This article provides an introduction to the legal concepts of fraud in general and corporate fraud in particular, including recent case law that has examined the same. It subsequently explores various aspects – how a fraud arises, legal, contractual and practical requirements to report corporate frauds by companies (to their auditors as well as to the general public), reporting requirements and other obligations of the board, audit committee, senior management as well as the role and reporting obligations of statutory auditors (including notifications to the central government in certain cases) that are triggered on the occurrence of a fraud. A fraud (depending on its nature and quantum) can trigger consequences under other laws – and these consequences are also briefly referred to.
- The legal concept of fraud under Indian law, with focus on the term ‘fraud’ as defined under the Companies Act 2013
- The obligation to report fraud in public documents
- Reporting and other obligations of board of directors, audit committee and senior management
- Reporting and other obligations of statutory auditors
- Consequences of corporate fraud under other laws
Referenced in this article
- Companies Act 1956
- Companies Act 2013 (specifically sections 447, 448 and 143(12))
- Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations 2015
- Companies (Auditor’s Report) Order 2020
- Guidance Note issued by the Institute of Chartered Accountants of India on reporting of fraud under Section 143(12) of the Companies Act 2013
- Prevention of Corruption Act 1988
- Prevention of Money Laundering Act 2002
Introduction to corporate fraud: obligations of board, audit committee and senior management
Introduction – ‘fraud’ under Indian law
Fraud is a legal concept that is often easier to understand than to define. There are no exhaustive criteria that circumscribe fraud under Indian law. As an example, while the Indian Penal Code, 1860 provides that ‘a person is said to do a thing fraudulently if he does that thing with intent to defraud but not otherwise’, the Indian Contract Act 1872 sets out certain matters that would be considered to be fraud, affecting the validity of the contract. Fraud under Indian jurisprudence has evolved in a very broad sense as a part of tort, civil and criminal jurisprudence.
Corporate fraud under Companies Act 1956
The Companies Act 1956 (which preceded the Companies Act 2013) did not define fraud. It did prescribe penal consequences for fraudulent conduct in several instances, including: penalty for fraudulently inducing persons to invest money in shares or debentures of a company; fraudulent persons could be restrained from managing companies; and liability for fraudulent preference in a winding up process.
The Companies Act 1956 also provided for certain confirmations and disclosures under the board’s report and auditor’s report – the current position as regards these confirmations and disclosures is covered in the discussion under the Companies Act below.
Corporate fraud under Companies Act 2013
The term ‘fraud’ is defined in section 447 of the Companies Act 2013 (Companies Act) as below:
‘fraud’ in relation to affairs of a company or any body corporate, includes any act, omission, concealment of any fact or abuse of position committed by any person or any other person with the connivance in any manner, with intent to deceive, to gain undue advantage from, or to injure the interests of, the company or its shareholders or its creditors or any other person, whether or not there is any wrongful gain or wrongful loss.
‘Wrongful gain’ means the gain by unlawful means of property to which the person gaining is not legally entitled. ‘Wrongful loss’ means the loss by unlawful means of property to which the person losing is legally entitled.
The key elements of this definition are:
- the matter must relate to affairs of the company;
- it may be in the nature of an act, omission, concealment of fact or abuse of position (inclusive definition); and
- there has to be an intent to deceive, gain undue advantage or injure the interests of company, shareholders, creditors or any other person.
However, fraud under section 447 does not require that there be a wrongful gain or wrongful loss.
The Companies Act designates certain matters to be punishable as fraud under section 447 – for example, as per section 448, except where the Companies Act otherwise provides, if in any return, report, certificate, financial statement, prospectus, statement or other document required by, or for, the purposes of any of the provisions of the Companies Act or the rules made thereunder, any person makes a statement that is false in any material particulars, knowing it to be false or that omits any material fact, knowing it to be material, such person shall be liable under section 447.
There is paucity of case law interpreting fraud under the Companies Act (given its recent vintage). However, given that punishment for fraud (involving an amount of 1 million rupees or more) under section 447 involves a minimum imprisonment for six months in addition to a penalty of at least the amount involved in the fraud (and additional consequences, such as fraud under the Companies Act being a scheduled offence under the Prevention of Money Laundering Act, 2002), it can be argued that, despite the exhaustive definition, every wrongdoing ought not to be considered as fraud. As an example, there ought to be a clear distinction between fraud (as defined in the Companies Act) and failure to meet a duty of care (or negligence per se). Additional nuances would vary depending on the facts of each case. However, certain recent case law has touched upon the issue of fraud, and certain judicial pronouncements are referred to below.
In Doraisamy v the State, the Madras High Court observed that it is very clear that while dealing with the affairs of a company, if any person abuses their position with an intent to deceive, to gain undue advantage from, or to injure the interests of a company or its shareholders or its creditors or any other person, that person is deemed to have committed fraud.
In Gaurav Kumar v Serious Fraud Investigation Office, the Delhi High Court stated that:
It is apparent thus that in terms of the ambit of Explanation-(i) to Section 447 of the Companies Act, 2013 which defines ‘fraud’ for the purpose of the said Section, a false statement in relation to in any return, report, certificate, financial statement, prospectus, statement or other document required by, or for, the purposes of any of the provisions of this Act or the rules made thereunder, any person makes a statement which is false in any material particulars, knowing it to be false or which omits any material fact, knowing it to be material, would fall within the ambit of Sections 448 and 447 of the Companies Act, 2013 as sought to be contended on behalf of the petitioner.
In Vikas Agarwal v Serious Fraud Investigation Office, the Delhi High Court noted that the definition of fraud provided in the explanation to section 447 of the Companies Act 2013 makes it clear that the prosecution is to relate to the companies in the first instance and also to other persons who have in any manner connived in commission of the offence to gain undue advantage.
Putting in place systems and processes for prevention and detection of fraud is an important part of the role of the board of directors, audit committee and senior management.
Directors (as a part of the directors’ responsibility statement forming part of the board’s report to be provided annually to shareholders under the Companies Act) are required to state several matters that relate (directly or indirectly) to fraud.
The role of the audit committee under the Securities and Exchange Board of India (SEBI) (Listing Obligations and Disclosure Requirements) Regulations 2015 (SEBI LODR Regulations) includes the following:
reviewing the findings of any internal investigations by the internal auditors into matters where there is suspected fraud or irregularity or a failure of internal control systems of a material nature and reporting the matter to the board
Additionally, the certification to be provided by the chief executive officer and chief financial officer to the board of directors of a listed company under the SEBI LODR Regulations includes the disclosures relating to fraud.
Reporting and related obligations and relevant considerations
Companies Act, SEBI LODR Regulations and contractual commitments
Typically, knowledge of a potential fraud arises in one (or more) of the following ways:
- complaint by a whistleblower: this is typically addressed by either (one or more of) the board of directors, audit committee (or to the chairman or specific members of the audit committee), senior management, compliance officer or legal department – and, in several instances, is made through the designated whistleblower mechanism that companies have (in the case of several subsidiaries of multinational corporations, this results in the complaint reaching the ultimate parent’s headquarters outside India);
- in the course of an internal audit;
- in the course of an audit (by statutory auditors);
- investigation (by a regulatory authority); or
- fraud risk assessment
These are not exhaustive in nature and there are other methods as to how fraud is discovered – for example, research analyst reports (for listed companies) and complaints by competitors.
Self-reporting obligations relating to fraud under the Companies Act and SEBI LODR Regulations are the following.
- The report issued by statutory auditors to the company’s shareholders (which is a public document) is required to disclose frauds (irrespective of who discovered them) – the (statutory) auditors, under Companies (Auditors Report) Order, 2020 (which is applicable to the financial year starting 1 April 2020 and ending on 31 March 2021), are required to report occurrence of fraud as a part of their audit report (which was also a requirement under its preceding order, being the Companies (Auditors Report) Order 2016). Additionally, under the Companies (Auditors) Report Order, 2020 (statutory) auditors are also required to provide details of any frauds that have been reported to the central government and whether they have considered the whistleblower complaints received by a company.
- Fraud other than those referred to above is required to be disclosed in the board’s report (which is also a public document).
- Under the SEBI LODR Regulations, occurrence of any of the following is required to be disclosed to stock exchanges (which is disseminated to the public) as soon as reasonably possible (and not later than 24 hours from occurrence):
- any fraud or default by a promoter or key managerial personnel of the listed entity (or the arrest of a promoter or key managerial personnel) – the same is deemed to be a material event, triggering disclosure obligations; and
- fraud and defaults by directors (other than key managerial personnel) or employees of the listed entity, if the same is considered to be material.
The SEBI LODR Regulations have a prescriptive disclosure regime, and provide for a detailed set of disclosures, both at the time of initial disclosure and pursuant to subsequent developments. One of the prescribed disclosures to the stock exchanges is corrective actions – corrective action and remediation is also an important element of disclosure to auditors (as elaborated below).
Additionally, there are contractual obligations and commitments that could mandate disclosure of any fraud (or of any underlying acts or omissions constituting the fraud) – examples are joint venture contracts, lender contracts, key supplier contracts and contracts with government agencies. A common example of disclosures required is that certain kinds of fraud (especially improper payments) form a part of pre-qualification criteria in integrity pacts (usually) forming part of contracts executed with government authorities.
Fraud – self-reporting to auditors, reporting by auditors and related matters
Self-reporting to auditors
The question of required disclosure to the statutory auditors is covered broadly under the following:
- disclosures required pursuant to the management representation letter (MRL) provided to auditors as a part of the audit exercise;
- disclosures pursuant to the directors’ responsibility statement; and
- proactive disclosure concerning fraud.
Often, in instances where the details of the allegations are received by the ultimate holding company (as a part of a global whistleblowing programme) and where these are investigated by the holding company and its advisers (without the involvement of local management), the manner and timing of disclosure to the local management and auditors is an important consideration.
Management representation letters
Statutory auditors in India typically require extensive disclosures to be made to them on matters related to a company and its financial position pursuant to issuance of one or more MRLs by companies. These MRLs are typically signed by senior management (usually the managing director or chief executive officer and the chief financial officer). An MRL is relied upon for finalising audited accounts that would need to be approved by the board of directors of the company. Several confirmations contained therein are typically those required by Indian accounting standards. Compliance with Indian accounting standards is a legal requirement. Typical MRLs (especially those provided by larger Indian auditors) have extensive disclosures required relating to fraud – including actual fraud on or by the company, suspected or alleged fraud including any fraud reported during the year (whether through internal or external sources) and all details in relation thereto.
Directors’ responsibility statement
Disclosures arising out of the directors’ responsibility statement are detailed earlier. Directors and relevant signatories are liable to prosecution for incorrect statements made by them in the accounts or in the directors’ responsibility statement (which would include those flowing into the accounts based on any incorrect statement in the MRL).
Proactive disclosures to auditors
Pursuant to section 143(12) of the Companies Act, if the statutory auditors of a company, in the course of the performance of their duties as an auditor, have a reason to believe that an offence of fraud has been committed in (or against) the company by its officers or employees individually exceeding an amount of 10 million rupees, then the statutory auditors are required to report the same to the central government, subject to the conditions set out below.
However, pursuant to a guidance note issued by the Institute of Chartered Accountants of India (the Guidance Note), statutory auditors are not required to report fraud (even if it exceeds the monetary threshold referred to above) to the central government if such statutory auditor is not the first person to identify or note such instance in the course of performance of his or her duties as a statutory auditor. Hence, if the fraud has been identified through the whistleblower mechanism and has been or is being remediated and dealt with by the management, and if the case is informed to the statutory auditor, the statutory auditor is not obliged to report the same to the central government as it has not identified the fraud itself. However, this is subject to the following conditions in the Guidance Note:
- the auditor is required to apply professional scepticism as to whether the fraud was indeed identified or detected in all aspects through the whistleblower mechanism; and
- the auditor is required to review the steps taken by the management or those charged with governance with respect to the reported instance of suspected fraud. If the auditor is not satisfied with such steps, he or she should state the reasons for his or her dissatisfaction in writing and request the management or those charged with governance to perform additional procedures to enable the auditor to satisfy himself or herself that the matter has been appropriately addressed. If the management or those charged with governance fail to undertake appropriate additional procedures within 45 days of his or her request, the auditor would need to evaluate if he or she should report the matter to the central government.
Once the statutory auditors are informed of the issue, they would typically seek full details of the allegations received and investigation done, including the investigation reports and other relevant documents. Statutory auditors generally involve colleagues from their forensic team to undertake this assessment and provide inputs to the audit team.
The Guidance Note also includes guidance on other matters, which would be relevant in specific matters (eg, whether an auditor of a holding company would need to report to the central government in the case of a fraud in a subsidiary).
Reporting by auditors
If the auditors believe that they need to report the fraud, the reporting would happen in Form ADT-4, which broadly covers the following disclosures relating to the fraud:
- address of the office or location where the suspected offence is being committed;
- full details of the suspected offence involving fraud;
- particulars of the officers or employees who are suspected to be involved in the commission of the offence (if any) with their names, designation, permanent account numbers and director’s identification numbers (if they are directors);
- period during which suspected fraud had occurred;
- basis on which fraud is suspected;
- estimated amount involved in the fraud; and
- other relevant details, including communication with the company as mandated under the relevant rules (and referred to above).
Any intimation to the central government would typically be investigated by the Serious Frauds Investigation Office (SFIO). The SFIO, however, is an investigating agency, with the prosecution and legal proceedings (if any) before the relevant authorities following due legal process. As per a newspaper report dated 1 July 2019, 79 investigations have been assigned to the SFIO in the past three years wherein 594 companies were involved – and as per data on the SFIO website,  it has completed investigations into 87 cases in 2016–2017.
Any act (or omission) that constitutes fraud under the Companies Act could also trigger penal consequences under other statutes – a typical example is whether expenses claimed in past tax returns have been appropriately claimed. Another example is where such fraud would constitute an offence that is mandatorily reportable under the provisions of section 39 of the Code of Criminal Procedure 1973.
There are some statutes that provide for leniency in the case of self-disclosures (or voluntary disclosures), although such examples are sparse under Indian law – needless to say, such disclosures should ideally be a part of an overall strategy taking into account potential implications under the Companies Act, listing-related obligations (if the entity is listed) and other relevant statutes, pursuant to an appropriately conducted and robust investigation.
Prevention of Corruption Act 1988
If the fraud involves improper payments, the same would also attract the penal provisions of the Prevention of Corruption Act 1988 (PCA). The PCA provides that any commercial organisation (which includes companies) shall be punishable with a fine, if any person associated with such commercial organisation gives or promises to give any undue advantage to a public servant intending to obtain or retain business for such commercial organisation, or to obtain or retain an advantage in the conduct of business for such commercial organisation. However, the PCA provides that such organisation can raise a defence that it had in place adequate procedures in accordance with prescribed guidelines to prevent persons associated with it from undertaking such conduct.
If an offence is committed by a commercial organisation under the PCA, and that offence is proved in court to have been committed with the consent or connivance of such director, manager, secretary or other officer of the organisation, that director, manager, secretary or other such officer shall also be guilty of the offence and shall be punishable with imprisonment ranging between three years and seven years and also liable to a fine.
The PCA also has provisions for matters relating to attachment and confiscation of money or property procured by way of an offence under the PCA.
There are other provisions of the PCA that would apply to directors (eg, abetment of offences), which also carry liability for imprisonment ranging between three years and seven years.
Further, a subsequent conviction following the first conviction under the PCA is punishable with imprisonment ranging between five years and 10 years and a fine.
Prevention of Money Laundering Act 2002
The Prevention of Money Laundering Act 2002 (PMLA) seeks to prevent money laundering and to provide for confiscation of property derived from or involved in money laundering. The offence of money laundering relates to ‘proceeds of crime’ (including, inter alia, its concealment, possession, acquisition or use). The phrase ‘proceeds of crime’ is defined with respect to property (or its value) which is derived as a result of criminal activity in relation to a ‘scheduled offence’. The offence of money laundering (as set forth in section 3 of the PMLA) arises from being knowingly involved in any process or activity connected with the proceeds of crime – and the penal provisions under the PMLA apply primarily in relation to those proceeds of crime and the act of money laundering (which again refers to the proceeds of crime). Fraud under the Companies Act 2013 and offences by commercial organisations under the POCA (as set out above) are prescribed as ‘scheduled offences’ under the PMLA.
In the case of contraventions of provisions of the PMLA by a company, every person who, at the time the contravention was committed, was in charge of, and was responsible to the company, for the conduct of its business (as well as the company), shall be held liable for such offence, unless such person proves that the contravention took place without his knowledge or that he exercised all due diligence to prevent such contravention.
If it is established that such contravention took place with the consent or connivance of, or is attributable to any neglect on the part of, any director, manager, secretary or other officer of any company, such director, manager, secretary or other officer shall also be held liable for the contravention, and shall be liable to punishment by way of imprisonment ranging between three and seven years and with fine.
The PMLA also has provisions for being liable to survey and search and seizure proceedings (including freezing of property), the ability for authorities to provisionally attach and confiscate the ‘proceeds of crime’ and pre-conviction arrest.
 2019 (3) MLJ (Crl) 60.
 266 (2020) DLT 505.
 Relevant provisions are reproduced below:
- ‘in the preparation of the annual accounts, the applicable accounting standards had been followed along with proper explanation relating to material departures’;
- ‘directors had taken proper and sufficient care for the maintenance of adequate accounting records in accordance with the provisions of this Act for safeguarding the assets of the company and for preventing and detecting fraud and other irregularities’;
- ‘the directors had devised proper systems to ensure compliance with the provisions of all applicable laws and that such systems were adequate and operating effectively’; and
- in the case of listed companies, the directors’ responsibility statement is also required to state ‘the directors, in the case of a listed company, had laid down internal financial controls to be followed by the company and that such internal financial controls are adequate and were operating effectively’.
The term ‘internal financial controls’ in the above-referred provisions ‘means the policies and procedures adopted by the company for ensuring the orderly and efficient conduct of its business, including adherence to company’s policies, the safeguarding of its assets, the prevention and detection of frauds and errors, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information’.
 Relevant portions are reproduced below
- ‘there are, to the best of their knowledge and belief, no transactions entered into by the listed entity during the year which are fraudulent, illegal or violative of the listed entity’s code of conduct’; and
- ‘they have indicated to the auditors and the Audit committee . . . instances of significant fraud of which they have become aware and the involvement therein, if any, of the management or an employee having a significant role in the listed entity’s internal control system over financial reporting’.
 The relevant language reads: ‘whether any fraud by the company or any fraud on the Company by its officers or employees has been noticed or reported during the year; If yes, the nature and the amount involved is to be indicated’.
 The relevant language reads: ‘(b) whether any report under sub-section (12) of section 143 of the Companies Act has been filed by the auditors in Form ADT-4 as prescribed under rule 13 of Companies (Audit and Auditors) Rules, 2014 with the Central Government; (c) whether the auditor has considered whistle-blower complaints, if any, received during the year by the company.’
 Disclosures prescribed under sub-clause (c)(i) are reproduced below – a similar set of disclosures must also be made under sub-clause (c)(ii):
At the time of unearthing of fraud or occurrence of the default / arrest:
- nature of fraud/default/arrest;
- estimated impact on the listed entity;
- time of occurrence;
- person(s) involved;
- estimated amount involved (if any);
- whether such fraud/default/arrest has been reported to appropriate authorities.
Subsequently intimate the stock exchange(s) further details regarding the fraud/default/arrest including:
- actual amount involved in the fraud /default (if any);
- actual impact of such fraud /default on the listed entity and its financials; and
- corrective measures taken by the listed entity on account of such fraud/default.
 Section 143(12) of the Companies Act reads as follows:
- Notwithstanding anything contained in this section, if an auditor of a company in the course of the performance of his duties as auditor, has reason to believe that an offence of fraud involving such amount or amounts as may be prescribed, is being or has been committed in the company by its officers or employees, the auditor shall report the matter to the Central Government within such time and in such manner as may be prescribed;
Provided that in case of a fraud involving lesser than the specified amount, the auditor shall report the matter to the audit committee constituted under section 177 or to the Board in other cases within such time and in such manner as may be prescribed:
Provided further that the companies, whose auditors have reported frauds under this sub-section to the audit committee or the Board but not reported to the Central Government, shall disclose the details about such frauds in the Board’s report in such manner as may be prescribed.
 Guidance Note on Reporting of Fraud under section 143(12) of the Companies Act 2013 (revised 2016).
 Under the PCA, the capacity in which the person performs services for or on behalf of the culpable commercial organisation shall not matter (irrespective of whether such person is an employee or agent or subsidiary of such commercial organisation). Further, all relevant circumstances (and not merely the nature of the relationship between such person and the organisation) are to be considered to determine whether such person performs services for or on behalf of the commercial organisation.