IN SUMMARY

This article provides an introduction to the legal concept of fraud in general and corporate fraud in particular, including recent case law on the same. It explores various aspects – what constitutes a fraud, legal, contractual and practical requirements to report corporate frauds by companies, and other obligations of the board, audit committee, senior management and the statutory auditors, that are triggered on the occurrence of a fraud. A fraud (depending  on its nature and quantum) can trigger consequences under other laws – and these consequences are also briefly discussed.

DISCUSSION POINTS

• The legal concept of fraud under Indian law, with focus on the term ‘fraud’ as defined under the Companies Act, 2013
• The obligation to report fraud in public documents
• Reporting and other obligations of board of directors, audit committee, senior management and statutory auditors
• Consequences of corporate fraud under other laws.

REFERENCED IN THIS ARTICLE

• Companies Act 2013 (specifically sections 143(12), 447 and 448)
• Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015
• Companies (Auditor’s Report) Order, 2020
• Guidance Note issued by the Institute of Chartered Accountants of India on reporting of fraud under section 143(12) of the Companies Act, 2013
• Prevention of Corruption Act, 1988
• Prevention of Money Laundering Act, 2002

Introduction to corporate fraud: obligations of board, audit committee and the senior management

Introduction – ‘fraud’ under Indian law

Fraud is a legal concept that is often easier to understand than to define. There are no exhaustive criteria that circumscribe fraud generally under Indian law. As an example, while the Indian Penal Code 1860 (IPC) does not define ‘fraud’, there are various offences that involve fraud as an element – forgery, cheating, making false documents, etc. Section 25 of IPC provides that ‘a person is said to do a thing fraudulently if he does that thing with intent to defraud but not otherwise’. The Indian Contract Act, 1872 also sets out certain acts committed with intent to deceive that would be considered to be fraud, affecting the validity of the contract.[1] Fraud under Indian jurisprudence has evolved in a very broad sense as a part of tort, civil and criminal jurisprudence.

In SP Changalvarayu Naidu v Jagannath, [2] the Supreme Court of India observed that ‘a fraud is an act of deliberate deception with the design of securing something by taking unfair advantage of another’. The two ingredients that constitute a fraud are deceit and injury. [3] In Essel Propack Limited v Union of India & Ors, [4] the Bombay High Court observed that there must be an intent to deceive to constitute the offence of fraud. The court further noted that when an allegation of fraud is made, it must be enquired into and evidence must be led to prove fraud after granting a reasonable hearing to the party accused of fraud. The court emphasised that no conclusion of fraud can be drawn on mere allegation and by way of inference.

Corporate fraud under Companies Act, 2013

The term ‘fraud’ is defined in section 447 of the Companies Act, 2013 (Companies Act) as below:

‘fraud’ in relation to affairs of a company or any body corporate, includes any act, omission, concealment of any fact or abuse of position committed by any person or any other person with the connivance in any manner, with intent to deceive, to gain undue advantage from, or to injure the interests of, the company or its shareholders or its creditors or any other person, whether or not there is any wrongful gain [5] or wrongful loss. [6]

The key elements of this definition are:

• the matter must relate to affairs of the company;
• it may be in the nature of an act, omission, concealment of fact or abuse of position (inclusive definition); and
• there has to be an intent to deceive, gain undue advantage or injure the interests of company, shareholders, creditors or any other person.

Notably, fraud under section 447 does not require that there be a wrongful gain or wrongful loss. The interpretation of the phrase ‘any other person’ should arguably be limited, based on the facts involved.

The Companies Act designates certain matters to be punishable as fraud under section 447 – for example, misstatements in certain documents required to be maintained under the Companies Act. Section 448 reads as follows:

Save as otherwise provided in this Act, if in any return, report, certificate, financial statement, prospectus, statement or other document required by, or for, the purposes of any of the provisions of this Act or the rules made thereunder, any person makes a statement –
(a) which is false in any material particulars, knowing it to be false; or
(b) which omits any material fact, knowing it to be material, he shall be liable under section 447.

There is paucity of case law interpreting fraud under the Companies Act (given its recent vintage). However, given that punishment for fraud (involving an amount of 1 million rupees or more) under section 447 involves a minimum imprisonment for six months in addition to a penalty of at least the amount involved in the fraud (and additional consequences, such as fraud under the Companies Act being a scheduled offence under the Prevention of Money Laundering Act, 2002), it can be argued that, despite the exhaustive definition, every wrongdoing ought not to be considered as fraud. As an example, there ought to be a clear distinction between fraud (as defined in the Companies Act) and failure to meet a duty of care (or negligence per se). Additional nuances would vary depending on the facts of each case. However, certain recent case law have touched upon the issue of fraud, which are referred to below.

In Prabhat Kumar v SFIO, [7] while interpreting section 447 of the Companies Act, the Delhi High Court observed as follows:

in relation to the affairs of the company or any body corporate whether or not there is any wrongful gain or wrongful loss to the applicant himself or to any person, the invocation of fraud in terms of Section 447 of the Companies Act, 2013 comes into play once there is an act, omission, concealment of any fact or abuse of position committed by any person or any other person with the connivance in any manner with intent to deceive or to gain undue advantage from or to injure the interests of the company or its shareholders or its creditors or any other person.

Similarly, in Doraisamy v the State, [8] the Madras High Court observed that it is very clear that while dealing with the affairs of a company, if any person abuses their position with an intent to deceive, to gain undue advantage from, or to injure the interests of a company or its shareholders or its creditors or any other person, that person is deemed to have committed fraud.

In Gaurav Kumar v Serious Fraud Investigation Office, [9] the Delhi High Court made the following observation while interpreting sections 447 and 448 of the Companies Act:

It is apparent thus that in terms of the ambit of Explanation-(i) to Section 447 of the Companies Act, 2013 which defines ‘fraud’ for the purpose of the said Section, a false statement in relation to in any return, report, certificate, financial statement, prospectus, statement or other document required by, or for, the purposes of any of the provisions of this Act or the rules made thereunder, any person makes a statement which is false in any material particulars, knowing it to be false or which omits any material fact, knowing it to be material, would fall within the ambit of Sections 448 and 447 of the Companies Act, 2013 as sought to be contended on behalf of the petitioner.

In Vikas Agarwal v Serious Fraud Investigation Office, [10] the Delhi High Court noted that the definition of fraud provided in the explanation to section 447 of the Companies Act makes it clear that the prosecution is to relate to the company in the first instance and also to other persons who have in any manner connived in commission of the offence to gain undue advantage.

Responsibility of directors, audit committee and senior management

Putting in place systems and processes for prevention and detection of fraud is an important part of the role of the board of directors, audit committee and senior management of a company. Directors (as a part of the directors’ responsibility statement forming part of the board’s report to be provided annually to shareholders under the Companies Act) are required to state several matters that relate (directly or indirectly) to systems and processes to prevent corporate fraud.11 The role of the audit committee under the Securities and Exchange Board of India (SEBI) (Listing Obligations and Disclosure Requirements) Regulations 2015 (SEBI LODR Regulations) includes the following:

reviewing the findings of any internal investigations by the internal auditors into matters where there is suspected fraud or irregularity or a failure of internal control systems of a material nature and reporting the matter to the board.

Additionally, the compliance certification to be provided by the chief executive officer and chief financial officer to the board of directors of a listed company under the SEBI LODR Regulations includes the disclosures relating to fraud. [12]

Typically, knowledge of a suspected fraud arises in one (or more) of the following ways:
• complaint by a whistle-blower: this is typically addressed by either (one or more of ) the board of directors, audit committee (or by the chairman or specific members of the audit committee), senior management, compliance officer or legal department – and, in several instances, is made through the designated whistle-blower mechanism that companies have (in the case of several subsidiaries of multinational corporations, this results in the complaint reaching the ultimate parent’s headquarters outside India);
• in the course of an internal audit;
• in the course of an audit (by statutory auditors);
• investigation (by a regulatory authority); or
• fraud risk assessment.

These are not exhaustive in nature and there are other methods as to how a fraud may be discovered – for example, analyst reports (for listed companies) and complaints by competitors.

Reporting obligations and relevant considerations

Reporting obligations relating to fraud under the Companies Act

The report issued by statutory auditors to the company’s shareholders (which is a public document) is required to disclose frauds (irrespective of who discovered them) – the statutory auditors, under Companies (Auditor’s Report) Order, 2020 (which is applicable from the financial year starting 1 April 2021), are required to report occurrence of fraud as a part of their audit report (which was also a requirement under its preceding order, being the Companies (Auditor’s Report) Order 2016). [13] Certain frauds are also required to be disclosed in the board’s report (which is also a public document).

Pursuant to section 143(12) [14] of the Companies Act, if the statutory auditors of a company, in the course of the performance of their duties as an auditor, have a reason to believe that an offence of fraud has been committed in (or against) the company by its officers or employees individually involving an amount of 10 million rupees or above, then the statutory auditors are required to report the same to the central government, subject to the conditions set out below. However, pursuant to a guidance note issued by the Institute of Chartered Accountants of India (the Guidance Note), [15] statutory auditors are not required to report fraud (even if it exceeds the monetary threshold referred to above) to the central government if such statutory auditor is not the first person to identify or note such instance in the course of performance of his or her duties as a statutory auditor. Hence, if the fraud has been identified through the whistle-blower mechanism and has been or is being remediated and dealt with by the management, and if the matter is informed to the statutory auditor, the statutory auditor is not obliged to report the same to the central government as it has not identified the fraud itself. However, this is subject to the following conditions in the Guidance Note:

• the auditor is required to apply professional scepticism as to whether the fraud was indeed identified or detected in all aspects by the management or through the whistle-blower mechanism; and
• the auditor is required to review the steps taken by the management or those charged with governance with respect to the reported instance of suspected fraud.

If the auditor is not satisfied with such steps, he or she should state the reasons for his or her dissatisfaction in writing and request the management or those charged with governance to perform additional procedures to enable the auditor to satisfy himself or herself that the matter has been appropriately addressed. If the management or those charged with governance fail to undertake appropriate additional procedures within 45 days of his or her request, the auditor would need to evaluate if he or she should report the matter to the central government.

Once the statutory auditors are informed of the issue, they would typically seek full details of the allegations received and investigation done, including the investigation reports and other relevant documents. Statutory auditors generally involve their forensic team to undertake this assessment and provide inputs to the audit team. The Guidance Note also includes guidance on other matters, which would be relevant in specific matters (eg. whether an auditor of a holding company would need to report to the central government in the case of a fraud in a subsidiary).

Reporting obligations relating to fraud under the SEBI LODR Regulations

Under the SEBI LODR Regulations, occurrence of any of the following is required to be disclosed to stock exchanges (which is then disseminated to the public) as soon as reasonably possible (and not later than 24 hours from occurrence):

• any fraud or default by a promoter or key managerial personnel of the listed entity (or the arrest of a promoter or key managerial personnel) – the same is deemed to be a material event, triggering disclosure obligations; and
• fraud and defaults by directors (other than key managerial personnel) or employees of the listed entity, if the same is considered to be material.

The SEBI LODR Regulations have a prescriptive disclosure regime, and provide for a detailed set of disclosures, both at the time of initial disclosure and pursuant to subsequent developments. [16] One of the prescribed disclosures to the stock exchanges is corrective actions – which, along with remediation, is also an important element of  disclosure to auditors (as elaborated below). Additionally, pursuant to recent amendments, the SEBI LODR Regulations now mandate a two-stage disclosure process for initiation of a forensic audit along with (1) name of the entity initiating the audit; (2) reasons for the initiation of the audit, if available; and (3) final forensic audit report along with comments of the management, if any.

Reporting obligations relating to fraud under contractual agreements

Additionally, there are contractual obligations and commitments that could mandate disclosure of any fraud (or of any underlying acts or omissions constituting the fraud) – examples are joint venture contracts, lender contracts, key supplier contracts and contracts with government agencies. A common example of disclosures required is that certain kinds of fraud (especially improper payments) form a part of pre-qualification criteria in integrity pacts (usually) forming part of contracts executed with government authorities.

Fraud – self-reporting to auditors, reporting by auditors and related matters

Self-reporting to auditors
Often, in instances where the details of the allegations are received by the ultimate holding company (as a part of a global whistle-blowing programme) and where these are investigated by the holding company and its advisers (without the involvement of local management), the manner and timing of disclosure to the local management and auditors is an important consideration. Self-reporting obligations to the statutory auditors is covered broadly in the following ways.

Management representation letters

Statutory auditors in India typically require extensive disclosures to be made to them on matters related to a company and its financial position pursuant to issuance of one or more management representation letters (MRLs) by companies. These MRLs  are typically signed by senior management (usually the managing director or chief executive officer and the chief financial officer). An MRL is relied upon for finalising audited accounts that would need to be approved by the board of directors of the company. Several confirmations contained therein are typically those required by Indian accounting standards. Compliance with Indian accounting standards is a legal requirement. Typical MRLs (especially those required by larger Indian auditors) require extensive disclosures relating to fraud – including actual fraud on or by the company, suspected or alleged fraud including any fraud reported during the year (whether through internal or external sources) and all details in relation thereto.

Directors’ responsibility statement

Disclosures arising out of the directors’ responsibility statement are detailed earlier.

Directors and relevant signatories are liable to prosecution for incorrect statements made by them in the accounts or in the directors’ responsibility statement (which would include those flowing into the accounts based on any incorrect statement in the MRL).

Reporting by auditors

If the auditors believe that they need to report the fraud, under the Companies (Audit and Auditors) Rules, 2014 the reporting would happen in Form ADT-4, which broadly covers the following disclosures relating to the fraud:

• address of the office or location where the suspected offence is being committed;
• full details of the suspected offence involving fraud;
• particulars of the officers or employees who are suspected to be involved in the commission of the offence (if any) with their names, designation, permanent account numbers and director’s identification numbers (if they are directors);
• period during which suspected fraud had occurred;
• basis on which fraud is suspected;
• estimated amount involved in the fraud; and
•other relevant details, including communication with the company as mandated under the relevant rules (and referred to above).

Additionally, under the Companies (Auditor’s Report) Order, 2020, statutory auditors are also required to provide details of any frauds that have been reported to the central government and whether they have considered the whistle-blower complaints received by a company. [17] Any such intimation where the central government is of the opinion, that it is necessary to investigate would typically be investigated by the Serious Frauds Investigation Office (SFIO). In some instances, the findings of the investigation and subsequent prosecution may lead to unlimited liability on any director, key managerial personnel, other officer of the company or any other person or entity. As per a newspaper report dated 15 September 2020, [18] 29 investigations have been completed by the SFIO in the three financial years starting from 2017–18 to 2019–20 wherein 576 companies were involved – and as per data on the SFIO website, [19] it completed investigations into 87 cases in 2016–2017.

Consequences of fraud under other laws

Any act (or omission) that constitutes fraud under the Companies Act could also trigger penal consequences under other statutes – a typical example is whether expenses claimed in past tax returns have been appropriately claimed. Another example is where such fraud would constitute an offence that is mandatorily reportable under the provisions of section 39 of the Code of Criminal Procedure, 1973.

There are some statutes that provide for leniency in the case of self-disclosures (or voluntary disclosures), although such examples are sparse under Indian law – needless to say, such disclosures should ideally be a part of an overall strategy taking into account potential implications under the Companies Act, listing-related obligations (if the entity is listed) and other relevant statutes, pursuant to an appropriately conducted and robust investigation.

Prevention of Corruption Act, 1988

If the fraud involves improper payments, the same would also attract the penal provisions of the Prevention of Corruption Act, 1988 (PCA). The PCA provides that any commercial organisation (which includes companies) shall be punishable with a fine, if any person associated with such commercial organisation [20] gives or promises to give any undue advantage to a public servant intending to obtain or retain: (1) business for such commercial organisation; or (2) an advantage in the conduct of business for such commercial organisation. However, the PCA provides that such organisation can raise a defence that it had in place adequate procedures in accordance with prescribed guidelines to prevent persons associated with it from undertaking such conduct.

If an offence is committed by a commercial organisation under the PCA, and that offence is proved in court to have been committed with the consent or connivance of any director, manager, secretary or other officer of the organisation, such director, manager, secretary or other such officer are liable to be proceeded against and be punishable with imprisonment ranging between three years and seven years and a fine.

The PCA also has provisions for matters relating to attachment and confiscation of money or property procured by way of an offence under the PCA. There are other provisions of the PCA that would apply to directors and other officers (eg. abetment of offences), which also carry liability for imprisonment ranging between three years and seven years. Further, a subsequent conviction following the first conviction under the PCA is punishable with imprisonment ranging between five years and 10 years and a fine.

Prevention of Money Laundering Act 2002

The Prevention of Money Laundering Act, 2002 (PMLA) seeks to prevent money laundering and to provide for confiscation of property derived from or involved in money laundering. The offence of money laundering relates to ‘proceeds of crime’ (including, inter alia, its concealment, possession, acquisition or use). The phrase ‘proceeds of crime’ is defined with respect to property (or its value) which is derived as a result of criminal activity in relation to a ‘scheduled offence’. The offence of money laundering (as set forth in section 3 of the PMLA) arises from attempting to indulge or knowingly assisting or participating or being actually involved in any process or activity connected with the proceeds of crime – and the penal provisions under the PMLA apply primarily in relation to those proceeds of crime and the act of money laundering (which again refers to the proceeds of crime). Fraud under the Companies Act and offences by commercial organisations under the PCA (as set out above) are prescribed as ‘scheduled offences’ under the PMLA.

In the case of contraventions of provisions of the PMLA by a company, every person who, at the time the contravention was committed, was in charge of, and was responsible to the company, for the conduct of its business (as well as the company), shall be held liable for such offence, unless such person proves that the contravention took place without his knowledge or that he exercised all due diligence to prevent such contravention. If it is established that such contravention took place with the consent or connivance of, or is attributable to any neglect on the part of, any director, manager, secretary or other officer of any company, such director, manager, secretary or other officer shall also be held liable for the contravention, and shall be liable to punishment by way of imprisonment ranging between three and seven years and with fine.

The PMLA also has provisions for being liable to survey and search and seizure proceedings (including freezing of property), the ability for authorities to provisionally attach and confiscate the ‘proceeds of crime’ and pre-conviction arrest.

Footnotes:

1 Section 17, Indian Contract Act 1872.
2 AIR 1994 SC 853.
3 Vimla v Delhi Administration, AIR 1963 SC 1572.
4 2021 SCC Online Bom 457.
5 ‘Wrongful gain’ means the gain by unlawful means of property to which the person gaining is not legally entitled.
6 ‘Wrongful loss’ means the loss by unlawful means of property to which the person losing is legally entitled.
7 2021 SCC OnLine Del 1355.
8 2019 (3) MLJ (Crl) 60.
9 266 (2020) DLT 505.
10 MANU/DE/0606/2019.
11 Relevant provisions are reproduced below:
• ‘in the preparation of the annual accounts, the applicable accounting standards had been followed along with proper explanation relating to material departures’;
• ‘directors had taken proper and sufficient care for the maintenance of adequate accounting records in accordance with the provisions of this Act for safeguarding the assets of the company and for preventing and detecting fraud and other irregularities’;
• ‘the directors had devised proper systems to ensure compliance with the provisions of all applicable laws and that such systems were adequate and operating effectively’; and
• in the case of listed companies, the directors’ responsibility statement is also required to state ‘the directors, in the case of a listed company, had laid down internal financial controls to be followed by the company and that such internal financial controls are adequate and were operating effectively’.
The term ‘internal financial controls’ in the above-referred provisions ‘means the policies and procedures adopted by the company for ensuring the orderly and efficient conduct of its business, including adherence to company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information’.
12  Relevant portions are reproduced below:
• ‘there are, to the best of their knowledge and belief, no transactions entered into by the listed entity during the year which are fraudulent, illegal or violative of the listed entity’s code of conduct’; and
• ‘they have indicated to the auditors and the Audit committee . . . instances of significant fraud of which they have become aware and the involvement therein, if any, of the management or an employee having a significant role in the listed entity’s internal control system over financial reporting’.
13 The relevant language under Companies (Auditor’s Report) Order, 2020 reads: ‘whether any fraud by the company or any fraud on the company has been noticed or reported during the year, if yes, the nature and the amount involved is to be indicated’.
14 Section 143(12) of the Companies Act reads as follows:
Notwithstanding anything contained in this section, if an auditor of a company in the course of the performance of his duties as auditor, has reason to believe that an offence of fraud involving such amount or amounts as may be prescribed, is being or has been committed in the company by its officers or employees, the auditor shall report the matter to the Central Government within such time and in such manner as may be prescribed;
Provided that in case of a fraud involving lesser than the specified amount, the auditor shall report the matter to the audit committee constituted under section 177 or to the Board in other cases within such time and in such manner as may be prescribed:
Provided further that the companies, whose auditors have reported frauds under this sub-section to the audit committee or the Board but not reported to the Central Government, shall disclose the details about such frauds in the Board’s report in such manner as may be prescribed.
15 Guidance Note on Reporting of Fraud under section 143(12) of the Companies Act, 2013 (revised 2016).
16 Disclosures prescribed under the SEBI Circular dated 9 September 2015 (on continuous disclosure requirements for listed entities) are reproduced below.
At the time of unearthing of fraud or occurrence of the default / arrest:
• nature of fraud/default/arrest;
• estimated impact on the listed entity;
• time of occurrence;
• person(s) involved;
• estimated amount involved (if any);
• whether such fraud/default/arrest has been reported to appropriate authorities.
Subsequently intimate the stock exchange(s) further details regarding the fraud/default/ arrest including:
• actual amount involved in the fraud /default (if any);
• actual impact of such fraud /default on the listed entity and its financials; and
• corrective measures taken by the listed entity on account of such fraud/default.
17 The relevant language reads: ‘(b) whether any report under sub-section (12) of section 143 of the Companies Act has been filed by the auditors in Form ADT-4 as prescribed under rule 13 of Companies (Audit and Auditors) Rules, 2014 with the Central Government; (c) whether the auditor has considered whistle-blower complaints, if any, received during the year by the company.’
18 https://economictimes.indiatimes.com/news/politics-and-nation/sfio-completed-investigationsagainst-361-companies-last-fiscal-government/articleshow/78126455.cms?from=mdr.
19  https://sfio.nic.in/our_perf.aspx.
20 Under the PCA, the capacity in which the person performs services for or on behalf of the culpable commercial organisation shall not matter (irrespective of whether such person is an employee or agent or subsidiary of such commercial organisation). Further, all relevant circumstances (and not merely the nature of the relationship between such person and the organisation) are to be considered to determine whether such person performs services for or on behalf of the commercial organisation.

Authors:
Aditya Vikram Bhat, Senior Partner
Prerak Ved, Partner