FOCUS

NON-COMPLIANCE WITH LAWS AND REGULATIONS

RESPONDING TO NON-COMPLIANCE WITH LAWS AND REGULATIONS

ANG SOON LII AND LIM JU MAY

UNDERSTANDING THE PAINS

 

As a member of the International Federation of Accountants (IFAC), ISCA’s ethics pronouncement is required to be closely aligned to the ethics standard of the International Ethics Standards Board for Accountants (IESBA). IESBA is the ethics standard-setting board of IFAC.

 

Thus, ISCA Ethics Pronouncement 100: Code of Professional Conduct and Ethics (EP 100) is largely aligned to the IESBA Code of Ethics for Professional Accountants (IESBA Code), with local adaptations to serve the public interest in Singapore and to conform to Singapore’s regulatory environment and statutory requirements. For each new pronouncement issued by IESBA, the ISCA Ethics Committee is tasked with assessing it for the purpose of adoption into EP 100.

 

One of the ethics pronouncements currently assessed by the ISCA Ethics Committee is the IESBA ethics pronouncement on Responding to Non-compliance with Laws and Regulations (NOCLAR Pronouncement), which was issued by the IESBA in July 2016, and effective from 15 July 2017.

 

It should be noted that the NOCLAR Pronouncement does not limit the auditor’s consideration to only whether he has a legal responsibility to report the matter to an appropriate authority. He may be compelled to report it if he deems it appropriate, after considering the relevant factors indicated above, even if he does not have the legal or regulatory requirement to do so.

ABOUT THE NOCLAR PRONOUNCEMENT

 

The NOCLAR Pronouncement was issued with the purpose of setting out the professional accountant’s responsibilities, and provides a framework for the professional accountant on how best to act in the public interest when he encounters or is made aware of NOCLAR or suspected NOCLAR during the course of providing professional services or during the course of employment (NOCLAR Framework). NOCLAR comprises acts of omission or commission, intentional or unintentional, committed by a client or by those charged with governance (TCWG), by management or by other individuals working for or under the direction of a client, which are contrary to the prevailing laws or regulations.

 

Under the NOCLAR Pronouncement, professional accountants are broadly categorised into professional accountants in public practice (PAPPs) and professional accountants in business (PAIBs). PAPPs are further segregated into those performing audits of financial statements (or auditors) and those who provide professional services other than audits of financial statements, while PAIBs are segregated into senior PAIBs and PAIBs who are other than senior PAIBs.

 

There are three basic steps required in the NOCLAR Framework, namely, (a) Obtaining an understanding of the matter; (b) Addressing the matter, and (c) Acting in the public interest.

 

While the three steps are applicable to all professional accountants, the NOCLAR Pronouncement imposes different levels of requirements on the different categories/sub-categories of professional accountants.

 

More stringent requirements are placed on auditors as compared to PAPPs providing professional services other than audits of financial statements. Likewise, senior PAIBs would be subject to more stringent requirements as compared to PAIBs who are other than senior PAIBs.

 

Even prior to its issuance, it has been acknowledged that the NOCLAR Pronouncement would impact professional accountants significantly.

 

In this article, we will articulate in some detail, how the NOCLAR Pronouncement impacts professional accountants. For the purpose of more systematic organisation and clearer presentation of points, this article will focus on highlighting the impact (or pain points) on auditors, before branching out to touch on how these “pain points” would affect the other categories of professional accountants.

 

PAIN POINT 1 THE NOCLAR PRONOUNCEMENT AFFECTS HOW AN AUDITOR TAKES ACTION UPON BECOMING AWARE OF NOCLAR OR SUSPECTED NOCLAR

 

Auditors are required to conduct their audits in accordance with the Singapore Standards on Auditing (SSAs). Thus, auditors have responsibilities under SSA 250: Consideration of Laws and Regulations in an Audit of Financial Statements to consider laws and regulations in an audit of financial statements and to take certain actions upon becoming aware of NOCLAR or suspected NOCLAR.

 

SSA 250 is based on the International Standard on Auditing 250: Consideration of Laws and Regulations in an Audit of Financial Statements (ISA 250)1 issued by the International Auditing and Assurance Standards Board (IAASB) for Accountants. Following the issuance of the NOCLAR Pronouncement, conforming amendments relating to the NOCLAR Pronouncement were incorporated into ISA 250. On the same note, SSA 250 would incorporate relevant conforming amendments should the NOCLAR Pronouncement be adopted into EP 100.

 

Notwithstanding the above, given that SSA 250’s focus is on auditing while the NOCLAR Pronouncement’s focus is on ethics, each standard would place emphasis on different areas.

 

In view of the above, we highlight some key areas in which the auditors would be affected, with reference to the three basic steps in the NOCLAR Response Framework and relevant requirements in SSA 250:

 

a) Basic Step 1: Obtaining an understanding of the matter

 

For auditors, the requirements in this step of the NOCLAR Framework are very much similar to that of SSA 250. Upon becoming aware of an instance of NOCLAR or suspected NOCLAR, and where the matter is clearly not inconsequential, the auditor is required to discuss the matter with the appropriate level of management or TCWG, or as appropriate. This would allow the auditor to obtain an understanding of the matter, including the nature of the act and the circumstances in which it has occurred, or may occur.

 

b) Basic Step 2: Addressing the matter

 

Both SSA 250 and the NOCLAR Pronouncement require auditors to communicate the matter to the appropriate level of management or TCWG.

 

Paragraph 24 of SSA 250 states that if the auditor suspects that management or TCWG are involved in non-compliance, the auditor shall communicate the matter to the next higher level of authority at the entity, if it exists, such as an audit committee or supervisory board. Where no higher authority exists, or if the auditor believes that the communication may not be acted upon or is unsure as to the person to whom to report, the auditor shall consider the need to obtain legal advice.

 

While SSA 250 does not provide further requirements apart from paragraph 24 (mentioned earlier), the NOCLAR Pronouncement is clearer (and also imposes a heavier burden), because it places responsibility on the auditor to advise management or TCWG, to take the following appropriate and timely actions, if they have not already done so:

 

i. Rectify, remediate or mitigate the consequences of the NOCLAR;

 

ii. Deter the commission of the NOCLAR (or prevent the breach of laws and regulations) when it has not yet occurred, or

 

iii. Disclose the matter to an appropriate authority as required by law or regulation, where considered necessary in the public interest.

 

When doing so, the auditor shall also consider whether the client’s management and TCWG understand their legal or regulatory responsibilities with respect to the NOCLAR or suspected NOCLAR. If no, the auditor may suggest appropriate sources of information or recommend that they obtain legal advice.

 

c) Basic Step 3: Acting in the public interest

 

SSA 250 does not provide detailed requirements on what should be the further action required to be taken by auditors upon identifying or suspecting NOCLAR. Apart from paragraph 24 (mentioned earlier), paragraph 28 requires the auditor, in cases whereby he identifies or suspects NOCLAR, to determine whether he has a responsibility to report the identified or suspected NOCLAR to parties outside the entity.

 

In this regard, the NOCLAR Pronouncement is more onerous than SSA 250. Based on the NOCLAR Pronouncement, the auditor is required to assess the appropriateness of management/TCWG responses. Some factors to be considered while making his assessment of whether management/TCWG responses are appropriate would include factors such as the appropriateness and timeliness of management’s responses, the urgency of the matter and the likelihood of substantial harm to relevant stakeholders.

 

The auditor is required to determine if further action is needed in the public interest. Further action by the auditor may include (a) reporting the matter to an appropriate authority even when there is no legal or regulatory requirement to report it, and (b) withdrawing from the engagement where permitted by law. In determining whether to report the matter to an appropriate authority, the auditor would be required to assess the nature and extent of the actual or potential harm that is or may be caused by the matter to investors, creditors, employees or the general public.

 

To add to the level of responsibility, the NOCLAR Pronouncement further indicates that withdrawal from the engagement is not a substitute for taking other actions that may be needed to achieve the auditor’s objectives under the NOCLAR Pronouncement.

 

In the area of reporting to the appropriate authorities, SSA 250 currently requires the auditor to determine whether he has a legal responsibility to override confidentiality to report the matter to an appropriate authority. The NOCLAR Pronouncement further states that if the auditor determines that the reporting of the NOCLAR to an appropriate authority is an appropriate course of action in a particular circumstance, it would not be considered a breach of the duty of confidentiality under Section 140 of the IESBA Code. The auditor should act in good faith and exercise caution when making statements and assertions.

 

It should be noted that the NOCLAR Pronouncement does not limit the auditor’s consideration to only whether he has a legal responsibility to report the matter to an appropriate authority. He may be compelled to report it if he deems it appropriate, after considering the relevant factors indicated above, even if he does not have the legal or regulatory requirement to do so.

 

PAIN POINT 2 WHISTLEBLOWING AND PROTECTION FOR WHISTLEBLOWERS

 

The above step 3 (of Pain Point 1) of the NOCLAR Framework requires auditors to determine whether or not to disclose the matter to an appropriate authority, or to whistleblow. The auditor is also called upon to determine if there should be disclosure to an appropriate authority, even in instances whereby there is no legal or regulatory requirement to do so.

 

The Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act, Cap. 65A (CDSA) is an example of a legislation which requires the reporting of money laundering offences to the authorities. Under the CDSA, the whistleblower is accorded the same protection as an “informant”. Other statutes may be different from the CDSA and may not require the reporting of relevant offences to the appropriate authorities. Likewise, they may not accord the same level of legal protection to whistleblowers as the CDSA.

 

This leads to the question of whistleblower protection: Would whistleblowers be accorded sufficient protection from criminal and civil suits, and be given the right to anonymity?

 

In this regard, the NOCLAR provides a reprieve. Apart from considering the nature and extent of the actual or potential harm that is or may be caused by the matter to investors when determining whether or not to report to the appropriate authorities, auditors may also consider the following external factors:

 

(a) Whether there is an appropriate authority that is able to receive the information, and cause the matter to be investigated and action to be taken;

 

(b) Whether there exists robust and credible protection from civil, criminal or professional liability or retaliation afforded by legislation or regulation, and

 

(c) Whether there are actual or potential threats to the physical safety of the auditor.

 

Given the potential legal implications, the whistleblowing aspect of the NOCLAR Pronouncement would likely pose practical implementation challenges to auditors in the implementation of the NOCLAR Pronouncement.

 

The auditor is also called upon to determine if there should be disclosure to an appropriate authority, even in instances whereby there is no legal or regulatory requirement to do so.

 

PAIN POINT 3 EXTENSION OF THE AUDITOR’S “PAIN” TO OTHER PROFESSIONAL ACCOUNTANTS

 

EP 100 does not currently prescribe a course of action for the professional accountants to take upon becoming aware of NOCLAR or suspected NOCLAR.

 

Thus, unlike auditors who have to comply with the requirements in SSA 250 to consider laws and regulations in an audit of financial statements and to take certain actions upon becoming aware of NOCLAR or suspected NOCLAR, the other three categories of professional accountants do not currently have a professional obligation to take action to address NOCLAR or suspected NOCLAR.

 

Because the NOCLAR Pronouncement is applicable to all professional accountants, if the NOCLAR Pronouncement is adopted into EP 100, PAPPs who are not auditors and PAIBs would be required to take the necessary actions in accordance with the NOCLAR Framework.

 

The added responsibilities which come with the above requirements could prove to be onerous to them.

GROUP AUDIT REQUIREMENTS

 

During group audits, there may be instances where the component auditor in Singapore is required by the group engagement team (which is from a jurisdiction that has already adopted the NOCLAR Pronouncement) to perform the component audit in accordance with the ethical requirements of the IESBA Code.

 

This is a complex issue, which requires further consideration by the component auditor in Singapore.

 

As a first step, the component auditor should have an in-depth understanding of the requirements of the NOCLAR Pronouncement, since he is now required to comply with the requirements of the NOCLAR Framework when he encounters NOCLAR or suspected NOCLAR, notwithstanding that the NOCLAR Pronouncement has yet to be adopted in Singapore. He should also ensure that the engagement members have adequate training and understand the requirements of the NOCLAR Pronouncement. There should also be adequate tailored audit procedures to address the requirements in the NOCLAR Pronouncement.

 

It is also important for the component auditor to understand the group reporting requirements which may require disclosure of NOCLAR or suspected NOCLAR to the group audit engagement team. This may be especially sensitive when the component is an associate instead of a subsidiary in the group.

 

One way to manage the risks could be through the terms of engagement. The engagement letter could communicate to the client the need to comply with the IESBA Code (and therefore the NOCLAR Pronouncement). It could also include a “hold harmless” clause which would hold the component auditor harmless if he discloses, in good faith, NOCLAR or suspected NOCLAR to the group audit engagement team in accordance with the group reporting requirements.

 

Ultimately, the acceptance of an audit engagement is a business decision. Depending on the NOCLAR risk of the audit client (for group reporting) and the risk management policy of his audit firm, the component auditor could conclude that the risks for complying with the NOCLAR Pronouncement (for group reporting) is too high, and decide to decline the audit engagement from the onset.

WHAT ISCA IS DOING NOW

 

The acceptance of the responsibility to act in the public interest has been instilled into professional accountants right from the onset, since EP 100 states that “the accountancy profession is distinguished by its acceptance of the responsibility to act in the public interest”. This encompasses the acceptance to act in the public interest when encountering NOCLAR or suspected NOCLAR.

 

In this regard, the NOCLAR Pronouncement represents a step forward in the development of the Ethics Code, because it provides a clear framework on how professional accountants should act to make things right, when encountering NOCLAR or suspected NOCLAR. No longer can professional accountants turn a blind eye to NOCLAR (because they are unsure of the right course of action to take) because the NOCLAR Pronouncement requires certain actions to be taken when NOCLAR is encountered.

 

However, the NOCLAR Pronouncement presents a number of challenges to professional accountants. These would need to be considered and addressed where possible, before they are adopted into EP 100.

 

The ISCA Ethics Committee is in the process of examining the issues likely to be faced by professional accountants in the implementation of the NOCLAR Pronouncement. A thorough understanding of the issues facing professional accountants is required, before it makes its recommendations on how the NOCLAR Pronouncement would be adopted in Singapore.

 

To obtain a better understanding, inputs on the issues they have faced or may face have been obtained from PAPPs in small and medium-sized practices (SMPs) via the ISCA Public Accounting Practice Committee (PAPC). PAPC further conducted a survey on how the provisions in the NOCLAR Pronouncement would impact auditors, to seek inputs from ISCA members who are from SMPs. The ISCA Ethics Committee is in the process of obtaining further inputs on the implementation challenges faced in jurisdictions which have implemented the NOCLAR Pronouncement. Thereafter, it will finalise its assessment on the adoption of NOCLAR in EP 100.

 

The NOCLAR Pronouncement is not an easy ethics pronouncement to adopt, given its potential implications on the accountancy profession. Even so, it represents a necessary step forward for the profession. As members of a profession which is distinguished by its acceptance of the responsibility to act in the public interest, it is only a matter of time before Chartered Accountants (Singapore) take the next step forward.

 


 

Ang Soon Lii is Manager, and Lim Ju May is Deputy Director, Corporate Reporting and Ethics, ISCA.

 


 

1 On the international front, ISA 250 recently introduced conforming amendments requiring the auditor to determine whether law, regulation or ethical requirements (example, the Ethics Code) require the auditor to report to an appropriate authority. Should the NOCLAR Pronouncement be adopted in EP 100, SSA 250 would be required to be amended accordingly.