Indian regulators tighten the noose for early detection and disclosure of Financial Frauds
The Securities and Exchange Board of India has issued the SEBI (Listing Obligations and Disclosure Requirements) (Third Amendment) Regulations, 2020, w.e.f. 08.10.2020 (“SEBI Notification”) whereby, inter alia, in case of initiation of forensic audit (by whatever name called) a listed company is required to make following disclosures to the stock exchange:
This has been included under events which shall be disclosed without any application of the guidelines for materiality. Enhancing disclosure requirements is one more step by the regulator, ostensibly done with a view to disclose potential financial mismanagement to the stock market and the public at large. Given the wide stroke of the brush in question, this step could have far reaching impact on the reputation of listed entities.
The Indian government for the last few years has been actively taken steps to shed its image of late recognition of corruption and financial frauds, by amending legislations, bringing about reforms and regulations, introducing stringent disclosure requirements by several regulators. The Companies Act, 2013 and Listing Regulations already have strict disclosure obligations and responsibilities on the Board of Directors and Key Managerial Persons along with emphasis on timing of disclosure.
The amendment to the age-old Prevention of Corruption Act, 1988 (“Act”) in 2018 was a step in the right direction. The amendment included within its ambit the bribe-giver and penalizing commercial organization for the acts committed by its Directors, managers and other officers acting in connivance. There are defences available if adequate procedures are put in place, the emphasis being maintaining compliance guidelines by companies. This brought about a change in the landscape of companies and multi-nationals operating in the Indian markets.
In continuation of these measures, earlier this year, in an attempt to check corporate frauds and scams, the Indian government issued new norms for auditors, i.e. Companies (Auditor’s Report) Order, 2020, (“CARO 2020/Order”), seeking more disclosures in reports. Under CARO 2020, amongst other things, it is mandatory for companies to disclose whether any fraud by the company or any fraud on the company has been noticed or reported during the year, if yes, the nature and the amount involved and auditors to consider whistle-blower complaints, if any, received during the year. This, inter alia, paves the way for enhanced due diligence and disclosures on the part of auditors especially in relation to financial management of the company. This step led to a greater level of compliance by Indian entities in dealing with whistle-blower complaints. The Order was initially applicable for audits of financial year 2019-20 i.e. for reports for financial statements belonging to financial year starting from April 1, 2019. Subsequently its applicability was deferred by one year. The Order stands applicable for audits of financial year 2020-21 and onwards.
What is covered under the SEBI Notification?
SEBI’s intention appears to cover a forensic audit (by whatever name called). While this could be interpreted to refer to situations where there is a financial impact, this is obviously going to be the subject matter of much discussion. Forensic audits are generally initiated in case of amiss with the company’s financial statements to uncover a fraud / mis-utilization, which underlines the seriousness of such audit. A bare perusal of the SEBI Board Meeting Notes on this issue, seem to suggest that the SEBI Notification has been introduced specifically to ensure (i) information pertaining to possible financial distress of listed entities are brought to the knowledge of third parties including minority shareholders; (ii) avoiding leakage of forensic audit reports in the media and (iii) facilitating complete disclosure.
A forensic audit is an examination and evaluation of a company’s financial records to derive evidence which can be used in a court of law or legal proceeding. Forensic audit plays an imperative role in assisting the corporates in timely detection, prevention and regulation of corporate frauds, though not specifically defined under any Indian legislation. A forensic audit can be conducted in order to prosecute a party for fraud, embezzlement or other financial claims. The Reserve Bank of India several years back introduced the concept of a Red Flagged Account (RFA) as an important step in fraud risk control and conducted forensic audit for early detection and reporting of frauds in the context of bank loans.
What does the SEBI Notification impact?
Most investigations conducted by companies today, whether on the basis of whistle-blower complaints or otherwise, have a component of a forensic audit to them. The thrust of the matter being that any allegation of wrongdoing, more often than not, does tend to have a monetary impact, for which a forensic analysis is usually done. The essence of CARO 2020 required the company to disclose all whistle-blower complaints to the statutory auditor, ostensibly to ensure that the auditor satisfies himself that the company has not swept anything under the carpet and adds the necessary checks and balances within the system.
The extent of disclosures directed under the SEBI Notification to the stock exchange can negatively impact the rights of the company and its shareholders. At the outset, when a company receives a whistle-blower complaint and initiates a forensic audit, it is not a confirmation that there is any semblance of truth in such a complaint; only that the company has, for any number of reasons, chosen to look into the complaint. Such extensive disclosure to the stock market at the time of initiation may, therefore, be premature and against the interest of the company, its shareholders and other stakeholders, and infact can be misleading, if eventually all the allegations are found meritless.
While in case of CARO 2020, most of information is provided to the statutory auditors and limited information goes into report, with the new SEBI Notification, the complete report will be required to be disclosed. Further, disclosure of final forensic audit report may also possibly impact the legal privilege attached to such investigations and legal advice rendered to the companies in that context or as part of such investigation. Mandating companies to disclose the initiation of an audit and the final report to the stock exchanges and thereafter give the management’s comments belies the purpose for which such privilege was born in law. It may also be self-incriminating.
Further, the forensic audit report may contain in addition to the findings and outcome of the audit, several factual and background information of the company, business and commercial information including contracts, and client information which are sensitive and confidential and not in the public domain. In addition to the above, such confidential information may or may not even be relevant to the findings/outcome of the current audit. Such mandatory disclosures to the stock exchanges will not only be pre-mature but could also lead to raising potential misleading red flags for companies and their stakeholders and could also be counter-productive. The question that remains to be answered is whether companies can deny disclosure to the stock exchange basis legal privilege.
The concept of privilege in the Indian context is covered to the extent of on-going legal proceedings and post creation of attorney-client relationship under the provisions of the Indian Evidence Act, 1872. On the other hand, developed jurisdictions have taken a view that documents created to avoid, or even settle proceedings which are reasonably contemplated, would receive the same level of litigation privilege as in cases of defending or resisting litigation. Further, documents prepared by the solicitors and forensic experts forming part of the investigation following formal instructions of the solicitors would be protected, as long as the dominant purpose was to resist or avoid contemplated criminal proceedings or its subsidiaries and/or their employees. Please refer to our previous hotlines discussing the English cases on this aspect.
The need of the hour is to maintain a balance between privilege and disclosure of relevant information to the stock exchange in a timely manner for early detection of financial frauds. It is an established practice that any such report created pursuant to an investigation undergoes several iterations. One way of addressing the situation could be submitting the final report which contains only the relevant facts and outcome without any legal advice. This would ensure that information which is confidential or irrelevant to the findings are not disclosed to the public. It also remains to be tested whether part of the report containing legal advice may be redacted while disclosing to the stock exchanges. While the amendments introduced by SEBI may be well-intended, their impact can be quite extensive, counter-productive and lead to opening of several concerns for the companies and its stakeholders.
– Payel Chatterjee, Sahil Kanuga & Vyapak Desai
You can direct your queries or comments to the authors
 As specified in sub-regulation (4) of regulation (30) of the SEBI Notification
 https://www.investopedia.com/terms/f/forensic-audit.asp, last visited on 21 October 2020
 Framework for dealing with loan frauds, RBI/2014-15/590 DBS.CO.CFMC.BC.No.007/23.04.001/2014-15 dated 7 May 2015
 Please refer our earlier hotline https://nishithdesai.com/information/research-and-articles/nda-hotline/nda-hotline-single-view/article/the-concept-of-privilege-what-does-it-mean-for-you-a-snapshot-of-the-practical-aspect-of-legal-pr.html?no_cache=1&cHash=b7e1008645b2394aa6d4120d199209fc
 WH Holding Limited and West Ham United Football Club Limited v. E20 Stadium LLP  EWCA Civ 2652
 SFO v Eurasian Natural Resources Corporation Ltd  EWCA CIV 2006