Early detection and reporting of frauds in India: widening the regulatory net
The past few decades have witnessed a widespread improvement in investor confidence and positive market sentiment, catapulting India’s image as a global investment hub. While the government’s policy initiatives, such as ‘Make in India’ liberalising Foreign Direct Investment in over 25 sectors, aim to catalyse ease of doing business, recent amendments to regulations – such as Indian Penal Code 1860, the Companies Act 2013, Insolvency and Bankruptcy Code 2016 and the Prevention of Corruption Act 1988 – are enablers in preserving the economic reputation of the country by effectively tackling fraud, corruption, bribery and serious white-collar crimes. The second Indian Company Law Committee, set up in 2019, in its report of recommendations highlighted: ‘These recommendations are geared towards promoting ease of living in the country by providing ease of doing business to law abiding corporates, fostering improved corporate compliance for stakeholders at large and to address emerging issues impacting the working of corporates in the country.’
Reliance on and the use of sophisticated technology spread across jurisdictions has made detection of financial crimes and criminals far more complex over time. Keeping pace with the crimes, Indian regulators have taken steady strides in developing a stricter enforcement regime to deal with frauds and white-collar crimes. Investigating agencies like the Enforcement Directorate, Central Bureau of Investigation, Serious Fraud Investigation Office, Economic Offences Wing, and the Directorate of Revenue Intelligence have improved vigilance and prosecution standards by introducing forensic technology, among other best practices, in India.
However, much needs to be continually adopted and borrowed, from mature economies like the European Union, Japan and the United States, on early detection, deterrence, and prevention of fraud and white-collar crimes in India, through methods of enhanced reporting and compliance. Recent revelations of high-value corporate frauds in flagship Indian enterprises – including Jet Airways, IL&FS, Bhushan Steel and Dewan Housing Finance Ltd – have only increased the need for stringent internal reporting mechanisms at ‘India Inclusive’. One of the most critical components of this mechanism are fraud-fighting professionals who regularly assist corporates and government agencies in tackling risks and mitigating frauds. Such professionals handling varied portfolios of risk and compliance, audit, forensics and internal investigations, have been at the forefront of protecting economic interests of various stakeholders.
Over time, an auditor’s role in a company has been cast as a gatekeeper of governance. The statutory framework has placed ever increasing responsibilities on the auditor with an aim to prevent accounting discrepancies and protect businesses from frauds.
Fraud reporting by auditors
The primary responsibility of detection and reporting on frauds rests on the management of a company. However, investigation agencies and legal practitioners are often faced with the question of an auditor’s role in reporting frauds or overlooking them. Under Indian law, if during audit, the auditor has reason to believe that an offence of fraud involving an amount of INR 10m (USD $122,000) or above, is being or has been committed by or against the company, the auditor is obligated to report the matter to the Indian government, which can suo moto initiate an investigation into the affairs of the company basis such report. The definition of ‘fraud’ under Indian law is very wide and includes instances where there is no actual illegitimate gain or loss. Under criminal law, fraud must also connote ‘mens rea’ or intention of a party to commit the crime. Therefore, any suspicion of fraud by the auditor must be promptly reported. Investigation into a financial wrongdoing (by private as well as government entities) would not only entail investigation of the offence, but also the auditor’s compliance with his disclosure and reporting obligations.
Until now, auditors have followed the general practice of reporting frauds (above the relevant financial threshold) to the Indian government where such frauds were first discovered by them during the audit process. However, no reporting was done where the fraud was otherwise discovered by the company’s management (through whistleblower complaints, internal audits, etc). While the practice found its root and support in the guidance note issued by the professional regulator for Indian chartered accountants (‘Guidance Note’), it resulted in multiple instances of serious fraud going unreported, especially where the company itself was complicit.
A new circular issued by the National Financial Reporting Authority (NFRA), a government watchdog for audit compliances, on 26 June 2023, reverses this position and obligates the auditor to report every instance of fraud (above the financial threshold) coming to its knowledge directly or indirectly. Interestingly in 2020, the Companies (Auditor’s Report) Order 2020 (‘CARO 2020’), significantly increased the onus of reporting on the auditor as well as the company. CARO 2020 seeks disclosures from companies on the details of fraud, involvement of personnel and the financial quantum. Some of the new items included in the revised format of auditor’s report are aimed at facilitating early identification and warning signs of fraud and consequent frauds to the Reserve Bank of India. CARO 2020 also requires auditors to consider whistleblower complaints received during the year.
Notably, the Securities and Exchange Board of India (SEBI) has also stepped-up efforts by introducing significant changes to governance framework and seeking to enforce higher disclosure and governance standards for listed entities. On 8 October 2020, SEBI amended the SEBI (Listing Obligations and Disclosure Requirements) Regulations 2015 (‘LODR Regulations’), requiring disclosures by listed entities regarding: (1) fact of initiation of forensic audit, along with the name of auditor and reasons for the audit; and (2) final forensic audit report along with comments of the management. Subsequently on 14 June 2023, SEBI introduced another amendment to the LODR Regulations materially altering key provisions of the LODR Regulations, including the: (1) disclosure framework, by introducing an objective methodology for determining material events and data, tightening the timeline for making disclosures and mandating additional disclosures (including addressing of market rumours, agreements entered into by listed companies, etc); (2) mandatory approval in case of business transfer agreements outside of scheme of arrangement route; (3) approval requirement and disclosures in case of grant of special rights granted to shareholders; and (4) timelines for filling vacancies of directors and key managerial personnels along with validity of permanent board seats.
Tightening the regulatory noose: implications going forward
CARO 2020 ushered in higher standards of transparency in reporting the financial health of a company with better implementation of the whistleblower policy in letter and spirit by companies in India. The CARO 2020 report along with FAQs issued have come in as a consolidated guide for all corporate stakeholders including regulators for early identification of lags, misdemeanours and deviations from compliance norms.
The amendments to LODR Regulations and NFRA guidance seem to be in line with these strengthened compliance requirements. The amended LODR Regulations plug the gap in unequal access to disclosures concerning listed entities. Similarly, the NFRA circular expressly requires auditors to report fraud (above the relevant financial threshold) to the Indian government even where the fraud was identified by them only subsequently, or not reported by the management and therefore not disclosed by them during the course of audit. Since the NFRA regulates audits of all listed entities as well as unlisted entities that meet the prescribed financial criteria, auditors of a significant proportion of Indian companies will now be bound by this provision.
Given the government sponsorship of the NFRA circular, it is expected to have precedence over the Guidance Note in relation to audit of entities meeting the prescribed financial criteria for NFRA jurisdiction. Importantly, the NFRA circular does not create any thresholds of: (1) nature of fraud; or (2) materiality of fraud. Thus, isolated incidents of kickbacks, misdemeanours or impropriety by a company’s employee qualify as a reporting obligation as well. The circular also addresses a misconception among auditors that resigning from an audit would absolve them of their disclosure obligations. Thus, auditors who resign without reporting fraud or suspected fraud can still be subject to the consequences outlined under the Companies Act 2013.
Given the nature of reporting obligations under the new regime, auditors are expected to intensify scrutiny of process and procedures followed by the company along with prompt reporting of all findings of all internal investigations and reviews. The process would inevitably involve teams assisting the auditors with forensic reviews, risk assessment and overall legal opinion on auditor’s exercise of prudence and judgment in reporting.
The regulatory changes can be viewed as a nudge to streamline presentation and management of the financial affairs of a company to regain the confidence of the investors and regulators. Responsibility has been cast both on the reporting entity as well as auditors for timely detection and reporting at early stages of financial impropriety. With such multi-fold rise in legal obligations of auditors and investigative professionals, resort to technology and artificial intelligence tools offer potential solutions for sampling, data verification and anomaly detection purposes. The current trends in fraud prevention mechanism will set a benchmark for future efforts in the country. Sustaining momentum is critical to drive up the global investor confidence building in India.
 Report of the Company Law Committee dated 14 Nov 2019.
 Section 143(12) of Companies Act 2013 and Companies (Audit and Auditors) Rules 2014, read with Companies (Auditor’s Report) Order 2020.
 Section 447 of the Companies Act 2013.
 Guidance Note on Reporting on Fraud under Section 143(12) of the Companies Act, 2013 (Revised 2016).
 Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) (Third Amendment) Regulations 2020.
 Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) (Second Amendment) Regulations 2023.
 Section 140(5) of the Companies Act 2013.