Sarbanes-Oxley Act of 2002
and Other SEC Reforms
Michael J. Halloran, Senior Partner
Pillsbury Winthrop LLP
Presentation to
Institute for Corporate Counsel
March 20-21, 2003
Introductions
Recent Corporate Reform Initiatives
Sarbanes-Oxley Act of 2002
Other SEC Reforms
Proposed NYSE and Nasdaq Corporate Governance
Standards
2
Overview (Sarbanes-Oxley)
History: Signed into law by President Bush on July 30, 2002
Background: Reaction to Enron, Global Crossing, Tyco, Worldcom, etc.
Purpose: To protect investors by improving the accuracy and reliability of
corporate disclosures made under federal securities laws and to eliminate certain
abuses which occurred in corporate failures
Effectiveness: Immediately, with certain exceptions principally required for
agency rulemaking
Scope: In general, applies to all reporting companies under the Securities
Exchange Act of 1934 (as well as accounting and law firms representing those
companies), even including
foreign private issuers
unlisted companies with debt registered under the 1933 Act
companies in registration under the 1933 Act
Oversight Board: Public Company Accounting Oversight Board established to
oversee the audit of public companies and required to be organized by April 26,
2003
3
Status of Regulatory Actions (Sarbanes-Oxley)
Currently Applicable Sections of the Sarbanes-Oxley Act and Final Regulations so far Adopted by SEC Under the Act
§ 208: Rules regarding auditor independence
§ 302: Certification of disclosure in companies’ quarterly and annual reports; SEC Rules 13a-14 and 13a-15 and 15d-14
§ 304: Disgorgement by CEOs and CFOs of bonuses and profits realized from the sale of the issuer’s securities after a financial restatement
§ 306: Final rules relating to employee benefit plans and related blackout periods (Department of Labor)
§ 306(a): Insider trades during pension fund blackout periods (SEC and Department of Labor)
§ 307: Rules of professional responsibility for attorneys
§§ 401(a) and 401(b): Disclosure of non-GAAP financial information, off-balance sheet arrangements and contingent liabilities
§ 402: Prohibition of personal loans to executives
§ 403: § 16 Ownership reports and trading by officers, directors and principal security holders; SEC Rule 16-3 (f) and (g)
§§ 406 and 407: Disclosure of code of ethics and financial experts
§ 802: Retention of records related to audits
§ 806: Whistleblower protections
§ 906: Criminal certification in companies’ quarterly and annual reports
Public Company Accounting Oversight Board
§ 101: Charles Niemeier (SEC enforcement chief accountant) is acting Chairman, together with board members Kayla Gillan (CalPERS), Daniel
Goelzer (Baker & McKenzie) and Willis Gradison (lobbyist and former Congressman) as the other initial members
Proposed SEC Regulations under Sarbanes-Oxley Act
§ 301: Prohibition of listing of any security of an issuer not in compliance with Audit Committee Requirements
§ 303: Improper influence on conduct of audits
§ 307: Rules of professional responsibility for attorneys (Noisy Withdrawal)
§ 403: Electronic filings of forms 3, 4 and 5
§ 404: Proposed internal control requirements
4
Status of Regulatory Actions (Sarbanes-Oxley)
Key Dates
By January 26, 2003
§ 409: Disclosure “on a rapid and current basis” of material changes to an
issuer’s financial condition
By April 26, 2003
§ 101: Deadline for organization of Public Company Accounting Oversight Board
By 180 days after the Board’s Organization
§ 102: Accounting firm registration with the Public Company Accounting
Oversight Board
5
Status of Regulatory Actions (Sarbanes-Oxley)
Studies Mandated by Sarbanes-Oxley Act
January 26, 2003
§ 702: Role and function of credit rating agencies (SEC)
§ 704: Violations of reporting requirements and restatements of financial statements (SEC)
§ 705: Assistance by investment banks in manipulating earnings (Comptroller General)
§ 805: Sentencing guidelines for obstruction of justice involving evidence (U.S. Sentencing
Commission)
January 30, 2003
§ 703: Violations by securities professionals (SEC)
July 30, 2003
§ 207: Mandatory rotation of registered public accounting firms (Comptroller General)
§ 701: Consolidation of public accounting firms (Comptroller General)
6
Overview (Sarbanes-Oxley)
Overview (Sarbanes-Oxley)
Corporate Responsibility, Disclosure and
Enforcement (Slides 8-34)
Criminal Statutes and Penalties (Slide 35)
Accounting and Auditing Practices (Slides 3641)
7
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
Corporate Responsibility, Disclosure
and Enforcement Provisions
Certification of Periodic Reports by CEOs and CFOs (Slides 9-17)
Proposed Internal Control Report Rules (Slide 18)
Implications for D&O Insurance (Slide 19)
Enhanced Disclosure Requirements and Related Changes to MD&A (Slides 20-21)
Prohibition of Personal Loans to Executives (Slides 23-25)
Reporting of and Prohibitions on Insider Trading (Slides 26-28)
Improper Influence; Disgorgement of Profits; Officer and Director Bars (Slides 29-30)
Attorneys’ Professional Responsibilities (Slide 31)
Restitution Fund for Defrauded Shareholders (Slide 31)
Corporate Code of Ethics (Slide 32)
Minimum SEC Review of Issuers; Extended Statute of Limitations (Slide 33)
Whistleblower Protection (Slide 34)
8
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
Certification of Periodic Reports by CEOs and CFOs
§ 906 criminal certification
§ 302 civil certification
9
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
§ 906 Criminal Certification. Requires CEOs and
CFOs to certify as to any periodic report containing
financial statements
Certification Requires:
Financial statements fairly present, in all
material respects, the financial condition and
results of operations of the company
Periodic report fully complies with the 1934 Act
10
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
Applies to Forms 10-K, 10-Q, 20-F and 40-F. A “periodic report”
has generally not been viewed by the SEC as including Forms
8-K and 6-K
Unlike § 302 civil certifications, § 906 will be enforced by the
Department of Justice (DOJ), so no SEC guidance available
Violations of § 906
“Knowing violation” punishable by up to $1,000,000 in fines
and/or 10 years imprisonment
“Willful violation” punishable by up to $5,000,000 in fines
and/or 20 years imprisonment
No prescribed method of filing – EDGAR correspondence, fully
EDGARized or paper filings acceptable
11
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
§ 302 Civil Certification. 1934 Act Rules 13a-14 and 15d-14
implement § 302 and require CEOs and CFOs to certify in reports:
To the best of their knowledge:
The filing contains no untrue statement of material fact or omission of a
material fact
The financial statements and other financial information included in the
report fairly present in all material respects the financial condition,
results of operations and cash flows of the company
“Disclosure controls and procedures” established and assessed
within 90 days of filing date (SEC has made a proposal to modify
the timing of the assessment to the final day of the period);
disclosure in periodic report of conclusions about effectiveness
Disclosure to audit committee of deficiencies in design/operation of
internal controls and fraud involving management and key
employees affecting internal controls
Disclosure in periodic report of significant changes in internal
controls including any corrective actions
12
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
Reports subject to § 302 certification requirement
Certification required for reports on Forms 10-K, 10-Q, 20-F
and 40-F; does not apply to Forms 8-K or 6-K
SEC considering whether to require certification for proxy and
information statements
Certification included in text of form – no deviations allowed
Separate certification from § 906 – may not be combined with
§302
Nonetheless, registrants should follow the same disclosure
control procedures that apply to periodic reports for all public
communications, including press releases
Broader than GAAP
Certification regarding fair presentation of financial statements
not limited to conformity with GAAP
Requires assessment of whether any additional information is
necessary to provide investors with a materially accurate and
complete picture of financial condition, results of operations and
cash flows
13
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
“Disclosure controls and procedures” introduced as new concept by the SEC (Rule
13a-15)
Disclosure controls and procedures designed to ensure that the information required to
be disclosed by the company in its periodic reports is recorded, processed,
summarized and reported to management in time for management to prepare and file
periodic reports in compliance with SEC filing deadlines
Independent obligation under new rules to have sufficient disclosure controls and
procedures; enforceable by the SEC even if disclosure is not flawed
The SEC in its release recommends that registrants create disclosure committee to
determine materiality of information and determine disclosure obligations in a timely
manner
Differentiated from “internal controls” that pertain to financial reporting and control of
assets
Item 307 of Reg. S-K requires issuer to disclose in its periodic reports
CEO / CFO conclusions regarding effectiveness of disclosure controls and procedures based on
a quarterly evaluation
Significant changes in internal controls or practices significantly affecting disclosure controls
subsequent to the date of their evaluation
14
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
Violations of § 302. Officer that fails to comply or signs a
false certification is subject to:
Private Securities Litigation Liability: We believe, however,
that knowledge of falsity has to exist to have private
securities litigation liability (except that to the extent it is
incorporated by reference into 1933 Act registration
statements in which liability is negligence-based)
SEC Civil Enforcement
Injunctive sanctions under the 1934 Act (including Cease and
Desist Orders by SEC)
Fines and Penalties
» Tier 1 ($5,000) (Negligence)
» Tier 2 ($50,000) (Knowledge)
» Tier 3 ($100,000) (Knowledge)
Criminal Liability under the 1934 Act
15
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
Separate Certifications for §§ 302 and 906
Certification requirements under § 302 (and related SEC
regulations) and § 906 are separate and distinct
Companies should file separate certifications with respect to
each requirement and not attempt to combine the
certifications; § 906 certifications are not “filed” with the
securities filing, but sent in separately under cover of letter
§ 302 certification text must be exactly as prescribed by the
SEC
§ 906 certification text has been submitted by companies in
a variety of substantially similar wordings – presently no
guidance from the DOJ or the SEC
16
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
Suggestions on Implementing Requirements to Comply with
§§ 302 and 906
Evaluate adequacy of existing preparation and review procedures
Accelerate, if necessary, preparation and filing timeline
Designate one person as a “disclosure monitor” to document
review process and generate a record of the basis for the
executives’ certifications
Officers should be involved in the approval process for reports
and should not approve them without a thorough personal review
and critical analysis about disclosures
Establish disclosure committee
Consider requiring limited scope certifications by subordinate officers
and employees
Greater involvement by professional advisers
17
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
Proposed Internal Control Report Rules under § 404
Internal control report would be required in Forms 10-K, 20-F
and 40-F
Registered public accounting firm must attest to the reports
Internal control report and attestation report proposed to be
filed as exhibits
The SEC is proposing to make effective for fiscal years that
end on or after September 15, 2003
Proposals clarify that disclosure controls and procedures and
internal controls and procedures need to be evaluated
quarterly as of the date the related periodic report is filed
Proposals would amend recently adopted § 302 certifications
with delayed effectiveness
18
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
Implications for D&O Insurance
Insurance industry anticipates increase in claims against directors and officers – expect to see large
increase in premiums, larger retentions by the company, and more coverage exclusions
Industry focusing on its perceived original purpose of D&O insurance - the protection of the personal
assets of non-culpable directors and officers
Changing D&O carrier is becoming more of an issue because carriers are less likely to waive prior
and pending litigation and prior act exclusions, creating potential gaps in coverage
Carriers taking harder positions on who is covered by the policy and whether allegations of fraud will
be enough to create an exception from coverage
Immediate review of D&O policies should be undertaken with a view to the following:
Definition of a 'claim' – try to ensure that the definition of a 'claim' covers the desired spectrum of potential
claims (from a governmental investigation or claim to a civil class action claim to a criminal prosecution)
Severability of claims – try to insert language in the policy which prohibits the imputation of one individual
insured’s conduct to any other individuals for purposes of exclusions from coverage
Consider whether your policy requires fraudulent or criminal conduct to be proven 'in-fact' for exclusions to
apply
Consider separate coverage of directors and officers and possible effect in bankruptcy
19
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
Disclosure of Material Off-Balance Sheet Transactions
§ 401(a): Companies must disclose in periodic reports all material off-balance sheet
transactions, and tables of contractual obligations and contingent liabilities and
commitments, that are reasonably likely to have a material current or future effect on
financial condition, changes in financial condition, results of operations, liquidity,
capital expenditures, capital resources, or significant components of revenues or
expenses
Disclosure in a separately captioned subsection of the MD&A
The SEC views MD&A as the centerpiece of disclosure
20
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
Conditions For Use of Non-GAAP Financial Measures
§ 401(b): Reconciliation to GAAP required where non-GAAP financial measures are presented in SEC filings
or other public disclosures
Rule codified in new Regulation G
Regulation G defines term “non-GAAP financial measures” instead of “pro forma financial information”
Violation of Regulation G may be a Rule 10b-5 violation
Disclosures related to business combinations excluded from Regulation G
Reg. FD disclosure would require reconciliation and be required to comply with Regulation G
Certain Non-GAAP Disclosures Always Prohibited
Excluding from any non-GAAP liquidity measures (other than EBIT and EBITDA) charges or liabilities that
require cash settlement
Adjusting a non-GAAP performance measure to eliminate or smooth items identified as non-recurring,
infrequent or unusual, when nature of charge or gain is reasonably likely to occur within two years or similar
charge or gain has occurred within prior two years
Presentation of a non-GAAP financial measure on the face of financial statements or in financial notes
Use of descriptive terms that are the same as or confusingly similar to descriptions used for GAAP financial
measures
Mandatory Form 8-K
All non-GAAP financial disclosures (earnings releases) must be furnished on Form 8-K within 5 business days
(not a requirement to have earnings releases)
Information furnished on a Form 8-K will not be incorporated by reference into other filings
21
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
Related Changes to MD&A Disclosure (January 2002 SEC Statement
and May 2002 SEC Proposed Rules)
Requires separate “critical accounting policies” section in MD&A
Issuers you must identify accounting estimates that
are highly uncertain at the time the estimate is made or
would have a material impact on the company’s financial statements
if a different estimate had been made
Describe estimates and underlying assumptions
More detailed disclosure for adoption of new accounting policies having
material impact on financial statements
22
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
Prohibition of Personal Loans to Executives
General Prohibition. With certain exceptions for banks and financial institutions,
§ 402 makes it unlawful for a public company “to extend or maintain credit, to
arrange for the extension of credit, or to renew an extension of credit in the form of
a personal loan,” directly or indirectly, to its directors and executive officers
No SEC Guidance. There are substantial ambiguities in § 402 and the legal
community debates its meaning
Does Not Apply to Business Loans. § 402 does not appear to apply to business
loans, such as business travel advances and credit cards used for business
purposes. Business-related advances could be viewed as personal loans if:
The amount is unreasonable in relation to contemplated business activity
Advances are not actually spent for business purposes
Unspent amounts are not promptly returned to the company
23
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
Pre-Existing Arrangements. Arrangements existing prior to
July 30, 2002 (enactment) are exempt so long as there are
subsequent no material modifications. Absent SEC guidance,
material modifications may include:
Alterations in interest rates of existing non-variable rate loans
Changes to loan terms, repayment schedules, amortization
method and security arrangements
Forgiveness of a pre-existing outstanding loan, although there
is disagreement on this (See 25 law firm memo). Instead,
repayments could be made from bonus payments not
conditioned on repayment of the pre-existing loan
24
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
§ 402’s application:
Personal use of company credit cards, required to be repaid
Personal use of company car, required to be reimbursed
Relocation loans and advances
Loans from 401(k) plans
Cashless option exercise, although there are structures that
may not be deemed loans
Concern as to whether advances to directors and officers to
defend litigation might be a “loan”; “reasoned” legal advice can
be obtained
25
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
Reporting of and Prohibitions on Insider Trading
Accelerated Form 4 Deadlines. § 403 (together with new SEC
regulations) requires Form 4 to be filed before the end of the
second business day following trade date for any transaction
resulting in a change in beneficial ownership by Section 16 insider
Electronic Filing for Forms 3, 4 and 5. By July 30, 2003, all
Forms 3, 4 and must be filed electronically via EDGAR
Mandatory Website Posting. Beginning July 30, 2003,
companies websites must post Form 3, 4 and 5 information no
later than the end of the business day following the filing of the
related statement with the SEC
26
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
Transactions Formerly Reported on Form 5. The new SEC
regulations adopted under § 403 provide that certain transactions
previously reportable on Form 5 must now be reported on Form 4. These
transactions include:
grants of stock options
outright grants of shares
disposition of options or shares to the issuer
discretionary transactions in employee benefit plans
27
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
Prohibition on Insider Trading During Blackout Periods. § 306 prohibits executive
officers and directors from engaging in transactions involving their company’s
equity securities during a “blackout period” if those securities were acquired in
connection with employment
Blackout Period. Any period during which, for more than three consecutive
business days, a company suspends ability of 50% or more of the participants
or beneficiaries to engage in transactions involving the company’s equity
securities
Shorter Window Possible. The SEC will continue to evaluate whether
blackout periods of three days or shorter would trigger the prohibition
Advance Notice of Certain Blackout Periods. § 306 requires company to
provide at least 30-days’ notice of an impending blackout period by filing a
Form 8-K. The notice must provide the following information:
Length of blackout
Proposed beginning and ending dates
Exempt Transactions. Does not apply among other things to securities
acquired by an insider through dividend reinvestment plans, purchases and
sales pursuant to 10b5-1(c) plans, purchases and sales pursuant to “tax
conditioned” plans, and stock splits
Remedy. SEC Enforcement Action or Recovery of Profits in Private Action
28
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
Improper Influence, Disgorgement of Profits and Officer and Director
Bars
Improper Influence Prohibited. Unlawful for any officer or director (or person
acting under their direction) to fraudulently influence, coerce, manipulate or
mislead an auditor in the performance of an audit (§ 303)
Types of conduct that the SEC believes might constitute improper influence
under proposed rules, depending on the facts and circumstances of each
case, include:
Offering or paying bribes or other financial incentives, including offering future
employment to the auditing firm or contracts for non-audit services
Providing an auditor inaccurate or misleading legal analysis
Threatening to cancel or canceling existing non-audit or audit engagements if
the auditor objects to the issuer’s accounting
Seeking to have a partner removed from the audit engagement because the
partner objects to the issuer’s accounting
Blackmail
Physical threats
29
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
§ 304: CEOs and CFOs Required to Disgorge Profits Upon
Restatement of Financials. If a company is required to restate
financials as a result of a material non-compliance with a financial
reporting requirement as a result of misconduct, the CEO and CFO must
disgorge:
all bonus, incentive-based compensation, equity-based compensation
and
profits from sales of company’s securities
during the 12-month period following the first public issuance or filing with
the SEC (whichever occurs first) of the financial document “embodying” that
financial reporting requirement
§ 305: Officer and Director Bars. The SEC has authority to bar
individuals from acting as an officer or director of a public company if
conduct demonstrates person is unfit to serve in such capacity –
standard changed to simple “unfitness” from “substantial unfitness”
30
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
Final Rules Regarding Attorneys’ Professional Responsibilities
The SEC has adopted minimum standards of professional responsibility for attorneys appearing and practicing before the SEC
If an attorney appearing and practicing before the SEC in the representation of a Company becomes aware of evidence that would
lead a reasonable attorney to believe a material violation of securities laws is occurring or is about to occur, s/he would be required
to report to the corporation’s chief legal officer; the chief legal officer has an obligation to investigate
If the reporting attorney has not received an appropriate response within a reasonable time, a report must be made to the Audit
Committee or the full Board of Directors
In the alternative, if the company had previously formed a Qualified Legal Compliance Committee (“QLCC”), an attorney will satisfy
his reporting requirement by reporting material violations of securities laws to the QLCC
Proposed Rules regarding ‘Noisy Withdrawal’
November 2002 proposal provided that if the reporting attorney has not received an appropriate response from the company’s
officers or Board and believes the violation is ongoing or about to occur and is likely to result in substantial financial injury to the
company or its shareholders, s/he would be required to
If the reporting attorney is outside legal counsel, make a “Noisy Withdrawal”
Withdraw representation
Notify the SEC of withdrawal
Disaffirm to the SEC any tainted submissions to the SEC the reporting attorney participated in preparing
If the reporting attorney is in-house, s/he is required to disaffirm any tainted submission to the SEC, but is not required to resign
Alternative proposal
Attorney would be required to provide a written notice of withdrawal to the issuer if the attorney had reported evidence of a material violation
and had not received an appropriate response
Issuer would be required to report withdrawal to SEC within 2 business days on a Form 8-K
Attorney would be permitted, but not required, to notify SEC if the Company did not report the withdrawal to the SEC
§ 308: Creation of Restitution Fund for Defrauded Shareholders. The Act directs the SEC to create an investor
restitution fund and to deposit in such fund any fines it recovers from executives who violate the securities laws.
31
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
§ 406: Corporate Code of Ethics
Sarbanes-Oxley requires each reporting company to disclose whether or not it has adopted a written
code of ethics for its senior financial officers and, if not, the reasons therefor
The SEC has broadened the scope of the law to apply the code of ethics to the company’s principal
executive officer, principal financial officer, principal accounting officer or controller and persons
performing similar functions
"Code of ethics" is a codification of standards reasonably designed to deter wrongdoing and promote:
Honest and ethical conduct, including the ethical handling of actual or apparent conflicts of interest between personal and
professional relationships
Full, fair, accurate, timely and understandable disclosure in reports and documents that a registrant files with, or submits to, the SEC
and in other public communications made by the registrant
Compliance with applicable governmental laws, rules and regulations
The prompt internal reporting to an appropriate person or persons identified in the code of violations of the code of conduct
Accountability for adherence to the code of conduct
The rules require the company to immediately disclose, within 5 business days, by filing a Form 8-K or
(provided the company has stated its intent to do so in its most recent Form 10-K) on its website:
any amendment to the code of ethics
any waiver (including an implicit or de facto waiver) of a provision of the code of ethics
advice: build in exceptions into the code of ethics to avoid waivers (e.g., gifts from outsiders up to $150)
The company has three options for making its code of ethics publicly available:
file its code of ethics as an exhibit to its annual report on Form 10-K
post on its corporate website
Undertake in annual report to provide a copy to any person free of charge
32
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
§ 408: Minimum Review of Issuers by SEC. The Act
requires the SEC to review reports of issuers listed on
a national securities exchange or traded on an
automated quotation facility at least once every three
years (Not applicable to unlisted companies)
§ 804: Extended Statute of Limitations. Statutes of
limitations for private securities litigation from one to
two years after discovery and from three to five years
after the violation
33
Corporate Responsibility, Disclosure and Enforcement
(Sarbanes-Oxley)
§ 806: Whistleblower Protection. Companies are prohibited from
discriminating in the terms of employment for employees who lawfully
provide information or assistance in securities fraud investigations
Under § 301 (new § 10A(m)(4) of the 1934 Act) Audit Committees to
establish protocol to address “whistle blower” communications
Receipt, retention and treatment of complaints received by the company
regarding accounting, internal controls, or auditing matters
Confidential and anonymous submissions by employees of concerns
regarding questionable accounting or auditing matters
Under § 301 (new § 10A(m)(6) of the 1934 Act audit committee) must
have authority and funding available to engage independent counsel and
outside advisers
34
Criminal Statutes and Penalties
(Sarbanes-Oxley)
Criminal Statutes and Penalties
§ 802: Alteration of Documents – punishable by fines and 20 years imprisonment
Applicable to anyone who destroys, alters or falsifies records in connection with a
federal investigation
§ 802: Destruction of Corporate Audit Records By Outside Accountants – punishable
by fines and up to 10 years imprisonment
Any outside accountant who conducts an audit is required to maintain work papers for
seven years
Work papers include papers that support an auditor’s conclusions as well as those that
“cast doubt” on those conclusions
§ 807: Securities Fraud – punishable by fines and up to 25 years imprisonment
The new law is broader than pre-existing criminal securities law provisions, which are
limited to being “in connection with the purchase or sale of securities”
§ 906: False Certification of Financial Reports – punishable by fines and up to 20 years
imprisonment
§ 903: Mail and Wire Fraud – maximum imprisonment increased from five to 20 years
35
Accounting and Auditing Practices
(Sarbanes-Oxley)
Accounting and Auditing Practices
Public Company Accounting Oversight Board and Related Matters (Slide
37)
Prohibition of Certain Non-audit Services (Slide 37)
Audit Committee Approval (Slide 38)
Audit Committee Membership (Slide 39)
Financial Expert Rules (Slide 40)
Additional Audit-Related Measures (Slide 41)
36
Accounting and Auditing Practices
(Sarbanes-Oxley)
§ 101: Public Company Accounting Oversight Board and Related Matters.
Independent, non-profit board to oversee audit of public companies—the board is
required to begin functioning in early 2003
§ 201: Prohibition of Certain Non-audit Services. Public accounting firms will be
prohibited from providing the following non-audit services contemporaneously with the
audit of a public company:
Bookkeeping services
Financial information systems design and implementation
Appraisal or valuation services, fairness opinion, or contribution-in-kind
reports
Actuarial services
Internal audit outsourcing services
Management functions or human resources
Broker or dealer, investment advisor, or investment banking services
Legal services and expert services unrelated to the audit
Any other services that the Public Company Accounting Oversight Board
determines, by regulation, is impermissible
Firms can provide tax and other non-audit services that are not “prohibited” only if
approved in advance by the audit committee
37
Accounting and Auditing Practices
(Sarbanes-Oxley)
§§ 201(h) and 202 : Audit Committee Approval. Other audit
and non-audit services including tax services may be performed
by registered public accounting firms but must be pre-approved by
audit committee and disclosed in periodic reports
Requires disclosure to investors in periodic reports of approval
of non-audit services
Preapproval of Services
Sarbanes-Oxley requires pre-approval of audit and “nonaudit services” by the audit committee
No “blanket approval” permitted; services must be specifically
identified in order to be approved
Pre-approval required for all other non-audit services –
including tax services
Comfort letters are considered audit services and do not
require preapproval
Contains de minimis (5% of accounting engagement revenues)
exception for inadvertent provision of non-audit services
38
Accounting and Auditing Practices
(Sarbanes-Oxley)
Audit Committee Membership
§ 301: The SEC has proposed rules that would prohibit exchanges and Nasdaq from listing companies that did not meet
minimum audit committee standards
Audit Committees :
Responsible for appointment, compensation and oversight of independent auditor
Composed entirely of “independent” members
No consulting, advisory or other compensation from issuer, or
No affiliated persons of issuer or its subsidiaries
No indirect payments (family members or professional service corporations)
Establish procedures for receiving complaints received by issuer regarding accounting, internal accounting controls or auditing
matters, and the confidential, anonymous submission by employees of concerns regarding questionable accounting or auditing
matters
Have the authority to engage independent counsel and other advisers
Have appropriate funding for payment of compensation of the registered public accounting firm employed by the issuer and any
advisors employed by the audit committee
Applies only to companies listed on a national exchange or automated inter-dealer quotation system of national securities
association (not applicable to pink sheet companies)
Exchange rules must be operative no later than the first anniversary of the publication of final rules (final rules required by
April 26, 2003)
Exception for IPOs (90 day transition period)
Certain exceptions for foreign private issuers where local law or customs require deviation
39
Accounting and Auditing Practices
(Sarbanes-Oxley)
Audit Committee Financial Expert Rule 401(h) under Sarbanes-Oxley § 407
Board of Directors required to determine whether it has at least one “audit committee financial expert” and disclose such person’s
name
Company required to disclose whether or not the audit committee financial expert is independent (applying the listing standards of
the NYSE, AMEX or NASD, as applicable)
“Audit Committee Financial Expert” is a person who has the following attributes:
An understanding of GAAP and financial statements
The ability to assess the general application of GAAP in connection with the accounting for estimates, accruals and reserves
Experience preparing, auditing, analyzing or evaluating financial statements that present a breadth and level of complexity of accounting
issues that are generally comparable to the breadth and complexity of issues that can be reasonably expected to be raised by the
Company’s financial statements, or experience actively supervising one or more persons engaged in such activities
An understanding of internal controls and procedures for financial reporting
An understanding of audit committee functions
The SEC in its release intended to expand the definition of an Audit Committee Financial Expert to someone who obtained their
experience in scrutinizing financial statements in industries such as investment banking, venture capital and financial analysis, not
just accounting (e.g., Warren Buffett or Alan Greenspan)
Each audit committee financial expert must have all five attributes (collective expertise among members is insufficient). If the Board
of Directors has to find a new member with these attributes, this is consistent with the Sarbanes-Oxley Act.
Audit committee financial expert must have acquired their qualification through any one or more of the following (education alone
being insufficient):
Education and experience as a principal financial officer, principal accounting officer, controller, public accountant or auditor or experience
in one or more positions that involve the performance of similar functions;
Experience actively supervising a principal financial officer, principal accounting officer, controller, public accountant, auditor or person
performing similar functions;
Experience overseeing or assessing the performance of companies or public accountants with respect to the preparation, auditing or
evaluation of financial statements; or
Other relevant experience.
SEC Rule contains Safe Harbor for Financial Experts: No increased or decreased duties, obligations or liabilities for being an audit
committee financial expert than for other Audit Committee members or Board members
40
Accounting and Auditing Practices
(Sarbanes-Oxley)
Additional Audit-Related Measures
§ 301: Audit Committee Authority. Audit Committee vested with the sole
authority to engage and terminate the independent auditors, to compensate them
and to oversee them and the power to engage independent counsel and advisers.
Note that this shifts the management of the relationship between the company and
independent auditors from the Board and management to the Audit Committee
§ 203: Audit Partner Rotation. Lead audit partner and lead review partner must
rotate every five years
§ 204: Reports to Audit Committee. Auditor must report to audit committee on
critical accounting policies and practices and on all alternative disclosures and
treatments of financial information discussed with management and the
consequences of the use of these alternative disclosures and treatments
§ 206: Disqualification. Accounting firm may not perform audit services for a
company whose CFO, CEO or senior accounting officers were employed by the
firm in the year preceding the initiation of an audit and who participated in the audit
41
Other SEC Reforms
Other SEC Reforms
New SEC Rules for Acceleration of Periodic
Report Filing Deadlines
Proposed Additional Form 8-K Events
42
Other SEC Reforms
New SEC Rules for Acceleration of Periodic Report Filing
Deadlines
Adopted by the SEC on September 5, 2002
“Accelerated filers” must meet shortened deadlines for 10-Ks and
10-Qs
Applies to accelerated filers with fiscal years ending on or after
December 15, 2002
Requires Website disclosure of SEC filings
“Accelerated Filer”
$75 million public float as of end of most recently completed second
fiscal quarter
Subject to reporting requirements for at least one year
Previously filed at least one annual report on Form 10-K
Not applicable to 10-KSB and 10-QSB filers
43
Other SEC Reforms
New filing deadlines phased in over three years:
Form 10-K
90 days where fiscal year ends on or after December 15, 2002
75 days where fiscal year ends on or after December 15, 2003
60 days where fiscal year ends on or after December 15, 2004
Form 10-Q
45 days where fiscal year ends on or after December 15, 2002
40 days where fiscal year ends on or after December 15, 2004
35 days where fiscal year ends on or after December 15, 2005
44
Other SEC Reforms
Additional Form 8-K Events
Sarbanes-Oxley § 409: Companies must disclose material changes to financial condition “on a rapid
and current basis”: SEC to issue rules
In June 2002, the SEC proposed rules mandating disclosure events, which indicates its previous views
regarding additional and accelerated disclosure requirements:
new material agreements or terminations thereof (not in ordinary course)
termination or reduction of significant business relationship
creation or triggering of material direct or contingent financial obligation, including default or acceleration
material write-offs, restructurings or impairments
change in company rating or outlook
change in exchange, delisting notice or delisting
conclusion or notice that investors should no longer rely on previously issued financial statements
material limitations on employee benefit plans, including blackout periods
private placements of equity securities
material modifications to rights of security holders, charter or bylaws
appointment or departure of principal officer or election of new directors
no action to date on proposal
Additional 8-K events triggered by Sarbanes-Oxley:
changes or waivers to codes of ethics required to be disclosed on Form 8-K
issuance of earnings announcements and releases required to be disclosed on Form 8-K
Withdrawal of attorney pursuant to §307 proposed rules would require filing of Form 8-K
45
Proposed NYSE and Nasdaq Corporate
Governance Standards
Proposed NYSE and Nasdaq Corporate Governance Standards
Proposed NYSE and Nasdaq Corporate Governance Standards (Slide 47)
Majority of Board Must Be “Independent Directors” (Slides 48-52)
Audit Committee Proposals (Slides 53-56)
Stockholder Approval of Equity Compensation Plans (Slide 57)
Adoption and Disclosure of Corporate Governance Guidelines and Code of
Business Conduct and Ethics (Slides 58-59)
Other Corporate Reform Proposals (Slides 60)
46
Overview (NYSE and Nasdaq)
Proposed NYSE and Nasdaq Corporate Governance
Standards
History:
February 2002 – the SEC requests NYSE and Nasdaq to review
corporate governance standards
June 2002 – initial proposals of NYSE Corporate Accountability and
Listing Standards Committee
August 2002 – final proposals adopted by NYSE and submitted to
the SEC for approval (pending)
October 2002, Revised February 2003 – final proposals adopted by
Nasdaq and submitted to the SEC for approval (pending)
Purpose: To empower directors, officers and employees to perform
their functions effectively and strengthen shareholder monitoring of
company and director performance to reduce lax and unethical
corporate behavior
Effectiveness: After SEC approval, certain provisions will be effective
immediately while others have transition periods from six to 24 months
47
NYSE and Nasdaq Corporate Governance Proposals
Majority of Independent Directors
Listed companies, other than controlled companies, must
have a majority of independent directors
Purpose: to increase the quality of oversight and lessen the
possibility of conflicts of interest
Effective:
NYSE: 24 months after SEC approval of new listing
standards
Nasdaq: Immediately following company’s first annual
meeting after January 1, 2004
48
NYSE Corporate Governance Proposals
Tightened NYSE Definition of “Independent Director”
Under the proposed NYSE rules an “independent director” requires
an absence of any “material relationship” with the listed company
Either directly or indirectly as a partner, shareholder or officer of
any entity with a relationship to the listed company
Board must make affirmative determination that director has no
material relationship, which can include, among other things,
commercial, consulting or legal advisory relationships
But significant stock ownership by itself is not a bar to independence
because concern is independence from management; however,
Sarbanes-Oxley § 301 prohibits “affiliated persons” from serving on
the audit committee
49
NYSE Corporate Governance Proposals
Specified relationships deemed to be “material” until after five
year cooling off period
A director is not independent if:
employed by the company within the preceding five years
affiliated with or employed by a present or former auditor of
the company, until five years after end of affiliation or
auditing relationship
employed by another company in the preceding five years
if at the same time an executive officer of the company was
a director on such other company’s compensation
committee
an immediate family member to one of the foregoing
categories of persons within the past five years
50
Nasdaq Corporate Governance Proposals
Tightened Nasdaq Definition of “Independent Director”
Director is not independent if:
Affiliated with or employed by a present or former auditor of the company, until
three years after end of affiliation or auditing relationship
Employed by or family member was executive officer in company during last
three years
Director or family member received more than $60,000 (excluding
compensation for board service) from company in past three years (including
political contributions)
Executive officer of not-for-profit to which company paid more than $200,000
or 5% of gross revenues
Part of interlocking compensation committee within past three years
Director would not be independent for purposes of audit committee
membership if he or she owns or controls 20% or more (or such lesser
amount as the SEC shall establish) of the company’s voting securities
51
NYSE and Nasdaq Corporate Governance Proposals
NYSE Proposals for Regular Meetings of Nonmanagement Directors
Non-management directors must hold regularly scheduled meetings
without management
“Non-management” – directors who are not company officers, but not
necessarily independent
No one presiding director at meetings required, but must disclose
presiding director or method for selection at each meeting
Non-management directors must disclose a method for interested
parties to contact them
Effective within six months of SEC approval
Nasdaq Proposal for Meetings of Independent Directors
Independent directors required to meet regularly in executive session
52
NYSE and Nasdaq Corporate Governance Proposals
NYSE and Nasdaq Proposals for Audit Committees
NYSE
Nasdaq
Effective
Date
Effective within six months of SEC
approval, although total
independence for each within 24
months
First annual meeting after
January 1, 2004 to modify
composition of board and
committees
Member
Compensation
Member compensation permitted
solely from directors fees
Payment permitted only for
board or committee service
Members must be financially literate
(or become so within a reasonable
period) and at least one must have
accounting or related financial
management experience, as
interpreted in each case by the
board
Same standard as NYSE
Financial
Literacy
NYSE deferred to the SEC on
requirement that one member
be a “financial expert”
53
Nasdaq would require
ability to read and
understand financial
statements at time of
appointment
NYSE and Nasdaq Corporate Governance Proposals
NYSE
Audit
Committee
Powers and
Responsibilities
Nasdaq
Right to hire and fire independent auditors
and to approve any significant non-audit
relationship with such auditors
Obtain and review at least annually auditing
firm’s report on its internal quality-control
procedures and material issues, if any, raised
in the last five years concerning the same
from internal, peer, governmental or
professional reviews or inquiries
Discuss annual audited financial statements,
including MD&A, with management and
auditors
Discuss earnings releases and financial
information and guidance provided to analysts
and rating agencies
Obtain outside legal, accounting or other
expert advice as appropriate
Discuss risk assessment and risk
management guidelines and policies with
management
Meet separately and periodically with
management and auditors to review audit
problems and management responses
Set hiring policies for former audit firm
employees
Report regularly to full board
54
Right to hire and fire independent
auditors and to approve any
significant non-audit relationship with
such auditors
Review and approve related party
transactions
Engage and determine funding for
independent counsel and other
advisors
Establish procedures for receipt,
retention and treatment of complaints
received by company and ensure
treated confidentially and
anonymously (See also S/O 301)
Prohibition on serving on audit
committee if directors owns or controls
20% or more of the Company’s voting
securities
NYSE Corporate Governance Proposals
Additional NYSE Proposals
Required Committees: Companies must establish committees composed
entirely of independent directors and written charters for :
Nominating and Corporate Governance Committee
Compensation Committee
Audit Committee
Charter Requirements: Charters should address committee member
qualifications, appointments and removals, committee structure and
operations, including with respect to reporting to the board
Service with Other Companies: If member serves on same committee for
more than three other public companies, board must determine no impairment
of ability to serve and disclose determination in proxy statement
Approval of Directors: Approval of director nominations by independent
directors required
55
Nasdaq Corporate Governance Proposals
Additional Nasdaq Proposals
Approval of Compensation: CEO and other
executive compensation to be approved by
independent directors
One non-independent director who is not an officer may
participate for two years pursuant to the “exceptional and limited
circumstances” exemption
Approval of Directors: Approval of director
nominations by independent directors required
One non-independent director may participate if he or she owns
more than 20% of company’s securities or pursuant to
“exceptional and limited circumstances” exemption
56
NYSE and Nasdaq Corporate Governance Proposals
Stockholder Approval of Equity
Compensation Plans
Company must obtain approval from its
stockholders for all equity compensation plans, as
well as any material revisions to the terms of these
plans
Broad-based plans would no longer be exempt from
stockholder approval requirements
Exceptions to this requirement include inducement
options and tax qualified and excess benefit plans
NYSE proposal seeks to prohibit discretionary
voting by brokers relating to these matters
57
NYSE and Nasdaq Corporate Governance Proposals
Adoption and Disclosure of Corporate Governance
Guidelines and Code of Business Conduct and Ethics
NYSE
Subject
matter of
Code of
Business
Conduct
and Ethics
Nasdaq
Conflicts of interest
Conflicts of interest
Compliance with laws and
regulations
Corporate opportunities
Confidentiality
Fair dealing
Protection and proper use of
company assets
Compliance with laws and
regulations
Encourage reporting of illegal or
unethical behavior
Waivers
Any waiver of the Code must be
made only by the Board or a
committee and must be disclosed
promptly to shareholders
Any waiver of the Code as to
executive officers and directors
must be made only by the board of
directors and must be publicly
available
Website
Required to be disclosed on
company’s website
None
58
NYSE Corporate Governance Proposals
Adoption and Disclosure of Corporate Governance
Guidelines and Code of Business Conduct and Ethics
May be expanded to all executive officers and directors
Waivers (including after-the-fact waivers) and amendments
may be disclosed on Form 8-K or the company’s website
Must be filed with annual report
Annual CEO Certifications to NYSE for Corporate
Governance Standards
CEO must certify to the NYSE annually that he or she is not
aware of any violation by the company of NYSE corporate
governance listing standards
Effective six months after SEC approval
NYSE may issue public reprimand to any violating company
59
Nasdaq Corporate Governance Proposals
Other Nasdaq Proposals
Nasdaq may delay re-listing a company based upon corporate
governance violation that occurred when company’s appeal of
delisting was pending
Directors must participate in continuing education
Listed companies prohibited from making loans to directors and
officers
Going concern qualification in audit opinion must be disclosed in
press release
Material misrepresentation or omission by company to Nasdaq
may form basis for delisting (the SEC has already approved this
proposal)
Harmonize disclosure of material information with Regulation FD
(e.g., webcasts)
60
Sarbanes-Oxley Act of 2002
and Other SEC Reforms
Michael J. Halloran, Senior Partner
Pillsbury Winthrop LLP
Presentation to
Institute for Corporate Counsel
March 20-21, 2003
Acknowledgment and appreciation are given to Dan Dashiell of
Pillsbury Winthrop LLP for his work in the preparation of this presentation.
This presentation is a general review of the subjects covered and does not constitute an opinion or legal advice.
©2003 Pillsbury Winthrop LLP. All Rights Reserved.
