As CAs, we're frequently entrusted with sensitive and confidential client information; should it ever fall into the wrong hands, there could be serious consequences for all parties involved. This fictionalized account is based loosely on an actual case before the Professional Conduct Enquiry Committee (PCEC). Names and circumstances have been changed to preserve anonymity.
The Situation
Sam was a CA in public practice when Bill, the partner in his firm, assigned him to the Hitech review engagement Coincidentally, Sam's new girlfriend Betty was a former executive assistant at Hitech, but had no knowledge of the company's financial matters. Sam knew she hadn't left the company on good terms, but considered this relationship too remote to raise concern over a potential conflict of interest. He therefore didn't inform Bill of his indirect link to the client.
The engagement was successfully completed. Unfortunately however, Sam's romance didn't fare so well-he and Betty broke up.
What Happens
A few months later, Tom, the president of Hitech, received a visit from federal authorities. They told him they'd received an anonymous letter alleging that Hitech and its main competitor, Alphaco, were involved in price fixing. Attached to the letter were analyses of Hitech's customers and prices-- analyses that were clearly copies of working papers the company had provided to its accountants as part of the review engagement. Tom was livid, and contacted Bill immediately for an explanation.
Bill reviewed his office's security measures but could find no obvious reason for the alleged breach in confidentiality. Still, circumstances seemed to point to Sam as the one responsible. Sam adamantly denied any wrongdoing, but offered a potential explanation of what might have happened.
Shortly after their break-up, Sam and Betty had attempted a reconciliation, agreeing to meet one evening after work. Since Sam was working late, Betty suggested they meet at his office. When she arrived, Sam brought her to his workstation where they chatted while he tidied his desk. Sam remembered leaving her there alone briefly before locking up and leaving.
The Hitech files had been on his desk at the time. Sam suggested that Betty must have taken the Hitech analyses during his brief absence. Though it was never proven that Betty sent the letter to the authorities, the damage was done.
As a result, Bill lost a client. He reluctantly reported the matter to the Institute, and Sam became subject to a PCEC investigation. Tom feared that information had in fact been passed to his competitor, but in the end, this did not turn out to be the case.
The Outcome
Rule 207 requires that a member in public practice inform associates of any affiliations of which they might reasonably expect to be informed. Bill felt Sam ought to have informed him of Betty's past connection to Hitech, but the PCEC felt the relationship was too remote to breach Rule 207. However, the PCEC maintains that wherever there may be a doubt about disclosure, it is always better to provide, rather than withhold, information.
Rule 210.1 prohibits disclosure of a client's confidential information. Such disclosure had occurred, but the PCEC could not determine whether Sam had acted deliberately.
Rule 212.2 requires that a member handle with due care any property entrusted to him. The PCEC felt that security measures at Bill's firm were adequate. The firm had also reminded staff to take care when bringing guests into the office.
The PCEC concluded that Sam had breached Rule 202-A member shall perform his professional services with integrity and due care-finding that he hadn't been sufficiently careful about the security of client information. Furthermore, as the disclosure damaged the reputation of the profession (Tom lost confidence in his accountants' ability to secure confidential information), the PCEC also determined that Sam had breached Rule 201.1: A member shall conduct himself at all times in a manner which mill maintain the good reputation of the profession and its ability to serve the public interest.
Sam accepted the PCEC's recommendation that he be issued an anonymous reprimand and pay the costs of the investigation as well as a fine. The PCEC set the fine on the basis that the breach was innocent.
The Message
As a CA, or even as a CA student, you control confidential and sensitive information on a regular basis. Be aware that even in your own office, maintaining the security of sensitive information can have its challenges, especially around visitors. Readers are also reminded that quite apart from any disciplinary action taken, this type of occurrence could very well lead to civil action by the client against the CA firm. Fortunately for Bill in this case, civil action wasn't taken.
Please note: The contents of this article are only for the general guidance of readers. The PCEC deals with each case individually, based on its specific facts and circumstances.
Комментариев нет:
Отправить комментарий