Chapter 16 Confidentiality Flashcards
16.1 The importance of confidentiality
Confidentiality is a principle in the IFAC and ICAEW codes of ethics. In addition, accountants are bound by Data protection act 2018 and GDPR. If the client does not trust the auditor, they may not provide all relevant information in order to audit the accounts. The auditor has a duty of confidentiality which must not be breached except in certain circumstances.
1.2 Data protection
GDPR is an EU regulation that aims to give individuals control over their personal information. The data protection act 2018 extends domestic data protection laws to areas not covered by GDPR. Under both the GDPR and the Data Protection Act:
- Anyone who processes personal information must ensure that it is protected
- Individuals have the right to access both their personal data and information about how it is being processed, and
- Personal data can only be held if there is a specific lawful reason to do so, or if the individual has explicitly opted-in to allow storage of data.
Auditors need to be aware of their potential obligations in this area in relation to any individual whose data they hold.
1.3 Risks to confidentiality
Accidental disclosure is a key risk, it is important to keep client information confidential in social environments, within the firm, after the end of the business relationship and when changing employment or acquiring a new client. accountants should also avoid making improper use of client information (for example insider dealing).
1.4 Safeguards
Physical and electronic security measures should be put in place to avoid disclosure. Firms should ensure that all who work on their behalf are trained in, and understand:
- The importance of confidentiality
- The importance of identifying any confidentiality and conflict of interest issues
- The procedures in place for identifying confidentiality and conflict of interest issues
1.5 Disclosure
Disclosure of client information may be permitted or required in certain situations.
Right to disclosure occurs when client permission is obtained, where disclosure is in the public interest and to defend the firm in a negligence claim.
Duty to disclosure occurs if ordered to disclose by a court, if required by a regulator (FCA), suspicions of money laundering should be reported to the national crime agency and suspicions of terrorist activities should be reported to the police.
1.6 Money laundering
The money laundering regulations 2007 makes it a criminal offence not to report a suspicion of money laundering to the appropriate authority. Reporting money laundering is not a breach of confidence. The firm must not advise the client they have made the report as this will constitute an offence of tipping off. Each firm must have a money laundering compliance principal who will be responsible for making the disclosure. Examples of money laundering include:
- Keeping customer overpayments
- Non-compliance with a regulation to save costs
- Criminal offences under the companies act (for example an illegal loan to a director)
2.1 Conflicts of interest
There is nothing improper with an accountant having two clients whose interests are in conflict. A firm should be able to demonstrate that their work on one client will not adversely affect another client. the ICAEW gives advice to accountants in situations where there is a conflict of interest between clients:
- Notify the relevant clients of the situation
- Seek their consent to continue to act for both parties
If the firm continues to act for clients whose interests are in conflict, safeguards should be implemented to preserve confidentiality:
- Separate teams
- Information barriers (no overlap between different teams, physical separation of teams and procedures for maintaining security of paper and electronic records)
- Confidentiality agreement signed by employees and partners
- Review of the application of safeguards by an independent partner
If adequate safeguards cannot be implemented, the firm may have to cease to act for one or both of the clients.
