(Shruti Mishra, Editor at IELR)
Fraud, for the purposes covered by the Companies Act, 2013 (Companies Act) has its meaning in section 447 as an act, omission, concealment of any fact or abuse of position by any person with the intent to deceive or injure the interests of the company or its shareholders or creditors. The standard practice up until recently was straightforward: an auditor, by virtue of the obligation enumerated in section 143(12) of the Companies Act had to necessarily report a fraud to the Central Government, if he/she had reason to believe that an offence involving fraud had been committed against the company by officers or employees of the company during the ordinary course of the auditor’s duties.
Further, rule 13 of the Companies (Audit and Auditors) Rules, 2014 prescribes detailed steps that need to be followed by the auditor if he has reason to believe that an offence of fraud suspected to involve an amount of Rs. 1 crore or above, “is being or has been committed against the company by its officers or employees.” The auditor is required to report the matter to the Board or Audit Committee and then to the Central Government in the form of a statement as specified in the ADT-4 Form.
Consequences of Non-Reporting
Section 140(5) of the Companies Act prescribes consequences for auditors if they have acted in a fraudulent manner or abetted or colluded in relation to the company or its officers. Under this provision, the auditor is liable for action under section 447, in addition to removal or debarment for a period of 5 years.
As also clarified by the Supreme Court in Devas Multimedia (P) Ltd. v. Antrix Corpn. Ltd., if the auditors of a company fail to make a report in terms of section 143(12) despite having knowledge of the fraud, they may become liable for penal consequences under section 448 read with section 447 of the Companies Act. In explicit terms, the liability of auditors and the consequences befalling them in case of non-reporting of suspected fraud has been clarified. Now, if an auditor fails to be forthcoming regarding a suspected fraud against the company’s interests, regardless of the source of such information, they shall be suspected to have colluded in the fraud. The threshold for reporting fraud has also been reduced by a long shot, which increases difficulties for all parties involved.
The NFRA Intervention
The National Financial Reporting Authority (NFRA) serves as the body that ensures whether accounting and auditing standards are being met. It released a circular dated June 26, 2023 which amends the statutory auditor’s responsibilities in relation to fraud in a company (Circular). The Circular was a result of a crackdown against Indian auditors who were “not fulfilling their responsibility to report fraud” adequately. Taking a departure from section 143(12), the Circular imposes mandatory reporting obligations upon auditors to report a suspected fraud if they observe “suspicious activities, transactions, or operating circumstances which gives them reason to believe that fraud has been committed against the company.” This obligation poses several contentious challenges.
At the outset, the threshold for reporting fraud is set at Rs. 1 crore. While the amount is substantial to raise concerns of fraud in many companies, it is a bar too low to trigger investigations in bigger companies that operate on revenue exponentially higher than 1 crore. The Circular will therefore have the effect of compelling such companies to invest more time and resources than the allegedly defrauded amount to conduct internal investigations regardless of the claim’s legitimacy.
As far as the credibility of the claim is concerned, another issue arises. The reporting of fraud as per the Circular solely hinges on whether the auditor has “reasons to believe” that a fraud amounting to Rs. 1 crore took place. Not only is this threshold ambiguous, it also opens a pathway for the auditor’s independent investigation to clash with the internal investigation of the company and arrive at a varying conclusion due to its inaccurate, ill-defined and dubious contours. The Circular fails to clarify what exactly would amount to sufficient grounds for an auditor to have “reason to believe” that a company’s interests have been or are being prejudiced.
The most contentious issue arising out of the Circular, is that it technically has the effect of imposing a mandatory obligation on auditors to report fraud even beyond the ordinary course of their duties, overriding section 143(12). Following the footsteps of the Sarbanes-Oxley Act, 2002 in the United States, in India too, an auditor now has the duty to report a fraud even when they are not the first person to identify or suspect the fraud. The Companies (Auditor’s Report) Order (CARO 2020) imposes the obligation on all auditors to consider whistle-blower complaints, which leaves room for the auditor to no longer be the first person to identify the fraud.
This not only ensures that the auditor will have more information, but that they will also be open to exposure and liability in the same proportion if they fail to report it. However, an auditor could potentially flag alarm without sufficient grounds, especially if those concerns arise out of whistleblower complaints, which are often anonymous.
The Parallel Effect
The widening scope of the duty of the auditors also makes sure that fraud, in the broadest sense, is identified. This includes bribery, corruption, embezzlement and money laundering, which can trigger Prevention of Money Laundering Act, 2002 (PMLA) proceedings as well. Since fraud is a scheduled offence under PMLA, such proceeds of crime arising out of corporate fraud would be liable for attachment. Auditors can now find themselves facing similar charges to an accused in Enforcement Directorate proceedings if they conduct a “neglectful” audit, which has the effect of facilitating money laundering processes.
Departure from the Statute
The statutory obligation, up until recently only imposed the mandatory obligation upon the auditor to report a suspected fraud if it was observed only “in the course of the performance of his duties as an auditor.” However, a combined reading of the Circular, the CARO 2020 as well as the Standards of Accounting (SA-240) provides the conclusion that the obligation or duty of the auditor to report fraud to the Central Government exists even if she/he has not discovered it in the ordinary course of duties. Since that requirement has been eliminated, it also leaves room for another problematic assumption: does this obligation extend even after the resignation of the auditor, since that would technically amount to be a period beyond the “ordinary course of duties” of the auditor? While that remains to be seen for certain, it would not be beyond the realm of possibility.
Moreover, while the implication remains that an auditor is required to report fraud even beyond the ordinary course of his/her duties, such findings shall conclusively be viewed through the lens of scepticism since the SA-240 is not applicable on an auditor beyond the official auditing period. The non-compulsion on the applicability of SA-240 is particularly problematic since without these standards, an auditor has no grounds to maintain professional scepticism or find a “legitimate” material misstatement. There are effectively no checks on the auditor beyond the official audit period or even as far as whistleblower complaints are included through potentially unreliable sources. In such a scenario, the obligation on auditors to report a fraud even beyond the ordinary course of their duties as per The Circular remains a power that is too wide, ambiguous and unchecked in the hands of the auditor.
Conclusion
In light of the NFRA's recent circular on Statutory Auditors’ responsibilities in relation to Fraud in a Company, the landscape of auditors' responsibilities has undergone a significant transformation. This shift presents a complex interplay between enhanced fraud detection and potential overreach. The lowered reporting threshold of Rs. 1 crore, while seemingly substantial, may prove inadequate for larger corporations, potentially inundating them with resource-intensive investigations for comparatively minor claims, which may even be unfounded.
The circular's reliance on an auditor's "reason to believe" as grounds for reporting introduces a layer of ambiguity that could lead to conflicting conclusions between auditors and internal company investigations. This vague standard, coupled with the mandate to consider whistle-blower complaints, expands the auditor's purview beyond traditional boundaries. Moreover, the intersection of this broadened scope with other regulatory frameworks, such as the PMLA, amplifies the potential consequences of "neglectful" audits. The departure from the statutory limitation of reporting fraud discovered "in the course of the performance of his duties as an auditor" raises critical questions about the extent of an auditor's obligations post-resignation as well as the applicability of professional standards in these expanded circumstances.
This evolution in auditor responsibilities, while aimed at enhancing corporate accountability, treads a fine line between vigilance and undue alarm. The unchecked power now vested in auditors, particularly beyond their official audit period, may lead to unintended consequences in the broader landscape of financial reporting and oversight.
コメント