Download the PDF Navigating the CPA Ethical Landscape

A distinguishing mark of the CPA profession is its commitment to the public interest. Consider the recently effective NOCLAR (Noncompliance with Laws and Regulations) interpretation by the AICPA’s Professional Ethics Executive Committee (PEEC). As of June 30, 2023, this interpretation extends its guidance to CPAs in both public practice and in business, providing a roadmap for ethical decision-making.

In the world of accounting, where objectivity and integrity reign supreme, CPAs frequently find themselves facing a delicate balancing act when confronted with noncompliance or suspected noncompliance with laws and regulations during any professional service to clients—tax, audit, accounting services or consulting, or for CPAs in business during the performance of their job for their employer.

Let’s say you are a CPA … what would you do?

Wait … what are some examples a CPA in public practice or in business might encounter?

These examples are for discussion purposes only and illustrate just some of the possible situations that might be encountered. This is not an exhaustive list, and CPAs should use professional judgment considering the actual facts and circumstances.

• While walking around your client’s or employer’s facilities you notice or otherwise become aware of potentially improper disposal or hazardous waste materials.

• While at the entity’s facilities you observe or see indications of potential violations of labor laws—such as discrimination; or while accessing payroll records, you notice potential minimum wage violations.

• Information comes to your attention that a data breach occurred, and you learned that affected individuals have not been contacted as required by your understanding of the law.

• An employee of the organization that received a grant from the federal agency discovered that the organization did not spend the grant proceeds in accordance with the federal agency’s requirements.

While diligently fulfilling your responsibilities as a CPA on behalf of your employer or client, an anomaly pops up that demands your attention—a red flag that gives you pause and raises concerns about potential illegitimate activities. This anomaly could potentially involve fraudulent activities, embezzlement or even a breach of data protection protocols. It might manifest as the greenwashing of environmental data or other ethically problematic matters that in your professional judgement might be a violation of established rules and regulations—aka NOCLAR.

So, I will go back to my question: What would you do? What is your ethical responsibility?

CPAs are not experts in laws and regulations, but the new NOCLAR interpretation (ET section 1.180.010 for CPAs in public practice and ET section 2.180.010 for CPAs in business) can provide guidance. Keep in mind these interpretations apply to any professional service by CPAs in public practice or in any business. However, it’s crucial to read the fine print.

The NOCLAR interpretation does not apply in certain scenarios and it’s imperative for CPAs to acquaint themselves with these exceptions. Such scenarios include personal misconduct unrelated to the client’s business, noncompliance by parties other than the client, forensic engagements or other specified engagements.

This intricate dance involves harmonizing the “Integrity and Objectivity Rule” [section 1.100.001] with the nuances of confidentiality, as defined by the “Confidential Client Information Rule” [section 1.700.001].

To begin, let’s demystify the technical jargon. Noncompliance encompasses a spectrum of actions, whether intentional or unintentional, that violate prevailing laws and regulations. These acts may be attributed to the client, individuals in charge of governance, management or those working under the client’s umbrella.

You are not expected to have a level of knowledge of laws and regulations greater than that required to undertake the engagement or your role in the organization.

Whether an act constitutes noncompliance is ultimately a matter to be determined by a court or other appropriate adjudicative body.

Keep in mind that you, as the CPA, do not need to conclude that an action is NOCLAR for these sections to apply; indeed, as acknowledged by the Code, the ultimate determination is for a court or other appropriate judicial body. This NOCLAR section also applies to “suspected” noncompliance. So, what does “suspected” mean? Oxford University Press defines “to suspect” as to —have an idea or impression of the existence, presence or truth of (something) without certain proof.

However, an essential consideration for the CPA that overlaps the NOCLAR is prescribed by the “Confidential Client Information Rule” [section 1.700.001] and for CPAs in business the “Confidential Information Obtained From Employment or Volunteer Activities” interpretation [section 2.400.070]. CPAs should exercise discretion, refraining from disclosing sensitive information to third parties without the client’s or employer’s consent. Exceptions do exist, primarily when it becomes necessary to report noncompliance to regulatory authorities when required by law, or when aligned with the “Compliance With Standards Rule” [section 1.310.001].

But the complexity deepens further. Various regulators, including bodies like the SEC and state boards of accountancy, may impose additional rules regarding the handling of noncompliance that go beyond this NOCLAR interpretation. To complicate matters, state and federal laws can introduce additional layers of complexity.

So, how does a CPA navigate this intricate ethical landscape? Here’s a step-by-step ethical code guide when a CPA encounters credible information suggesting a NOCLAR:

Step 1: Seek a comprehensive understanding of the matter, delving into the nature of the act and the circumstances surrounding it while considering whether any specific professional standards—like auditing or tax—provide guidance.

Rely on your knowledge and professional judgment.

Step 2: Address the matter directly by engaging in discussions with the appropriate level of client management or governance or with the next higher level of authority within your organization.

Step 3: Assess whether it’s necessary to withdraw from the engagement or employment by evaluating the timeliness and appropriateness of management’s response and, where applicable, the response of those overseeing governance. Don’t hesitate to seek internal or external consultation for a deeper understanding of your options and their implications.

Step 4: Finally, consider the importance of thoughtful documentation. Documentation is not required but it is encouraged. Record the details of what you encountered and the actions you took.

It’s not just CPAs in public practice that may encounter NOCLAR that triggers professional ethics responsibilities. CPAs in business could come across NOCLAR, as well. The Code defines a CPA in business as a “senior professional accountants in business” has more responsibilities than non-senior accountants.

The Code defines “senior professional accountants in business” as “directors, officers or senior employees able to exert significant influence over, and make decisions regarding, the acquisition, deployment and control of the employing organization’s human, financial, technological, physical and intangible resources” (see paragraph .14 of ET section 2.180.010).

CPAs who are senior professional accountants in business have more responsibilities than non-senior professional accountants because of their higher leadership levels and influence within the organization. Depending on their specific role in the business they may be part of the internal control structure that sets the tone at the top, and their work may directly involve developing or performing control procedures to prevent, detect and report instances of NOCLAR

In the ever-evolving realm of accounting ethics, CPAs must remain vigilant, principled and unwavering in their commitment to serve the public interest. The new NOCLAR interpretation is not just a guideline; it is a testament to the profession’s dedication to ethical excellence.

When confronted with noncompliance or suspected noncompliance, CPAs adhere to a set of objectives:

• Uphold the Integrity and Objectivity Rule [section 1.100.001].

• Alert management or those overseeing governance, encouraging them to rectify or prevent the noncompliance.

• Consider the option of withdrawing from the engagement if permitted by law and regulation.

• Comply with all relevant laws, regulations and the Compliance With Standards Rule [section 1.310.001].

This commitment to ethical excellence underscores the enduring essence of the CPA profession in serving the public interest.

This article is for educational purposes and it explores the major provisions of the new rule and is a general overview, but is not a substitute for reading the full provisions and considering the individual facts and circumstances and other relevant rules, including regulations and professional standards.