Printer Friendly

Protecting client confidentiality when responding to a suspected illegal act.

"There may be times when we are powerless to prevent injustice, but there must never be a time when we fail to protest." --Elie Wiesel

In August 2012, the International Ethics Standards Board for Accountants (IESBA) issued an exposure draft (ED), "Responding to a Suspected Illegal Act," with a comment deadline of December 15, 2012. It sought comments on the proposed establishment of two rules affecting the client confidentiality, standard:

* A professional accountant providing professional services to an audit client would he required to disclose certain illegal acts to an appropriate authority.

* A professional accountant providing nonaudit services to a client that is not an audit client (as well as a professional accountant employed by a business) would be required to disclose the matter to the entity's external auditor, if any; in certain circumstances, the accountant would be expected to disclose certain illegal acts to an appropriate authority.

All of the major U.S. firms, the AICPA, and some state societies submitted comment letters addressing the questions raised in the ED. The suggestion that accountants--in both public and private practice, internal or external, regardless of the service performed--should disclose illegal acts, including fraud, to an outside authority if they are not appropriately acted on by the client or employer has caused the U.S. accounting profession to consider the underlying concepts of client confidentiality. Rule 301 in the AICPA Code of Professional Conduct does not currently accommodate this broad disclosure, but the suggestion should not be easily dismissed. Although CPAs are required to follow the AICPA Code of Professional Conduct or similar codes of ethics, they should still seriously explore the concepts embedded in this ED and consider whether Rule 301 should be changed to accommodate them.

Disclosure Provisions

The IESBA is an international organization that aims to issue high-quality ethical standards and other similar pronouncements for professional accountants globally. Its code serves as the basis for the codes of ethics of International Federation of Accountants (IFAC) members. The AICPA is a member of IF AC, and it and U.S. regulators do give consideration to the IESBA's standards. But the IESBA's standards do not directly affect the practice of U.S.-based CPAs until a change is made to the AICPA Code of Professional Conduct. CPAs working with subsidiaries of foreign entities located outside the United States or with U.S. domiciled subsidiaries of international clients could be required to follow the IESBA ethics rules.

Currently, both the AICPA and IESBA codes prohibit the disclosure of client information, unless the client gives consent or a professional exception or legal duty to disclose the information exists. Rule 301 allows accounting professionals to submit engagement documentation to comply with legally issued subpoenas, legal obligations, peer review or ethics investigation requests, or contemplated practice sales or mergers that have proper data security precautions in place.

The disclosure required under the ED is of "suspected illegal acts," including fraud, and it must be made after a professional accountant confirms a reasonable suspicion that an illegal act has occurred, informs the proper level of management about it, and takes reasonable steps to assess management's reaction to resolve the issue. The accountant should assess the adequacy of management's investigation, the remedial action taken, and steps taken to reduce the risk of future occurrences. If management fails to take appropriate action, the accountant should disclose the illegal acts to the appropriate authority.

The illegal acts expected to be disclosed if not rectified are those that would be considered within the expertise and responsibility of the professional accountant, depending upon the nature of the engagement. The ED describes such illegal acts as follows:

* For a professional accountant in public practice providing services to an audit client-- suspected illegal acts that directly or indirectly affect the client's financial reporting and suspected illegal acts whose subject matter falls within the accountant's expertise

* For a professional accountant in public practice providing services to a nonaudit client--suspected illegal acts that relate to the subject matter of the professional services that the accountant is providing

* For a professional accountant in business--suspected illegal acts that directly or indirectly affect the employing organization's financial reporting

* Suspected illegal acts whose subject matter fall within the accountant's expertise.

The ED recognizes that disclosure would only be a last resort after an accountant has obtained competent legal advice. It also recognizes that there can be exceptions to the requirement to disclose, most notably "where a reasonable and informed third party would conclude the consequences of disclosure are so severe as to justify not disclosing." The ED goes on to give an example, such as where there are "threats to the physical safety of the professional accountant or others."

Reactions to the ED

The AICPA Professional Ethics Executive Committee (PEEC) submitted a detailed response to the ED, stating that it understands and supports the efforts of the IESBA to strengthen and refine its code of ethics. The PEEC expressed concern, however, that complying with the proposed standard for disclosure of suspected illegal acts could place CPAs in the position of violating their legal or contractual duty of confidentiality.

The PEEC recommended additional procedures that the IESBA could incorporate into guidance for accountants faced with these ethical dilemmas. CPAs in the United States are subject to both federal and state laws that bear on the accountant-employee-consultant-client relationships. It would be very difficult for such CPAs to comply with the proposed changes, except in those limited circumstances that currently are recognized in federal or state law and regulations, most notably in the reporting duty under section 10A of the 1934 Securities Exchange Act, enacted as part of the Private Securities Litigation Reform Act of 1995. These exceptions protect accountants and offer specific guidance related to the reporting of illegal acts.

For example, section 10A requires an auditor to first bring evidence that an illegal act might have occurred to the audit committee (or to the board of directors, if there is no audit committee). If the auditor subsequently determines that the audit committee or the board have failed to take, or failed to cause senior management to take, timely and appropriate remedial action (e.g., commencing an internal investigation), and if the illegal acts are expected to have a material effect on the company's financial statements and require either a deviation from the standard auditor report or the auditor's resignation, then the auditor must, as soon as practicable, report the conclusions directly to the board of directors. The board must then inform the SEC within one business day that it has received such a report and must copy the auditor on that communication. If this copy is not received within one business day, the auditor is required to either furnish the SEC with a copy of the report to the board (not more than one day later) or resign and furnish a copy of the report to the SEC. In either event, the

SEC will be notified of the possible illegal act and the failure of the company's board or management to take remedial action. Section 10A further provides that if auditors follow this procedure, they will be immune to any civil liability in a private action for any finding, statement, or conclusion contained in the report given to the SEC.

The PEEC recommended that the following procedures be included in the guidance for CPAs encountering situations addressed in the ED:

* Accountants should report suspected illegal acts to the appropriate levels of management and possibly to those charged with governance, if management's response is not timely and appropriate.

* Accountants should consider disclosure to the external auditor, provided that such disclosure would not violate any legal or contractual confidentiality or nondisclosure requirements applicable to the engagement.

* Accountants should encourage the client or employer to disclose the matter to an appropriate authority.

* Accountants should consider their continuing relationship with the client or employer if the client or employer fails to address the accountant's concerns.

The PEEC's recommendations make sense, regardless of whether the ED is finalized in its current form. Considering whether to continue the client relationship is very important and might be necessary in an attestation, valuation, or tax engagement because of the heavy reliance on management representations. In any relationship, an accountant must have confidence in management's integrity. The crux of the ED's proposal is that one would not go to the authorities before going to the client; it is only after the client fails to rectify the situation that the professional accountant would turn to the entity's external auditor or authorities. Of course, once an accountant determines the existence of fraud, the entire process should include the continuing advice of legal counsel.

Confidentiality is important to the audit, tax, and consulting processes, and CPAs should never disclose information about a client and its operations; however, the requirement to disclose illegal activity to the authorities after the client fails to act on it will not deter an honest client from disclosing any information necessary for the CPA to accomplish the objectives of the engagement. Only those clients that are committing fraud will balk at the prospect--and who wants to maintain a relationship with a dishonest client?

Potential Legal Issues

As noted above, U.S. accountants may only disclose client confidences in limited circumstances. The AICPA Code of Professional Conduct provides that confidential client information may not be disclosed in the absence of a valid and enforceable subpoena or other legal process. An accountant receiving a subpoena calling for the disclosure of client information generally must consult with legal counsel to determine whether the subpoena is enforceable and, thus, compels compliance; only then may CPAs produce confidential client information. Although violation of professional ethical standards does not, in and of itself, give rise to a cause of action, accountants might find themselves subject to a lawsuit if a client believes it has suffered damages because of an unwarranted disclosure of confidential information. The defense of such a lawsuit could consume both time and resources, even if the claim is ultimately found to be without merit.

Federal law provides further protection for information provided to paid tax preparers. Under Internal Revenue Code (IRC) section 7216, it is a misdemeanor for a paid tax preparer to disclose information provided by a taxpayer without the taxpayer's consent. Treasury Department regulations issued pursuant to the statute specify the circumstances in which such information may be disclosed without the taxpayer's consent. For example, a subpoena issued in a civil action is insufficient to compel disclosure in the absence of a court order. Grand jury or federal agency subpoenas can compel disclosure of tax-related information. A tax preparer facing a request for disclosure of tax-related information supplied by a client must be certain that the requirements of the statute and regulations are satisfied and should consult legal counsel.

AU-C section 250, "Consideration of Laws and Regulations in an Audit of Financial Statements," deals with the discovery of facts in the course of an audit that indicate the possible existence of failure of the enterprise to comply with laws and regulations. But even this standard does not authorize, much less compel, an auditor to make disclosures to persons or agencies outside of the audited entity. Indeed, AU-C section 250 cautions auditors to consider the need to obtain legal advice.

Presently, U.S. law and U.S. professional ethics standards provide for disclosure of confidential information to nonclients under only very limited circumstances, even when suspicions of illegal activities might exist. Section 10A is virtually the only provision of U.S. law that requires, or even authorizes, an accountant to disclose facts concerning possible illegal acts to persons or agencies other than the client. Even section 10A provides for such disclosure only after the management or directors of a corporate entity have failed to respond appropriately to the evidence of illegal activity uncovered by the auditors.

In common law, the concept of "misprision of a felony" provides that it is a crime to either prevent a felony from being committed or to fail to report the offender to the authorities after the commission of the crime, but without such previous concert as to make the person an accessory before or after the fact. Most states, including New York, New Jersey, and Connecticut, have not adopted this common law crime into their criminal code. [See People v. Williams, 20 A.D.3d 72,795 N.Y.S.2d 561 (1st Dept. 2005), which notes that a "primary reason courts have required affirmative acts for a conviction as an accessory after the fact is the notion that criminalizing a citizen's mere failure to report a crime to the police is incongruous with our nation's system of justice."]

Instead, many legislatures have adopted a variation of misprision, commonly referred to as "obstruction of justice" or "accessory after the fact," which applies when an individual willfully or knowingly aids the person who committed the crime in preventing or hindering arrest. [For example, see New Jersey Statutes Annotated (NJSA) 2C section 29-3, which holds that a "person commits an offense if, with purpose to hinder the detention, apprehension, investigation, prosecution, conviction or punishment of another for an offense or violation.... [that person] harbors or conceals the other, provides or aids in, etc"; New York Penal Law section 195.05, which states that a "person is guilty of obstructing governmental administration when he intentionally obstructs, impairs or perverts the administration of law"; Connecticut Code section 53a-167a, which states that a "person is guilty of interfering with an officer when such person obstructs, resists, hinders or endangers any peace officer or firefighter in the performance of such peace officer's or firefighter's duties."] Under U.S. law, there is generally no liability for merely failing to report the commission of a crime in the absence of conduct--either before or after the fact--that aids the person committing the crime or obstructs efforts to investigate the crime; however, some states vary in the application of the common law misprision concept.

Misprision of a felony is still defined as a crime under 18 United States Code (USC) section 4, which provides that "whoever, having knowledge of the actual commission of a felony cognizable by a court of the United States, conceals and does not as soon as possible make known the same to some judge or other person in civil or military authority under the United States, shall be fined under this title or imprisoned not more than three years, or both." Courts have held, however, that conviction under this provision requires not only a failure to report information about the criminal conduct, but also some affirmative act to conceal the felony. Nonetheless, prosecutors still make use of this statute, especially when the person in question clearly knew that a crime was committed; thus, accountants who become aware of conduct that they believe might constitute a crime should still consult legal counsel.

As a result, certain aspects of U.S. law-- federal law and variation among the states-- might, when taken together with the AICPA Code of Professional Conduct, leave accountants with a great deal of uncertainty about how to proceed in certain situations if the IESBA's ED were to be adopted.

Morality Versus Ethics

Professional accountants can face a moral and ethical dilemma if they decide, after following the procedures in the ED or in AU-C section 250, that an employer or client has committed an illegal act. Ethically, the issue is resolved by following the standards in effect at the time, remembering that even a CPA working in industry must comply with the AICPA Code of Professional Conduct or the IESBA standards, whichever is applicable.

Once the ethical issue is resolved, the individual is faced with a moral issue. Morality is a personal attribute, unlike ethics, which is an organizational one. The individual will have a moral decision to make concerning the relationship with the employer or client. Knowing that an illegal act has occurred or is occurring, can a CPA refrain from taking action to report or stop the crime? Consider a situation where an individual determines during a professional engagement or employment that the client or employer is "ripping off" its customers--in a manner similar to Bernard Madoff, for example.

Does morality trump ethics? Does the applicable state or federal law require a witness to a crime to act to stop the crime? These situations are not addressed in the professional literature. It is imperative that a CPA in such a position retain legal counsel. In the end, however, it is up to the individual to resolve this personal moral dilemma. When in doubt, the true professional will consider what a person with integrity would do and then act accordingly within the law, regardless of the professional standards.

Underlying Principles

The IESBA's proposal could potentially be modified to accommodate the U.S. legal system and its myriad of differing federal and state legal requirements, but the underlying moral dilemma on client confidentiality would not disappear. Client confidentiality--when it relates to the operations, intellectual property, and business processes of an enterprise--is clearly necessary for the conduct of audits and all other professional engagements, and it should be strictly enforced. But aiding or abetting an illegal act by not reporting it when harm has already been caused or is currently being caused to others should not be tolerated. Moreover, it does not represent the spirit of the foundational bases of the confidentiality standard, and it is not in the public interest. The standard currently in effect needs to be accommodated, but the profession needs to consider changes that are in line with its underlying principles.

Certainly, CPAs need to comply with the law and must seek qualified legal counsel before making public any information obtained in the course of a professional engagement. A "noisy withdrawal" works with reports on financial statements that have been distributed to third parties, but what about a consulting engagement? Tax return preparation creates other problems with disclosure because simply withdrawing from a tax engagement prior to its filing would not be very "noisy."

As previously mentioned, only a dishonest client would not deal openly with a professional accountant if the confidentiality standard were changed to accommodate disclosure of illegal acts after appropriate internal disclosure and the enterprise's failure to rectify the offending action. Given CPAs' heavy reliance on management's representations throughout an audit and the extended procedures that would be required to perform any attest engagement for an enterprise where management lacked integrity, a loss of dishonest clients would be extremely beneficial to a professional's reputation.

John H. Eickemeyer, JD, is a shareholder and cochair of the accounting law practice group of Vedder Price PC, New York, N.Y. Vincent J. Love, CPA/CFF, CFE, is the chair of VJL Consulting LLC, New York, N.Y., and a member of The CPA Journal Editorial Board.
COPYRIGHT 2014 New York State Society of Certified Public Accountants
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2014 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Responsibilities & Leadership
Author:Eickemeyer, John H.; Love, Vincent J.
Publication:The CPA Journal
Geographic Code:1USA
Date:Apr 1, 2014
Previous Article:Using an ESOP as an ownership transition strategy in professional services firms.
Next Article:Website of the month: The Center for Audit Quality.

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters