Auditors who have reason to believe that fraud is being committed by a company or upon a company by its employees are now obligated under Indian law to report it to the Indian government even if they did not identify it, if the amount involved is $122,00 (INR 10 million) or above.
Fraud in the Indian context is defined quite broadly and includes situations where there is no actual wrongful gain or wrongful loss. That means any investigation into whether government bribery or private kickbacks have occurred can trigger auditors’ reporting obligations.
Until now, auditors generally reported fraud (above the relevant financial threshold) to the Indian government’s corporate affairs department only when they were the first to discover it during the audit procedures. Auditors did not report fraud to the government if the company’s management first discovered the fraud through internal reviews, a whistleblower complaint, etc.
These practices stemmed from a guidance note issued by the professional regulator for Indian chartered accountants. However, a new circular issued on June 26, 2023 by the National Financial Reporting Authority (“NFRA”), a government authority that monitors and enforces compliance with auditing standards, reverses this position.
The June NFRA guidance seems to be in line with compliance requirements put in place earlier by the Indian government. Companies (Auditor’s Report) Order 2020 or CARO 2020 sought more disclosures from companies regarding details and the quantum of any fraud by the company or upon the company noticed or reported during the year. CARO 2020 also required auditors to consider whistle-blower complaints received during the year.
NFRA Circular: Implications going forward
The NFRA regulates audits of all listed entities and unlisted entities that meet certain prescribed criteria of financial thresholds, so this provision will now bind auditors of a significant proportion of Indian companies.
What does this mean for businesses conducting internal investigations in India?
The circular does not have any threshold for materiality, nor are there any carve-outs for the kind of fraud involved. This implies that isolated incidents of kickbacks being accepted by a company employee from a vendor (which is typically fraud upon the company) are treated the same as bribery or financial misstatements directed by a company’s management – although it is the latter where there is a stronger case for the Indian government to be notified.
We anticipate that auditors will further intensify scrutiny of procedures and findings of all internal reviews and investigations. This will likely cause the involvement of not only their audit and forensic/ assurance teams but also their legal and risk teams, particularly as the circular emphasizes that auditors should exercise professional skepticism and not rely upon the company’s legal assessment of whether fraud has occurred.
It is also likely that a detailed review of any investigation by auditors will lead to their recommending certain additional procedures, thereby impacting the timelines and progress of investigations.
The NFRA circular is not an amendment of the relevant statute. So there may be areas of interpretation, particularly in determining exactly when and to what extent the NFRA circular prevails if it conflicts in any way with statutory law.