By FCPA Jim McFie, a Fellow of the Institute of Certified Public Accountants of Kenya
In July 2016, the International Ethics Standards Board for Accountants (IESBA) published a new standard which establishes a framework to guide auditors and other professional accountants in what actions to take in the public interest when they become aware of a potentially illegal act. The standard is named “Responding to non-compliance with laws and regulations”, or “NOCLAR”. It covers non-compliance committed by a client or an employer. The standard applies to all categories of accountants, including those in businesses, government, education, and the not-for-profit sector. It addresses breaches of laws and regulations that deal with matters such as fraud, corruption and bribery, money laundering, tax payments, financial products and services, environmental protection, and public health and safety. IESBA claims that the new standard provides a clear pathway for auditors and other accountants to disclose potential non-compliance situations to appropriate public authorities in certain
situations without being constrained by the ethical duty of confidentiality. It also places renewed emphasis on the role of senior-level accountants in business in promoting a culture of compliance with laws and regulations and the prevention of non-compliance within their organizations. The standard came into effect on 15 July 2017.
As if this standard was not enough for us in Kenya – we will see that IFAC is turning the world’s accountants into the world’s policemen and policewomen – we now have to comply with the Bribery Act.
The Bribery Act came into force on 13th January 2017. In Section 14, subsection one, every state officer, public officer or any other person holding a position of authority in a public or private entity must report to the Ethics and the Ethics and Anti-Corruption Commission within a period of twenty-four hours any knowledge or suspicion of instances of bribery, whether inside or outside Kenya. Subsection two lays down that a state officer, a public officer or any other person who, despite being aware of, or suspicious of, the commission of an offence under the Bribery Act, fails to report the act to the Ethics and Anti-Corruption Commission within the specified period, commits an offence. Section 19 stipulates that any person who is convicted of an offence under the Bribery Act, for which no penalty is expressly provided, is liable on conviction to a fine not exceeding five million shillings, or to imprisonment for a term not exceeding ten years, or to both. I often wonder if those who create the law in Kenya are aware that five million shillings is an incredible amount of money and would require any Kenyan, other than the 9,400 persons in Kenya whose property exceeds one million US dollars, to sell their homes and land to pay this fine. Section 21 specifies that a whistle blower, informant or a witness in a complaint or a case of bribery shall not be intimidated or harassed for providing information to law enforcement institutions or giving testimony in a court of law. However, I hope we all see that this protection is theoretical; what may happen in practice is something that I think we are all aware of.
What is the thinking behind the requirements of NOCLAR? The mission of the International Federation of Accountants (IFAC) is “to serve the public interest by contributing to the development, adoption and implementation of high-quality international standards and guidance; contributing to the development of strong professional accountancy organizations and accounting firms, and to high quality practices by professional accountants; promoting the value of professional accountants worldwide; and speaking
IESBA claims that the new standard provides a clear pathway for auditors and other accountants to disclose potential non-compliance situations to appropriate public authorities in certain situations without being constrained by the ethical duty of confidentiality.
out on public interest issues where the accountancy profession’s expertise is most relevant.” The International Ethics Standards Board for Accountants (IESBA) is one of the standard setting boards of the International Federation of Accountants. IESBA issues ethical standards for use by professional accountants and its member bodies. As a member body of IFAC, ICPAK is required to comply with the principles included in the IESBA Code of Ethics.
For some reason, IESBA wishes to distance itself from IFAC. If one goes to the website of IESBA, it is difficult to discern IESBA’s connection with IFAC. IESBA states that it is an independent standard-setting body that serves the public interest by setting robust, internationally appropriate ethics standards, including auditor independence requirements, for professional accountants worldwide. These are compiled in the Code of Ethics for Professional Accountants. But its connection with IFAC cannot be completely hidden: the members of IESBA, including the Chair and Deputy Chair, are appointed by the IFAC Board on the recommendation of
the Nominating Committee and with the approval of the Public Interest Oversight Board.
NOCLAR reaffirms that a distinguishing mark of the accountancy profession is its acceptance of the responsibility to act in the public interest. I think an accountant has to pause and ask her/himself whether this is true of one’s own behavior; it is so easy to put one’s own interest before the interest of the general public. NOCLAR continues to state that a professional accountant’s responsibility is not exclusively to satisfy the needs of an individual client or employer. In acting in the public interest, a professional accountant should observe and comply with the ethical requirements of the Code. “Ethical standards” can be defined as principles that, when followed, promote values such as trust, good behaviour, justice and/or kindness. A “Code of Ethics” is a written set of guidelines issued by an organization to its members or employees to help them conduct their actions in accordance with its primary values and ethical standards.
In the 2008 Code of Ethics promulgated by IESBA, professional accountants are required to comply with five fundamental principles: NOCLAR changes one word in the fifth principle: these five principles are: (1) Integrity: A professional accountant should be straightforward and honest in all professional and business relationships; (2) Objectivity: A professional accountant should not allow bias, conflict of interest or undue influence of others to override professional or business judgments; (3) Professional Competence and Due Care: A professional accountant has a continuing duty to maintain professional knowledge and skill at the level required to ensure that a client or employer receives competent professional service based on current developments in practice, legislation and techniques; a professional accountant must act diligently and in accordance with applicable technical and professional standards when providing professional services; (4) Confidentiality: A professional accountant should respect the confidentiality of information acquired as a result of professional and business relationships and should not disclose any such information to third parties without proper and specific authority unless there is a legal or professional right or duty to disclose; confidential information
A professional accountant has a continuing duty to maintain professional knowledge and skill at the level required to ensure that a client or employer receives competent professional service based on current developments in practice, legislation and techniques; a professional accountant must act diligently and in accordance with applicable technical and professional standards when providing professional services.
acquired as a result of professional and business relationships should not be used for the personal advantage of the professional accountant or third parties (we will see that revealing fraud is not a breach of confidentiality); (5) Professional Behaviour: A professional accountant should comply with relevant laws and regulations and should avoid any “conduct” (the word “conduct” replaces the previous word “action”) that discredits the profession.
If a practising accountant becomes aware of an independence violation, the accountant should gain a thorough understanding of the matter so that the accountant can determine if s/he is able to demonstrate that the departure does not affect the integrity, objectivity, and professional skepticism of the engagement team and, therefore, their independence was not compromised. Documentation of the member’s analysis would be a prudent step, given that multiple parties (such as internal personnel and regulators) may request documentation of your analysis.
NOCLAR now adds: If a significant conflict cannot be resolved, an accountant may consider obtaining professional advice from the relevant professional body or from legal advisors. The accountant generally can obtain guidance on ethical issues without breaching the fundamental principle of confidentiality if the matter is discussed with the professional body on an anonymous basis or with a legal advisor under the protection of legal privilege. If, after exhausting all relevant possibilities, the ethical conflict remains unresolved, an accountant shall, unless prohibited by law, refuse to remain associated with the matter creating the conflict. The accountant must determine whether, in the circumstances, it is appropriate to withdraw from the engagement team or specific assignment, or to resign altogether from the engagement, the firm or the employing organisation. When communicating with those charged with governance in accordance with the provisions of the Code, the accountant or firm must determine, having regard to the nature and importance of the particular circumstances and the matter to be communicated, the appropriate person(s) within the entity’s governance structure with whom to communicate. If the accountant or firm communicates with a subgroup of those charged with governance, for example, an audit committee or an individual, the accountant or firm must determine whether communication with all of those charged with governance is also necessary so that they are adequately informed.
In some cases, all of those charged with governance are involved in managing the entity, for example, a small business where a single owner manages the entity and no one else has a governance role. In these cases, if matters are communicated with person(s) with management responsibilities, and those person(s) also have governance responsibilities, the matters need not be communicated again with those same person(s) in their governance role. The accountant or firm can nonetheless be satisfied that communication with person(s) with management responsibilities adequately informs all of those with whom the accountant or firm would otherwise communicate in their governance capacity. Another area dealt with by NOCLAR is confidentiality: as a fundamental principle, confidentiality serves the public interest because it facilitates the free flow of information from the accountant’s client or employing organization to the accountant. Nevertheless, the following are circumstances where accountants are or may be required to disclose confidential information or when such disclosure may be appropriate: (a) Disclosure is permitted by law and is authorized by the client or the employer; (b) Disclosure is required by law, for example: (i) Production of documents or other provision of evidence in the course of legal proceedings; or (ii) Disclosure to the appropriate public authorities of infringements of the law that come to light; and (c) There is a professional duty or right to disclose, when not prohibited by law: (i) To comply with the quality review of a member body or professional body; (ii) To respond to an inquiry or investigation by a member body or regulatory body; (iii) To protect the professional interests of an accountant in legal proceedings; or (iv) To comply with technical and professional standards, including ethical requirements.
NOCLAR also lays down some changes on Client Acceptance and Continuance. Before accepting a new client relationship, an accountant must determine whether acceptance would create any threats to compliance with the fundamental principles. Potential threats to integrity or professional behaviour may be created from, for example, issues associated with the client (its owners, management or activities) that, if known, could threaten compliance with the fundamental principles. These include, for example, client involvement in illegal activities (such as money laundering), dishonesty, questionable financial reporting practices or other questionable practices.
An accountant in public practice must evaluate the significance of any threats and apply safeguards when necessary to eliminate them or reduce them to an acceptable level. Examples of such safeguards include: (i) Obtaining knowledge and understanding of the client, its owners, managers and those responsible for its governance and business activities; or (ii) Securing the client’s commitment to address the questionable issues, for example, through improving corporate governance practices or internal controls. Where it is not possible to reduce the threats to an acceptable level, the practicing accountant must decline to enter into a client relationship.
NOCLAR also changes the situation in relation to the custody of clients’ assets: As part of client and engagement acceptance procedures for services that may involve the holding of client assets, an accountant shall make appropriate inquiries about the source of such assets and consider legal and regulatory obligations. For example, if the assets
were derived from illegal activities, such as money laundering, a threat to compliance with the fundamental principles would be created.In such situations, the accountant shall comply with the provisions that follow. What follows is the most important change introduced by NOCLAR.
An accountant in public practice may encounter or be made aware of noncompliance or suspected non-compliance with laws and regulations in the course of providing a professional service to a client. The purpose of the following guidance is to set out the accountant’s responsibilities when encountering such non-compliance or suspected noncompliance, and guide the accountant in assessing the implications of the matter and the possible courses of action when responding to it. This applies regardless of the nature of the client, including whether or not it is a public interest entity.
Non-compliance with laws and regulations (“non-compliance”) comprises acts of omission or commission, intentional or unintentional, committed by a client, or by those charged with governance, by management or by other individuals working for or under the direction of a client which are contrary to the prevailing laws or regulations.
In some jurisdictions, notably Kenya, there are legal or regulatory provisions governing how an accountant should address non-compliance or suspected non-compliance which may differ from
or go beyond what is laid down here. When encountering such non-compliance or suspected non-compliance, the accountant has a responsibility to obtain an understanding of those provisions and comply with them, including any requirement to report the matter to an appropriate authority and any prohibition on alerting the client prior to making any disclosure, for example, pursuant to antimoney laundering legislation.
A distinguishing mark of the accountancy profession is its acceptance of the responsibility to act in the public interest. When responding to noncompliance or suspected non-compliance, the objectives of the accountant are: (a) To comply with the fundamental principles of integrity and professional behavior; (b) By alerting management or, where appropriate, those charged with governance of the client, to seek to: (i) Enable them to rectify, remediate or mitigate the consequences of the identified or suspected non-compliance; or (ii) Deter the commission of the non-compliance where it has not yet occurred; and (c) To take such further action as appropriate in the public interest.
What follows sets out the approach to be taken by an accountant who encounters or is made aware of non-compliance or suspected non-compliance with: (a) Laws and regulations generally recognized to have a direct effect on the determination of material amounts and disclosures in the client’s financial statements; and (b) Other laws and regulations that do not have a direct effect on the determination of the amounts and disclosures in the client’s financial statements, but compliance with which may be fundamental to the operating aspects of the client’s business, to its ability to continue its business, or to avoid material penalties. Examples of such laws and regulations include those that deal with: (a) Fraud, corruption and bribery; (b) Money laundering, terrorist financing and the proceeds of crime; (c) Securities markets and trading; (d) Banking and other financial products and services; (e) Tax and pension liabilities and payments; (f) Environmental protection; (g) Public health and safety
Where an accountant becomes aware of a matter in this area, the steps that the accountant takes to comply must be taken on a timely basis, having regard to the accountant’s understanding of the nature of the matter and the potential harm to the interests of the entity, investors, creditors, employees or the general public. The accountant should assess the appropriateness of the response of management and, where applicable, those charged with governance. In light of the response of management and, where applicable, those charged with governance, the accountant must determine if further action is needed in the public interest. The determination of whether further action is needed, and the nature and
extent of it, will depend on various factors, including: (a) The legal and regulatory framework; (b) The urgency of the matter; (c) The pervasiveness of the matter throughout the client; (d) Whether the accountant continues to have confidence in the integrity of management and, where applicable, those charged with governance; (e)Whether the non-compliance or suspected non-compliance is likely to recur; (f) Whether there is credible evidence of actual or potential substantial harm to the interests of the entity, investors, creditors, employees or the general public. Examples of circumstances that may cause the accountant no longer to have confidence in the integrity of management and, where applicable, those charged with governance include situations where: (a) The accountant suspects or has evidence of their involvement or intended involvement in any non-compliance; (b) The accountant is aware that they have knowledge of such non-compliance and, contrary to legal or regulatory requirements, have not reported, or authorized the reporting of, the matter to an appropriate authority within a reasonable period.
Further action by the accountant may include: (a) Disclosing the matter to an appropriate authority even when there is no legal or regulatory requirement to do so; (b) Withdrawing from the engagement and the professional relationship where permitted by law or regulation. If the
accountant determines that disclosure of the non-compliance or suspected noncompliance to an appropriate authority is an appropriate course of action in the circumstances, this will not be considered a breach of the duty of confidentiality of the Code. When making such disclosure, the accountant must act in good faith and exercise caution when making statements and assertions. The accountant must also consider whether it is appropriate to inform the client of the accountant’s intentions before disclosing the matter. In relation to an identified or suspected act of non-compliance that falls within the scope of what is stated above, the accountant must, in addition to complying with the documentation requirements under applicable auditing standards, document: (a) How management and, where applicable, those charged with governance have responded to the matter; (b) The courses of action the accountant considered, the judgments made and the decisions that were taken, having regard to the reasonable and informed third party perspective; (c) How the accountant is satisfied that the accountant has fulfilled the responsibility set out above.
I have not dealt with the whole of NOCLAR. The original document is very thorough in covering the matters dealt with above. You can obtain the document free of charge from the IFAC website. It is worth reading this revolutionary pronouncement.