The much-awaited Companies Act 2013 is a landmark legislation that could have far-reaching effects on businesses by seeking to create a better business environment with robust corporate governance standards. Among these standards is a provision making it mandatory for listed companies to establish a "vigil mechanism" for reporting "genuine concerns". Further, the draft rules issued by the ministry of corporate affairs on August 8, 2013, have proposed to extend this to companies that accept deposits from the public, and companies that have taken money from banks and public financial institutions of more than Rs 50 crore. These provisions and the proposed rules have wide ramifications for independent directors and auditors.
Independent directors as custodians of corporate integrity: The code for independent directors is set out in Schedule IV (section 149(8)) of the Act. Under this code, the duties of independent directors include to "ascertain and ensure" that the company has an "adequate and functional" vigil mechanism and that the interests of the person using this mechanism are not prejudicially affected. It also entails that independent directors are responsible for reporting concerns about unethical behaviour, actual or suspected fraud or violation of the company's code of conduct or ethics policy.
This code implies that independent directors have no option but to spend more time on matters related to the company, specifically in relation to the vigil mechanism. Now, a review of documentation and interviews may be enough to determine whether a mechanism is in place. But to determine whether it is "adequate and functional" and that the interests of a person using the mechanism have not been prejudicially affected, the independent directors may need to review the concerns received by the audit committee, the investigation initiated, the corrective action and reporting, if any. This may also require a review of the adequate and auditable documentation of all the concerns received, minutes of the deliberations, investigation working papers and so on for all cases reported.
Given that there can be several "genuine concerns" received through the vigil mechanism in a year, independent directors may or may not have the bandwidth to carry out an in-depth review of all cases. Also, it may not be possible for all the independent directors to have the skills to evaluate the evidence.
Auditors - blowing the whistle to government, audit committee and the board: Under section 143 (12) and the draft rules, an auditor is required to report a matter to the central government (with a copy to the audit committee or the board) if he has sufficient reason and information to believe that an offence involving fraud that can materially affect the company is being committed against the company by employees or directors. The draft rules further define materiality as fraud(s) occurring frequently and the amount involved not being less than five per cent of the net profit or two per cent of the turnover in the preceding year.
For frauds that are not material, the auditor has to send a report to the audit committee or the board, if there is no audit committee. In both cases, if the auditor is not satisfied with the action taken by the audit committee or the board, he may report to the central government even if the fraud is not material.
Given the nature of his role, the debatable point is that although the auditor may apply the monetary percentage to determine materiality, he may not have the expertise to quantify the amount involved.
Further, to consider the condition of frequency, the auditor may have to:
- understand the explanation to section 447, which defines fraud and is fairly broad and goes beyond financial fraud. The definition is "any act, omission, concealment of any fact or abuse of position committed by any person or any other person with the connivance in any manner, with intent to deceive, to gain undue advantage from, or to injure the interests of, the company or its shareholders or its creditors or any other person, whether or not there is any wrongful gain or wrongful loss" Clearly, this does not limit the scope to financial fraud, but may also include instances of other commercial crime as well.
- review the vigil mechanism to identify instances of frequent fraud and one of the possible sources of information would be the vigil mechanism.
For the auditor reporting to the central government and/or audit committee or the Board, the definition of fraud has been limited to ones committed by the employees or officers of the company. There is surely more clarity required in terms of the scope of auditors vis-a-vis kind of frauds to be reported and review of vigil mechanism. For example, would the scope of the auditor include reporting commercial fraud or kickbacks, which eventually injure the interests of the company, shareholders and creditors?
There is no doubt that the provisions of the Act and the draft rules are aimed at achieving better corporate governance, but there is clearly a need to clarify some major issues. For instance, what exactly do independent directors need to do to "ascertain and ensure" that the company has an "adequate and functional" vigil mechanism? What does "adequate and functional" mean? What documentation does a company need to maintain with respect to the vigil mechanism? Are there provisions for the use of experts for evaluating the mechanism and documentation? What about the auditor's responsibilities with regard to reviewing the vigil mechanism?
Indian regulators may also consider global leading practices - such as allowing outsourcing of the mechanism, allowing anonymity (though there is nothing prohibiting it either in the act) and making it mandatory for all companies to have code of conduct/ethics and a fraud response plan - and accordingly come out with rules that will lead to a mechanism that is practically implementable and an effective tool for detection and prevention of fraud and unethical behaviour.