THE SARBANES-OXLEY ACT: AVOIDING JAIL TIME Presented to: Society of International Business Fellows Atlanta, Georgia January 28, 2004 Presented by: Robert F. Dow, Esq. (404) 873-8706 Robert.Dow@agg.com Arnall Golden Gregory LLP 2800 One Atlantic Center 1201 West Peachtree Street Atlanta, Georgia 30309 Ways to Get in Deep Trouble under SOX • Enhanced criminal liability for document destruction • Liability for retaliation against informants • Liability for signing false certifications (public co.’s) • Notice of defined contribution plan blackout periods • Enhanced penalties for securities fraud • Enhanced liability for white-collar crime • Improper influence on auditors (public co.’s) DOCUMENT DESTRUCTION Document Destruction SOX Section 802 expands criminal liability for document destruction: • Knowingly destroy • Any records/documents • With intent to impede • Any investigation or case - or in contemplation of a case Document Destruction (cont’d) Destruction, alteration, or falsification of records in Federal investigations and bankruptcy Whoever knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States or any case filed under title 11 [bankruptcy], or in relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned not more than 20 years, or both. Tampering with Evidence Section 802 amends 18 U.S.C. §1102 – titled “Tampering with a Record or Otherwise Impeding an Official Proceeding” – to provide that whoever corruptly alters, destroys, mutilates or conceals a record, document or other object, or attempts to do so, with the intent to impair the object’s integrity or availability for use in an official [federal agency or judicial] proceeding, or who otherwise obstructs any official proceeding, or attempts to do so, shall be fined under Title 18 or imprisoned not more than 20 years, or both. Tampering with Evidence (cont’d) SOX 802 also creates another new statute, 18 U.S.C. § 1520, entitled “Destruction of corporate audit records,” which provides that: 1. Any accountant who conducts an audit of an issuer of securities to which section 10A(a) of the Securities Exchange Act of 1934 applies, shall maintain all audit or review workpapers for a period of 5 years from the end of the fiscal period in which the audit or review was concluded. Recent Enforcement Actions – Ernst & Young/Next Card • NextCard under examination by banking regulators • Ernst & Young partner orders altering of workpapers to show more support for accounting • Also destroyed emails and documents from hard drive • Two Ernst & Young managers barred from practicing before SEC • Partner faces criminal charges with up to 20 years and $250,000 in fines SECURITIES FRAUD SOX 807 creates a new general securities fraud statute, 18 U.S.C. § 1348, entitled “Securities fraud,” which provides that: Whoever knowingly executes, or attempts to execute, a scheme or artifice 1. To defraud any person in connection with any security of an issuer with a class of securities registered under section 12 of the Exchange Act or that is required to file reports under section 15(d) of the Exchange Act; or 2. To obtain, by means of false or fraudulent pretenses, representations, or promises, any money or property in connection with the purchase or sale of any security of an issuer with a class of securities registered under section 12 of the Exchange Act or that is required to file reports under section 15 (d) of the Exchange Act; shall be fined under this title, or imprisoned not more than 25 years, or both. CIVIL LIABILITY WHISTLEBLOWER PROVISIONS SOX Whistleblower Provisions • Civil remedies for retaliation against employees reporting securities fraud to company supervisors, law enforcement or Congress (Section 806) • Criminal remedies for retaliation against informants reporting violations of any federal law to law enforcement (Section 1107) Section 806 Who is Potentially Liable? • Officers • Employees • Contractors • Subcontractors • Agents Section 806 What Actions are Protected • Providing information or otherwise assisting in an investigation OR • Filing, testifying, participating in or otherwise assisting in a proceeding that is Filed or About to be filed (with any knowledge of the employer) Section 806 What Investigations are Covered Investigations involving violations of: • Federal criminal law involving securities fraud, mail fraud, bank fraud, or wire, radio and television fraud • SEC rules or regulations, or • Federal law relating to fraud against shareholders Section 806 Blowing the Whistle – To Whom? • Federal regulatory or law enforcement agency • Any member or committee of Congress • Persons working for the employer: Supervisory authority over employee Authority to investigate, discover or terminate misconduct Murray v. TXU Corp. et al. (Texas – April 2003) Allegations in Murray’s complaint: • Murray was SVP of Capital Management • TXU had aggressive earnings targets • CFO engaged in “earnings management” • TXU didn’t disclose exposures in trading markets • Murray made numerous objections to management • Murray was terminated 8/1/02 Collins v Beazer Homes (Georgia – March 2003) Allegations in Collins’ complaint: • Beazer was taking deposits on homes but misapplying the funds for other purposes • Collins suspected that Beazer division management was receiving kickbacks from a contractor • Collins complained to corporate management • Division management immediately terminated her Section 1107 CRIMINAL WHISTLEBLOWER PENALTIES Section 1107 Criminal Penalties – Overview • Very broad application • Applies to public and private companies • Whistleblowing of violations of any federal law • Employers and their agents may face: Fines up to $500,000 ($250,000 for individuals) Imprisonment up to 10 years Section 1107 Who is Protected? Any person!! Section 1107 What Action is Protected? • Providing to a law enforcement officer • Any truthful information relating to • The commission or possible commission • Of any federal offense Section 1107 What Retaliation is Prohibited? • Any harmful action (!) • Including [but not limited to!] interference with: Lawful employment Livelihood Federal Sentencing Guidelines Reward “Effective Compliance Program” • Compliance standards and procedures reasonably capable of reducing the prospect of criminal activity • Oversight by high-level personnel • Due care in delegating substantial discretionary authority • Effective communication to all levels of employees Federal Sentencing Guidelines Reward “Effective Compliance Program” (cont’d) • Reasonable steps to achieve compliance, which include systems for monitoring, auditing, and reporting suspected wrongdoing without fear of reprisal • Consistent enforcement of compliance standards including disciplinary mechanisms • Reasonable steps to respond to and prevent further similar offenses upon detection of a violation LIABILITY FOR SIGNING FALSE CERTIFICATIONS CEO/CFO Certification • Two separate CEO/CFO certifications for periodic reports – Section 302 and Section 906 • Both sections require the CEO and CFO to include a certification for each annual or quarterly report of the issuer • Section 906 imposes criminal sanctions • Section 302 is a civil provision implemented by SEC regulations issued in August 2002 SOX 906 Criminal Liability Must certify: The periodic report containing the financial statements fully complies with the requirements of the Securities Exchange Act and that information contained in the periodic report fairly presents, in all material respects, the financial condition and results of operations of the issuer. Penalties: False: 10 years/$1M Willful: 20 years/$5M SOX 302 Certification The SEC regulations under Section 302 requires the CEO and CFO to certify in each periodic report regarding: • Financial and other information included in the report • The establishment, maintenance and evaluation of disclosure controls and procedures • Internal control disclosures must be made to auditors and AC • Evaluation of internal controls and any changes thereto must be disclosed to auditors and AC SOX 302Certification (cont’d) Does the company require management below CEO/CFO to sign sub-certifications? Percent of respondents to survey who said yes: • Controller/CAO – 68% • Financial reporting personnel – 68% • Treasury personnel – 54% • Risk management – 32% Source: Deloitte & Touche Survey of Consumer Business Companies, November 2002 Recent Enforcement Actions – SEC v. David • Irving Paul David was CFO of one investment fund and controller of another related fund (Smith Barney World Fund) • David embezzled a total of $47k from two funds • David signed a certification stating he had disclosed to the auditors and audit committee any fraud, whether material or not, involving management • U.S. Attorney charged him with embezzlement • SEC charged him for false certification Recent Enforcement Actions – Legato Systems • Legato recorded income when customer (Logicon) not committed to pay • Side letter: Logicon has right to cancel Cancellation provision omitted from purchase order “because of impact on revenue recognition” • SEC charges its CFO and two sales executives • SEC also charges Logicon’s VP of sales with aiding and abetting ENHANCED LIABILITY AND CRIMINAL PROVISIONS Statute of Limitations for Securities Fraud • Section 804 amends 28 U.S.C. 1658 by adding subsection (b), which extends the statute of limitations for private rights of action involving claims of fraud, deceit, manipulation or contrivance in contravention of a regulatory requirement concerning the securities laws, to the earlier of (i) 2 years [formerly 1 year] after discovery of the facts constituting the violation or (ii) 5 years after such violation [formerly 3 years]. Penalty Enhancements • Section 902 creates new Section 1349, Attempt and Conspiracy, to Title 18 of the U.S. Code, providing that those persons who attempt or conspire to commit certain fraud offenses will be subject to the same penalties as those prescribed for the offense • Section 903 increases the maximum penalties for mail and wire fraud from five years to 20 years’ imprisonment Penalty Enhancements (cont’ d) • Section 904 increases the criminal penalties for ERISA violations from one year to 10 years imprisonment and up to $500,000 in fines • Section 1106 amends Section 32(a) of the Exchange Act to raise the maximum individual penalties from $1 million and 10 years’ imprisonment to $5 million and 20 years’ imprisonment, and to raise the maximum corporate fine from $2.5 million to $25 million Improper Influence On Auditors Improper Influence on Auditors New SEC rules say that officers may not fraudulently influence, coerce, manipulate or mislead an independent auditor: • To issue a report that is not warranted in the circumstances • Not to perform procedures required by GAAS • Not to withdraw a report • Not to communicate with AC What is Improper Influence? SEC says the following may be improper influence: • Offering or paying bribes or other financial incentives, including offering future employment • Providing an auditor with inaccurate or misleading legal analysis • Threatening to cancel existing non-audit or audit engagements if the auditor objects to the issuer’s accounting • Seeking to have a partner removed from the audit engagement because the partner objects to the issuer’s accounting • Blackmailing, and • Making physical threats Section 306 ERISA BLACKOUT PROVISIONS Blackout Notices • Administrative Information Final regulations issued by DOL on January 24, 2003 Regulations are effective for Blackout Periods beginning on or after January 26, 2003 Blackout Notices (cont’d) • “Blackout Period” Defined Any period of more than three consecutive business days during which the ability of participants or beneficiaries in an individual account plan to direct or diversify assets credited to their accounts or to obtain loans or distributions from the plan is temporarily suspended, limited, or restricted. Blackout Notices (cont’d) • Typical Blackout Period Scenarios Change in service providers (e.g., third-party recordkeepers) Change in payroll systems, vendors, or software Changing investment options Blackout Notices (cont’d) • Content of Notice Reason(s) for the Blackout Period Identification of the investments and/or rights affected by the Blackout Period Expected beginning and ending dates for the Blackout Period (specific dates or calendar weeks) If investments are affected, a statement advising evaluation of appropriateness of current investment decisions in light of inability to direct or diversify during Blackout Period Blackout Notices (cont’d) • Content of Notice If Notice is not provided 30 days in advance of a Blackout Period, a statement that 30-day advance notice is generally required and an explanation as to why notice was not given Name, address, and phone number of contact person/department for questions Notice must be written so that it can be understood by the average participant DOL has provided a model notice • Not required, but its use satisfies certain safe harbors Blackout Notices (cont’d) • Form and Distribution of Notice In writing Distributed to affected participants and beneficiaries in any manner permitted under ERISA (including electronic media) Must be mailed (or sent electronically) by the distribution deadline (need not be received by the deadline) Must be sent to the participants’ or beneficiaries’ last known addresses Blackout Notices (cont’d) • Timing of Notice At least 30 calendar days, but not more than 60 calendar days, prior to the last day on which the participants or beneficiaries may exercise the affected rights Example: Trading permitted 1 x per month on last day of month; Blackout Period = 6/20 – 7/15 (i.e., no trades on 6/30); last day to exercise rights is 5/31; thus, Notice must be provided 3060 days prior to 5/31 (i.e., no later than 5/1) Blackout Notices (cont’d) • Civil Penalties Civil penalty for administrators’ failure to provide timely Blackout Notices DOL may assess up to $100 per day, per participant or beneficiary Penalty period begins on the last date the Notice could have been properly filed and ends on the date the Blackout Period ends Personal, joint and several liability of plan administrator