Ready, Set, NOCLAR

by Ashley Kittrell | Jun 28, 2018

If you're wondering where NOCLAR came from and what it means for the CPA profession, you came to the right place.State Board of Accountancy board member, Tom Neill, CPA provides background information and insight into how NOCLAR standards will affect CPAs as well as where they are in the implementation process.


NOCLAR is Non-Compliance with Laws and Regulations. And let me start by giving you a little bit of history on this. This was originally an interpretation that was dealt with by an organization called IESBA, the International Ethics Standards Board for Accountants. They are a subset of IFAC, the International Federation of Accountants. They looked at this back in 2012 and really dealing with the idea of suspected illegal acts.

They rolled out a pronouncement. It was responded to pretty much worldwide negatively. They pulled that back and reissued the pronouncement in 2016 with final issue in 2017. The professional ethics executive division of the AICPA, who are the standard setters for the Code of Conduct then picked this up as a project for inclusion in the Code of Conduct on a go-forward basis. They issued a pronouncement in 2017 with a comment period. Due to kind of an overwhelming response, they pulled it back and they're now working on this as we go forward.

When we talk about what is NOCLAR, bear with me I'm actually going to read kind of their definition. "NOCLAR comprises acts of omissions or commission, intentional or unintentional, committed by a client or an employer, or by those charged with governance by management, or other officials and individuals working for or under the direction of a client or employer, which are contrary to the prevailing laws or regulations." Long worded mess.

The laws recognized by the interpretation include those that are generally recognized to have a direct and material effect on the financial statements or disclosures. Or there might be laws in place where non-compliance with which would affect the abilities of the entity to continue as a going concern, or to have significant fines levied against the organization. So that's kind of what NOCLAR is.


And why this is important. There's a number of reasons. And this is where it can get very difficult to deal with in terms of how the pronouncement is rolled out. It places the professional accountant, whether you're in public practice or business and industry or government, in a position where you need to be alert to potential violations of laws and regulations.

So, relative to the service you're providing, you would need to know what are the laws relative to the service I'm providing or things that matter to the company where there might be an impact on the financial statements or its ability to continue. So it places a weird onus on the CPA to be aware of all that but also to be knowledgeable at least about how those laws interplay with the client.

For members in public practice and in particular those who are performing the attest function, while not modifying or changing the underlying standards now in the audit side, it does propose guidance that goes beyond that and puts a higher onus if you will on that CPA to fulfil your ethical obligations relative to the performance of the service. And it also puts the professional accountant in a position to need to be mindful of their obligations under the client confidentiality rules in the AICPA Code of Conduct that comes in two areas. Section 1.700 relative to members in public practice but for those in business industry and government it's the confidential information obtained from employment or volunteer activities section which is 2.400 of the Code of Conduct.

It also requires the accountant to be knowledgeable of their state laws and statutes around confidential information because there is some inherent conflicts between these.

Where this law comes into play it starts to parse, really, what type of CPA you are and where you're practicing. For the members in public practice, what it requires is that if you do see a suspected non-compliance situation or an actual non-compliance situation, you have a series of steps you need to follow through.

First is to obtain an understanding of the issue, which then is putting again that onus on the CPA to have a handle on kind of what are the laws and rules around what I'm seeing and how should I respond? You are then required in that public practice realm to discuss this with the appropriate level within the organization either to management or to those charged with governance.

The next item then is to determine how is the client going to rectify the matter? Are they going to be able to rectify the matter? And then the CPA has to determine do I need to disclose this either further up in the organization or outside the organization? In that situation, that's where you run into conflict with the client confidentiality rules. Under Washington state law, you can't do that. Under the current confidentiality rules that are found in the Uniform Accountancy Act, you can't do that. So we have an inherent conflict now with those two types of statutes.

If the CPA in public practice is performing a service for one of their attest clients, it might be a non-attest service for an attest client, they're required to communicate that non-compliance or suspected non-compliance with the attest team.

But if they're performing a non-attest service, or whatever service they might be providing, but they're not the auditors or their firm is not the auditors of that client, they're prohibited from disclosing that with the outside auditor. So, you now have again a prohibition on what you can do. No matter what happens, you're required to document the entire process in your own personnel files, or in the company files however you document that internally.

You flip this around for a little bit for those who are in business and industry or government. And what PEAK has done is they've defined CPAs in that role two different ways. You have members of what are called “senior professionals,” and I need to read their definition. "Directors, officers, senior employees able to exert significant influence over, or make decisions regarding the acquisition, deployment, and control of the employing organization's human, financial, technological, physical, and intangible resources." That's a big mouthful as well.

For that senior accounting personnel, what they're required to do is fairly similar. They have to determine what the nature of the matter is, who are the affected parties, what are the relevant laws, regulations, what are the potential consequences to the company to investors, to the public, if there is in fact non-compliance?

Secondly, they have to address the matter. They've got to communicate that to those charged with governance within the organization. They have to determine what actions will be taken to rectify the non-compliance, and they have to seek to deter future non-compliance. They also have to look at the Code of Conduct relative to whether they have an obligation to fulfill to report this to their external auditor if there is in fact one.

They also have to determine further action. If there is further action necessary within the entity, what is that to be? If the entity is not willing to resolve or deter the noncompliance in the future, the obligation is to resign their position. So the CPA would have to quit their job. Again documentation is required.

For people who are in that position as CPAs who are not senior professional accountants, it's not quite as bad and onerous, but again they have to obtain an understanding, nature, extent, timing of the problem, what are the laws that are in play? How do they get rectified? Can they be rectified?

They are then required to communicate that to their immediate supervisor unless the immediate supervisor is suspected of being part of the suspected or actual noncompliance. Then they have to move up the ladder. They also need to talk about addressing the matter, what's going to be done to resolve this? They also need to determine whether they need to talk to the outside auditor as well in this given situation. And again they got to document it. So we're back to that same type of paperwork that needs to be done in their file.


As I’ve noodled on this question, what are the problems that CPAs are going to face. On the one hand it now creates for the CPA a need to be alert to possible violations of laws and regulations or suspected violations of laws and regulations. It creates the need for the CPA to begin to assess what’s material to the financial statements or financial reporting or not; whether it’s inconsequential. So, for example you could have a senior management official of an organization get a DUI. Is that going to impact the financial statements or not impact the financial statements? Hard to know, because the interpretation doesn’t clearly define what “inconsequential” is.

And oftentimes that type of thing is in the eye of the beholder. It does create the need for the CPA to be a kind of a legal expert as well, which is not the role we’re trained to be in. And it does have the inherent conflicts problem. You know, I thought about numerous types of violations of laws and regulations or suspected violations. It could result in bad things happening to the company.

In the one that’s in the news even today was the Weinstein company—how the actions—as reprehensible as they are—of a senior management personnel, not only impacted the company but took it down completely. Somebody could have easily assessed, “Oh that’s not that big a deal, he’s just being one of the old guys.” Whereas the other people would say, “No, this is critical.” So, we run into that issue for CPAs where we now need to assess this stuff, which isn’t the role that we’ve been trained to do. And that’s where I see some of the inherent problems.


Right now where the Board of Accountancy is, is they're really waiting to see what PEAK comes up with and where the Uniform Accountancy Act committees come up with. So, the Board is pretty much taken a "let's step back and wait" role primarily because PEAK and the UAA committees need to work together to come to a solution that makes sense relative to not only the model act but also the code of conduct.

So we try to minimize the inherent conflicts that are built into this proposed interpretation right now and try to get that down to the point where it makes more sense. That being said, we will still have the issue in board rule here in Washington regarding communication of confidential information and how that gets resolved.

You are not allowed to post comments.


The Washington Society of Certified Public Accountants is the only organization in the state of Washington dedicated to serving the professional needs of CPAs, educating consumers about CPAs and the services they provide, and encouraging students to study accounting and enter the profession.

Your Profession. Your Future. Your Advocate.


Washington Society of CPAs
902 140th Ave NE
Bellevue, WA 98005-3480

  • (P) 425-644-4800
  • (F) 425-562-8853

The WSCPA's business hours are 7:30 a.m. to 4:30 p.m., Monday through Friday.