What is National Financial Reporting Authority?



What is it?

The Union Cabinet on March 1 approved the creation of a National Financial Reporting Authority (NFRA), a big step forward in regulating the financial audit of large companies.

The NFRA is to be an independent regulator overseeing the auditing profession, and its creation was first recommended by the Standing Committee on Finance in its 21st report.

The Cabinet also approved the creation of the posts within the regulator — that of a chairman, three full-time members, and one secretary — though no decision has yet been taken on who will fill these posts.

How did it come about?

While many provisions of the Companies Act, 2013 came into force on April 1, 2014, the setting up of the NFRA, a key recommendation, was delayed.

The decision appears to have been prompted by the latest bank scam to have hit the headlines — the ₹12,636 crore Punjab National Bank fraud that went undetected by auditors.

The Institute of Chartered Accountants of India (ICAI) had initially voiced its discontent with the idea of a regulator for the sector, saying the existing structure was adequate.

The government has clarified that the roles of the new regulator and those of the ICAI will not overlap.

While announcing the decision to create the body, Finance Minister Arun Jaitley said the NFRA would cover all listed companies and large unlisted companies, the benchmark size for which would be set down in the rules.

Smaller unlisted companies would continue to be audited by the ICAI, he said, adding that the Centre could also refer other entities for investigation “where public interest would be involved.”

The government also said the Quality Review Board (QRB) would continue quality audits for private limited companies, and public unlisted companies below the prescribed threshold.

The NFRA would also have the power to refer cases to the QRB as and when it decided to do so.

The government said the ICAI would continue to play its advisory role with respect to accounting and auditing standards and policies by making its recommendations to the NFRA.


The content of the articles is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.



Internal Controls, Anti-Fraud Strategies for Companies in India

Internal Controls

Internal Controls


India is among the world’s fastest growing emerging markets, aided by liberal foreign investment policies and an expanding consumer base.

This has catapulted the number of market players and led to high levels of competition in each industry, often exposing firms to the threat of fraud and other risks.

A recent industry survey showed that in 2017, 89 percent of the companies based in India were victims of at least one instance of fraud; 33 percent of them suffered revenue losses of more than seven percent due to this.

Foreign investors expanding to the Indian market therefore need to prioritize conducting due diligence when entering into partnerships and contracts with firms and vendors in India.

Aside from the due diligence review, firms should pay key attention to daily compliance associated with financial reporting, security of company assets, floor operations, and inventory assessment, among other business activity records.

Fraud Prevention in India

Broadly speaking, fraud can be perpetrated by an individual or agency from within an organization or external to the organization. It falls under three main categories: asset misappropriation, fraudulent accounting and financial reporting, and corruption.

The three most common factors that determines a company’s exposure to fraud are incentives or pressures, opportunity, and rationalization.

To reduce their risk exposure, companies must put in place clear internal control mechanisms that can prevent, detect, and deter fraudulent behaviour conducted by employees, vendors, consultants, or various levels of management.

The Companies Act, 2013 first introduced the term ‘internal financial controls’ (IFC) in an effort to curb financial frauds in India. The Act directs companies to implement mechanisms that ensure the following:

  • Adherence to company’s policies;
  • Safeguard of its assets;
  • Prevention and detection of frauds and errors;
  • Accuracy and completeness of the firm’s accounting records; and,
  • Timely preparation of reliable financial information.

The Institute of Chartered Accountants of India (ICAI) issued an updated ‘Guidance Note on Audit of Internal Financial Controls over Financial Reporting or ICFR’ in September 2015, which mandates the involvement of an external auditor in the compliance process.

Several amendments to the Companies Act, 2013 focus on the prevention of fraudulent activities within a company, with explicit requirements for anti-fraud mechanisms for businesses varying by size and type of businesses.

The Companies (Amendment) Act, 2017 confers greater accountability to the directors and auditing professionals appointed by the business entity. It also makes directors and employees personally liable in case they are found guilty of committing fraudulent activities. The Act imposes financial penalties, and even imprisonment, in case of non-compliance.

Other Indian laws, such as the Prevention of Corruption (Amendment) Act, 2011, the Whistle blowers Protection Act, 2011, the Right to Information Act, 2005 (RTI), the Information Technology Act 2000 (IT Act), and the Prevention of Money Laundering Act, 2002 (PMLA) aim to protect companies from fraud.

Internal controls prevent, detect, and deter fraud

Aside from the financial loss, the experience of fraud devalues a company’s reputation & credibility & its performance in the market.

Preventing fraud thereby necessitates the implementation, monitoring, and periodic adjustment of risk management strategies and internal control systems.

Regulatory and legal recourse in India is still at the developmental stage, which puts the burden of fraud prevention on companies, and makes the implementation of internal controls a top priority.

Foreign companies with subsidiaries in India, often lack direct control over their firm’s day-to-day operations. Such entities must institute internal control and reporting mechanisms, ensure clarity of policy and penalty in the company handbook, and regularly follow up on any red flag issues.

Some important best practices for firms based in India are as follows:

  • Active assessment of risk factors and allegations by management and follow up on action taken;
  • Company behaviour and ethics code, which should be developed, documented, and communicated to employees;
  • Policy for whistle blowing, whereby management ensures the confidentiality and safety of information providers;
  • Proper compliance with laws and regulatory guidelines set up by the Indian government – such as the Whistle blowers Protection Act, 2011 or Prevention of Corruption Act, 1988;
  • Identifying key areas of focus particular to the relevant business model, to ensure efficient dedication of resources;
  • Focus on operational risks, such as asset misappropriations or bribery for supplier selection;
  • Transparency in accounting and financial reporting to prevent fraud or insider trading;
  • An audit committee that is independent of management, which must have knowledge of the company’s fraud risk exposure and steps taken by management to monitor and mitigate those risks;
  • Conducting company-wide fraud risk assessments to increase the visibility of management’s attitudes towards managing fraud risks and curbing individual rationalizations of fraudulent behavior; and,
  • Cooperation with police authorities. The Economic Offences Wing is set up under respective state police departments and is responsible for dealing with cheating and fraud cases in India. The EOW consists of a special committee of investigators, including finance professionals, and deals with cases of fraud amounting to US$440,000 (Rs 30 million) and upwards.

Below we discuss the most common instances of fraud, and how to curb them, at the floor management, middle management, and senior management levels.

Monitoring on-the-floor management – Stock, cash, data theft

Theft of physical assets is the most common type of fraud in most companies, especially in the manufacturing, trade, and retail sectors.

Senior management should look out for any discrepancy in inventory numbers, over ordering of products from suppliers, or large petty cash disbursements. Excessive write-offs or obsolete assets may also be an indicator of fraudulent activities.

On the other hand, protecting intangible assets, such as intellectual property rights and company data are of the utmost importance to companies.

Cyber-security officers should be appointed to prevent data breaches, and implement a system that automatically flags peculiar external communications or use of external storage devices on the company network.

Middle management – Bribery, corruption, procurement fraud

If managers are expected to entertain and dine suppliers or vice versa – a common business practice in India – a limited budget or proper reimbursement system should be in place, and policies related to this must be clearly defined in the company handbook.

Manager-supplier relations should be strictly professional, with limited influence over the procurement process by either party. Senior managers should flag discrepancies in quality, quantity, and price of products and audit all bills.

While the Prevention of Corruption Act, 1988, applies mostly to public sector employees in India, it has been used to prosecute corporate entities under certain provisions.

For example, using this Act, the federal agency, the Central Bureau of Investigation (CBI), recently booked the CEO of Air Asia for reportedly trying to manipulate government policy, using corrupt means, for business gain.

Additionally, companies may also adopt international best practices and conventions, such as the ISO standard PC278 or UK standard BS10500 to prevent corruption and bribery related fraud, provided they don’t run counter to India’s laws.

Upper management – Conflict of interest, financial fraud, insider trading

A conflict of interest occurs when a company’s employee is involved in related-party collaborations, rigging the supply system for personal gain.

The alleged ICICI-Videocon financial fraud, where a US$500 million loan was sanctioned by Chanda Kochhar, CEO of the Indian multinational bank ICICI, to manufacturing firm Videocon, which held a large stake in her husband’s firm NuPower Renewables, is a clear case of conflict of interest.

The subsequent writing off of the bank loans and its convoluted accounting trail has led to inquiries by the CBI – who are charged with assessing if this was a genuine loan or simply a case of financial fraud.

Other instances of financial fraud include when a company’s accounting statements are falsified to dupe investors and inflate the company value.

To prevent this from happening, company directors have to enforce the proper accounting and auditing of company books by qualified professionals who have no conflict of interest.

Insider trading is another common corporate offence – likely to happen in the higher rungs of management.

In this situation, individuals artificially inflate or deflate company stock by leaking confidential information into the market to manipulate share pricing.

Auditors and directors should beware of swinging share prices ahead of any major announcements, such as takeovers or bankruptcy; it could indicate a leak of information.


Foreign Investment Reporting Compliance in India

Foreign Investment Reporting Compliance in India

Foreign Investment Reporting Compliance in India

India’s central bank, the Reserve Bank of India (RBI), requires all Indian entities receiving foreign investments of any kind – to report the same by July 12. The deadline was announced last month through the A.P. (DIR Series) Circular No. 30, dated June 7, 2018. To secure this information, the RBI has introduced a new system of compliance.

New reporting compliance for foreign invested entities

Firms in India should note that the new application – the Foreign Investment Reporting and Management System (FIRMS) – subsumes all other forms of reporting compliance, and will be implemented in two phases.

In the first phase, a dedicated online module called the Entity Master was made accessible for public data entry on the RBI’s website from June 28 till July 12. The registration deadline on the FIRMS interface has now been extended to July 20, but firms should ensure reporting compliance ahead of time to avoid regulatory risks.

In the second phase, a second module containing nine reports will be released on August 1, 2018.

Single reporting format

Under the online FIRMS interface, the RBI provides a single reporting format called – the Single Master Form (SMF) – through which details of the total foreign investments made in an entity will be recorded.

The SMF must be filed irrespective of the mode or structure of foreign investment into the entities.

Any entity found to be non-compliant may not be able to receive further foreign investments, including foreign direct investment (FDI), as regulated by the provisions of the Foreign Exchange Management Act of 1999.

Which entities must comply with the new reporting requirements?

The new reporting compliance is meant for the following types of entities:

A company as per section 1(4) of the Companies Act, 2013;

A Limited Liability Partnership (LLP) registered under the Limited Liability Partnership Act, 2008; and,

A startup, which complies with the conditions laid down in Notification No. G.S.R 180(E) dated February 17, 2016 issued by Department of Industrial Policy and Promotion, Ministry of Commerce and Industry, Government of India.


The content of the articles is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.