Which group has the responsibility to report non-compliance to external regulators if required?

Management holds the responsibility to report non-compliance to external regulators when required. This obligation arises from their role in ensuring that the organization adheres to all relevant laws, regulations, and internal policies. Management is in the best position to identify instances of non-compliance, as they are responsible for day-to-day operations and compliance frameworks.

Often, management will be the first to notice compliance issues and has the authority and duty to investigate and rectify them. If they determine that a breach of law has occurred that may necessitate reporting to regulators, it falls upon them to ensure that such reporting happens to uphold the integrity of the organization and the industry.

The other groups mentioned, such as shareholders, auditors, and the board of directors, have distinct responsibilities but do not directly handle the reporting of non-compliance. Shareholders typically rely on the management and board to handle compliance issues and report back to them. Auditors may detect non-compliance during their audits, but their primary role is to provide assurance on the financial statements rather than to report to regulators. The board of directors oversees management and ensures that proper governance procedures are in place, but they typically do not handle compliance reporting directly.