Corporate Governance 2026

BULGARIA Law and Practice Contributed by: Konstantin Vassilev and Kiril Kirkov, Vassilev & Partners Law Firm

6. Audit, Risk and Internal Controls 6.1 External Auditors A Bulgarian company must appoint an external audi - tor where its annual or consolidated financial state - ments are subject to mandatory independent financial audit under the Accountancy Act, the Independent Financial Audit and Sustainability Assurance Act, EU law or sector-specific legislation. Mandatory audit applies to medium-sized and large undertakings, public-interest entities, medium-sized and large groups, groups including at least one public- interest entity and small undertakings exceeding stat - utory thresholds relating to assets, net sales revenue and employees. Other undertakings may be subject to statutory audit under special law. For joint-stock companies, the registered auditor is appointed by the general meeting. In other forms, the competent owner or corporate body generally makes the appointment. Regulated entities may be subject to sector-specific approval, co-ordination or notification requirements. The auditor provides independent assurance on whether the financial statements comply with the applicable financial reporting framework. Manage - ment remains responsible for preparing financial state - ments, maintaining accounting records and operating internal controls. Public-interest entities must establish an audit com - mittee. The audit committee monitors financial report - ing, statutory audit, auditor independence and the effectiveness of internal control and risk management systems insofar as they relate to financial reporting. Where sustainability reporting is required, the report is subject to assurance by a qualified registered auditor. 6.2 Risk Management and Internal Controls Bulgarian law does not impose a single board-level regime labelled as “geopolitical risk”. Instead, geopo - litical risk is addressed through general management duties, disclosure, sector-specific risk rules, sanctions compliance, AML/CFT, cybersecurity, supply chain controls and public company reporting.

For public companies, geopolitical risk may need to be disclosed where material to the issuer’s business, financial position, prospects or securities. At board level, it should be considered as part of the broader risk management and internal control framework. Bulgaria applies EU restrictive measures directly as an EU member state and has national rules against ter - rorism financing and proliferation financing. Sanctions compliance is relevant not only for financial institutions but also for companies with cross-border operations, foreign customers, export activity, logistics exposure, energy or defence-related business, financial counter - parties or complex ownership chains. Boards are expected to oversee sanctions compli - ance where the risk is material. This includes screen - ing, ownership and control checks, contractual pro - tections, escalation procedures, transaction freezes, reporting processes and staff training proportionate to the company’s risk profile. The main ESG reporting requirements for Bulgarian companies are driven by EU law and its implementa - tion into Bulgarian legislation. Bulgaria transposed the Corporate Sustainability Reporting Directive through amendments to the Accountancy Act and the Inde - pendent Financial Audit and Sustainability Assurance Act. Large undertakings and small and medium-sized pub - lic-interest entities within scope must include a sepa - rate sustainability section in the management report, prepared in accordance with the European Sustain - ability Reporting Standards. The report must explain material sustainability impacts, risks and opportuni - ties, and how sustainability matters affect the com - pany’s development, performance and position. 7. Environmental, Social and Governance 7.1 ESG Requirements Sustainability reporting is subject to assurance by a qualified registered auditor. Boards should ensure reli - able data collection, internal controls and clear alloca - tion of responsibility.

77 CHAMBERS.COM

Powered by