Sarbanes-Oxley

advertisement
THE EFFECTS OF THE SARBANES-OXLEY ACT
ON DIRECTORS’ RESPONSIBILITIES AND
LIABILITIES
Robert D. Strahota, Assistant Director*
Office of International Affairs
U.S. Securities and Exchange Commission
Prepared for
Third OECD South-Eastern Europe Corporate Governance
Roundtable
Zagreb, Croatia
November 21-22, 2002
*The U.S. Securities and Exchange Commission, as a matter of policy, disclaims
responsibility for any publication or presentation by its employees. The views expressed
in this presentation are those of Mr. Strahota and do not necessarily reflect the views of
the Commission, individual Commissioners, or Mr. Strahota’s colleagues on the staff of
the Commission.
SARBANES-OXLEY OVERVIEW
• On July 30, 2002, President Bush signed the Sarbanes-Oxley Act of 2002 (SarbanesOxley) into law
• Sarbanes-Oxley is the most important securities legislation affecting public
companies, and thus, officers and directors of public companies, since the Securities
and Exchange Commission (SEC) was formed in 1934
• While the new law was prompted by problems encountered in the U.S., these
problems are global in dimension
• Sarbanes-Oxley’s provisions generally make no distinction between U.S. and
foreign issuers who seek to access U.S. capital markets
– The terms “issuer” and “public company” as used in many places throughout SarbanesOxley mean an issuer the securities of which are registered under the Securities
Exchange Act of 1934 (Exchange Act), which is required to file reports under the
Exchange Act, or that has filed a registration statement for a public offering of its
securities under the Securities Act of 1933 that has not become effective and that has not
been withdrawn
• SEC’s mandate is to implement Sarbanes-Oxley fully for all issuers, foreign and
domestic, but it is prepared to consider how it may fulfill this mandate through
rulemaking and interpretive authority in ways that accommodate home country
requirements and regulatory approaches to foreign issuers and accountants
OBJECTIVES OF THIS PRESENTATION
• To identify the provisions of Sarbanes-Oxley that affect directors’
responsibilities and liabilities
– Provisions affecting CEOs and CFOs also will be covered since CEOs and
CFOs often serve as directors
• To consider how Sarbanes-Oxley’s requirements may affect
directors’ liabilities under U.S. securities laws and the common
law duty of care
• To consider the relevance of Sarbanes-Oxley’s approach to
implementation of the OECD Principles of Corporate Governance
provisions regarding directors’ responsibilities
– No one would suggest that another country should enact legislation identical
to Sarbanes-Oxley
– Many, however, may wish to consider the Sarbanes-Oxley’s approach that
places heightened responsibilities on corporate directors, CEOs and CFOs,
provided that these persons have adequate legal defenses and other rights
available to them
SUMMARY OF SARBANES OXLEY PROVISIONS
AFFECTING DIRECTORS, CEOs AND CFOs
• Listed company audit committee independence requirements and
responsibilities (Section 301)
• CEO and CFO financial statement-related certifications (Sections
302 and 906)
• Unlawful for any officer or director or person acting under the
direction thereof to fraudulently influence, coerce, manipulate or
mislead any independent accountant engaged to audit the financial
statements of an issuer for purposes of rendering the financial
statements materially misleading (Section 303)
• If there is a material restatement of an issuer’s reported financial
results due to the material noncompliance of the company, as a
result of misconduct, the CEO and CFO shall reimburse the issuer
for any bonus or incentive or equity-based compensation received
within the 12 months following the filing with the financial
statements subsequently required to be restated (Section 304)
SUMMARY OF SARBANES OXLEY PROVISIONS
AFFECTING DIRECTORS, CEOs AND CFOs
• Prohibition on insider transactions during pension fund blackout
periods (Section 306)
• Audit Committee or committee of independent directors may have
to consider attorney’s reports regarding material violations of
securities law, breach of fiduciary duty or similar violations
(Section 307)
• Prohibition on personal loans to executive officers and directors of
the issuer, subject to limited exceptions (Section 402)
• Disclosure whether the issuer has a code of ethics for senior
financial officers, and if so, of any determination to change or
waive the code (Section 406)
• Board designation and disclosure of audit committee financial
expert (under SEC Section 407 rule proposals)
SARBANES-OXLEY AUDIT COMMITTEE
REQUIREMENTS
• Sarbanes-Oxley defines “audit committee” for purposes of the Act and
the Exchange Act as:
“a committee (or equivalent body) established by and amongst the
board of directors of an issuer for purposes of overseeing the
accounting and financial reporting processes of the issuer and
audits of the financial statements of the issuer; and …if no such
committee exists with respect to an issuer, the entire board of
directors of the issuer”
• For certain purposes, however, Sarbanes-Oxley imposes additional
requirements regarding the composition and responsibilities of an
“audit committee”
• E.g., Independence under Exchange Act Section 10A(m) means that
an audit committee member is not an affiliate of the issuer or any
subsidiary and that the member receives no consulting, advisory or
compensatory fee from the issuer except is his capacity as a member
of the audit committee, another board committee or the board of
directors
SARBANES-OXLEY AUDIT COMMITTEE
REQUIREMENTS
• Section 301 of Sarbanes-Oxley adds new Section 10A(m) to the Exchange Act and
requires that by April 26, 2003 the SEC, by rule, direct the national securities
exchanges and NASD to prohibit the listing of securities of any company, including
foreign companies, that do not meet the following requirements:
– Each member of the company’s audit committee must be a director and must
otherwise be independent; :
– The audit committee must be responsible for hiring and discharging the
independent auditors
– The audit committee shall be responsible for approval or all audit and non-audit
services
– The audit committee shall receive reports from the independent auditors
regarding critical accounting polices and practices, discussions that have taken
place with management regarding alternative treatments of financial information
under GAAP, and any accounting disagreements and other material written
communications between the auditors and management
– The audit committee must establish procedures to receive and address
complaints regarding accounting, internal control and audit issues, and to
provide company employees an opportunity to make confidential, anonymous
submissions regarding accounting and auditing matters
CEO AND CFO CERTIFICATION OF FINANCIAL
REPORTS
• Sarbanes-Oxley requires two types of certifications by the CEOs
and CFOs of all SEC reporting companies
• On August 27, the SEC adopted Exchange Act rules required to
implement Section 302 of Sarbanes-Oxley, which requires a
company’s CEO and CFO to certify the contents of the company’s
quarterly and annual reports.
• The CEO and CFO must certify that:
– he or she has reviewed the report;
– based on his or her knowledge, the report does not contain any untrue
statement of a material fact or omit to state a material fact necessary in order
to make the statements made, in light of the circumstances under which such
statements were made, not misleading;
– based on his or her knowledge, the financial statements, and other financial
information included in the report, fairly present in all material respects the
financial condition and results of operations of the issuer as of, and for, the
periods presented in the report;
EXCHANGE ACT – CEO AND CFO
CERTFICATION CONTINUED
The CEO and CFO
– are responsible for establishing and maintaining "disclosure
controls and procedures" (a newly-defined term reflecting the
concept of controls and procedures related to disclosure) for the
issuer;
– have designed such disclosure controls and procedures to ensure
that material information is made known to them, particularly
during the period in which the periodic report is being prepared;
– have evaluated the effectiveness of the issuer's disclosure
controls and procedures within 90 days of the date of the report;
and
– have presented in the report their conclusions about the
effectiveness of the disclosure controls and procedures based on
the required evaluation
EXCHANGE ACT CERTIFICATION - CONT.
• The CEO and CFO also must certify that they have disclosed to the
company’s auditors and to the audit committee of the board of
directors (or persons fulfilling the equivalent function):
– All significant deficiencies in the design or operation of internal
controls (a pre-existing term relating to internal controls regarding
financial reporting) which could adversely affect the issuer's ability
to record, process, summarize and report financial data and have
identified for the issuer's auditors any material weaknesses in
internal controls; and
– Any fraud, whether or not material, that involves management or
other employees who have a significant role in the issuer's internal
controls; and
– Whether or not there were significant changes in internal controls
or in other factors that could significantly affect internal controls
subsequent to the date of their evaluation, including any corrective
actions with regard to significant deficiencies and material
weaknesses.
CEO AND CFO CERTIFICATION UNDER
SECTION 906 OF SARBANES-OXLEY
• Like Section 302, this certification requirement applies to the CEOs and CFOs of all
companies required to file reports under the Exchange Act
• Unlike Section 302, which is implemented by SEC rules, Section 906’s certification
requirement is set forth as an amendment to the U.S. Criminal Code
• Section 906 requires the CEO and CFO to certify that an Exchange Act periodic
report containing financial statements complies with the reporting requirements of
the Exchange Act and that the information in the periodic report fairly presents, in
all material respects, the financial condition and results of operations of the
company
• Both Section 302, as to financial statements and other financial information, and
Section 906, as to information, require representations whether the financial
condition and results of operations of the company are fairly presented. Unlike an
audit report, however, these representations are not qualified by the words “in
accordance with GAAP”
This reflects SEC and Congressional intent that the CEO and CFO certifications are
intended to be broader in scope
• Unlike Section 302, Section 906’s certification is not qualified by knowledge or
materiality; however, a person must act knowingly to violate Section 906
SARBANES-OXLEY ATTORNEY’S OBLIGATION
TO REPORT ILLEGAL ACTS
•
Section 307 of Sarbanes-Oxley requires the SEC to issue rules by
January 26, 2003 that will set forth minimum standards of
professional conduct for attorneys appearing and practicing before
the SEC in any way in the representation of issuers, including an
“up the ladder” reporting rule:
– Requiring an attorney to report evidence of a material violation of securities
law or breach of fiduciary duty or similar violation by the issuer or any agent
thereof, to the chief legal counsel or the CEO of the issuer; and
– If the counsel or officer does not appropriately respond to the evidence
(adopting, as necessary, appropriate remedial measures or sanctions with
respect to the violation), requiring the attorney to report the evidence to the
audit committee of the board of directors of the issuer or to another committee
of the board of directors comprised solely of directors not employed directly
or indirectly by the issuer, or to the board of directors
•
SEC rule proposals to implement Section 307 were issued on
November 6 and, as proposed, would apply to both outside counsel
and in-house counsel as well as foreign attorneys representing an
issuer before the SEC
SECTION 307 RULE PROPOSALS
• Section 205.3(d) of the SEC’s proposals would deal with the
obligation of an attorney who has not received an appropriate
response from the issuer and, in certain instances, permits a “noisy
withdrawal”
• The rule would provide that where an attorney files a notification with
the SEC as part of a “noisy withdrawal,” no violation of the
attorney/client privilege occurs
• As an alternative process for considering attorneys’ reports of material
violations, an issuer may (but is not required to) establish a qualified
legal compliance committee (QLCC) comprised of at least one
member of the issuer’s audit committee and two or more other
members of the board of directors who are independent.
• The QLLC would be authorized to require the issuer to take remedial
action. If the issuer were to fail to act as directed, each QLLC member
would have the responsibility to notify the SEC.
• Attorneys who report evidence of a material violation to a QLLC
would not be subject to the noisy withdrawal provision
ADDITIONAL SARBANES-OXLEY PROVISIONS
• In general, Sarbanes-Oxley
– increases criminal penalties for securities fraud, including financial fraud;
– eases the standard for barring persons who commit securities fraud from serving
as officers and directors of public companies;
– permits the SEC to pursue such officer and director bars in administrative
proceedings as well as in the courts;
– adds sanctions and strengthens existing sanctions, regarding destruction,
alteration or falsification of records in investigations, and destruction of audit
records;
– provides a longer statute of limitations for securities fraud;
– Includes whistle blower protections; and
– limits discharge of securities law violators’ debts in bankruptcy
ANY VIOLATION OF SARBANES-OXLEY MAY
BE PROSECUTED AS A VIOLATION OF THE
EXCHANGE ACT
• Sarbanes-Oxley Section 3(b)(1) provides:
A violation by any person of this Act, any rule or regulation of
the Commission under this Act, of any rule of the [Public
Company Accounting Oversight Board] shall be treated for all
purposes in the same manner as a violation of the Securities
Exchange Act of 1934 (15 U.S.C. 78a et seq.) or the rules or
regulations issued thereunder, consistent with the provisions of
this Act, and any such person shall be subject to the same
penalties, and the same extent, as for a violation of that Act or such
rules or regulations.
STATUTORY BASIS OF DIRECTORS’ LIABILITY
FEDERAL SECURITIES LAWS
•
•
•
•
Exchange Act antifraud provisions of Section 10(b) and Rule 10b-5, for which the
courts have implied a private right of action
• Scienter or recklessness requirement
• In connection with the purchase or sale of a security requirement
Exchange Act Section 18(a) imposes liability;y on “[a]ny person who shall make
or cause to be made” a false or misleading statement in an Exchange Act report.
Liability is to the purchaser or seller of a security at a price affected by the false
or misleading statement, for damages caused by such reliance, unless the
defendant can prove that he acted in good faith and had no knowledge that such
statement was false or misleading
Exchange Act Section 20(a) controlling person liability. “Every person who,
directly or indirectly, controls any person liable under any provision of this title or
of any rule or regulation thereunder shall also be liable jointly and severally with
and to the same extent as such controlled person to any person to whom such
controlled person is liable, unless the controlling person acted in good faith and
did not directly or indirectly induce the act or acts constituting the violation or
cause of action
Securities Act of 1933. Potential civil liability under Sections 11 and 12(a)2
DIRECTORS’ DUTY OF CARE
• Audit committees of directors are charged with financial oversight
responsibility as delegated by the full board of directors
• Accordingly, both audit committee members and the full board of
directors have a duty of care to the company and its shareholders
• Discharge of this duty generally requires, among other things:
– That board members be duly diligent and act in good faith
– In the case of audit committee members, the duty of care requires members to:
• Be fully informed and observe committee processes, which include
attendance, proactive questioning and discussion with management and the
independent auditors
• Ensure that the company has an adequate system of internal controls to
monitor red flags and preserve the integrity of financial reporting; and
• Oversee the financial reporting process, which requires confirmation of the
outside auditors’ independence and necessitates an understanding of the
company’s business, its risks and critical accounting policies
CAREMARK INT’L. DERIVATIVE LITIGATION
• In this leading case, 698 A.2d 959 (Del.Ch. 1996), the Delaware Chancery Court
held that the board of directors’ duty of oversight includes a duty to ensure that
“appropriate information and reporting systems” exist to provide the board with
access to timely accurate and adequate information to ensure corporate compliance
and business performance; however, the level of detail required is a matter of
business judgment
• Caremark suggests that in evaluating a company’s management systems and the
structure of internal controls, board (or audit committee) members should test and
challenge those systems rather than just relying on the auditors’ and management’s
reports to identify any deficiencies
• While Caremark represents a departure from prior case law that recognized a
presumption of business regularity and did not impose affirmative obligations on
directors absent cause for suspicion. Caremark nevertheless follows a traditional
business judgment rule analysis in holding that directors are able to fulfill their duty
of monitoring under Delaware law by making a good faith, reasonable effort to
implement an adequate reporting system
• Compare the SEC’s Report of Investigation in W.R. Grace & Co. (Exchange Act.
Rel. No. 34-39157 (Sept. 30, 1997)), indicating: “An officer or director may rely
upon the company’s procedures for determining what disclosure is required only if
he or she has a reasonable basis for believing that those procedures have resulted in
full consideration of those issues”
PROVISIONS Of U.S. LAWS THAT MITIGATE
THE POTENTIAL CIVIL LIABILITY OF
DIRECTORS
• Business judgment rule
• Due diligence defenses
• Good faith reliance upon the records of the corporation and upon
such information, reports opinions or statements provided by
corporate officers, employees, board committees and
professional advisors; e.g. Section Del Gen. Corp. Law, Section
141(e)
• Charter provisions that limit liability for damages for breach of
the duty of care; e.g. Del Gen. Corp. Law. Section 102(b)(7)
• Indemnification and contribution
• Insurance
CONCLUSIONS
• Sarbanes-Oxley makes it easier to prosecute securities fraud, particularly financial
fraud.
• One of the most direct ways in which the Act accomplishes this objective is to place
greater responsibility on senior management and directors, particularly independent
directors and audit committee members, by requiring them to take a substantially
more proactive role in overseeing and monitoring the financial reporting process,
including disclosure and reporting systems and internal controls
• While Sarbanes-Oxley increases civil and criminal enforcement authority over the
conduct of corporate officers and directors, it does not purport to change the civil
liability provisions that may apply to directors’ conduct under federal securities laws
or the common law duty of care
• However, there is no question that potential civil liability for directors will be greater
after Sarbanes-Oxley
• For those countries considering provisions, such as Sarbanes-Oxley, that place
increased responsibilities on directors, the prospect of directors’ civil liability such
liability should be viewed in the context of whether there are sufficient legal
defenses and other provisions available to mitigate such liability without
compromising directorial responsibility, so that corporations will be able to attract
and retain qualified corporate directors
Download