The "NOCLAR" Debate
In 2016, the International Ethics Standards Board for Accountants (“IESBA” or “the Board”), a global standard-setting body of the International Federation of Accountants (“IFAC”), approved a new ethics standard entitled, Responding to Non-Compliance with Laws and Regulations (or “NOCLAR”), which has been in effect since July 2017. (See the Fall 2016 issue of Audit Conduct News for a comprehensive analysis of the IESBA NOCLAR standard.)
As a member of IFAC, the AICPA commits to adopt ethics (and other professional) standards that are no less stringent than the IFAC standards. In March 2017, the AICPA Professional Ethics Executive Committee (PEEC) proposed its own version of the IESBA NOCLAR rule, which departed from the IESBA rule. Notably, the PEEC proposed that because confidentiality restrictions exist in most state accountancy boards’ laws and the AICPA Code of Professional Conduct, the proposal should exclude provisions that members consider disclosing NOCLAR to outside bodies, including successor auditors.
This article addresses three (3) key questions:
- What is the NOCLAR standard and why did the IESBA adopt it?
- Who is subject to the IESBA NOCLAR standard today?
- What are the concerns about adopting the standard in the US?
The Long Road to Adopting a Global NOCLAR Standard
With few exceptions, the accountant’s duty of confidentiality precludes disclosure of confidential information without consent. However, several large-scale financial frauds (such as Madoff, Tyco, Worldcom, and Healthsouth, to name a few), permeated the news in the early 2000s, and came to a head in the financial crisis in 2008. Regulators’ concerns that confidentiality requirements were stifling accountants, who would quietly resign from their law-breaking clients and employers rather than sound the alarm, led the IESBA to consider another approach.
A six (6) year journey led to the IESBA’s adoption of the NOCLAR standard in 2016:
2010 – 12: The IESBA holds internal discussions that lead to issuance of a proposed standard.
2013: Commenters support the overall concepts in the proposal but raise numerous concerns about the scope of the requirements, their operability, and possible unintended consequences.
2014: IESBA holds three (3) roundtables from different locales around the world to obtain stakeholder views.
2015: IESBA releases a second, significantly revised proposal, Responding to Non-Compliance with Laws and Regulations, a “response framework” designed to set forth an accountant’s responsibilities when they encounter NOCLAR and guide them in responding to it.
2016: The Board receives 77 comment letters on the second proposal and meets with members of the regulatory community, policy-makers, national standard-setters, investor groups, and others in finalizing the standard.
Summary of the Standard
NOCLAR: A(n) act of omission or commission, intentional or not, by an accountant’s client or employer that is contrary to a prevailing law or regulation.
The laws and regulations that are in scope are related to an accountant’s area of expertise, including those for:
- Fraud, corruption and bribery
- Money laundering, terrorist financing, and proceeds of crime
- Securities markets and trading
- Banking and other financial products and services
- Data protection
- Tax and pension liabilities and payments
- Environmental protection
- Public health and safety
Applies: When an accountant delivers a professional service to a client, or carries out professional activities for a company, and becomes aware of or suspects (by first-hand knowledge or from another person) that NOCLAR has occurred or is about to occur.
The law or regulation either:
- Has a direct impact on the determination of material amounts and disclosures in the client’s or company’s financial statements, or
- Compliance with the law or regulation is fundamental to the client’s or company’s operations, to continue its business, or avoid material penalties.
Requirements: Once an accountant learns of NOCLAR, he or she must respond in accordance with the standard, which is tailored to the accountant’s role, whether he or she is in audit, provides tax or consulting services, or is in business (e.g. corporate controller, internal or government auditor, professor).
Under IESBA, the most stringent requirements apply to auditors. Required actions range from gaining an understanding of the matter to discussing the facts with management and if appropriate, those charged with governance. Management is ultimately responsible for addressing NOCLAR and if management takes timely action to rectify the matter, all is well. But what if the auditor informs management about the NOCLAR, and management does not take appropriate and timely action(s) to address the matter? Unless a law or regulation requires the auditor to disclose the matter, the auditor should then consider whether further action is needed to protect the public interest, an ethical responsibility that may go beyond his or her professional or regulatory auditing responsibilities. One possible outcome is for the auditor to disclose the NOCLAR to a regulatory body because credible evidence exists that the NOCLAR is causing (or will cause) significant harm to the public. In these cases, the standard allows the auditor to make the disclosure without the client’s permission. However, the auditor should only exercise that right after considering various matters, such as:
- management integrity and their possible involvement in the NOCLAR
- the pervasiveness of the matter to the organization,
- urgency of the NOCLAR
- whether credible evidence of public harm exists, and
- the likelihood that the NOCLAR will reoccur.
The auditor should judge the likelihood of public harm through the lens of the reasonable and informed third party, that is, that party’s perception as to whether, given the facts, the auditor acted appropriately and in the public interest.
Who is Subject to the IESBA NOCLAR Rule?
IFAC members are professional accountancy bodies that commit to align their national codes with the ethical baseline that IESBA sets, or adopt rules that exceed that threshold. Until an IFAC member, e.g., Chartered Professional Accountants Canada or the AICPA, incorporates the NOCLAR standard into its code (either verbatim or as appropriate given their jurisdiction and regulatory climate), the NOCLAR standard does not apply to members of that organization. Since the AICPA’s proposed NOCLAR standard is still under consideration, it does not apply to AICPA members unless members fall into one of the categories below.
Professionals Subject to the IESBA NOCLAR Standards today:
- Auditors performing services under the International Standards on Auditing in jurisdictions that have incorporated the NOCLAR standard (or national equivalent) into their ethics codes
- Non-auditors performing professional services in jurisdictions that have adopted a NOCLAR standard (or national equivalent)
- 27 members of the IFAC’s Forum of Firms that have adopted and implemented the NOCLAR rule into their firms’ policies and procedures for performing multinational audits
US Reaction to NOCLAR
The AICPA received sixteen (16) comment letters on its NOCLAR proposal; five (5) from state CPA societies, nine (9) from large CPA firms, and one (1) each from a national not-for-profit organization and federal government agency. Most commenters agreed with the proposal in principle or in part but sought greater clarity. One way in which the PEEC departed significantly from IESBA was in its proposed application to nonauditors (for example, members providing financial statement compilations, reviews, tax, or consulting services). Recognizing the more limited role and access to information and people that nonauditors typically have, the IESBA applied a less stringent set of requirements to nonauditors. PEEC proposed similar rules for both. Several commenters expressed concerns about departing from the IESBA standard in this regard, citing practical and operational impediments and concerns about heightened litigation.
On PEEC’s departure from the IESBA provision that would allow a member to disclose NOCLAR to an outside body in certain situations, some commenters urged the PEEC to reconsider confidentiality rules that prevent CPAs from disclosing NOCLAR to outside bodies, including successor auditors.
The Right Answer
The PEEC has not yet acted on its proposed NOCLAR standard. I suspect the committee will thoroughly consider the comments, especially the standard’s application to nonauditors. Perhaps they will choose to study the confidentiality issue more closely as has been suggested. Our profession should never take the duty of confidentiality lightly – it engenders the trust and cooperation so integral to the client/CPA and employer/CPA relationship. If silence perpetuates NOCLAR, the public is being harmed, and the CPA can shine a light on those activities by alerting an appropriate authority, should the CPA continue to honor that promise to the client or employer? Should the profession pursue greater legal protections for those who do go this route? Certainly, these are not new questions or issues but they are important ones that the profession will continue to debate in the months and years to come.