ICAEW.com works better with JavaScript enabled.

Professional conduct in relation to defaults or unlawful acts guidance

Helpsheets and support

Effective: 04 May 2005

Published: 09 May 2011 Updated: 01 Mar 2014 Update History

Advice to members on their responsibilities relating to defaults and unlawful acts encountered in the course of professional work and to their position where disclosure is made.

The guidance is intended to be of general application to all members and refers to a number of specific areas of law, regulation and guidance. A list of additional sources can be found in the appendix. Members are strongly advised to consult additional sources of guidance as appropriate. All references are correct as at January 2020.

Introduction

Purpose

1.1

This guidance is intended to provide advice to members on their responsibilities relating to defaults and unlawful acts encountered in the course of professional work and to their position where disclosure is made. This statement covers:

  1. circumstances where a member is required or, may be permitted to, disclose confidential information to a third party relating to defaults or unlawful acts without the consent of the party to whom the duty of confidentiality is owed; including the provisions in the Code of Ethics relating to Non-Compliance with Laws and Regulations (‘NOCLAR’).
  2. practical guidance on liaising with authorities seeking disclosure of confidential information.

For further details on the scope and application of NOCLAR, please refer to the ICAEW guidance.

1.2

For the purposes of this guidance, a default or unlawful act stems from civil or criminal law. A default can be broadly defined as a failure to perform a task or fulfil an obligation required by law. An unlawful act is an act which is contrary to the law. The most common offences members are likely to encounter in their professional work include:

  1. fraud or theft which may involve falsification or alteration of accounting records or other documents, misappropriation of assets, suppression or omission of the effects of transactions from documents and other records, recording of transactions without substance, intentional misapplication of accounting policies or wilful misrepresentations of transactions or of the entity's state of affairs;
  2. insider dealing, market abuse and other acts of dishonesty which may include payment and receipt of bribes, conspiracy, soliciting or inciting to commit a crime and attempting to commit a crime or operating an anti-competitive cartel;
  3. money laundering offences resulting from acquiring, using, possessing, arranging or concealing 'criminal property', failure by a person working in the regulated sector to report known or suspected money laundering to the organisation's Money Laundering Reporting Officer (MLRO) or the National Crime Agency (NCA) or 'tipping off' offences;
  4. offences in relation to taxation;
  5. health and safety offences which may include corporate manslaughter;
  6. breaches of employment legislation including, for example, unlawful discrimination;
  7. environmental offences;
  8. criminal damage which may include arson with intent to endanger life;
  9. perjury and contempt offences;
  10. bankruptcy or insolvency offences.
1.3 Where this guidance refers to an organisation, this includes any entity in which a member is a principal, employee or to which the member is a contractor.

Scope

1.4

This guidance applies to:

  1. all members, provisional members, affiliates, Foundation Qualification Holders, provisional Foundation Qualification Holders and employees of a member firm;
  2. member firms and regulated firms;
  3. current and previous clients and employers. A member may be required or permitted to disclose confidential information relating to defaults or unlawful acts relating to previous clients or employers.
1.5

The guidance is of general application and does not cover:

  1. specific duties and responsibilities relating to directors and the reserved areas of audit, investment and insolvency which are dealt with elsewhere (see Appendix for further references);
  2. client's taxation affairs which are dealt with in Professional conduct in relation to taxation;
  3. information subject to Legal Professional Privilege. If a member believes or knows that the information relating to the default or unlawful act is subject to legal professional privilege, the member is encouraged to seek further advice. Guidance on money laundering reporting requirements in privileged circumstances can be found in the CCAB Anti-money laundering guidance for the accountancy sector.
1.6 The guidance is not intended to deal with requests for disclosure under provisions for general access to information held by public authorities, such as under the Freedom of Information Act 2000, or in respect of subject access requests under the Data Protection Act 2018. Requirements under these Acts, including requirements for disclosure, are not aimed specifically at defaults and unlawful acts, but may be much more general. Further guidance on these requirements can be found elsewhere (see Appendix).

Overseas members

1.7 Paragraph 100.3 A1 in the Code of Ethics notes that some jurisdictions might have provisions that differ from or go beyond those set out in the Code. In those jurisdictions, members need to be aware of these differences and comply with more stringent provisions unless prohibited by law or regulation.

ICAEW's Code of Ethics

1.8  The Code of Ethics sets out the five fundamental principles and reference should be made to Complying with the Code (Part 1) of the Code of Ethics
1.9 The fundamental principle of confidentiality is particularly relevant to the disclosure of defaults or unlawful acts to third parties. A member acquiring or receiving information in the course of professional work should not disclose this information outside the employing organisation without the informed consent from the party to whom the duty of confidentiality is owed (preferably in writing) unless there is a legal or professional duty or right to disclose see Section 114 'Confidentiality' in Part 1 of the Code of Ethics
1.10

Members must preserve the confidentiality of information of their clients and employer except where disclosure is justified:

  1. by legal authority (see paragraphs 2.11-2.23);
  2. in the public interest (see paragraphs 2.24-2.32 and NOCLAR guidance); or
  3. to protect a member's own interests (see paragraph 2.33).

Laws and regulations

1.11 Laws and regulations are added to, amended, and/or replaced over time. In order to identify and, if appropriate, disclose a default or unlawful act members have responsibility to keep up-to-date with key changes in the laws and regulations that affect the role, business sector and country in which they operate (see Appendix for further references).

Sources of advice

ICAEW

1.12

Members who are in doubt as to their ethical position may seek advice from the CAEW's Ethics Advisory Services by telephone +44 (0)1908 248 250. Issues can be discussed anonymously. The Ethics Advisory Service is available to all members including their representatives and is a confidential service free from the duty to report professional misconduct within the ICAEW.

1.13

Seeking advice from the Ethics Advisory Services does not discharge a member's duty to report misconduct, including their own misconduct. (See The duty to report misconduct).

1.14 A member requiring specific money laundering advice should contact ICAEW's money laundering helpline by telephone +44 (0)1908 248 250. The money laundering helpline provides advice on general issues concerning the regulations or specific issues, which can be discussed anonymously.

Other

1.15 A member should also consider taking legal advice to resolve issues arising from the application of laws and regulations to particular situations relating to confidentiality, disclosure, privilege, self-incrimination and other areas.
1.16 From time-to-time it may be necessary to seek legal advice at short notice. Therefore, it may be in a member's interest to have in mind suitably qualified individuals from whom legal advice can be sought.
1.17 If a member is considering taking advice from sources other than ICAEW regarding disclosure in relation to defaults or unlawful acts, the member should consider, amongst other factors, whether the qualifications, experience and background of the individual or organisation providing the advice are appropriate to the circumstances.

Defaults or unlawful acts

Discovering a default or unlawful act

2.1 A member is expected to apply appropriate levels of knowledge, judgement and expertise when considering whether an act is a default or unlawful act but is not expected to have detailed knowledge of laws and regulations beyond that which is required for the role or task being undertaken. Experience in a particular role, business, or country may result in a member having greater knowledge in relation to defaults or unlawful acts than a lay person's knowledge. If so, a member is expected to use that greater knowledge or expertise. For example, a tax adviser is expected to have greater knowledge and expertise in what constitutes a default or unlawful act in relation to taxation.
2.2

If a member suspects that a client or employer or someone acting for a client or employer is committing or has committed a default or unlawful act, a member should, where appropriate, consider the matter to obtain an understanding of the nature of the act and the circumstances in which it has occurred. Not all suspicions turn out to be well founded. Unless otherwise required, disclosure of suspected defaults or unlawful acts prematurely can be detrimental to the member, employer and/or clients. A member should not disclose suspicions of defaults or unlawful acts unless required to do so by law, the process of law or after careful thought and having taken appropriate advice. Depending on the nature of the default or unlawful act, the member should refer to the provisions on NOCLAR in sections 260 and 360 of the Code of Ethics 

2.3 A member will have to exercise professional judgement in deciding who to discuss the matter with, since this may depend on the nature of the act, the circumstances and individuals involved. A member should refer to the internal policies and procedures of the employing organisation for guidance as to whom to discuss known or suspected defaults or unlawful acts with.
2.4

In general, unless there is a good reason not to, a member should first discuss known or suspected defaults or unlawful acts within reporting lines in the employing organisation and/or the client, if appropriate, before disclosing the matter to third parties. Reporting lines may include, but are not limited to, the member's immediate superior, the next level of management, the organisation's Money Laundering Reporting Officer (MLRO) and a corporate governance body, for example, the Audit Committee. Some individuals may also have obligations to report direct to a regulator in certain circumstances, such as those involving matters of material regulatory concern. For example, Health and Safety officers may have obligations to report to the Health and Safety Executive, or approved persons under the Financial Services and Markets Act 2000 to the Financial Conduct Authority.

2.5 If a member suspects that a superior and/or management are involved in the default or unlawful act, the member is encouraged to discuss the matter with a higher level of authority in the organisation, for example, the Audit Committee or formal whistleblowing helplines.
2.6

Any discussions with individuals regarding defaults or unlawful acts should be subject to compliance with the money laundering regulations regarding reporting requirements and 'tipping off' offences (see helpsheets on tipping off). Reports of known or suspected money laundering offences (whether voluntary or required by law) should normally be made to the MLRO without delay or, if the organisation does not have a MLRO, to the National Crime Agency (NCA). The MLRO, if there is one, will determine whether or not a report should be made to the NCA (see CCAB Anti-money laundering guidance for the accountancy sector).

2.7 Wherever possible, a member should advise individuals or the organisation to disclose the default or unlawful act to the proper authorities (see paragraph 2.12) and/or take corrective action.
2.8

A member may wish to consider taking legal advice in the following situations:

  1. where no higher authority exists within the organisation with whom that matter can be discussed;
  2. if the member believes that no corrective action will be taken by the relevant individuals and/or organisation; or the members considers the response has been inadequate;
  3. if a member believes that the appropriate disclosures to the proper authorities will not be made in a reasonable period of time;
  4. where otherwise uncertain how to proceed.

Disclosure to third parties

2.9

Disclosing information to third parties without a client or employer's consent may be justified, despite the duty of confidentiality. A member may be required or permitted to make a disclosure to a third party if justified:

  1. a. by legal authority (see paragraphs 2.11-2.23);
  2. b. in the public interest (see paragraphs 2.24-2.32); or
  3. c. to protect a member's own interests (see paragraph 2.33).
2.10 When making a disclosure to a third party without consent based on 2.9 b) or 2.9 c), a member must act reasonably and in good faith when dealing with the proper authorities and exercise caution when making statements and assertions.

Disclosure authorised or required by legal authority

2.11 The law or process of law may require or permit disclosure of information to the proper authorities without the employer's or client's consent. Failure to comply with disclosure requirements required by law or the process of law may result in a member breaching the law and committing an unlawful act or default.
2.12

Proper authorities 2are defined by the courts as those third parties who have a proper interest in receiving such information, for example, law enforcement agencies and regulators. The proper authorities in the United Kingdom may include, but are not limited to, the National Crime Agency, the Crown Prosecution Service, police forces, the Financial Conduct Authority, the Department for Business, Energy and Industrial Strategy, Designated Professional Bodies, Recognised Supervisory Bodies, Recognised Professional Bodies, the Panel on Takeovers and Mergers, the Society of Lloyd's, the Bank of England, local authorities, the Charity Commission for England and Wales, the Office of the Scottish Charity Regulator, the Charity Commission of Northern Ireland and HM Revenue & Customs.

 

2.13 Before disclosing information to an organisation, committee or agency, a member should check its legal authority. For example, whether disclosure to a Parliamentary Committee or Ombudsman is required may need to be checked.
2.14

In the absence of consent, a member should consider the following before deciding to disclose confidential information:

  1. refer to the organisation's internal procedures for liaising with authorities;
  2. identify the authority, agency or regulator making the disclosure request;
  3. clarify under what authority disclosure is sought;
  4. ensure the extent of the request does not exceed the authority or contravene the law;
  5. establish whether the relevant individuals or organisation may be informed of the request or disclosure;
  6. keep records of decisions and actions taken (paragraphs 2.34-2.35).

The above points are discussed in greater detail in section 3 'Liaising with authorities seeking disclosures' of this guidance.

2.15

Some situations where a member is required to provide confidential information proactively to the proper authorities without the client's or employer's consent and without a request from the proper authorities or process of law, include but are not limited to:

  1. knowledge or belief that information would be material in preventing an act of terrorism, or apprehending, prosecuting or convicting a terrorist which must be disclosed as soon as reasonably practicable to the police;
  2. knowledge or suspicion of money laundering, formed by an individual in the regulated sector which must be disclosed where appropriate to the organisation's MLRO or the NCA (paragraphs 2.17-2.19);
  3. information of material significance, when acting as an auditor or examiner of a charity which must be disclosed to the appropriate charity regulator.
2.16

Some situations where a member may be required to disclose information, if requested, to the proper authorities without a client's or employer's consent, include, but are not limited to circumstances surrounding:

  1. knowledge or belief that an employer or client has committed fraud (disclosure to the police may be required);
  2. certain information when acting as a liquidator (disclosure to the Department for Business,Energy and Industrial Strategy);
  3. information given on oath to an inspector appointed by the Secretary of State to investigate the affairs of a company;
  4. specified information to the liquidator, administrative receiver or administrator of the client or employer Documents and Records: Ownership, Lien and Rights of Access; or
  5. information required by the process of law, for example, pursuant to a Court Order.
2.17 There are reporting requirements in relation to money laundering which override the duty of confidentiality and these are set out in the Proceeds of Crime Act 2002, the Terrorism Act 2000, the Terrorism Act 2006 and the Money Laundering Regulations 2017. These often require difficult judgments to be made as to whether or not a situation has arisen which would require a member to report information to the employing organisation's Money Laundering Reporting Officer (MLRO) or the National Crime Agency (NCA).
2.18

A member should take care when communicating relevant facts to others relating to known or suspected money laundering or terrorist activities. Under the Proceeds of Crime Act 2002 and the Terrorism Act 2000, it is a criminal offence to 'tip off' a money launderer or terrorist, or prejudice an investigation. For further discussion, refer to ICAEW's money laundering hub and the helpsheet on tipping off.

2.19 A member requiring specific advice on the Money Laundering Regulations 2017 should contact ICAEW (paragraph 1.15).
2.20 If a member receives notice that a Court order will be sought requiring the member to make a disclosure then, unless it is inappropriate to do so, the member should inform the client or employer that such a request has been made, to give them an opportunity to consent to the member making a disclosure.
2.21

A member may be required to disclose information as part of the legal disclosure process or following the service on the member of a witness summons, including a summons to produce documents (see Documents and records: ownership, lien and rights of access).

2.22 If a summons or other similar type of demand is addressed specifically to the member, that member has a legal obligation to comply with the request.
2.23 If a member considers the above points regarding disclosure of confidential information due to legal authority and is still uncertain as to whether or not disclosure is appropriate, it may be appropriate to seek legal advice.

Disclosure in the public interest

2.24 A distinguishing mark of the accountancy profession is its acceptance of the responsibility to act in the public interest. Hence, a member should disclose confidential information, when not obliged to do so by law or regulation, if the disclosure can be justified in the 'public interest' and is not contrary to laws or regulations.
2.25 Complying with the Code, paragraph 100.1 A1 in the Code of Ethics Part 1 states that a professional accountant’s responsibility is not exclusively to satisfy the needs of an individual client or employing organisation. 
2.26

Sections 260 and 360 of the Code of Ethics entitled Responding to NOCLAR, detail a professional accountant’s responsibility to disclose confidential information where it is in the public interest to do so. These provisions apply to laws and regulations that have a direct effect on material figures in the financial statements, and other laws and regulations that may be fundamental to an entity’s business and operations. Clearly inconsequential matters and misconduct of a personal nature are excluded. For further details on NOCLAR please refer to the guidance.

2.27

Examples of situations which may be regarded as being in the public interest, as set out in the Public Interest Disclosure Act 1998 (PIDA) include but are not limited to the disclosure of information where there has been:

  1. a criminal offence;
  2. a failure or likely failure to adhere to legal obligations;
  3. a miscarriage of justice;
  4. matters where the health and safety of individuals is endangered or likely to be endangered;
  5. damage or possible damage to the environment.
2.28 Whilst the public interest is a concept recognised by the courts, the absence of a legal definition of public interest places members in a difficult position as to whether or not matters should be disclosed on this ground. Hence, a member must consider each situation on its own merits and take advice if unsure how to proceed.
2.29

When considering whether or not a disclosure is justified in the public interest, a member should take one or more of the following into account:

  1. reliability and quality of information available and degree of suspicion;
  2. whether members of the public are likely to be affected;
  3. the possibility or likelihood of repetition;
  4. whether the individuals or organisation will be willing to disclose the matter and remedy the situation;
  5. the gravity of the matter, for example, the size of the amounts involved and the extent of the likely damage;
  6. legal or regulatory obligations;
  7. legal protection for breach of duty of confidentiality;
  8. any legal advice obtained.
2.30 If a member believes a matter should be disclosed in the public interest, the member should first consider whether it is appropriate to disclose the matter (and if so, in what manner) to the relevant individuals or organisation to give them an opportunity to address it, before making disclosure of it to the appropriate authority.
2.31

A member should consider carefully the approach to be taken to disclosure and to whom it should be made. A member may have a defence to ICAEW's disciplinary proceedings relating to breach of duty of confidentiality if:

  1. the member had an honest and reasonable belief that the disclosure is made in the public interest; and
  2. such disclosure is made to a proper authority (paragraphs 2.11-2.12).
2.32 PIDA may provide statutory protection to a member making public interest disclosures. PIDA provides protection to 'workers' (as defined in the Act) making disclosures in the public interest and allows such workers to claim compensation for discrimination, dismissal or victimisation following such disclosures.
2.33

In order for a 'worker' to be provided with protection under PIDA a 'worker' must make a 'protected disclosure' in 'good faith' to an employer, legal adviser, prescribed person or other appropriate person. In order for a disclosure to qualify as a 'protected disclosure', a 'worker' must have a reasonable belief that the 'protected disclosure' is substantially true. Further information on PIDA is available in ICAEW's Technical Release 17/99.

Disclosure for the protection of the member's own interest

2.34

A member may disclose to the proper authorities information concerning a client or employer where the member's own interests require disclosure of that information. In general, members should only disclose information which is adequate, relevant and necessary in order to allow the protection of their own interests. Examples of such situations include, but are not limited to, the following:

  1. to enable the member to defend himself against a criminal charge or to clear himself of suspicion;
  2. to resist proceedings for a penalty or civil proceedings in respect of a taxation offence, for example in a case where it is suggested that the member assisted or induced a client or employer to make or deliver incorrect returns or accounts (see 'Professional conduct in relation to taxation');
  3. to resist a legal action brought against him;
  4. to enable the member to defend himself in disciplinary proceedings (see 'The duty to report misconduct'); or
  5. to enable the member to sue for unpaid fees.

Documentation

2.35 When disclosing confidential information, a member must bear in mind that any decision to disclose may be called into question at a future date. Thus, a member is advised to keep detailed contemporaneous notes of meetings and telephone conversations relating to the matter.
2.36

In situations where a member discloses confidential information to a third party, a member is encouraged to keep a record of:

  1. any consent given;
  2. discussions held or decisions taken concerning the disclosure of confidential information;
  3. a schedule summarizing disclosures and to whom they were made;
  4. copies of relevant documentation; and
  5. any legal or other advice obtained.

Liaising with authorities seeking disclosure

3.1 It is in the interests of the profession and the public that members and law enforcement agencies, regulatory authorities and other authorities cooperate with each other in order to enable them to carry out their functions.
3.2

When liaising with law enforcement agencies, authorities and regulators, it is important that members communicate their position effectively by emphasizing that although they have to comply with laws and regulations and the process of law, they must also consider their duty of confidentiality to their employer and clients. Those charged with enforcing the law and regulations include, but are not limited to, police officers, investigating officers or representatives from organisations such as the Financial Conduct Authority and the Child Support Agency. See the helpsheet on disclosure to police and other enforcement agencies.

3.3 Whilst those requesting information may come from diverse organisations and may approach a member via telephone, written communications or during a visit, the principles which underpin a member's approach to liaising with the law enforcement agencies, regulatory authorities and other authorities are the same.
3.4

A member should consider, as appropriate, the following when liaising with law enforcement agencies, regulatory bodies and other authorities:

  1. Refer to the organisation's internal procedures for liaising with authorities.
    A member should refer to the organisation's internal policies and procedures for disclosure of confidential information to authorities.
  2. Identify the authority, agency or regulator making the disclosure request.

    A member should identify which authority, agency or regulator the person is purporting to represent. A member should not be afraid to ask for proof of identity and other verification of credentials. If in any doubt, it would be reasonable for a member to ask for time to check the identity of the individual and the organisation, perhaps by telephoning the office of the agency or regulatory authority allegedly being represented. A member must not disclose confidential information to individuals without being satisfied as to the identity of these individuals.

    A member who is approached by an insolvency practitioner or official receiver to disclose confidential information should also establish in what capacity the insolvency practitioner or official receiver is acting. The powers and rights of such individuals vary slightly between roles (see Documents and records: ownership, lien and rights of access).

  3. Clarify under what authority disclosure is being sought.

    Some powers are statutory, for example an Act of Parliament may give authority to a particular agency to demand information without further action. Other statutory provisions require the official to take further steps before being able to demand disclosure, for example a court order may be needed.

    A member should check with the individual requesting the disclosure under what powers they are seeking it, preferably obtaining the full reference for the power (for example the Act and Section). If acting under a court order a member should be provided with a copy. Disclosure should not be made without assurance that due process of law has been followed, for example, checking that the order has an official court seal and refers to the relevant party.

  4. Ensure the extent of the request does not exceed the authority or contravene the law

    Although it would not be unreasonable to assume that a properly identified individual is ordinarily acting within their power, if a member is in doubt the member should not hesitate to ask for time to check that such powers exist. A member should be careful not to disclose information which is not covered by the authority and its powers. For example, a right to access specific documents under a Court order does not equate to unfettered access to all files.

    A member must also consider whether the information being requested is covered by Legal Professional Privilege. If so, a member is encouraged to seek legal advice.

  5. Establish whether the relevant individuals or organisation may be informed of the request or disclosure.

    Wherever possible, consent should be sought from the client or employer, to respond openly to a request for information from law enforcement agencies and authorities acting within their legal powers. However, it should be noted that representatives from law enforcement agencies may approach the member before the client or employer is aware of investigations into their affairs. The matters subject to disclosure may be extremely sensitive. Disclosing the request for information might prejudice an investigation or represent an offence for example, 'tipping off' a money launderer. It is therefore, important that a member establishes if the request and/or disclosure may be discussed with the employer or client.

  6. Keep records of decision and actions taken

    Disclosure without a client's or employer's consent represents a departure from generally accepted principles of confidentiality. It is therefore important, for their own benefit, that a member records details of any disclosures made. In most cases, it will be necessary to keep such records confidential (see paragraphs 2.35-2.36).

    If in doubt as to any of the matters referred to above, a member should seek legal advice before disclosing information.

Appendix - websites

Additional sources of guidance and useful websites, include, but are not limited to:

  1. Regulations, standards and guidance, in particular:
  2. Technical Releases, in particular:
  3. Statements of Auditing Standards, in particular:
    • ISA 240 (UK and Ireland) - The Auditor's Responsibility to consider Fraud in an Audit of Financial Statements
    • ISA 250 (UK and Ireland) - Consideration of Laws and Regulations in an Audit of financial Statements
  4. Audit Technical Releases, in particular:
    • Audit 02/05 Guidance on the implications of the Freedom of Information Act 2000
  5. APB Practice Notes, in particular:
    • PN12 - Money Laundering - Interim guidance for Auditors in the UK (Revised)
  6. Legislation and Regulations, in particular:
    • Theft Act 1968
    • General Data Protection Act 2018
    • Public Interest Disclosure Act 1998
    • Terrorism Act 2000
    • Freedom of Information Act 2000
    • Proceeds of Crime Act 2002
    • Serious Organised Crime and Police Act 2005
    • Terrorism Act 2006
    • Money Laundering Regulations 2017

References

1. Amended:
  • 18 August 2008
  • 1 September 2006
2. Proper authorities per Denning LJ in Initial Services v Putterrill, 1968.