Sections 225 and 360 of the NOCLAR provisions – Obligations for Professional Accountants

This article is a follow-on from a previous NOCLAR article published on 21 September 2020.

A professional accountant (PA) in public practice may come across or be made aware of non-compliance or suspected non-compliance with laws and regulations in the course of providing a professional service to a client. The purpose of this section is to set out the professional accountant’s responsibilities when encountering such non-compliance or suspected non-compliance, and guide the professional accountant in assessing the implications of the matter and the possible courses of action when responding to it. This section applies regardless of the nature of the client, including whether or not it is a public interest entity.

Key profession titles used in the provisions:

Professional Accountant

Auditors

Professional accountants in public practice

Senior professional accountants in business

Other professional accountants in business

What are the objectives of the NOCLAR provisions?

Paragraph 225.4 and paragraph 360.4 of the Code state that the objectives of the professional accountant are:

To comply with the fundamental principles of integrity and professional behaviour;

By alerting management and those charged with governance of the client or the employing organisation (as applicable), to seek to enable them to rectify, re-mediate, or mitigate the consequences of the identified or suspected non-compliance; or deter the commission of the non-compliance where it has not yet occurred; and to take such further action as appropriate in the public interest.

What is the duty of the professional accountant (PA) when the professional accountant becomes aware of non-compliance or suspected non-compliance?

The Code provides a response framework, setting out the responsibilities of the professional accountant and the steps that should be taken when becoming aware of non-compliance or suspected non-compliance. The Code sets out the expectation that “turning a blind eye” to non-compliance or suspected non-compliance is not an acceptable response from a professional accountant.

Section 225 of the Code applies to professional accountants in public practice and distinguishes between the following two categories:

Auditors/professional accountants in public practice engaged to perform audits of financial statements – refer to paragraphs 225.1-11; 225.12-38

Professional accountants in public practice who provide professional services other than audits of financial statements – refer to paragraphs 225.1-11; 225.39-56

Section 360 of the Code applies to professional accountants in business and distinguishes between the following two categories:

Senior professional accountants in business – refer to paragraph 360.1-12; 360.13-32

Other professional accountants in business – refer to paragraph 360.1-12; 360.33-37

Below are 7 questions and answers to assist the reader.

Question 1. Is Section 225 only general guidance or does it impose any obligation on the PA in circumstances where the PA becomes aware of NOCLAR or suspected NOCLAR?

A. Section 225 contains a number of requirements with which the PA must comply. These requirements vary depending on whether the PA is performing an audit of financial statements or providing another professional service. Where the matter is within the scope of Section 225, an overriding obligation under the Code is for the PA to respond to it.

Question 2. Does Section 225 apply to individuals providing professional services in firms who are not PAs as defined by the Code, for example, consultants, lawyers, other accountants, etc. who are not themselves members of an IFAC (International Federation of Accountants) member body?

A. Yes. The Code applies to all PAs in public practice, which the Code defines to include firms. Firms are expected to ensure that all individuals within the firm providing professional services to their clients comply with the applicable provisions in the Code, including with respect to NOCLAR, regardless of whether the individuals are PAs.

Question 3. Does Section 225 apply to individuals in firms who are not PAs and who are not providing professional services to clients, for example, personnel working in IT support, clerical support, and facilities management?

A. No. These individuals are not PAs in public practice as defined by the Code and do not have client responsibilities or direct contact with clients, Section 225 does not apply to them. These individuals are also not PAIBs as defined by the Code, so Section 360 also does not apply to them.

Reporting of NOCLAR or suspected NOCLAR to an appropriate authority is only one aspect of

Section 225, and it is subject to any confidentiality laws that may exist in the particular jurisdiction (see paragraph 225.33 of the Code).

Section 225 contains other provisions that would apply if not already required by law or regulation, or if law or regulation does not prohibit them.

These include, for example, provisions addressing escalation of the matter within the entity; in the case of an audit of group financial statements, communication with relevant PAs involved in the group audit; advice to management or those charged with governance (TCWG) regarding mitigation or re-mediation of the consequences of NOCLAR or the deterrence of NOCLAR; and determination of the need for further action (including withdrawal from the client relationship) in appropriate circumstances.

Firms must comply with all applicable laws and regulations, including laws prohibiting the disclosure of confidential information. However, the Preface to the NOCLAR Code makes clear that if a firm is prohibited from complying with certain parts of the Code by law or regulation, it must comply with all other parts of the Code. Accordingly, all the other NOCLAR provisions in the Code would still apply to the extent that compliance with them is not prohibited by law or regulation.

Question 4. How should PAs resolve the interactions between a contractually negotiated confidentiality clause in contracts for professional services and clauses in such contracts that require compliance with applicable laws and regulations and professional standards when providing the services? In particular, would there be legal protection in the event a PA overrides a      contractually negotiated confidentiality clause in order to disclose an actual or suspected instance of NOCLAR to an appropriate authority pursuant to Section 225?

A. Where PAs are required to maintain confidentiality under law or regulation, they must comply with the legal or regulatory requirement. A PA may decide to breach a contractually negotiated confidentiality clause in order to make a disclosure pursuant to Section 225 to satisfy the applicable professional standards, including relevant ethical requirements that may apply to the particular engagement. However, whether there would be legal protection in the event a PA overrides a contractually negotiated confidentiality clause in such circumstances is a matter of law in the particular jurisdiction. The PA should seek appropriate legal advice before doing so.

PAs should discuss their professional obligation to abide by the Code with their clients, including the obligation to respond to NOCLAR or suspected NOCLAR. If there is a contractually negotiated confidentiality clause (as opposed to confidentiality imposed by law or regulation), it would

be advisable to include a clause making it clear that such a confidentiality clause would be subject to the PA’s obligation to comply with the Code. For existing contracts signed before the NOCLAR

provisions come into effect, PAs should consider whether amendments are advisable or practicable.

Keep in mind that the NOCLAR provisions in the Code became effective on 15 July 2017.

Question 5. If the professional accountant was aware of a non-compliance or suspected non-compliance before the effective date, what duty does the professional accountant have to respond in accordance with section 225 or section 360 of the Code (as applicable)?

A. The professional accountant is not required to respond in accordance with section 225 or section 360 of the Code (as applicable) to any non-compliance or suspected non-compliance if the professional accountant became aware of this before 15 July 2017. The applicable sections of the Code require a response in relation to NOCLAR or suspected NOCLAR which the professional accountant becomes aware of on or after 15 July 2017.

Question 6. If the professional accountant was aware of a non-compliance or suspected non-compliance before the effective date and the non-compliance or suspected non-compliance continues after the effective date, what duty does the professional accountant have to respond in accordance with section 225 or section 360 of the Code (as applicable)?

A. The effective date refers to the point in time when the professional accountant becomes aware of the NOCLAR or suspected NOCLAR and not when a particular act of omission or commission had been committed.

 To illustrate, if an act of NOCLAR had been committed by a client before 15 July 2017 and the professional accountant in public practice became aware of the NOCLAR before15 July 2017, the professional accountant will not be required to respond in accordance with section 225 of the Code (although he/she may still have chosen to do so, owing to the fact that early adoption of the NOCLAR provisions was permitted). However, if the professional accountant, for the first time, became aware of the NOCLAR after 15 July 2017, a response in accordance with section 225 will be required.

Question 7. The definition of non-compliance is not necessarily unlawful action (breaking the law). Does this include common law? Does this include laws and regulations?

A. NOCLAR refers to non-compliance with laws and regulations. NOCLAR therefore covers unlawful acts in contravention of laws. Where common law is not reduced to regulatory requirements, as defined, it will be difficult to implement NOCLAR. Certain common law actions might not be illegal in terms of legislation but other laws would scope these actions in, such as the Criminal Procedures Act that criminalises certain actions by labelling them as offences, as well as laws that impose positive reporting and other obligations linked to non-compliance, unlawful activities, fraud, crime, corruption and money laundering, such as the Financial Intelligence Centre Act, the Prevention and Combating of Corrupt Activities Act and the Protection of Constitutional Democracy Against Terrorist and Related Activities Act.

Further Q&A examples will follow in future articles.

Approaches to implementation of the Code (and changes to it) vary among firms and no single prescription will suit all firms equally.

Companies may find it useful to include in their policies and methodologies the approach to specific elements of the NOCLAR response process such as:

  1. Compliance with applicable laws and regulations, including laws prohibiting “tipping-off.”
  2. The escalation process within an engagement team and within the firm, including when to escalate the matter and to which level within the engagement team and within the firm.
  3. When to consult with legal counsel or other external parties.
  4. Who within the firm should be involved in discussions with management and TCWG.
  5. The protocols for communication within a group engagement team, with a network firm and, if not within the firm or a network, with the external auditor of a client.
  6. Determination of the need for further action, including disclosure to an appropriate authority and withdrawal from the engagement and client relationship.

The implementation of NOCLAR requires that professional accountants comply with the IESBA’s Code at all times and may not turn a blind eye to non-compliance with laws and regulations. Clients must understand and accept their own non-compliance can and may be reported to external authorities if and when required.

Author Craig Tonkin