Warning

The content on this page has been converted from PDF to HTML format using an artificial intelligence (AI) tool as part of our ongoing efforts to improve accessibility and usability of our publications. Note:

  • No human verification has been conducted of the converted content.
  • While we strive for accuracy errors or omissions may exist.
  • This content is provided for informational purposes only and should not be relied upon as a definitive or authoritative source.
  • For the official and verified version of the publication, refer to the original PDF document.

If you identify any inaccuracies or have concerns about the content, please contact us at [email protected].

FRC response to IESBA’s consultation on non-compliance with laws and regulation

Ken Siong
IESBA Technical Director
IFAC
529 Fifth Avenue
6th Floor
New York
NY 10017
USA

04 September 2015

Dear Mr Siong

## Exposure Draft – Responding to Non-Compliance with Laws and Regulations

The Financial Reporting Council (FRC) welcomes the opportunity to comment on the proposed changes to the Code of Ethics for Professional Accountants (the Code) set out in the above exposure draft.

We are pleased that many of the concerns identified in our response to the previous exposure draft, "Responding to an illegal act", have been addressed and that IESBA has made considerable improvement to those original proposals. However, we believe further improvement is still required as identified in our answers below to IESBA's questions. In particular it is important that all professional accountants should:

*   Not be associated with a client or employing organisation that knowingly does not comply with applicable laws and regulations and lacks integrity, unless disassociation is prevented by law or regulation.
*   Be satisfied that, where possible and appropriate, disclosure of actual or suspected non-compliance is made to an appropriate authority that is able to take action.

## Responses to Questions Asked in the ED

### General Matters

#### 1. Where law or regulation requires the reporting of identified or suspected NOCLAR to an appropriate authority, do respondents believe the guidance in the proposals would support the implementation and application of the legal or regulatory requirement? {: #section-1 }

Each of the sections identifies that there may be legal or regulatory provisions governing how professional accountants shall address non-compliance with laws and regulations, and that the professional accountant should obtain an understanding of and comply with those requirements. However, with respect to reporting to an appropriate authority, there are unhelpful inconsistencies in the requirements and guidance for the different categories of professional accountant.

The sections for auditors and senior professional accountants in business include explicit requirements to comply with applicable legal and regulatory provisions governing reporting to an appropriate authority (paragraphs 225.19 and 360.17(b)). However, such an explicit requirement is not included for professional accountants in public practice providing professional services other than audits of financial statement – there is just guidance that “further action may include ... Disclosing the matter to an appropriate authority notwithstanding that there is no legal or regulatory requirement to do so.” Nor is there such an explicit requirement for other (non-senior) professional accountants in business – there is just guidance that “In exceptional circumstances, the professional accountant may decide that disclosure of the matter to an appropriate authority is an appropriate course of action.”

We believe that there should be a requirement for all professional accountants who identify actual or suspected non-compliance with laws and regulations [in the course of their work], to determine whether they have a responsibility to report the matter to an appropriate authority. This would reflect a general ethical responsibility to act in the public interest and also assist preventing professional accountants from themselves committing an offence by failing to make a report when there is a legal or regulatory requirement to do so. For example, under the UK Proceeds of Crime Act 2002 there are reporting requirements in relation to known or suspected money laundering that are applicable to all persons working in a 'regulated sector', and failure to make such a report when appropriate is itself an offence.

#### 2. Where there is no legal or regulatory requirement to report identified or suspected NOCLAR to an appropriate authority, do respondents believe the proposals would be helpful in guiding PAs in fulfilling their responsibility to act in the public interest in the circumstances? {: #section-2 }

The proposals are improved over those presented in the previous exposure draft. However, we believe the current proposed requirements and guidance could be further strengthened. For example, with respect to auditors, paragraph 225.24 states that “further action may include: disclosing the matter to an appropriate authority ....”, and paragraph 225.27 states that “The determination of whether to make such a disclosure depends in particular on the nature and extent of the actual or potential harm from the matter to the wider public, including the investing public, creditors or employees.” If disclosure to an appropriate authority would, on balance, be in the public interest having given due consideration to any potential adverse consequences, and is not precluded by law or regulation, the professional accountant should be required to make such disclosure if it is not made by management or those charged with governance. An example of the way in which these requirements are set out in the audit context can be found in ISA 701 ‘Communicating key audit matters in the independent auditors report' paragraph 14.

The 'public interest' is generally recognised as a concept that is difficult to define. Accordingly, guidance to help professional accountants judge when a matter is of public interest will be of help. The first three bullet points in paragraph 225.27 and 360.26 give limited examples of circumstances that may cause a matter to be judged to be of public interest. We recommend that more general guidance would be beneficial. For example, where there is an appropriate authority that is able to receive the information and cause the matter to be investigated and action taken, we suggest that matters to be taken into account when considering whether disclosure is justified in the public interest may include:

*   The extent to which the suspected or actual non-compliance with law or regulations is likely to affect members of the public;
*   Whether those charged with governance have rectified the matter or are taking, or are likely to take, effective corrective action;
*   The extent to which non-disclosure is likely to enable the suspected or actual non-compliance with law or regulations to recur with impunity;
*   The gravity of the matter;
*   Whether there is a general ethos within the entity of disregarding law or regulations; and
*   The weight of evidence and the degree of the professional accountant's suspicion that there has been an instance of non-compliance with law or regulations.

The last three bullet points of paragraphs 225.27 and 360.26 identify external factors that may affect the determination of whether to make such a disclosure. The last two of these points are matters related to protection of the professional accountant, from possible legal action or physical harm. We are concerned that the consideration "whether there exists robust and credible protection from civil, criminal or professional liability ...." as expressed may encourage a professional accountant not to make disclosure in circumstances where it would be appropriate to do so. In many jurisdictions there may not be explicit “robust" legal or regulatory protection, but it may be generally established that a professional accountant would not be held in breach of a duty of confidentiality if he/she could demonstrate that they acted reasonably and in good faith. We recommend that this point is amended to indicate that if the professional accountant is concerned about whether he/she would be open to action in the courts as a result of making a disclosure they should obtain legal advice. Ethical requirements go beyond consideration of strict legal liability in applying the public interest test, as referred to above, and in reinforcing professional integrity, which may also provide grounds for reporting non-compliance by a client.

It would also be helpful to provide more guidance, than for example that given in paragraphs 225.30, 225.47 and 360.29, to assist a professional accountant in considering whether withdrawal from the engagement and the professional relationship, or resigning from an employing organisation, would be appropriate. Withdrawal / resignation should be considered in light of the seriousness of the matter and the balance of the public interest benefits weighed against the adverse consequences. In particular, if the professional accountant determines that management and those charged with governance lack integrity the professional accountant should be required to seek to disassociate him/herself from the engagement and professional relationship unless prevented from doing so by law or regulation or where it would not be in the public interest to do so (e.g. where continuing an engagement could enable a report to users identifying issues). This should apply in addition to consideration as to whether to make disclosure to an appropriate authority.

A professional accountant in public practice, in seeking to disassociate him/herself from the engagement and professional relationship, may consider communicating directly with the intended users of the information that was the subject of the engagement and other relevant parties.

We believe that these requirements and considerations should be equivalent in substance for professional accountants in both practice and business. When determining appropriate actions, the professional accountant may consider consulting with a relevant professional body and/or consulting legal counsel.

#### 3. The Board invites comments from preparers (including TCWG), users of financial statements (including regulators and investors) and other respondents on the practical aspects of the proposals, particularly their impact on the relationships between: {: #section-3 }

<ol markdown="1" type="a">
<li markdown="1">Auditors and audited entities;</li>
<li markdown="1">Other PAs in public practice and their clients; and</li>
<li markdown="1">PAIBs and their employing organizations.</li>
</ol>

### Specific Matters

Professional accountants should not knowingly be associated with clients or employing organisations that lack integrity and condone non-compliance with laws and regulations, unless disassociation is prevented by law or regulation. Providing this is understood by professional accountants and their clients / employing organisations, we do not believe the proposals (subject to our comments on other matters of detail) should have an unreasonable impact on relationships where integrity is not an issue.

#### 4. Do respondents agree with the proposed objectives for all categories of PAs? {: #section-4 }

The objectives of professional accountants should include:

*   Not to be associated with a client or employing organisation that knowingly does not comply with applicable laws and regulations and lacks integrity, unless disassociation is prevented by law or regulation.
*   To be satisfied that, where possible and appropriate, disclosure of actual or suspected non-compliance has been made to an appropriate authority that is able to take action.

See also our answer to question 2.

#### 5. Do respondents agree with the scope of laws and regulations covered by the proposed Sections 225 and 360? {: #section-5 }

The scope of these sections is too narrowly restricted to laws and regulations that either have a direct effect on financial statements, or with which compliance may be fundamental to the operating aspects of the business. It specifically excludes personal misconduct unrelated to the business activities of the client and non-compliance by persons other than the client, those charged with governance, management or employees of the client.

This scope appears to be broadly aligned in substance with that of ISA 250, *Consideration of laws and regulations in an audit of financial statements*, but in our view is in fact narrower. ISA 250 defines 'non-compliance' as "acts of omission or commission by the entity, either intentional or unintentional, which are contrary to the prevailing laws or regulations". It excludes personal misconduct unrelated to business activities of the entity, but does not otherwise restrict the scope of laws and regulations within scope. Auditors are not required to perform procedures specifically to identify instances of non-compliance that would not have a material effect on the financial statements, but they are required to "remain alert to the possibility that other audit procedures applied may bring instances of non-compliance or suspected non-compliance with laws and regulations to the auditor's attention.” The auditor's objectives include "to respond appropriately to non-compliance or suspected non-compliance with laws and regulations identified during the audit". An example might include how an auditor would respond on finding evidence of, or grounds for reasonable suspicion of a money-laundering risk, or criminal finance risk existing in an entity.

The ISAs establish the objectives and requirements relevant to forming an audit opinion on financial statements, they do not address all the wider ethical considerations for auditors. From an ethical perspective, all professional accountants should be required to respond appropriately when they identify matters that they know or suspect to be non-compliance with any laws and regulations, not just laws and regulations related to the preparation of financial statements or fundamental to the operating aspects of the business. We believe that this would be the expectation of 'the public' and essential to compliance with the fundamental principles of integrity and professional behaviour. Failing to respond appropriately to a known or suspected breach of laws or regulations cannot be excused on the grounds that those breaches could not have a material impact on the financial statements or operating aspects of the business and would, in our view, be a failure that discredits the profession. The argument in the Explanatory Memorandum that other laws and regulations are subject to the same ethical expectations as for ordinary good citizens and therefore outside the scope of the proposed Sections is not acceptable.

This does not mean that professional accountants should be required to have an understanding of laws and regulations outside the scope of their responsibilities, but some will have such understanding, and the ethical principles should take account of that.

#### 6. Do respondents agree with the differential approach among the four categories of PAs regarding responding to identified or suspected NOCLAR? {: #section-6 }

We agree that the approaches need to take into account the differing roles, levels of seniority and spheres of influence of professional accountants. However, the differentiations should be based primarily on the expected level of understanding of laws and regulations that may be relevant to the scope of their responsibilities and their ability to investigate further and take action, and this is not clearly the case in the proposals in the exposure draft.

We do not agree that the nature of the remit of auditors and public expectations of them should cause auditors to have a greater ethical responsibility to take action than other professional accountants in public practice. For example it is not clear why the responsibilities of professional accountants in public practice providing professional services other than audit should not include the same proposed responsibilities as for auditors as set out in paragraphs 225.17 – 225.19 'addressing the matter with management and those charged with governance' (e.g. why should a professional accountant in public practice providing professional services other than audit, in addition to discussing matters with an appropriate level of management (paragraph 225.35), not also directly prompt management and those charged with governance to take appropriate and timely actions, as is required of an auditor). Nor are the reasons clear for the differences in the factors to consider when determining whether further action is needed. For example, a consideration identified in paragraph 225.21 for an auditor is "whether the professional accountant continues to have confidence in the integrity of management and, where applicable, those charged with governance", whereas the consideration in paragraph 225.42 for a professional accountant in public practice providing professional services other than audit is "the involvement of management or those charged with governance in the matter". As we have identified above, an objective for all professional accountants should be not to be associated with a client or employing organisation that knowingly does not comply with applicable laws and regulations and lacks integrity.

#### 7. With respect to auditors and senior PAIBs: {: #section-7 }

<ol markdown="1" type="a">
<li markdown="1">Do respondents agree with the factors to consider in determining the need for, and the nature and extent of, further action, including the threshold of credible evidence of substantial harm as one of those factors? {: #section-7-a }</li>
</ol>

We believe that the factors should include more explicit consideration of what action would be appropriate "in the public interest" on the basis of whether there is credible evidence of actual or suspected non-compliance with laws or regulation. We would expect the professional accountant to make the judgment of what action is in the public interest on the basis of what an objective, reasonable and informed third party would be likely to conclude given the information known at the time. We are concerned that the threshold of "credible evidence of substantial harm" is open to widely differing interpretation and may not meet the third party test as to what is in the 'public interest'.

<ol markdown="1" start="2" type="a">
<li markdown="1">Do respondents agree with the imposition of the third party test relative to the determination of the need for, and nature and extent of, further action? {: #section-7-b }</li>
</ol>

We agree with the third party test. However, it should also apply to professional accountants in public practice providing professional services other than audit.

<ol markdown="1" start="3" type="a">
<li markdown="1">Do respondents agree with the examples of possible courses of further action? Are there other possible courses of further action respondents believe should be specified? {: #section-7-c }</li>
</ol>

We agree that possible courses of further action include disclosure to an appropriate authority and withdrawing from the engagement / professional relationship, or resigning from an employing organisation. However, as identified in our answers to Q1 and Q2 above, we believe these should be required actions where appropriate not just actions that "may" be taken. It could also be clearer that both actions may be appropriate and they are not alternatives.

<ol markdown="1" start="4" type="a">
<li markdown="1">Do respondents support the list of factors to consider in determining whether to disclose the matter to an appropriate authority? {: #section-7-d }</li>
</ol>

See our answer to Q2. The primary factors should be:

*   Is there an appropriate authority that can take action in response to the disclosure?
*   Is it in the public interest to make the disclosure?

#### 8. For PAs in public practice providing services other than audits, do respondents agree with the proposed level of obligation with respect to communicating the matter to a network firm where the client is also an audit client of the network firm? {: #section-8 }

Paragraph 225.40 only requires a professional accountant performing a non-audit service for an audit client of a network firm, to "consider whether to communicate the matter to the network firm so as to enable the engagement partner for the audit to be informed about it". We believe that unless prevented by law or regulation or contractual obligations there should be a requirement to communicate.

#### 9. Do respondents agree with the approach to documentation with respect to the four categories of PAs? {: #section-9 }

We recommend that a professional accountant in public practice providing professional services other than audit be required, rather than just encouraged, to document significant matters. This would be consistent with the requirement for auditors.

Yours sincerely

![Signature of Ray King](https://media.frc.org.uk/images/page_5_img_0_HSHA7G1.original.png)

Ray King
Director of the FRC and Chairman of the FRC's Audit &amp; Assurance Council
Enquiries in relation to this letter should be directed to Marek Grabowski, Director of Audit Policy.
DDI: 020 7492 2325
Email: [email protected]

### About the FRC

The Financial Reporting Council is the UK's independent regulator responsible for promoting high quality corporate governance and reporting to foster investment. We promote high standards of corporate governance through the UK Corporate Governance Code. We set standards for corporate reporting and actuarial practice and monitor and enforce accounting and auditing standards. We also oversee the regulatory activities of the actuarial profession and the professional accountancy bodies and operate independent disciplinary arrangements for public interest cases involving accountants and actuaries.

8th Floor, 125 London Wall, London EC2Y 5AS Tel: +44 (0)20 7492 2300 Fax: +44 (0)20 7492 2399 www.frc.org.uk
The Financial Reporting Council Limited is a company limited by guarantee. Registered in England number 2486368. Registered office: as above.
(Please note our new address)

File

Name FRC response to IESBA’s consultation on non-compliance with laws and regulation
Publication date 27 September 2023
Type Response to external consultations
Format PDF, 246.2 KB
Download original
Back to top