ICAEW.com works better with JavaScript enabled.

Guidance on NOCLAR

Helpsheets and support

Published: 04 Aug 2025 Update History

Contents
Back to top

ICAEW’s Code of Ethics has important sections related to ‘Non-Compliance with Laws and Regulations’, commonly known as NOCLAR. Find out the key responsibilities of members under these requirements.

The ICAEW Code contains two detailed sections on NOCLAR: 

These sections set out a detailed framework to guide professional accountants on what actions to take when they become aware of a potential illegal act committed by a client or employer.

Members should note that any disclosure made under the NOCLAR provisions must meet the public interest test, or a legal or regulatory obligation to disclose.

ICAEW also has separate guidance on Defaults or Unlawful Acts which applies to a much broader range of circumstances than the NOCLAR provisions. This guidance will continue to apply.

Objectives of NOCLAR

The key objectives for a professional accountant under NOCLAR are:

  • to comply with the principles of integrity and professional behaviour;
  • to alert management where appropriate so that they can deal with the consequences of the non-compliance; or deter the non-compliance if it hasn’t yet happened; and 
  • to take such further action as appropriate in the public interest. 

The kinds of laws and regulations covered

NOCLAR applies to laws and regulations that have a direct effect on material figures in the financial statements, and other laws and regulations that may be fundamental to an entity’s business and operations. Clearly inconsequential matters and misconduct of a personal nature are excluded.

Examples of laws and regulations that would be covered are in the areas of:

  • bribery and corruption;
  • fraud (including false accounting, falsification of accounting records);
  • insider dealing;
  • money laundering and terrorist financing;
  • financial products and services;
  • data protection;
  • tax evasion;
  • environmental protection; and
  • public health and safety.

The appropriate authority to report breaches

The appropriate authority will depend on the nature of the matter. For example, the appropriate authority might be a securities regulator in the case of fraudulent financial reporting or an environmental protection agency in the case of a breach of environmental laws and regulations.

Whose breaches are covered?

NOCLAR applies to acts by the following parties:

  • a client;
  • those charged with governance of a client;
  • management of a client;
  • other individuals working for or under the direction of a client;
  • the accountant’s employing organisation;
  • those charged with governance of the employing organisation;
  • management of the employing organisation; and
  • other employees of the employing organisation.

Who has to comply with NOCLAR?

NOCLAR applies to all professional accountants, but the framework that the professional accountant must follow depends on which of the following categories they fall within:

  • auditors;
  • other professional accountants in public practice;
  • professional accountants in business, or other non-accountancy organisations; and
  • professional accountants in business who are in senior roles – directors, officers, or senior employees.

Professional accountants in public practice must also comply with NOCLAR in the context of their employment with their firm, so if they encounter NOCLAR by their employing firm, they should refer to the sections for professional accountants in business.

Those individuals with whom professional accountants may raise NOCLAR matters will also be directly affected, including those in management positions, or on boards of directors, and regulators or other public authorities. While non-members are not within the scope of the NOCLAR provisions, it may be helpful for these wider stakeholders to be aware of the existence of the provisions.

What should a professional accountant do?

If a professional accountant becomes aware of actual or suspected NOCLAR, they must first establish whether any legal or regulatory obligations are triggered, such as making a Suspicious Activity Report for suspicions of money laundering.  The accountant must also consider any legal prohibitions on making any further disclosure, such as the laws on tipping off which prohibit disclosure of the fact that a SAR has been made, if such disclosure could prejudice an investigation.

Once legal and regulatory responsibilities have been considered, the accountant should take the following steps based on their role:

Auditors

An auditor should firstly raise the matter with management of the client, or those charged with governance of the client, subject to the legal and regulatory requirements noted above. This is to clarify the auditor’s understanding of the facts and circumstances of the matter, and its potential consequences.

The auditor should advise management to rectify, remediate or mitigate the consequences, stop the non-compliance, or report it to an appropriate authority. The auditor should assess whether the response of management is appropriate and sufficient, for example:

  • Has it been dealt with on a timely basis?
  • Has the matter been adequately investigated?
  • Has action been taken to stop the non-compliance or to mitigate the risk of it re-occurring?
  • Has it been disclosed to the appropriate authority?

The auditor should also ensure they comply with applicable auditing standards.

If the auditor considers that management has not taken appropriate action, the auditor should determine if further action is needed in the public interest. This will depend on various factors, including:

  • the legal and regulatory framework;
  • the urgency and pervasiveness of the matter;
  • whether there is credible evidence of substantial harm to stakeholders;
  • whether there is an appropriate authority to report to;
  • any professional or legal advice obtained;
  • the availability of legal protection for the auditor; and
  • the existence of actual or potential threats to the physical safety of the auditor or others.

The auditor must also consider whether a reasonable and informed third party, weighing all the specific facts and circumstances at that time, would conclude that the auditor has acted in the public interest in disclosing the non-compliance to the authorities.

If the auditor concludes that it is in the public interest to disclose the NOCLAR, then they must make disclosure to the appropriate authority, even if not required to do so in law. When making such disclosure, the auditor shall act in good faith and exercise caution when making statements and assertions. The auditor shall also consider whether it is appropriate to inform the client of their intentions before disclosing the matter.

The auditor should consider withdrawing from the client engagement (if the law allows them to resign). If the auditor resigns from the engagement, they must provide details of the NOCLAR to the prospective auditors, when responding to a professional enquiry.

This disclosure must be made regardless of whether the audit client has given permission for the auditor to discuss their affairs with the prospective auditors, subject to any legal restrictions.

Professional accountants in practice other than auditors

If a practising accountant who is not an auditor identifies or suspects NOCLAR, they must first raise it with management of the client, or those charged with governance of the client, subject to the legal and regulatory requirements noted above. If the client is an audit client, the accountant must take steps to communicate the NOCLAR to the audit team, usually the engagement partner. If the client is not an audit client, the accountant should consider informing the external auditor of the client if applicable.

The accountant should then consider whether any further action is needed in the public interest, for example, disclosing the NOCLAR to an appropriate authority, or resigning from the client relationship. Whether such a disclosure is in the public interest will depend on various factors. These are outlined above in the section for auditors.

If the accountant concludes that it is in the public interest to disclose the NOCLAR, then they must make disclosure to the appropriate authority, whether or not the law requires them to do so. When making such disclosure, the accountant shall act in good faith and exercise caution when making statements and assertions. The accountant shall also consider whether it is appropriate to inform the client of the accountant’s intentions before disclosing the matter.

For full details of the NOCLAR responsibilities for a professional accountant in practice please see section 360 of the Code of Ethics.

Non-senior professional accountants in business

The responsibilities of a non-senior professional accountant in business (‘non-senior accountant’) are more basic than those for a senior accountant (detailed below). The non-senior accountant must escalate their concerns of NOCLAR to their immediate superior, or the next highest level of authority within their organisation. If they are concerned that their superiors are complicit in the NOCLAR then they should use any established internal whistle-blowing mechanism.

The non-senior accountant must then determine if further action is needed in the public interest, in light of the action taken by their superiors, or those charged with governance. In exceptional circumstances, the non-senior accountant may determine that disclosure to an appropriate authority should be made in the public interest. The nature and extent of any further actions will depend on various factors, including:

  • the legal and regulatory framework;
  • the urgency and pervasiveness of the matter;
  • whether there is credible evidence of substantial harm to stakeholders;
  • whether there is an appropriate authority to report to;
  • any professional or legal advice obtained;
  • the availability of legal protection for the non-senior accountant; and
  • the existence of actual or potential threats to the physical safety of the non-senior accountant or others.

The non-senior accountant must also consider whether a reasonable and informed third party, weighing all the specific facts and circumstances at that time, would conclude that the non-senior accountant has acted in the public interest in disclosing the non-compliance to the authorities.

If the non-senior accountant concludes that it is in the public interest to disclose the NOCLAR, then they must make disclosure to the appropriate authority, even if not required to do so in law. When making such disclosure, the non-senior accountant must act in good faith and exercise caution when making statements and assertions.

Senior professional accountants in business

A senior professional accountant in business (‘senior accountant’) is an individual who holds the position of director, or officer, or who is a senior employee with the ability to make decisions about acquisition, deployment and control of an entity’s resources. There are greater expectations on senior accountants to take action in response to non-compliance than other professional accountants in business, because of their role and influence within the organisation.

A senior accountant must fulfil their professional responsibilities in relation to NOCLAR. This means that they must:

  • understand and comply with laws and regulations;
  • seek to deter commission of NOCLAR;
  • raise any matters they identify with their superiors or those charged with governance;
  • take action to rectify/remediate/mitigate the consequences of non-compliance; and
  • determine whether to alert the external auditor.

A senior accountant must then determine if further action is needed in the public interest, in light of the action taken by their superiors, or those charged with governance, such as the board. The nature and extent of any further actions will depend on various factors, including:

  • the legal and regulatory framework;
  • the urgency and pervasiveness of the matter;
  • whether there is credible evidence of substantial harm to stakeholders;
  • whether there is an appropriate authority to report to;
  • any professional or legal advice obtained;
  • the availability of legal protection for the senior accountant; and
  • the existence of actual or potential threats to the physical safety of the senior accountant or others.

The senior accountant must also consider whether a reasonable and informed third party, weighing all the specific facts and circumstances at that time, would conclude that the senior accountant has acted in the public interest in disclosing the non-compliance to the authorities.

If the senior accountant concludes that it is in the public interest to disclose the NOCLAR, then they must make disclosure to the appropriate authority, even if not required to do so in law. When making such disclosure, the senior accountant must act in good faith and exercise caution when making statements and assertions.

The senior accountant should consider whether they also need to take any other course of action, which could include:

  • informing the parent company of their organisation, if applicable, or
  • resigning from their employment relationship.

For full details of the NOCLAR responsibilities for a professional accountant in business please see section 260 of the Code of Ethics.

Disclosure without reporting to management

NOCLAR permits a professional accountant (whether in practice or business) to make disclosure to the appropriate authority without first reporting the matter to management, but only under exceptional circumstances. Typically there must be reason to believe that there will be an imminent breach of law or regulation that would cause substantial harm to stakeholders

Documentation

Auditors who identify NOCLAR must document how management or those charged with governance have responded to the matter. Auditors must also document the course of action taken, the judgements made, and the decisions taken. Auditors must also document how their responsibility to act in the public interest has been met.

While documentation is not a requirement for other professional accountants dealing with their responsibilities under NOCLAR, it is encouraged that they document the matter, the results of discussions with management, the courses of action they have considered, any professional or legal advice they have taken, and how they are satisfied they have fulfilled their responsibilities.

IESBA guidance

The ICAEW Code of Ethics is based on the Code of Ethics issued by the International Ethics Board for Accountants (IESBA). IESBA has issued a FAQ document on NOCLAR

If in doubt seek advice

ICAEW members can discuss their specific situation with the Ethics Advisory Service on +44 (0)1908 248 250 or ethics@icaew.com. The Advisory Service can also be contacted via webchat.

ICAEW members can also contact the Money Laundering Helpline on mlenquiries@icaew.com for advice on general and specific issues relating to the anti-money laundering regulations and guidance. Issues can be discussed on an anonymous basis.

Members in the UK can also consider consulting the charity, Protect, who advise on whether a disclosure could qualify for protection under the Public Interest Disclosure Act. 

See a list of prescribed authorities in the UK, to whom protected disclosures may be made in the public interest. 

Auditors can alert the FCA about the risk of fraud by emailing auditorsdutytoreport@fca.org.uk.

 
ICAEW Code of Ethics 2025

PDF (3,876kb)

The 2025 edition of the Code comes into effect on 1 July.

DownloadGuidance and support
Open AddCPD icon