Recognising that such situations can often be difficult and stressful for the PAs, and accepting that he or she has a prima facie ethical responsibility not to turn a blind eye to the matter, NOCLAR was introduced to help and guide the PAs in dealing with such situations and in deciding how best to serve the public interest in these circumstances.
Considering the above, the International Ethics Standards Board for Accountants (IESBA) had made revisions to the International Code of Ethics for Professional Accountants to define their professional responsibility in relation to NOCLAR in the year 2017.
ICAI, being a member of the International Federation of Accountants (IFAC), has considered the revisions made by IESBA in the revised 12th edition of the Code of Ethics which has come into effect from 1st July, 2020 for its members. The Council of ICAI has decided that the provisions, namely, Responding to Non-Compliance with Laws and Regulations (NOCLAR) (Sections 260 and 360), contained in Volume I of the Code of Ethics, 2019, the applicability of which was deferred earlier, be made applicable and effective from 1st April, 2022.
These NOCLAR provisions, as introduced by ICAI, provide detailed guidance in assessing the implications for PAs on any actual or suspected non-compliances of laws and regulations and the possible course of action while responding to them. These provisions primarily cover the non-compliance with laws and regulations that may have an effect on:
a. the determination of material amounts and disclosures in the financial statements;
b. the compliances that may be fundamental to the entity’s business and operations, or to avoid material penalties.
Examples of laws and regulations
Examples of other laws and regulations for consideration of PAs while evaluating NOCLAR
1) The real estate sector has remained widely unorganised till the introduction of The Real Estate (Regulation and Development) Act, 2016 (‘RERA’). Just as while discharging the duty of statutory auditor, for instance under the Companies Act, the auditor shall now be required to coordinate with the RERA professionals and also would require working knowledge of the RERA law to understand the Non-Compliance of Laws and Regulations (NOCLAR).
2) Impact due to Non-Compliance of Foreign Exchange Management Act law will also be covered in the above NOCLAR reporting.
3) Applicability of PF and ESIC laws – based on crossing prescribed number of employees / staff and compliance pertaining to the same.
4) Schedule III Disclosure and Compliance relating to relevant provisions of the Foreign Exchange Management Act, 1999 and the Companies Act, 2013 have been complied for transactions of advanced or loaned or invested funds and vice versa and the transactions are not violative of the Prevention of Money Laundering Act, 2002.
5) In case of regulated entities, the Regulations often require direct reporting to the Regulator (RBI directions in case of banks & NBFCs).
The PA should be more alert in case of susceptible industries, such as banks, diamond companies, the IT industry, the financial sector, hazardous Industries and companies dealing in cryptocurrencies.
The broad objectives of PAs in relation to NOCLAR are:
a. to comply with the principles of integrity and professional behaviour;
b. to alert management or where appropriate Those Charged with Governance (TCWG) of the client or employer, to enable them to rectify, remediate and mitigate the consequences of the identified or suspected non-compliance or deter the commission of the non-compliance where it has not yet occurred; and
c. to take such further action as appropriate in public interest.
APPLICABILITY AND SCOPE
Although the purpose of introducing NOCLAR was to provide assistance to PAs, for all their professional engagements, in case there is suspected or actual non-compliance of law and regulations, ICAI has at present made it effective only on:
a. auditors doing audit assignments of listed entities; and
b. employees of listed entities.
Further, the following matters are not included in the scope of NOCLAR:
1. Matters clearly inconsequential – Whether a matter is clearly inconsequential is to be judged with respect to its nature and its impact, financial or otherwise, on the employing organisation, its stakeholders and the general public. For instance, trying to cajole a traffic officer to ignore penalties for traffic violation;
2. Personal misconduct unrelated to the business activities of the client or employer – such as a top employee getting drunk or driving under the influence of alcohol;
3. Non-compliance other than by the client or employer, or those charged with governance, management – for example, circumstances where a professional accountant has been engaged by a client for conducting a due diligence assignment on a third-party entity and the identified or suspected non-compliance has been committed by that third party.
WHAT HAS CHANGED?
The ICAI, in its Code of Ethics-Revised 2019, has introduced new guidance for NOCLAR via section 360 for members in practice and section 260 for members in employment. Both these sections are further discussed in detail below:
Responding to Non-Compliance with Laws and Regulations during the course of Audit Engagements of Listed Entities – SECTION 360
The professional accountants will have to get ready for higher responsibility to identify and report violations which they come across while performing their work. Non-Compliance with Laws and Regulations comprises acts of omission or commission, intentional or unintentional, which are contrary to the prevailing laws or regulations committed by the client, those charged with governance of a client, management of a client or other individuals working for or under the direction of a client. When encountering such non-compliance or suspected non-compliance, the accountant shall obtain an understanding of those legal or regulatory provisions and comply with them, including any requirement to report the matter to an appropriate authority and any prohibition of alerting the client, for example, pursuant to anti-money laundering legislation.
Management, with the oversight of those charged with governance, is responsible for ensuring that the client’s business activities are conducted in accordance with the laws and regulations. Usually, corporates have an internal legal, compliance / tax department and also a team of internal / external legal counsel who assist management in complying with laws and regulations and compliances applicable to the company. The company may implement various policies and procedures like monitoring legal requirements and ensuring that operating procedures are designed to meet those requirements. Once the appropriate systems of internal control are operative, it will assist in prevention and detection of non-compliance with laws and regulations. In larger entities these policies may be supplemented by assigning responsibilities to the internal audit / audit committee / compliance function. Non-compliance might result in fines, litigation or other consequences for the client, potentially materially affecting its financial statements. Importantly, such non-compliance might have wider public interest implications in terms of potentially substantial harm to investors, creditors, employees or the general public. Examples of these include the perpetration of a fraud resulting in significant financial losses to investors and breaches of environmental laws and regulations, endangering the health or safety of the employees or the public. The auditor will have to suitably change the engagement letter going forward considering the new responsibilities on management and those charged with governance pertaining to NOCLAR.
When a PA in public practice becomes aware of non-compliance or suspected non-compliance, the following points are to be considered:
a) Obtain understanding of the matter (nature of the act and the circumstances), discuss it with management and where appropriate TCWG may seek legal counsel;
b) Addressing the matter (rectify, remediate, mitigate, deter, disclose);
c) Check whether management and TCWG understand their legal or regulatory responsibilities;
d) Communication with respect to groups (for financial statement audit);
e) Determining whether further action is needed (timely response, appropriate steps taken by the entity and based on professional judgment by the PA), consulting on a confidential basis with the Institute;
f) Determine whether to disclose the matter to the appropriate authority; and
g) Documentation of the matter.
The PA might determine that disclosure to an appropriate authority is an appropriate course of action in the following scenario:
• The entity is engaged in bribery (for example, of local or foreign government officials for purposes of securing large contracts);
• The entity is regulated and the matter is of such significance as to threaten its license to operate;
• The entity is listed on a securities exchange and the matter might result in adverse consequences to the fair and orderly market in the entity’s securities or pose a systemic risk to the financial markets;
• It is likely that the entity would sell products that are harmful to public health or safety;
• The entity is promoting a scheme to its clients to assist them in evading taxes.
The documentation for compliance related to ethical standards is in addition to complying with the documentation requirements under applicable auditing standards. In relation to non-compliance or suspected non-compliance that falls within the scope of this section, the professional accountant shall document in detail how his responsibility to act in public interest has been met.
Withdrawing from the engagement and the professional relationship is not a substitute for taking other actions that might be needed to achieve the professional accountant’s objectives under this section. However, there might be limitations as to the further actions available to the accountant. In such circumstances, withdrawal might be the only available course of action. The auditor may also refer to the Implementation Guide on Resignation / Withdrawal from an Engagement to Perform Audit of Financial Statements issued by the Auditing and Assurance Standards Board.
Responding to Non-Compliance with Laws and Regulations in case of Employment with Listed Entities – SECTION 260
It is the responsibility of employing organisations’ management and those charged with governance to ensure that their business activities are conducted in accordance with the laws and regulations and to identity and address any non-compliance. Non-compliance with laws and regulations comprises acts of omission or commission, intentional or unintentional, which are contrary to prevailing laws or regulations committed by the following parties:
a) The professional accountant’s employing organisation;
b) Those charged with governance of the employing organisation;
c) Management of the employing organisation; or
d) Other individuals working for or under the direction of the employing organisation.
When encountering such non-compliance or suspected non-compliance, the accountant shall obtain an understanding of those legal or regulatory provisions and comply with them, including any requirement to report the matter to an appropriate authority and any prohibition on alerting the relevant party.
If organisations have established protocols and procedures regarding how non-compliance or suspected non-compliance should be raised internally, the PA shall consider them in determining how to respond on timely basis to such non-compliance. For instance, the Ethics Policy or internal whistle-blowing mechanism. The Securities and Exchange Board of India decided recently to increase the maximum reward for whistle-blowers from Rs. 1 crore to Rs. 10 crores. Such protocols and procedures might allow matters to be reported anonymously through designated channels. Under CARO 2020, the auditor is required to report whether he has considered whistle-blower complaints, if any, received during the year by the company. The auditor should be mindful while performing the procedures under this clause and consider complaints received under the whistle-blower mechanism. The auditor should consider whether additional procedures are required to be performed under SA 240 in this regard.
When a senior PA in service becomes aware of non-compliance or suspected non-compliance, the following steps are to be taken:
a. Obtaining an understanding of the matter,
b. Addressing the matter,
c. Determining whether further action is needed,
d. Seeking advice,
e. Determining whether to disclose the matter to the appropriate authority – and the different scenarios, and
f. Documentation.
Senior professional accountants in service (SPAs) are Directors, officers or senior employees able to exert significant influence over, and make decisions regarding, the acquisition, deployment and control of the employing organisation’s human, financial, technological, physical and intangible resources.
Resigning from the employing organisation is not a substitute for taking other actions that might be needed to achieve the SPA’s objectives under this section. However, there might be limitations as to the further actions available to the accountant. In such circumstances, resignation might be the only available course of action.
When a Professional Accountant in service becomes aware of non-compliance or suspected non-compliance, the following steps are to be taken:
? Subject to established protocols and procedures, inform an immediate superior to enable the superior to take appropriate action;
? If the PA’s immediate superior appears to be involved in the matter, inform the next higher level of authority within the organisation;
? In exceptional circumstances, the PA may decide that disclosure of the matter to the appropriate authority is an appropriate course of action;
? Documentation of the matter, results of discussions, response by superior/s, course of action, the judgments made and the decisions that were taken.
INTERPLAY BETWEEN SA 250 AND NOCLAR
SA 250 requires the auditors to assess the financial implications on the financial statements in case there is a non-compliance of laws and regulations, which is equally applicable in case of NOCLAR. However, section 360 of the Code of Ethics requires the auditor to assess wider public interest implications, in case there is NOCLAR in terms of potential harm to all the stakeholders of the company, whether financial or non-financial.
Further, SA 250 is required to be complied with by the auditors while doing the audit of entities, whether public or private, whereas NOCLAR is applicable to the audit of listed companies and to the PAs who are under employment of a listed entity.
THE BOTTOM LINE
NOCLAR would require organisations to make their compliances more robust from a financial statement disclosure perspective. If the violation is not appropriately reported, it may attract disciplinary action against the professional accountant. The reporting of NOCLAR is part of the global push towards greater accountability. Considering the various kinds of reporting involved, this might translate into more instances of whistle-blowing.