of the financial statements. Therefore, the design of and compliance with respective precautions is a significant matter for our audit.

Our Audit Approach
We obtained an understanding of the Group’s business IT related control environment. Furthermore we conducted a risk assessment and identified IT applications, databases and operating systems that are relevant to our audit.

For relevant IT-dependent controls within the financial reporting process (so-called IT application controls) we identified supporting general IT controls and evaluated their design, implementation, and operating effectiveness. We tested key controls particularly in the area of access protection and linkage of such controls to the completeness and accuracy of financial reporting. Our audit procedures included, but were not limited to, the following:

  • Tests of controls regarding initial access granted to IT systems for new employees or employees changing roles, whether that access was subject to appropriate screening and if it was approved by an authorized person in line with the role based authorization concept.
  • Test of controls regarding removal of employee or former employee access rights within an appropriate period of time after having changed roles or leaving the company.
  • Test of controls regarding the appropriateness of system access rights for privileged or administrative authorizations (superuser) being subject to a restrictive authorization assignment procedure and the regular review thereof.
  • Moreover, we conducted specific testing procedures in the area of password protection, security settings regarding modifications for applications, databases, and operating systems, the segregation of specialist department and IT users and the segregation of employees responsible for program development and those responsible for system operations. In cases where certain IT controls were not effective we identified and tested additional compensating controls for implementation and operating effectiveness as well as testing other compensating evidence.

Considering the results of our control tests, we decided on the nature and scope of further substantive audit procedures to be performed. Particularly, where we identified user authorizations not being withdrawn on time after leaving the Bank, we performed an inspection of the activity log of individual users to determine whether unauthorized activities had occurred that would materially affect the completeness and accuracy of financial information processed.

Also, by tests of detail we assessed if program developers had approval rights in the modification process and whether they were able to carry out any modifications in the productive versions of applications, databases, and operating systems to assess if these responsibilities were functionally segregated. We have also analyzed the segregation of duties on critical trading and payment systems in order to assess whether the segregation of duties between front and back offices has been adhered to.

Our Observations
Based on the results of our key controls testing and substantive audit procedures, we consider the IT access management in the financial reporting process to generally address the requirements for completeness and accuracy of financial reporting relevant data. In cases where we identified control deficiencies, we found that compensating controls were in place and tested other compensating evidence to address the risk of material misstatement over the financial statements.

Other Information

Management is responsible for the other information. The other information comprises of the remaining parts in the annual report, with the exception of the audited consolidated financial statements and the group management report and our auditor’s report..

Our opinions on the consolidated financial statements and the group management report do not cover the other information and consequently we do not express an opinion or any other form of assurance conclusion thereon.

In connection with our audit, our responsibility is to read the other information and, in so doing, to consider whether the other information

  • is materially inconsistent with the consolidated financial statements, with the group management report, or our knowledge obtained in the audit, or
  • otherwise appears to be materially misstated.

Responsibilities of Management and the Supervisory Board for the Consolidated Financial Statements and the Group Management Report

Management is responsible for the preparation of the consolidated financial statements that comply, in all material respects, with IFRSs as adopted by the EU and the additional requirements of German commercial law pursuant to Section 315e (1) HGB and that the consolidated financial statements, in compliance with these requirements, give a true and fair view of the assets, liabilities, financial position, and financial performance of the Group. In addition, management is responsible for such internal control as they have determined necessary to enable the preparation of consolidated financial statements that are free from material misstatement, whether due to fraud or error.

In preparing the consolidated financial statements, management is responsible for assessing the Group's ability to continue as a going concern. They also have the responsibility for disclosing, as applicable, matters related to going concern. In addition, they are responsible for financial reporting based on the going concern basis of accounting unless there is an intention to liquidate the Group or to cease operations, or there is no realistic alternative but to do so.

Furthermore, management is responsible for the preparation of the group management report that, as a whole, provides an appropriate view of the Group’s position and is, in all material respects, consistent with the consolidated financial statements, complies with German legal requirements, and appropriately presents the opportunities and risks of future development. In addition, management is responsible for such arrangements and measures (systems) as they have considered necessary to enable the preparation of the group management report that is in accordance with the applicable German legal requirements, and to be able to provide sufficient appropriate evidence for the assertions in the group management report.

The supervisory board is responsible for overseeing the Group's financial reporting process for the preparation of the consolidated financial statements and of the group management report.

Auditor’s Responsibilities for the Audit of the Consolidated Financial Statements and of the Group Management Report

Our objectives are to obtain reasonable assurance about whether the consolidated financial statements as a whole are free from material misstatement, whether due to fraud or error, and whether the group management report as a whole provides an appropriate view of the Group’s position and, in all material respects, is consistent with the consolidated financial statements and the knowledge obtained in the audit, complies with the German legal requirements and appropriately presents the opportunities and risks of future development, as well as to issue an auditor’s report that includes our opinions on the consolidated financial statements and on the group management report.

Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with Section 317 HGB, and the EU Audit Regulation and in compliance with German Generally Accepted Standards for Financial Statement Audits promulgated by the Institut der Wirtschaftsprüfer (IDW) will always detect a material misstatement. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these consolidated financial statements and this group management report.

We exercise professional judgment and maintain professional skepticism throughout the audit. We also:

  • Identify and assess the risks of material misstatement of the consolidated financial statements and the group management report, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinions. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control.
  • Obtain an understanding of internal control relevant to the audit of the consolidated financial statements and of arrangements and measures (systems) relevant to the audit of the group management report in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of these systems.
  • Evaluate the appropriateness of accounting policies used by management and the reasonableness of estimates made by the management and related disclosures.
  • Conclude on the appropriateness of management's use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the Group's ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in the auditor's report to the related disclosures in the consolidated financial statements and in the group management report or, if such disclosures are inadequate, to modify our respective opinions. Our conclusions are based on the audit evidence obtained up to the date of our auditor's report. However, future events or conditions may cause the Group to cease to be able to continue as a going concern.
  • Evaluate the overall presentation, structure and content of the consolidated financial statements, including the disclosures, and whether the consolidated financial statements present the underlying transactions and events, in a manner that the consolidated financial statements give a true and fair view of the assets, liabilities, financial position and financial performance of the Group in compliance with IFRSs as adopted by the EU, and the additional requirements of German commercial law pursuant to Section 315e (1) HGB.
  • Obtain sufficient appropriate audit evidence regarding the financial information of the entities or business activities within the Group to express opinions on the consolidated financial statements and on the group management report. We are responsible for the direction, supervision and performance of the group audit. We remain solely responsible for our opinions.
  • Evaluate the consistency of the group management report with the consolidated financial statements, its conformity with German law, and the view of the Group’s position it provides.
  • Perform audit procedures on the prospective information presented by management in the group management report. On the basis of sufficient appropriate audit evidence we evaluate, in particular, the significant assumptions used by management as a basis for the prospective information, and evaluate the proper derivation of the prospective information from these assumptions. We do not express a separate opinion on the prospective information and on the assumptions used as a basis. There is a substantial unavoidable risk that future events will differ materially from the prospective information.

We communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit.

We also provide those charged with governance with a statement that we have complied with the relevant independence requirements, and communicate with them all relationships and other matters that may reasonably be thought to bear on our independence, and where applicable, the related safeguards.

From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the consolidated financial statements of the current period and are therefore the key audit matters. We describe these matters in our auditor’s report unless law or regulation precludes public disclosure about the matter.

Other Legal and Regulatory Requirements

Further Information pursuant to Article 10 of the EU Audit Regulation

We were elected as group auditor of by the annual general meeting on May 18, 2017. We have been engaged by the Supervisory Board on July 26, 2017. We or our predecessor firms have served as auditor to Deutsche Bank Aktiengesellschaft and its predecessor companies since 1952.

We declare that the opinions expressed in this auditor’s report are consistent with the additional report to the Audit Committee pursuant to Article 11 of the EU Audit Regulation (long-form audit report).

We provided the following services in addition to the financial statement audit, as disclosed in Note 43 – “Supplementary Information to the Consolidated Financial Statements according to Sections 297 (1a) / 315a HGB and the return on assets according to Article 26a of the German Banking Act”.

German Public Auditor Responsible for the Engagement

The German Public Auditor responsible for the engagement is Burkhard Böth.

Frankfurt am Main, March 12, 2018

KPMG AG
Wirtschaftsprüfungsgesellschaft

Pukropski
Wirtschaftsprüfer

Böth
Wirtschaftsprüfer