Introduction
The National Financial Reporting Authority (NFRA) was established in 2018 under Section 132 of the Companies Act, 2013 (the Act) to provide for the regulation of auditors. It stands as a robust regulatory body overseeing auditors of listed companies and qualifying unlisted public companies. Since its inception, NFRA has been proactively holding auditors accountable for lapses in their responsibilities and taking action against those who violate standards. From the recent NFRA orders, it has been noted that to avoid their liability to report fraud or suspected activities in the host Companies, the auditors resign. In the recent Cafe Coffee Day case also, the auditors’ resignations played a major role, the auditors’ resignations were a key factor, greatly contributing to auditing lapses and the failure to detect the extensive financial fraud within the company.
To counter this problem, the NFRA has been insisting that even after resignation, the auditors are required to report the fraud in the companies audited by them and they will be liable for not doing so. In light of the same, last year NFRA issued a circular (the circular) outlining auditors’ responsibilities concerning fraud within a company. The auditors’ lobby is resisting these efforts of NFRA, arguing that this casts a very wide net of liability on them and makes it difficult for them to operate.
This piece examines NFRA’s position on the liability of auditors after resignation, in light of the circular and reviews the relevant legal framework to provide a clearer understanding of the legal position on the matter. It argues that the current law on post-resignation accountability is fair and does not cast unduly wide liability on auditors; however, in view of the circular, a clarification on the matter is required.
The Circular
In June 2023, the NFRA to clarify the position on post-resignation liability of auditors, released the circular addressing the auditors governed by it. Clause 4.3 of the circular states that ‘resignation does not absolve the auditor of his responsibility to report suspected fraud or fraud as mandated by law’. The auditors’ lobby resisted it and argued that it departs from the prevailing practice where auditors only report frauds detected during the course of their duties and not post-resignation. It widens the scope of auditors’ liability to report fraud and creates uncertainty. What does it imply that the auditors are required to report fraud even after resigning? Does it mean that they must report fraud discovered after their resignation or only fraud identified while performing their duties, which they still need to disclose if they resign afterwards? The circular also cites Union of India and another v Deloitte Haskins and Sells LLP (Deloitte) to reiterate auditors’ liability post-resignation and uses it to legally back its points. It is contended that the interpretation of Deloitte in the circular is flawed and needs to be reconsidered.
To better understand auditors’ liability post-resignation, we need to see what is the law on scope of the auditors’ liability and how Deloitte affects it.
As Mandated by Law– What is Law?
The circular states that the auditors have to report fraud even after resignation as mandated by law. From this language, it can be seen that the circular is not creating any new law but is only communicating to the auditors the present position of the law and asking them to follow it. Now, to better appreciate the circular’s effect, we need to see what the law mandates.
As cited in the circular itself, section 143(12) of the Act, requires the auditors to report any fraud committed by the officers of the company against the company which came to their knowledge in the course of the performance of his duties as auditor. From the text of the provision, it is clear that only the fraud which is detected by the auditors during the course of their duties as auditors need to be reported, and not anything which came to their notice afterwards, which is after their resignation. Similarly, Rule 13 of Companies (Audit and Auditors) Rules, 2014 (CAAR 2014) requires the auditors to report fraud as mandated by section 143(12) of the Act only, and does not create liability to report any fraud which came to their notice post-resignation. However, the rule requires the auditors to follow the procedure laid down therein and they have to report the fraud to the Central Government within sixty days of detecting it. In addition to this, the Standards of Auditing 240, which relates to auditors’ responsibilities relating to fraud, also does not create any liability to report fraud that came to the knowledge of the auditor post-resignation.
Hence, from the legal discourse discussed above, it is clear that auditors are not liable to report any fraudulent activity in a company that came to their knowledge after their resignation. However, it is to be noted that the provision does not absolve the auditors of their duties to report fraud after resignation if it is suspected during the course of their duties. Also, rule 13 of CAAR 2014 which prescribes the procedure for reporting fraud does not require the auditor to be in the position of statutory auditor of the Company to report it. Therefore, it is reasonable to interpret the provisions as requiring auditors to report any fraud discovered during the course of their duties, even if they choose to resign. The expectation that auditors report fraud that they detected while in office aligns with their responsibilities, and is both fair and just to them.
Wrong Interpretation of Deloitte Judgment
The circular cites Deloitte to interpret the liabilities of auditors after resignation. It is submitted that the interpretation by NFRA of Deloitte by which it inserted the resignation clause is flawed and should be reconsidered. Deloitte held that an auditor’s resignation following the filing of an application under section 140(5) does not end the proceedings under that section. The judgment stated that on resignation by an auditor of a company even during the enquiry/proceedings under section 140(5) or even prior to that there shall not be any termination of proceedings. However, it does not address the auditor’s responsibility to report suspected fraud after resignation if no inquiry was initiated while the auditor was still in office. The rationale behind Deloitte was that if once the proceedings under section 140(5) are initiated and on subsequent resignation of the auditor, the auditor is absolved of the liability under the same, it would make the second proviso to section 140(5) nugatory and there would be no case in which there can be any action under the said proviso. This would allow auditors to evade liability by just resigning once any form of proceeding is initiated under section 140(5).
This was a specific and limited application of the post resignation liability. The same reasoning cannot be applied to hold auditors liable when no proceedings under section 140(5) have been initiated and they resign during or after an audit. In such instances it cannot be assumed that the resignation was intended to avoid liability, thus holding them liable even after their resignation.
However, the NFRA circular does not make this distinction clear and instead broadly interprets the Deloitte and section 140(5) to hold auditors liable even after their resignation for non-reporting of fraud/suspected fraud without the condition of pre-existing complaint or enquiry under the section. This interpretation expands the scope of auditor liability creating much higher responsibility than what was originally intended.
Need for Clarification- The Way Forward
The law is clear on the point of auditors’ liability to report fraud post-resignation which requires them to report any fraudulent activity suspected during the course of their duties and not anything detected afterwards. Confusion in this regard is created by the Circular issued by the NFRA last year which wrongly uses Deloitte to interpret auditors’ liability to report fraud post-resignation. Even though, in the end, the Circular says that the auditors need to report fraud as mandated by the law, which is clear as regards to auditors’ liability on this matter, some confusion prevails.
Given that NFRA is a statutory authority and has wide powers to investigate and penalise errant auditors, a circular issued by it holds much water and serves as a crucial operational guideline for the auditors to model their actions. Because of this, the circular issued in June 2023 has created much confusion which needs to be dispelled. So, in the interests of certainty and fairness, the NFRA should clarify the position of law that only the frauds detected during the course of duties need to be reported and nothing detected afterwards. It should clarify that after resignation, the auditors only need to report those frauds which they detected while being in the position of statutory auditor of the company and that Deloitte has nothing to do with this liability. This will bring certainty in the arena and will also be proportionate and reasonable imposition of liability on the auditors.
This blog is written by Madhura Gokhale and Divyansh Bhansali, BA LLB (Hons.) 3rd year.