The new interpretations of "Responding to Noncompliance With Laws and Regulations" (ET §§1.180.010 and 2.180.010) of the "Integrity and Objectivity Rule" (ET §§1.100.001 and 2.100.001) of the AICPA Code of Professional Conduct (the Code) establish the responsibilities of accountants, both for members in business and those in public practice, when encountering actual or suspected noncompliance with laws and regulations (NOCLAR). The Professional Ethics Executive Committee adopted these interpretations in February 2022, and they were published in the Journal of Accountancy in June 2022 with an effective date of June 30, 2023, with early implementation permitted.
This article focuses on the responsibilities of members in business. Read about the responsibilities of members in public practice in this article.
The new interpretation contributes to the fight against noncompliance in areas such as financial fraud, money laundering, asset misappropriation, bribery, data protection, tax and pension liabilities, securities trading, public health and safety, and corruption. Additionally, the interpretation further emphasizes members' roles in serving the public interest through the enhancement of integrity in global business operations.
The Code defines NOCLAR as any "acts of omission or commission, intentional or unintentional, that are contrary to the prevailing laws or regulations and are committed by the member's employing organization or by those charged with governance, by management, or by other individuals working for or under the direction of the employing organization."
Accountants in business at any level could be exposed to an instance of NOCLAR, and the responsibilities of senior professional accountants in business slightly differ from the responsibilities of nonsenior professional accountants in business.
The Code defines senior professional accountants in business as "directors, officers, or senior employees able to exert significant influence over, and make decisions regarding, the acquisition, deployment, and control of the employing organization's human, financial, technological, physical, and intangible resources" (see paragraph .14 of ET §2.180.010).
Members who are senior professional accountants in business have more responsibilities than nonsenior professional accountants when they become aware of credible information concerning an instance of NOCLAR because of their higher leadership levels and influence within the organization. They are part of setting tone at the top, and they should work to establish processes and controls to prevent, detect, and report instances of NOCLAR. Senior professional accountants in business are expected to apply knowledge, professional judgment, and expertise when encountering NOCLAR but not beyond that required for their role within the organization.
What senior and nonsenior professionals can do
A senior professional accountant in business should obtain an understanding of the matter and discuss the suspected NOCLAR with their immediate superior and/or those charged with governance. They should also take the appropriate steps to comply with applicable laws and regulations, remediate the consequences of the NOCLAR, seek to stop the NOCLAR (if it has not yet occurred), and determine if it is necessary to disclose the matter to their organization's external auditor. The senior professional accountant should determine if further action is necessary in the public interest, which may include reporting the NOCLAR to an appropriate authority, unless prohibited by laws or regulations, and resigning from the organization. An outside court or other authoritative body may determine if a particular act meets the definition of noncompliance.
A nonsenior professional accountant in business should discuss the suspected NOCLAR with their immediate supervisor or, if their immediate supervisor appears to be involved in the matter, the next higher level of authority within the employing organization. If the discussions do not lead to appropriate action, the nonsenior professional accountant should consider if they need to take further action. A member in business is only expected to have a level of understanding of laws and regulations that is required for their role within the organization. In some cases, the nonsenior professional accountant may consider reporting the matter to an appropriate authority unless prohibited by laws or regulations.
Let's look at an example of suspected noncompliance in a company and how it was managed:
A staff accountant at a health care organization, who is a member of the AICPA, suspected that the company was billing Medicare for services that were never provided. He did some research to try to understand why the company was billing for these services and who was involved. The staff accountant arranged a meeting with his supervisor, the finance director, who is also an AICPA member, to discuss the suspected noncompliance. The staff accountant documented the details of the suspected fraudulent billing, his discussion with the finance director, and the finance director's response to the matter.
The finance director agreed with the staff accountant that the billing appeared fictitious. She initiated discussions with the billing team to understand which services were billed to Medicare and if the services were performed. The finance director could not determine who was involved in the fraudulent billing and escalated the matter to the CFO. She recommended to the CFO that the company should implement more robust controls over billing approvals, correct the financial statements and return any related revenue to Medicare, and take disciplinary action against the employees involved. The CFO, with the assistance of the internal audit director, identified the parties involved and took corrective action, which included communicating the issue to the external auditor.
The finance director consulted with an attorney to understand whether she had any legal responsibility relating to the fraudulent transactions and if she was required to report the issue to an appropriate authority. She documented the suspected noncompliance, her discussions with the CFO, how the CFO responded to the noncompliance, and what actions she took to protect the public interest.
This example illustrates how a suspected incident of noncompliance could be successfully escalated from a staff accountant to the CFO and receive the attention it needs from relevant parties to protect the public interest and safeguard the business from legal liabilities. In this example, the staff accountant is considered a nonsenior professional accountant, and the finance director, internal audit director, and CFO are considered senior professional accountants. Notice how the finance director suggested the CFO be proactive in returning related revenue to Medicare and also provided the CFO with recommendations to improve the company's controls.
It is also important to note that, if discussions did not lead to appropriate action, both the nonsenior professional accountant and senior professional accountants should consider next steps, with the senior professional accountants having more responsibility to potentially report the NOCLAR to an appropriate authority, unless prohibited by laws or regulations, and to possibly resign from the organization.
It is the responsibility of all CPAs to be vigilant regarding NOCLAR. Here is a helpful tool to guide you through the steps you need to take when encountering NOCLAR. You have support from the AICPA. Reach out to the Ethics Hotline at 1-888-777-7077 and review the resources provided to help.
— Elizabeth Pittelkow Kittner, CPA/CITP, CGMA, is the VP of Finance and Human Resources at GigaOm in Chicago and a member of the NOCLAR Task Force at the AICPA. To comment on this article or to suggest an idea for another article, contact Courtney Vien at Courtney.Vien@aicpa-cima.com.