To reply to just one sentence: From my experience the relationship between auditors and financial (prudential) regulators is only lightly one of relying upon. On the one hand of course having trouble getting your financial report signed is a key risk indicator for the regulator, on the other hand the regulator in my sector (insurance) goes markedly deeper in their thematic and on-site reviews than the auditors do. Even though the auditors sign off on things like capital requirements, the regulators understand models way better. Those building proper models usually don’t work for the big-4 that do auditing, but work for more niche firms and the insurers themselves.

I’ve worked for a regulator in a sector with more lenient oversight (health) and there the accountant was one of the pillars of our understanding. We just didn’t have the mandate or capabilities to understand the finance of the thousands of providers. In that way regulating finance is easy. Banks and insurers are relatively low-N activities. In case of BaFin I find it hard to imagine that they couldn’t, so they probably wouldn’t.

Food for another thread is how to match the European perspective above to, say, the SVB case in the US. How on earth the regulator didn’t track the interest rate risk is beyond me. (I believe the legal explanation is that they fell in a D-F regime with less regulatory burden.)