Client Alerts

08/05/2002

The Sarbanes-Oxley Act of 2002

On July 30, 2002, following overwhelming approval by both houses of Congress, President Bush signed into law the Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley Act of 2002, H.R. Rep. No. 107-610 (2002)). Aimed at restoring investor trust and confidence in the public markets, the Act seeks to prevent future acts of corporate and accounting fraud through a variety of oversight and deterrence measures and to address perceived inequities arising out of the recent Enron and WorldCom scandals. The Act also increases SEC appropriations by $776 million to provide enhanced oversight and enforcement of securities laws.

While certain provisions of the Act are immediately effective, others require the SEC or the newly created accounting oversight board to promulgate regulations before they will take effect. It is important to recognize that the SEC, Nasdaq or the exchanges could implement these rules substantially sooner than required by the Act (and, in some cases, are already in the process of implementing new rules). Attached to this Alert is a chart that outlines the timing of the effectiveness of certain provisions of the Act. As a matter of good corporate practice, it may make sense for companies to comply with some provisions of the Act in advance of their effectiveness.

This Alert summarizes the key provisions of the Act as follows:

  • Certification Requirements
  • New Rules Related to Corporate Conduct
  • Enhanced Disclosure Requirements
  • Public Company Accounting Oversight Board
  • Audit Committees and Auditor Independence
  • Analyst Conflicts of Interest
  • Criminal Penalties and Enforcement

The Act imposes far-reaching new requirements on issuers (i.e., companies filing periodic reports required pursuant to Sections 13(a) or 15(d) of the Securities Exchange Act of 1934 or, in some cases, private companies that have filed a registration statement with the SEC that has not yet become effective or been withdrawn) and their officers and directors. It will require companies to re-examine, in detail, their policies and procedures in many areas, in particular those relating to corporate disclosure and the collection and analysis of financial and operational information. This Alert contains recommendations for immediate actions to bring companies into compliance, as well as longer-term steps to deal with the changed environment that the passage of the Act reflects. We look forward to assisting our clients to implement these recommendations.

 

Certification Requirements

Some of the key provisions of the Act are directed at increasing the responsibility of officers and directors for the accuracy and reliability of their companies’ financial information through corporate governance mandates and the authorization of additional penalties and forfeitures.

Certification by Principal Executive and Financial Officers (§ 302)

The Act directs the SEC to adopt rules by August 29, 2002 that require the principal executive officer or officers and principal financial officer or officers, or persons performing similar functions, of each issuer to certify in each annual or quarterly report filed with the SEC that:

  • the signing officer has reviewed the report;
  • based on the officer’s knowledge, the report does not contain any untrue statement of a material fact or omit to state a material fact necessary in order to make the statements made, in light of the circumstances under which they were made, not misleading;
  • based on the officer’s knowledge, the financial statements and other financial information included in the report fairly present, in all material respects, the financial condition and results of operations of the issuer as of, and for, the periods presented in the report;
  • the signing officers:
  • are responsible for establishing and maintaining internal controls;
  • have designed the internal controls to ensure that material information relating to the issuer and its consolidated subsidiaries is made known to the officers by others within those entities, particularly during the period in which the periodic reports are being prepared;
  • have evaluated the effectiveness of the issuer’s internal controls as of a date within 90 days prior to the report; and
  • have presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date;
  • the signing officers have disclosed to the issuer’s auditors and audit committee (or persons fulfilling the equivalent function):
  • all significant deficiencies in the design or operation of internal controls which could adversely affect the issuer’s ability to record, process, summarize and report financial data and have identified for the issuer’s auditors any material weaknesses in internal controls; and
  • any fraud, whether or not material, that involves management or other employees who have a significant role in the issuer’s internal controls; and
  • the signing officers have indicated in the report whether there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses.

On June 14, 2002, prior to adoption of the Act, the SEC issued a release proposing a certification requirement similar in content to the certification required under Section 302 of the Act. On August 2, 2002, after the Act had been signed into law, the SEC issued a new release that addresses the need for revisions to its outstanding June 14 certification proposal in light of Section 302. In that release, the SEC indicated that it intends to adopt a form of certification that conforms to the new statutory requirements.

Immediately Effective Requirement for Certification by CEOs and CFOs (§ 906)

The Act also requires that, effective immediately, each periodic report containing financial statements filed by an issuer with the SEC be accompanied by a certification executed by the chief executive officer and chief financial officer. This certification is different from the form of certification required by Section 302 of the Act, described above. This certification under Section 906 of the Act is also in addition to, and different in content from, the certifications under oath required to be filed by the 947 largest public companies pursuant to a recent SEC order. Pursuant to the Act, the officers must certify:

  • that the periodic report containing the financial statements fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange Act of 1934; and
  • that information contained in the periodic report fairly presents, in all material respects, the financial condition and results of operations of the issuer.

This provision was originally added as an amendment to the Senate bill as part of a white-collar crime penalty enhancement provision. As such, the intent of Congress is unclear, especially given that, as described above, there is a substantial and detailed provision for certification already contained in Section 302 of the Act. Congressional staff familiar with the history of the amendment have informally indicated that Section 906 was not intended to create a certification obligation independent from the certification that would be required under Section 302, as described above, but rather to provide a baseline for the certifications to be adopted by the SEC under Section 302 and to impose severe penalties for knowingly false certifications. Nevertheless, the content of the two certificates was not harmonized in the SEC’s August 2 release. Because the certification requirement of Section 906 became effective immediately, unless guidance to the contrary is provided by Congressional staffs, the SEC, the Department of Justice or other agencies, we advise officers of public companies to provide this certification with their next periodic report.

No form is prescribed for the Section 906 certification and, as written, this certification does not have the benefit of a knowledge qualification. Nevertheless, some officers have added knowledge or other qualifications on their own initiative either within the certificate or elsewhere in the filing although, because of the absence of formal guidance regarding Section 906, the propriety of adding qualifications is unclear.

Similarly, it is not apparent by what means the certification should “accompany” the report. Some companies have included certifying language on the signature page or filed the certificate as an exhibit, while others have suggested instead that the certification should not be filed as part of the report, but rather submitted as non-public correspondence to the SEC. Congressional staff have informally indicated that, because it was anticipated that the certification would be publicly available, it should not be submitted to the SEC as correspondence, but rather filed with the report. In addition, the staff informally indicated that it would be reasonable to add a knowledge qualification to the certification.

It is our understanding that staff members from Congressional committees, the SEC and the Department of Justice are organizing a meeting to address the Section 906 certification. Until further guidance is obtained from Congress or the appropriate regulatory agency, we believe adding a knowledge qualification is reasonable in light of the Act's silence, the history of Section 906, the informal guidance we have received from Congressional staff on the issue and the risk involved to the CEO/CFO in making an unqualified representation of the scope literally required under the Act.

Recommendations:

  • Specific recommendations regarding certification by CEOs and CFOs. Absent further guidance from Congressional staffs, the SEC, the Department of Justice or other agencies, we recommend:
  • that the certification either be filed as an exhibit to the report or that the content of the certificate be included on the signature page; and
  • that a knowledge qualification be added to the certificate.
  • General due diligence recommendations regarding certification requirements. Given the provisions of the Act and recent proposals to generally the same effect from the SEC, it is clear that, for the foreseeable future, certifications will be a fact of corporate life for CEOs and CFOs. To ensure that the officers who are required to sign the certificates will be able to make the required certifications with some degree of comfort, we recommend that companies maintain and comply with a regular due diligence process:
  • As a first step, companies should evaluate their procedures to ensure that they provide reasonable assurance that the company is able to collect, process and disclose the required information in an effective manner and on a timely basis. Information collection and dissemination to the appropriate responsible persons is absolutely essential to crafting fair, accurate and complete periodic reports.
  • Companies should, consistent with the SEC proposal of June 14, 2002, establish a disclosure committee (composed of individuals such as the controller or principal accounting officer, general counsel, principal risk management officer, chief investor relations officer and other appropriate employees), reporting to senior management, with responsibility for considering materiality and disclosure issues. They may also, as appropriate, consult with independent counsel and auditors.
  • Certifying officers should review their timetables for preparation and review of filings to ensure they are allowing adequate time for any additional procedures.
  • Certifying officers should carefully review the required reports and ask questions of appropriate members of management and other employees responsible for key functions to confirm and probe their accuracy. Certifying officers may want to schedule special due diligence sessions for this purpose. They should pay special attention to possible areas known to be of importance to the company or its industry, as well as areas that have been reported to be the source of problems at other companies. They should also focus on the application of critical accounting policies and known risk areas, as well as information regarding acquired companies. Outside counsel and independent auditors may also serve as a valuable resource in conducting due diligence.
  • The audit committee should review the report as well and be brought in as necessary to consider any significant or difficult issues.

 

New Rules Related to Corporate Conduct

The Act imposes additional restrictions on corporate conduct, particularly related to companies’ relationships with officers and directors.

Forfeiture of Certain Bonuses and Profits (§ 304)

If any issuer is required to restate its financial statements due to material noncompliance with any financial reporting requirement as a result of misconduct, the chief executive officer and chief financial officer will now be required to reimburse the issuer for:

  • any bonus or other incentive-based or equity-based compensation received by that officer from the issuer during the 12-month period following the first public release of the document containing the financial statements that were subsequently restated; and
  • any profits from the sale of the issuer’s securities by that officer during this 12-month period.

The Act does not provide any further guidance regarding the definition of “misconduct.”

Recommendation: CEOs and CFOs should understand that this provision may apply even to trades made pursuant to an otherwise valid stock trading plan under SEC Rule 10b5-1, and should review any current plans with this in mind. Companies should be aware that, because this provision gives the company rights to receive reimbursement from its CEO and CFO, it could encourage shareholders to file derivative lawsuits seeking to force the company to pursue these rights.

Prohibition on Personal Loans to Executive Officers and Directors (§ 402)

Issuers may no longer extend, or arrange for the extension or renewal of, credit as personal loans to directors or executive officers. This prohibition appears on its face to be almost absolute, with only very narrow exceptions for limited categories of loans by certain issuers in the ordinary course of their consumer credit business. Existing loans are “grandfathered,” so long as they are not renewed or otherwise materially modified.

The full scope of this prohibition is uncertain; however, it is possible that it could be interpreted to preclude as improper extensions of credit even such ordinary course of business activities as advances to, or the use of corporate credit cards for personal use by, executive officers and directors. While an advance itself is not a loan, since there is no expectation that an advance will be repaid by the executive officer or director, if advances are made far in excess of the amount reasonably anticipated to be owed to an executive officer or director or extended for long periods of time, questions may arise as to whether such “advances” are in fact loans and thus prohibited by the Act. Further, if corporate credit cards are used by the executive officer or director to purchase personal items that are not reimbursed by the company pursuant to the company’s policies, such amounts could be considered personal “loans” by the company and prohibited by the Act.

Recommendation: We recommend that companies immediately refrain from making any loans to directors or executive officers, or materially modifying, extending, forgiving or renewing existing loans, and consider carefully their policies relating to advances to and use of corporate credit cards by, executive officers or directors.

Prohibition on Insider Trades During Pension Fund Black-Out Periods (§ 306)

To address an inequity that attracted significant public attention during the Enron scandal, beginning January 26, 2003, directors and executive officers will be prohibited from purchasing or selling any equity security of an issuer (other than an exempted security) during “black-out periods” applicable to the issuer’s pension plans, if the shares were acquired in connection with the person’s service as a director or officer. Black-out periods are generally defined as periods during which plan participants or beneficiaries are restricted from trading in the public markets.

The Act requires issuers to provide “timely” notice of any black-out period to the SEC and the director or officer who is subject to the black-out trading prohibitions. In addition, pursuant to the provisions of Section 306 related to the Employee Retirement Income Security Act of 1974, or ERISA, the issuer must provide notice of any black-out period to the affected participants and beneficiaries.

The SEC, in consultation with the Secretary of Labor, has rulemaking authority to clarify these provisions and provide appropriate exemptions. The remedies for any violation of these provisions are borrowed from the existing “short-swing” profit prohibitions: any profits realized from a prohibited transaction are recoverable by the issuer or by a stockholder derivatively for benefit of the issuer, without regard to the intention of the party entering into the transaction.

Prohibition on Improper Influence on Conduct of Audits (§ 303)

By April 26, 2003, the SEC must adopt rules making it unlawful for any officer or director to fraudulently influence, coerce, manipulate or mislead an issuer’s auditors for the purpose of making the issuer’s financial statements materially misleading.

Rules of Professional Responsibility for Attorneys (§ 307)

By January 26, 2003, the SEC must adopt rules requiring attorneys appearing and practicing before the SEC to report to the chief legal counsel or the chief executive officer of an issuer evidence of a material violation of securities laws or a breach of fiduciary duty or similar violation by that issuer or any agent of that issuer. In addition, if the counsel or officer does not appropriately respond to the evidence by adopting appropriate remedial measures or sanctions with respect to the violation, the attorney must report the evidence to the issuer’s audit committee or the entire board of directors.

 

Enhanced Disclosure Requirements

The Act imposes a number of new disclosure requirements designed to enhance visibility with respect to suspect accounting practices. These new requirements are as follows:

Accuracy of Financial Reports (§ 401)

Each financial report filed with the SEC containing financial information prepared in accordance with (or reconciled to) generally accepted accounting principles, or GAAP, must reflect all material correcting adjustments that have been identified by a registered public accounting firm in accordance with GAAP and applicable securities laws.

In addition, prior to January 26, 2003, the SEC must issue rules requiring that each annual and quarterly financial report disclose all material off-balance sheet transactions, arrangements, contingent obligations and other relationships with unconsolidated entities (similar to the types of arrangements and relationships that are at issue in the Enron scandal). In addition, the SEC must issue rules that prohibit the use in periodic reports and other public disclosures of misleading pro forma financial information and that require the pro forma information to be reconciled with GAAP.

Recommendations:

  • We recommend that audit committees, as well as certifying CEOs and CFOs, require the auditors to review with them all significant correcting adjustments (whether or not made) to ensure that all material adjustments are properly reflected in the company’s financial reports.
  • In addition, consistent with recently proposed SEC rules and cautionary advice issued by the SEC staff, management and audit committees should review the MD&A sections of their companies’ periodic reports to confirm that they contain appropriate disclosure regarding off-balance sheet and similar transactions.
  • Management and audit committees should also review all financial press releases and other financial disclosures containing pro forma information to verify that they include reconciliations to the comparable GAAP information and do not give undue prominence to the pro forma information or otherwise provide misleading presentations of their companies’ results of operations or financial condition.
  • Finally, we recommend that companies review their timetables for preparation and review of filings to make sure they allow adequate time for any additional procedures, such as those set forth above.

Section 16 Reporting (§ 403)

Commencing August 29, 2002, Section 16 insiders (directors, executive officers and beneficial owners of 10% or more of a registered class of securities) will be required to file Form 4s within two business days after completing any reportable transaction (although the SEC is authorized to extend the time period for filing in any case in which the SEC determines that filing within two business days is “not feasible”). This is a significant departure from the existing requirement that Form 4s be filed within the first 10 days of the calendar month following a reportable transaction.

By July 30, 2003, the SEC must provide for electronic filing of Section 16 statements, and companies must post the statements on their websites within one business day following the electronic filing. In a recent release, the SEC proposed changes to Form 8-K that would also require companies to report insider transactions on an accelerated basis. Because Congress has enacted the Act’s changes to the Section 16 filing requirements, it is possible that the SEC will modify, or perhaps reconsider the necessity of, the proposed Form 8-K requirements.

Recommendation: We recommend that companies reexamine their existing Section 16 reporting procedures to determine if modifications are required to comply with the accelerated Section 16 filing requirements. In particular, companies may consider putting into effect a system requiring officers and directors to email the appropriate party (whether inside or outside counsel or others filing the reports) immediately after any change of ownership is effected. In addition, companies should consider implementing training programs to educate Section 16 insiders about the new Section 16 reporting requirements and procedures.

Management Assessment of Internal Controls (§ 404)

Pursuant to the Act, the SEC must adopt rules requiring Form 10-Ks to contain an “internal control report.” This report must:

  • state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and
  • include management’s assessment of the effectiveness of these controls.

The registered public accounting firm preparing the audit report for the Form 10-K will be required to attest to and report on management’s assessments in the internal control report. In addition, pursuant to Section 302 of the Act, discussed above, the issuer’s officers must certify as to the effectiveness of the issuer’s internal controls.

Recommendation: We recommend that companies take this opportunity to review their systems and procedures related to internal controls and begin to consider any enhancements that may be desirable.

Codes of Ethics and Related Disclosure (§ 406)

By January 26, 2003, the SEC must adopt rules requiring issuers to disclose in periodic reports whether they have adopted codes of ethics for senior financial officers and, if a code of ethics has not been adopted, the reasons why the issuer has not done so.

As defined in the Act, codes of ethics relate to, among other things, conflicts of interest, timely and accurate disclosure in periodic reports and compliance with governmental regulations. Changes in or waivers of the provisions of an issuer’s code of ethics will be required to be reported promptly on Form 8-K or disseminated by the internet or other electronic means. Both Nasdaq and the NYSE are also in the process of implementing new rules relating to codes of ethics.

Recommendation: In light of these new rules, as well as the anticipated final rules from Nasdaq and the NYSE, we recommend that companies begin to review their existing codes of ethics to ensure that they cover appropriate subjects and contain effective guidelines, as well as provide thoughtful procedures for changes or waivers of provisions of the code of ethics and prompt reporting of such events.

Audit Committee Financial Experts (§ 407)

By January 26, 2003, the SEC must also adopt rules that require issuers to disclose in their periodic reports whether their audit committees include a “financial expert” and, if not, the reasons why not. The Act requires the SEC’s rules to provide a definition of “financial expert” that takes into consideration whether, in light of a person’s education and experience as a public accountant, auditor, principal accounting officer, principal financial officer or comptroller, or similar position, the person has an understanding of GAAP and financial statements, experience in preparing or auditing financial statements of a comparable issuer and in applying GAAP in connection with accounting for estimates, accruals and reserves, experience with internal accounting controls and a basic understanding of the functions of an audit committee.

Recommendation: While most audit committees of public companies already have members with the financial expertise necessary to comply with the existing Nasdaq or NYSE rules, we recommend that companies begin to carefully reevaluate the qualifications of their financial experts in light of the Act’s mandate to the SEC and in anticipation of final SEC rules.

Enhanced Review of Periodic Disclosures by Issuers (§ 408)

SEC review of issuers’ disclosure in their financial statements and periodic reports will now be made on a regular and systematic basis. For the purpose of scheduling these reviews, the SEC will consider a number of criteria regarding the issuer, in particular, whether the issuer has had a material restatement of financial results, experienced significant stock price volatility (as compared to other issuers), has a large market capitalization, is an emerging company with a disparity in its price-to-earnings ratio, has operations that significantly affect a material sector of the economy and any other factors the SEC considers relevant. Each issuer will be reviewed at least once every three years.

Recommendation: Companies should be prepared for their public filings to be reviewed by the SEC more thoroughly and more frequently than in the past. As a result, we recommend that companies take into account the increased likelihood of SEC review (whether of periodic reports or otherwise) when preparing timetables and planning for public offerings and similar transactions.

Real-Time Disclosure (§ 409)

Under the Act, issuers will be required to disclose to the public, in plain English and on a “rapid and current basis,” such additional information concerning material changes in the issuer’s financial condition or results of operations as the SEC determines, by rule, is necessary or useful for the protection of investors and in the public interest. The SEC may include a requirement for trend and qualitative information and graphic presentations. The Act does not define “rapid and current basis,” and presumably, the SEC will provide interpretive guidance on this issue. When implemented, the new reporting regime that the SEC will impose under this provision of the Act will likely have a far-reaching impact on the disclosure practices of most public companies.

 

Public Company Accounting Oversight Board (§ 101)

One of the key provisions of the Act mandates the establishment of an accounting oversight board designed to be independent of the accounting profession. The creation of the oversight board is intended to address deficiencies in the previous accounting regulatory board, which was often criticized as being captive to the large accounting firms and therefore unduly lax in supervising them. The Act establishes the new oversight board as an independent non-profit corporation composed of five members, including no more than two accountants, all serving on a full-time basis for staggered five-year terms. Funding of the oversight board is to be provided by issuers, based on their market capitalizations, and by accounting firms. The SEC will have a pivotal role in overseeing the new oversight board, from selection of its members to review of its proposed rules and disciplinary sanctions.

The SEC, after consultation with the Federal Reserve Chairman and the Secretary of the Treasury, must appoint the members of the oversight board by October 28, 2002, and the SEC has already begun soliciting recommendations for nominations to the board. Once appointed, the members have until April 26, 2003 to hire staff, propose rules and take other actions to make the board organized in accordance with, and have the capacity to carry out, the applicable requirements of the Act. Once the SEC makes a determination that the oversight board is so organized, each accounting firm that performs or participates in audits of issuers will have 180 days to register with the board, thus becoming a “registered public accounting firm.”

Under the Act, the oversight board will also have the authority to establish auditing, quality control, ethics, independence and other standards, and to conduct inspections and investigations of, and impose discipline on, registered public accounting firms, including enforcing compliance with the Act itself. Pursuant to the Act, the oversight board will establish rules and standards which, among other things, must address the following:

  • Auditing standards (§ 103)must provide for the preparation, and retention for at least seven years, of audit work papers; second partner concurrence in audit reports; and descriptions in audit reports of the scope of testing of internal controls, including an evaluation of those controls.
  • Quality control standards (§ 103) must include requirements for monitoring professional ethics and independence issues, consultations, supervision and internal inspections.
  • Inspections (§ 104) are to be conducted annually for registered public accounting firms that audit more than 100 issuers and at least once every three years for other firms. Reports of inspections are to be made publicly available, subject to confidentiality limitations.
  • Investigations (§ 105) may be conducted of any registered public accounting firm. As part of registration with the oversight board, each registered public accounting firm must consent to cooperate and comply with requests for testimony and production of documents.
  • Disciplinary sanctions (§ 105), including revocation of registration, suspension and bar, limitation of activities, censure and monetary penalties, may be imposed on any registered public accounting firm or any of its associated persons. Sanctions must be reported to the SEC, state regulatory agencies and ultimately to the public.

Although the creation of the oversight board will have little direct effect on companies (aside from the fee that will be levied to fund the board), depending on the vigilance of the oversight board members selected, the board has the potential to have far-reaching impact on every company’s accounting practices and audit reviews.

 

Audit Committees and Auditor Independence

Inadequate auditor independence has frequently been cited as a precipitating factor in many of the recent corporate meltdowns. The increased performance by audit firms of non-audit services has heightened the concern that the promotion and performance of these services could distract accounting firms from their traditional focus on audits and thus compromise auditor objectivity. To address these concerns, the Act includes a number of provisions that expand the responsibilities of audit committees and modify the standards for auditor independence.

While the effective date of these provisions is not specifically stated in the Act, it appears that most of these provisions will not become effective until the oversight board is operational and will be applicable, in most cases, only to registered public accounting firms.

Audit Committee Independence and Responsibilities (§ 301)

By April 26, 2003, the SEC must direct Nasdaq and the national securities exchanges to prohibit the listing of any security of any issuer that is not in compliance with the following new public company audit committee requirements, subject to appropriate opportunities to cure any noncompliance prior to delisting:

  • Committee independence: Each member of the audit committee must be an independent member of the issuer’s board of directors. To be considered independent, the member may not accept from the issuer any consulting, advisory or other compensatory fee, or have any affiliation with the issuer or any of its subsidiaries, other than in his or her capacity as a board or committee member. Both Nasdaq and the NYSE are currently in the process of implementing new requirements for independence of audit committee members (as well as rules that would require a majority of the board to be independent).
  • Audit committee responsibilities: The audit committee must be directly responsible for the appointment, compensation and oversight of the issuer’s registered public accounting firm, and the auditors will be required to report directly to the audit committee (although the auditors’ fees will, of course, be paid by the issuer). In addition, the audit committee will be responsible for resolving any disagreements between the issuer’s management and its auditors regarding financial reporting and for establishing procedures to receive and address complaints regarding accounting and auditing matters, including confidential or anonymous complaints submitted by employees. The audit committee must also have the authority to engage independent counsel and other advisors, funded by the issuer, as it deems necessary to carry out its duties. Nasdaq and the NYSE are currently in the process of implementing requirements for additional audit committee responsibilities.

Recommendations: Although companies will almost certainly have a period of time to comply with the new independence requirements, we recommend that companies begin to consider whether their committees (and boards) are likely to satisfy the new independence requirements. In addition, companies should begin to review their audit committee charters to determine if they address the new requirements that will be imposed by the Act and the anticipated new requirements from Nasdaq and the NYSE. In particular, audit committees should begin to establish direct reporting relationships with their companies’ auditors, beginning with requiring that the engagement letter be negotiated and executed by the audit committee. In addition, audit committees should consider establishing procedures, or evaluate the effectiveness of existing procedures, to receive and address employee complaints related to accounting and auditing matters, as well as legal compliance matters. In particular, the policies and procedures should make clear to all employees that the audit committee maintains an “open door” with respect to complaints concerning these matters.

Non-Audit Services (§ 201)

The Act prohibits registered public accounting firms that perform audits for issuers that are required by the Act, securities laws or the rules of the oversight board from providing specified non-audit services for that issuer. Prohibited non-audit services include bookkeeping, financial information systems design, appraisal or valuation services, fairness opinions, actuarial services, internal audit, management, human resources, broker-dealer, investment banking, investment advisor and legal and other expert services unrelated to the audit. However, the registered public accounting firm may perform certain other types of non-audit services, such as tax services, provided that the activity is preapproved by the issuer’s audit committee.

Audit Committee Preapproval (§§ 201 and 202)

The audit committee must preapprove all of an issuer’s audit services (which are deemed to include comfort letters in connection with securities underwritings) and permissible non-audit services, subject to a de minimis exception if:

  • all of the non-audit services do not exceed 5% of revenues paid by the issuer to the auditor during the fiscal year;
  • the services were not recognized as non-audit services at the time of engagement; and
  • the services are promptly brought to the attention of the audit committee and approved prior to completion of the audit.

Approval authority may be delegated to one independent committee member, so long as decisions are subsequently reported to the full committee. Approval of non-audit services is required to be disclosed in the issuer’s periodic reports.

Recommendation: Companies and audit committees should review all non-audit services to ensure that no prohibited non-audit services will be performed by their audit firms. In addition, procedures should be established to ensure that all permissible non-audit services, such as tax services, proposed by management are brought to the attention of the audit committee in advance for approval. Audit committees may also want to take advantage of the delegation-of-authority provisions to designate an individual member of the audit committee to have approval authority.

Lead and Review Audit Partner Rotation (§ 203)

The lead (or coordinating) audit partner of a registered public accounting firm that has primary responsibility for the audit, and the audit partner responsible for reviewing the audit, will be prohibited from performing audit services for the same issuer for more than five consecutive years.

Audit Reports to the Audit Committee (§ 204)

Registered public accounting firms will be required to provide to audit committees, on a timely basis, audit reports that include reports regarding all critical accounting policies, alternative GAAP treatments discussed with management and the implications of those treatments (including the treatment preferred by the accounting firm), and other material written communications, such as management letters and schedules of unadjusted differences.

Cooling-Off Periods (§ 206)

A registered public accounting firm will be prohibited from performing an audit if the CEO, CFO, chief accounting officer or controller of the issuer was employed by the accounting firm and participated in the audit of that issuer during the one-year period preceding initiation of the audit.

Recommendation: We recommend that audit committees adopt a policy requiring preapproval of any offer of employment by the company to former or current employees of the company’s auditors if those employees participated in any audit of the company’s financial statements within the last five years.

 

Analyst Conflicts of Interest (§ 501)

By July 30, 2003, the SEC or, upon authorization or direction of the SEC, a registered securities association or national securities exchange, must adopt rules that are designed to address conflicts of interest that can arise when securities analysts recommend an issuer’s securities in research reports and during public appearances. These rules are geared at improving the objectivity of analysts’ research and providing investors with more useful and reliable information.

The guidelines for the rules to be adopted under the Act call for:

  • restricting preapproval of research reports by investment bankers and persons not directly responsible for the investment research, other than legal or compliance staff;
  • ensuring that investment bankers are not supervising or conducting the compensatory evaluations of analysts;
  • prohibiting retaliation against analysts for issuing unfavorable research reports;
  • applying cooling-off periods for brokers and dealers participating in a public offering as underwriters or dealers, during which periods participating brokers and dealers will be prohibited from publishing or otherwise distributing research reports relating to the subject company or its securities; and
  • establishing structural and institutional safeguards within registered brokers and dealers to assure that analysts are separated by appropriate informational walls and are not subject to the review, pressure or oversight of investment bankers.

The guidelines also call for rules related to the disclosure by securities analysts and brokers and dealers of conflicts of interest. In particular, these rules must require each analyst to disclose during public appearances, and each registered broker or dealer to disclose in each research report, conflicts of interest with respect to the issuer that is the subject of the appearance or report, including:

  • the extent to which the analyst has debt or equity investments in the issuer;
  • whether any compensation has been received from the issuer (subject to certain exemptions);
  • whether the issuer currently is, or in the preceding year has been, a client of the broker or dealer, and if so, describing the types of services provided to the issuer; and
  • whether the analyst received compensation with respect to the research report, based upon, among other factors, the investment banking revenues of the registered broker or dealer.

 

Criminal Penalties and Enforcement

The Act immediately increases criminal penalties, including both fines and imprisonment, and provides new methods of enforcement against persons who are found to be in violation of securities laws. In addition, the Act offers new “whistle-blower” protections for employees who assist in investigations of securities fraud claims against their companies and mandates a review of federal sentencing guidelines to ensure that the current penalties are sufficient to deter, prevent and punish securities-related offenses.

Destruction, Alteration or Falsification of Documents (§ 802)

It is unlawful for any person to knowingly alter, destroy or falsify documents with the intent to impede or obstruct an investigation or proper administration of any matter in a federal investigation or bankruptcy proceeding. A violation of this provision may lead to fines and imprisonment for up to 20 years.

Destruction of Corporate Audit Records (§ 802)

Any accountant who conducts an audit of an issuer that is subject to the auditing rules of the Securities Exchange Act must maintain all audit or review work papers for a period of five years from the end of the fiscal period in which the audit or review was concluded. The SEC must promulgate rules and regulations by January 26, 2003 relating to the retention of these documents. It is unlawful for any auditor to knowingly and willfully violate the document retention rules set forth by the Act or the SEC. A violation of this provision may lead to fines and imprisonment for up to 10 years.

False Certification by Corporate Officers (§ 906)

It is a criminal offense for the chief executive or chief financial officer of an issuer to file certifications of periodic reports, as required by Section 906 of the Act, knowing that the periodic report accompanying the statement does not comport with all of the requirements of the securities laws, as attested to in the certificate. It is possible that this penalty may also be applied to certifications required under Section 302 of the Act. A knowing violation of this provision carries a maximum punishment of a fine of up to $1,000,000 and imprisonment for up to 10 years. A willful violation of this provision carries a maximum punishment of a fine of up to $5,000,000 and imprisonment for up to 20 years.

Securities Fraud (§ 807)

It is unlawful for any person to knowingly execute or attempt to execute a scheme or artifice to defraud any other person in connection with any security of an issuer, or to obtain, by means of false or fraudulent pretenses, representations or promises, any money or property in connection with the purchase or sale of any such security. A violation of this provision may lead to fines and imprisonment for up to 25 years.

Debts Nondischargeable if Incurred in Violation of Securities Fraud Laws (§ 803)

The Bankruptcy Code has been amended to provide that debts from judgments and settlements in connection with violations of securities laws, or any other fraud in connection with the purchase or sale of any security, will not be discharged in a bankruptcy proceeding.

Statute of Limitations for Securities Fraud (§ 804)

A private right of action that involves a claim of fraud, deceit, manipulation or contrivance in contravention of a regulatory requirement concerning the securities laws may now be brought no later than the earlier of two years after the discovery of the facts constituting the violation or five years after the violation. This provision lengthens the statute of limitations for such actions, which previously had been the earlier of one year after discovery or three years after the violation.

Attempt and Conspiracy (§ 902)

Persons who attempt or conspire to commit offenses under the Act will now be subject to the same penalties as those prescribed for the underlying offense.

Increased Penalties for White-Collar Crimes (§ 903, 904)

The Act increases the penalties for several white-collar crimes, including mail and wire fraud and violations of ERISA. The Act increases the maximum period of imprisonment for mail or wire fraud, not affecting a financial institution, from five to 20 years. The Act also increases the maximum period of imprisonment for a willful violation of ERISA from one to 10 years and increases the monetary penalty for a willful violation from $5,000 to $100,000 for an individual and from $100,000 to $500,000 for an entity.

Temporary Freeze Authority (§ 1103)

The SEC now has the authority to temporarily freeze any extraordinary payment (whether compensatory or otherwise) that would otherwise have been made by a public company to its directors, officers, partners, controlling persons, agents or employees during the course of a lawful investigation involving possible violations of federal securities laws. Frozen payments will be placed in an interest-bearing escrow account for up to 90 days. If the company is charged with a violation of federal securities laws, the order will remain in effect until the conclusion of the legal proceedings. If the company is not charged, the disputed payments will be returned to the company.

Change to Existing Officer and Director Bars (§§ 305 and 1105)

Under existing rules, the SEC is authorized to seek a court order enjoining a person who commits securities fraud from acting as an officer or director of an issuer if that person’s conduct demonstrates “substantial unfitness” to serve as an officer or director. The Act now provides that the injunction could be imposed if the violating person’s conduct simply demonstrates “unfitness” to serve as an officer or director. In addition, the Act provides that in any cease-and-desist proceeding relating to securities law violations, the SEC may bar the accused person from acting as an officer or director of an issuer if the conduct of the person “demonstrates unfitness” to serve as an officer or director of an issuer.

Since the beginning of this year, we have noticed a definite hardening of the SEC’s position requiring an “officer and director bar” as part of negotiated settlements of proposed enforcement actions against corporate executives. This provision appears destined to strengthen the SEC’s hand in settlement negotiations.

Protection for Whistle-Blowers (§ 806)

An issuer may not discharge or discriminate against an employee who assists in an investigation, or participates in a proceeding against the issuer, regarding any conduct that the employee reasonably believes constitutes a violation of securities laws or constitutes fraud against the issuer’s shareholders.

Recommendations: As recommended above, audit committees should establish procedures to receive and address complaints regarding accounting and auditing matters, including confidential or anonymous complaints submitted by employees.

Retaliation Against Informants (§ 1107)

It is unlawful to knowingly and intentionally retaliate against any person, including interfering with the person’s lawful employment, for providing a law enforcement officer with any truthful information relating to the commission or possible commission of a federal offense. A violation of this provision may lead to fines and imprisonment for up to 10 years.

Review of Federal Sentencing Guidelines (§§ 805, 905 and 1104)

By January 26, 2003, the U.S. Sentencing Commission must review and, as appropriate, amend the Federal Sentencing Guidelines and related policy statements to ensure that the sentencing guidelines and policy statements reflect the serious nature of securities law violations and that the penalties are sufficient to deter, prevent and punish these offenses. It is anticipated that, as a result of this review, the sentencing guidelines and policy statements related to the implementation of the provisions of the Act and related offenses, such as obstruction of justice and securities fraud offenses, will become more severe.

Fair Funds for Investors (§ 308)

The Act provides for the deposit of civil penalties and disgorgement funds into a fund for the benefit of victims of violations of securities laws.

 

On the Horizon

Although the Act has been touted as the most sweeping accounting and corporate reform since the Great Depression, it may not mark the end of Congressional action in this area. The Act mandates that a number of studies be conducted, including studies of the feasibility and economics of implementation of principles-based accounting, the potential effect of mandatory audit firm rotation and an analysis of SEC enforcement actions (to identify those areas most susceptible to fraud). Presumably, many of these studies will lead to further legislation or rulemaking. In addition, notably absent from the Act is any requirement that stock options be expensed for accounting purposes. Companies should not, however, take much comfort from its absence from the legislation; many commentators have targeted stock option accounting as a root cause of the recent corporate scandals. The International Accounting Standards Board has publicly indicated that it favors accounting for stock options as an expense, and several legislators and others in positions of influence have expressed the view that the Financial Accounting Standards Board should revisit this issue.

We anticipate that, in the near future, Congressional staffs, the SEC, the Department of Justice or other agencies will provide further elaboration or guidance on the provisions of the Act, and we will circulate further information as it becomes available.


©2003-2010 Cooley LLP. All rights reserved.
COOLEY®, the COOLEY GODWARD KRONISH LLP® logo, and COOLEY GODWARD® are registered U.S. service marks of Cooley LLP.
Cooley was founded in 1920 – for our story, visit our history page.