How to not lose sleep over NOCLAR
By Kevin Hayes, CPA
December 1, 2024
Why didn’t you warn me? How could you miss this? If you’d told me, I would’ve done something differently.
Any iteration of these phrases may appear in CPAs’ nightmares, and each echoes the same sentiment: You failed to advise your client. CPA firms in the AICPA Professional Liability Program routinely face professional liability claims from clients and former clients alleging that their CPA failed to advise them of a significant issue or that the CPA failed to detect a theft or fraud at the client organization. CPA firms have faced these types of claims, regardless of the service delivered and even when providing such advice was not in the engagement’s scope.
If you do not respond appropriately when you encounter suspected acts of noncompliance with law and regulations, then a failure-to-advise nightmare may become your professional liability reality.
A BRIEF OVERVIEW OF THE NOCLAR INTERPRETATION
The “Responding to Noncompliance With Laws and Regulations” interpretation (ET §1.180.010) of the “Integrity and Objectivity Rule” of the AICPA Code of Professional Conduct (the NOCLAR interpretation) became effective June 30, 2023, and broadly guides a CPA’s responsibilities, actions, and communications when he or she encounters or is otherwise informed of a client’s suspected noncompliance with laws and regulations (NOCLAR).
Examples of NOCLAR to which the NOCLAR interpretation may apply, include but are not limited to:
Fraud;
Money laundering;
Embezzlement;
Corruption and bribery;
Data protection violations; and
Tax and pension liabilities and payments.
The NOCLAR interpretation provides a framework for CPAs to follow when they encounter or become aware of suspected or actual NOCLAR. There are slight nuances or differences in the CPA’s response based upon the service provided, as the guidance in the NOCLAR interpretation is different for financial statement audit and review services and for all other services, but the framework establishes a path for CPAs performing any professional service and includes these steps:
Understand;
Communicate and advise;
Evaluate; and
Document.
THE NOCLAR INTERPRETATION IN ACTION
To best illustrate the application of this framework, let’s review an example through the eyes of a fictional CPA firm, Rose & Jordan. Rose & Jordan delivers bookkeeping services to Small Business Client XYZ and just found out the client hasn’t remitted payroll taxes for the past year. Rose & Jordan uses the NOCLAR interpretation’s framework to guide its next steps.
Understand
Regardless of the service performed, when suspected NOCLAR is encountered, obtain an understanding of the matter, including what happened and the circumstances surrounding the act. CPAs are not expected to have a level of knowledge of laws and regulations greater than that required to undertake the engagement. Rather, in understanding the suspected NOCLAR, a CPA is expected to apply their knowledge, professional judgment, and expertise.
Here’s a hypothetical. An accounting firm documents its understanding of the matter, which is that Small Business Client XYZ hasn’t paid its payroll taxes in a year and, therefore, appears to be noncompliant with state, local, and federal tax regulations. Note that the accounting firm does not conclude whether the client’s act constitutes noncompliance, because this would ultimately be determined by a court or other appropriate adjudicative body.
Communicate and advise
After obtaining an understanding of the matter, discuss it with the appropriate level of client management and, when appropriate, those charged with governance, such as the client’s board of directors or owners, if the CPA has knowledge of and access to them. This discussion may help deepen or clarify the understanding of the facts and circumstances relevant to the matter and the potential consequences. Also consider consulting with the CPA firm’s professional liability insurance carrier, which may have resources to help guide the firm’s response. If financial statement audit or review services are provided to the client, additional communications may be necessary and the NOCLAR interpretation should be reviewed for further guidance.
The accounting firm in our previous example follows the guidance included in paragraph .35 of the NOCLAR interpretation to determine the appropriate level of management of Small Business Client XYZ. It meets with client management to communicate its observations regarding the client’s suspected NOCLAR and recommends management look into the matter further, as nonpayment of payroll taxes may lead to significant consequences.
Evaluate
Evaluate the client’s reaction to the NOCLAR discussion and the steps that the client has taken, or plans to take, in response, and determine whether withdrawal is necessary. The NOCLAR interpretation provides relevant factors to consider when making this decision. For example, the appropriateness and timeliness of the client’s response can be an indicator of integrity, or lack thereof. This process may include consulting with the firm’s legal counsel and professional liability carrier.
In our fictional example, Small Business Client XYZ’s owner-manager dismisses the accounting firm’s communication and does not provide any further information regarding payroll tax remittance. The accounting firm performs a client continuance evaluation and ultimately decides to end the client relationship due to concerns about the client’s integrity. The firm sends a termination letter to Small Business Client XYZ, ending the client relationship. The termination letter includes a suggestion that the client review its payroll tax remittances and assess whether it is in compliance with laws and regulations.
Document
Document every aspect of the suspected NOCLAR, including the matter itself, the results of discussions with client management and others, how the client management responded, judgments you made, and courses of action you took along the way.
The accounting firm in our example began its documentation process as soon as it encountered the suspected noncompliance. Their NOCLAR documentation is included in the engagement file, which will be retained as prescribed by the firm’s document retention policy.
PREVENTIVE MEASURES
While CPAs can’t prevent their clients from engaging in acts of NOCLAR, they can help manage their own risk of getting caught in the fray. Mitigate the risk of working with a client that lacks integrity with thorough client acceptance and continuance procedures. Include steps to evaluate a prospective client’s integrity, financial strength, and culture during the acceptance process. Auditors and those performing review services are required to ask about NOCLAR when speaking with the predecessor CPA. Do not overlook signs that something may be amiss after beginning services, as a client’s risk level may change over time.
Another important risk management measure is engagement letters. Engagement letter terms related to the client’s responsibilities, the limitations of the service, the CPA’s responsibilities, and circumstances where termination and withdrawal may be necessary are important provisions that may be helpful when defending a claim related to a client’s NOCLAR.
OTHER CONSIDERATIONS
In addition to the NOCLAR interpretation itself and an AICPA Ethics Q&A on the topic, the AICPA has created a decision tree to assist members faced with NOCLAR matters. Further, some regulators may have requirements that are more stringent, and state and federal civil and criminal laws may impose additional requirements. Consultation with legal counsel is recommended.
Noncompliance by a client, and the failure to advise that client about it, is a nightmare scenario. If you can recognize potential NOCLAR, understand your responsibilities, and take the appropriate steps following the NOCLAR interpretation’s framework, then you may be headed toward an acceptable outcome and, ultimately, a better night’s sleep.
Kevin Hayes, CPA, is a risk control consultant at CNA. For more information about this article, contact
Continental Casualty Company, one of the CNA insurance companies, is the underwriter of the AICPA Professional Liability Insurance Program. Aon Insurance Services, the National Program Administrator for the AICPA Professional Liability Program, is available at 800-221-3023 or visit cpai.com.
This article provides information, rather than advice or opinion. It is accurate to the best of the author’s knowledge as of the article date. This article should not be viewed as a substitute for recommendations of a retained professional. Such consultation is recommended in applying this material in any particular factual situations.
Examples are for illustrative purposes only and not intended to establish any standards of care, serve as legal advice, or acknowledge any given factual situation is covered under any CNA insurance policy. The relevant insurance policy provides actual terms, coverages, amounts, conditions, and exclusions for an insured. All products and services may not be available in all states and may be subject to change without notice.
[Journal of Accountancy]
