Sarbanes-Oxley Act of 2002 and Other SEC Reforms Michael J. Halloran, Senior Partner Pillsbury Winthrop LLP Presentation to Institute for Corporate Counsel March 20-21, 2003 Introductions Recent Corporate Reform Initiatives Sarbanes-Oxley Act of 2002 Other SEC Reforms Proposed NYSE and Nasdaq Corporate Governance Standards 2 Overview (Sarbanes-Oxley) History: Signed into law by President Bush on July 30, 2002 Background: Reaction to Enron, Global Crossing, Tyco, Worldcom, etc. Purpose: To protect investors by improving the accuracy and reliability of corporate disclosures made under federal securities laws and to eliminate certain abuses which occurred in corporate failures Effectiveness: Immediately, with certain exceptions principally required for agency rulemaking Scope: In general, applies to all reporting companies under the Securities Exchange Act of 1934 (as well as accounting and law firms representing those companies), even including foreign private issuers unlisted companies with debt registered under the 1933 Act companies in registration under the 1933 Act Oversight Board: Public Company Accounting Oversight Board established to oversee the audit of public companies and required to be organized by April 26, 2003 3 Status of Regulatory Actions (Sarbanes-Oxley) Currently Applicable Sections of the Sarbanes-Oxley Act and Final Regulations so far Adopted by SEC Under the Act § 208: Rules regarding auditor independence § 302: Certification of disclosure in companies’ quarterly and annual reports; SEC Rules 13a-14 and 13a-15 and 15d-14 § 304: Disgorgement by CEOs and CFOs of bonuses and profits realized from the sale of the issuer’s securities after a financial restatement § 306: Final rules relating to employee benefit plans and related blackout periods (Department of Labor) § 306(a): Insider trades during pension fund blackout periods (SEC and Department of Labor) § 307: Rules of professional responsibility for attorneys §§ 401(a) and 401(b): Disclosure of non-GAAP financial information, off-balance sheet arrangements and contingent liabilities § 402: Prohibition of personal loans to executives § 403: § 16 Ownership reports and trading by officers, directors and principal security holders; SEC Rule 16-3 (f) and (g) §§ 406 and 407: Disclosure of code of ethics and financial experts § 802: Retention of records related to audits § 806: Whistleblower protections § 906: Criminal certification in companies’ quarterly and annual reports Public Company Accounting Oversight Board § 101: Charles Niemeier (SEC enforcement chief accountant) is acting Chairman, together with board members Kayla Gillan (CalPERS), Daniel Goelzer (Baker & McKenzie) and Willis Gradison (lobbyist and former Congressman) as the other initial members Proposed SEC Regulations under Sarbanes-Oxley Act § 301: Prohibition of listing of any security of an issuer not in compliance with Audit Committee Requirements § 303: Improper influence on conduct of audits § 307: Rules of professional responsibility for attorneys (Noisy Withdrawal) § 403: Electronic filings of forms 3, 4 and 5 § 404: Proposed internal control requirements 4 Status of Regulatory Actions (Sarbanes-Oxley) Key Dates By January 26, 2003 § 409: Disclosure “on a rapid and current basis” of material changes to an issuer’s financial condition By April 26, 2003 § 101: Deadline for organization of Public Company Accounting Oversight Board By 180 days after the Board’s Organization § 102: Accounting firm registration with the Public Company Accounting Oversight Board 5 Status of Regulatory Actions (Sarbanes-Oxley) Studies Mandated by Sarbanes-Oxley Act January 26, 2003 § 702: Role and function of credit rating agencies (SEC) § 704: Violations of reporting requirements and restatements of financial statements (SEC) § 705: Assistance by investment banks in manipulating earnings (Comptroller General) § 805: Sentencing guidelines for obstruction of justice involving evidence (U.S. Sentencing Commission) January 30, 2003 § 703: Violations by securities professionals (SEC) July 30, 2003 § 207: Mandatory rotation of registered public accounting firms (Comptroller General) § 701: Consolidation of public accounting firms (Comptroller General) 6 Overview (Sarbanes-Oxley) Overview (Sarbanes-Oxley) Corporate Responsibility, Disclosure and Enforcement (Slides 8-34) Criminal Statutes and Penalties (Slide 35) Accounting and Auditing Practices (Slides 3641) 7 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) Corporate Responsibility, Disclosure and Enforcement Provisions Certification of Periodic Reports by CEOs and CFOs (Slides 9-17) Proposed Internal Control Report Rules (Slide 18) Implications for D&O Insurance (Slide 19) Enhanced Disclosure Requirements and Related Changes to MD&A (Slides 20-21) Prohibition of Personal Loans to Executives (Slides 23-25) Reporting of and Prohibitions on Insider Trading (Slides 26-28) Improper Influence; Disgorgement of Profits; Officer and Director Bars (Slides 29-30) Attorneys’ Professional Responsibilities (Slide 31) Restitution Fund for Defrauded Shareholders (Slide 31) Corporate Code of Ethics (Slide 32) Minimum SEC Review of Issuers; Extended Statute of Limitations (Slide 33) Whistleblower Protection (Slide 34) 8 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) Certification of Periodic Reports by CEOs and CFOs § 906 criminal certification § 302 civil certification 9 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) § 906 Criminal Certification. Requires CEOs and CFOs to certify as to any periodic report containing financial statements Certification Requires: Financial statements fairly present, in all material respects, the financial condition and results of operations of the company Periodic report fully complies with the 1934 Act 10 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) Applies to Forms 10-K, 10-Q, 20-F and 40-F. A “periodic report” has generally not been viewed by the SEC as including Forms 8-K and 6-K Unlike § 302 civil certifications, § 906 will be enforced by the Department of Justice (DOJ), so no SEC guidance available Violations of § 906 “Knowing violation” punishable by up to $1,000,000 in fines and/or 10 years imprisonment “Willful violation” punishable by up to $5,000,000 in fines and/or 20 years imprisonment No prescribed method of filing – EDGAR correspondence, fully EDGARized or paper filings acceptable 11 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) § 302 Civil Certification. 1934 Act Rules 13a-14 and 15d-14 implement § 302 and require CEOs and CFOs to certify in reports: To the best of their knowledge: The filing contains no untrue statement of material fact or omission of a material fact The financial statements and other financial information included in the report fairly present in all material respects the financial condition, results of operations and cash flows of the company “Disclosure controls and procedures” established and assessed within 90 days of filing date (SEC has made a proposal to modify the timing of the assessment to the final day of the period); disclosure in periodic report of conclusions about effectiveness Disclosure to audit committee of deficiencies in design/operation of internal controls and fraud involving management and key employees affecting internal controls Disclosure in periodic report of significant changes in internal controls including any corrective actions 12 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) Reports subject to § 302 certification requirement Certification required for reports on Forms 10-K, 10-Q, 20-F and 40-F; does not apply to Forms 8-K or 6-K SEC considering whether to require certification for proxy and information statements Certification included in text of form – no deviations allowed Separate certification from § 906 – may not be combined with §302 Nonetheless, registrants should follow the same disclosure control procedures that apply to periodic reports for all public communications, including press releases Broader than GAAP Certification regarding fair presentation of financial statements not limited to conformity with GAAP Requires assessment of whether any additional information is necessary to provide investors with a materially accurate and complete picture of financial condition, results of operations and cash flows 13 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) “Disclosure controls and procedures” introduced as new concept by the SEC (Rule 13a-15) Disclosure controls and procedures designed to ensure that the information required to be disclosed by the company in its periodic reports is recorded, processed, summarized and reported to management in time for management to prepare and file periodic reports in compliance with SEC filing deadlines Independent obligation under new rules to have sufficient disclosure controls and procedures; enforceable by the SEC even if disclosure is not flawed The SEC in its release recommends that registrants create disclosure committee to determine materiality of information and determine disclosure obligations in a timely manner Differentiated from “internal controls” that pertain to financial reporting and control of assets Item 307 of Reg. S-K requires issuer to disclose in its periodic reports CEO / CFO conclusions regarding effectiveness of disclosure controls and procedures based on a quarterly evaluation Significant changes in internal controls or practices significantly affecting disclosure controls subsequent to the date of their evaluation 14 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) Violations of § 302. Officer that fails to comply or signs a false certification is subject to: Private Securities Litigation Liability: We believe, however, that knowledge of falsity has to exist to have private securities litigation liability (except that to the extent it is incorporated by reference into 1933 Act registration statements in which liability is negligence-based) SEC Civil Enforcement Injunctive sanctions under the 1934 Act (including Cease and Desist Orders by SEC) Fines and Penalties » Tier 1 ($5,000) (Negligence) » Tier 2 ($50,000) (Knowledge) » Tier 3 ($100,000) (Knowledge) Criminal Liability under the 1934 Act 15 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) Separate Certifications for §§ 302 and 906 Certification requirements under § 302 (and related SEC regulations) and § 906 are separate and distinct Companies should file separate certifications with respect to each requirement and not attempt to combine the certifications; § 906 certifications are not “filed” with the securities filing, but sent in separately under cover of letter § 302 certification text must be exactly as prescribed by the SEC § 906 certification text has been submitted by companies in a variety of substantially similar wordings – presently no guidance from the DOJ or the SEC 16 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) Suggestions on Implementing Requirements to Comply with §§ 302 and 906 Evaluate adequacy of existing preparation and review procedures Accelerate, if necessary, preparation and filing timeline Designate one person as a “disclosure monitor” to document review process and generate a record of the basis for the executives’ certifications Officers should be involved in the approval process for reports and should not approve them without a thorough personal review and critical analysis about disclosures Establish disclosure committee Consider requiring limited scope certifications by subordinate officers and employees Greater involvement by professional advisers 17 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) Proposed Internal Control Report Rules under § 404 Internal control report would be required in Forms 10-K, 20-F and 40-F Registered public accounting firm must attest to the reports Internal control report and attestation report proposed to be filed as exhibits The SEC is proposing to make effective for fiscal years that end on or after September 15, 2003 Proposals clarify that disclosure controls and procedures and internal controls and procedures need to be evaluated quarterly as of the date the related periodic report is filed Proposals would amend recently adopted § 302 certifications with delayed effectiveness 18 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) Implications for D&O Insurance Insurance industry anticipates increase in claims against directors and officers – expect to see large increase in premiums, larger retentions by the company, and more coverage exclusions Industry focusing on its perceived original purpose of D&O insurance - the protection of the personal assets of non-culpable directors and officers Changing D&O carrier is becoming more of an issue because carriers are less likely to waive prior and pending litigation and prior act exclusions, creating potential gaps in coverage Carriers taking harder positions on who is covered by the policy and whether allegations of fraud will be enough to create an exception from coverage Immediate review of D&O policies should be undertaken with a view to the following: Definition of a 'claim' – try to ensure that the definition of a 'claim' covers the desired spectrum of potential claims (from a governmental investigation or claim to a civil class action claim to a criminal prosecution) Severability of claims – try to insert language in the policy which prohibits the imputation of one individual insured’s conduct to any other individuals for purposes of exclusions from coverage Consider whether your policy requires fraudulent or criminal conduct to be proven 'in-fact' for exclusions to apply Consider separate coverage of directors and officers and possible effect in bankruptcy 19 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) Disclosure of Material Off-Balance Sheet Transactions § 401(a): Companies must disclose in periodic reports all material off-balance sheet transactions, and tables of contractual obligations and contingent liabilities and commitments, that are reasonably likely to have a material current or future effect on financial condition, changes in financial condition, results of operations, liquidity, capital expenditures, capital resources, or significant components of revenues or expenses Disclosure in a separately captioned subsection of the MD&A The SEC views MD&A as the centerpiece of disclosure 20 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) Conditions For Use of Non-GAAP Financial Measures § 401(b): Reconciliation to GAAP required where non-GAAP financial measures are presented in SEC filings or other public disclosures Rule codified in new Regulation G Regulation G defines term “non-GAAP financial measures” instead of “pro forma financial information” Violation of Regulation G may be a Rule 10b-5 violation Disclosures related to business combinations excluded from Regulation G Reg. FD disclosure would require reconciliation and be required to comply with Regulation G Certain Non-GAAP Disclosures Always Prohibited Excluding from any non-GAAP liquidity measures (other than EBIT and EBITDA) charges or liabilities that require cash settlement Adjusting a non-GAAP performance measure to eliminate or smooth items identified as non-recurring, infrequent or unusual, when nature of charge or gain is reasonably likely to occur within two years or similar charge or gain has occurred within prior two years Presentation of a non-GAAP financial measure on the face of financial statements or in financial notes Use of descriptive terms that are the same as or confusingly similar to descriptions used for GAAP financial measures Mandatory Form 8-K All non-GAAP financial disclosures (earnings releases) must be furnished on Form 8-K within 5 business days (not a requirement to have earnings releases) Information furnished on a Form 8-K will not be incorporated by reference into other filings 21 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) Related Changes to MD&A Disclosure (January 2002 SEC Statement and May 2002 SEC Proposed Rules) Requires separate “critical accounting policies” section in MD&A Issuers you must identify accounting estimates that are highly uncertain at the time the estimate is made or would have a material impact on the company’s financial statements if a different estimate had been made Describe estimates and underlying assumptions More detailed disclosure for adoption of new accounting policies having material impact on financial statements 22 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) Prohibition of Personal Loans to Executives General Prohibition. With certain exceptions for banks and financial institutions, § 402 makes it unlawful for a public company “to extend or maintain credit, to arrange for the extension of credit, or to renew an extension of credit in the form of a personal loan,” directly or indirectly, to its directors and executive officers No SEC Guidance. There are substantial ambiguities in § 402 and the legal community debates its meaning Does Not Apply to Business Loans. § 402 does not appear to apply to business loans, such as business travel advances and credit cards used for business purposes. Business-related advances could be viewed as personal loans if: The amount is unreasonable in relation to contemplated business activity Advances are not actually spent for business purposes Unspent amounts are not promptly returned to the company 23 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) Pre-Existing Arrangements. Arrangements existing prior to July 30, 2002 (enactment) are exempt so long as there are subsequent no material modifications. Absent SEC guidance, material modifications may include: Alterations in interest rates of existing non-variable rate loans Changes to loan terms, repayment schedules, amortization method and security arrangements Forgiveness of a pre-existing outstanding loan, although there is disagreement on this (See 25 law firm memo). Instead, repayments could be made from bonus payments not conditioned on repayment of the pre-existing loan 24 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) § 402’s application: Personal use of company credit cards, required to be repaid Personal use of company car, required to be reimbursed Relocation loans and advances Loans from 401(k) plans Cashless option exercise, although there are structures that may not be deemed loans Concern as to whether advances to directors and officers to defend litigation might be a “loan”; “reasoned” legal advice can be obtained 25 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) Reporting of and Prohibitions on Insider Trading Accelerated Form 4 Deadlines. § 403 (together with new SEC regulations) requires Form 4 to be filed before the end of the second business day following trade date for any transaction resulting in a change in beneficial ownership by Section 16 insider Electronic Filing for Forms 3, 4 and 5. By July 30, 2003, all Forms 3, 4 and must be filed electronically via EDGAR Mandatory Website Posting. Beginning July 30, 2003, companies websites must post Form 3, 4 and 5 information no later than the end of the business day following the filing of the related statement with the SEC 26 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) Transactions Formerly Reported on Form 5. The new SEC regulations adopted under § 403 provide that certain transactions previously reportable on Form 5 must now be reported on Form 4. These transactions include: grants of stock options outright grants of shares disposition of options or shares to the issuer discretionary transactions in employee benefit plans 27 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) Prohibition on Insider Trading During Blackout Periods. § 306 prohibits executive officers and directors from engaging in transactions involving their company’s equity securities during a “blackout period” if those securities were acquired in connection with employment Blackout Period. Any period during which, for more than three consecutive business days, a company suspends ability of 50% or more of the participants or beneficiaries to engage in transactions involving the company’s equity securities Shorter Window Possible. The SEC will continue to evaluate whether blackout periods of three days or shorter would trigger the prohibition Advance Notice of Certain Blackout Periods. § 306 requires company to provide at least 30-days’ notice of an impending blackout period by filing a Form 8-K. The notice must provide the following information: Length of blackout Proposed beginning and ending dates Exempt Transactions. Does not apply among other things to securities acquired by an insider through dividend reinvestment plans, purchases and sales pursuant to 10b5-1(c) plans, purchases and sales pursuant to “tax conditioned” plans, and stock splits Remedy. SEC Enforcement Action or Recovery of Profits in Private Action 28 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) Improper Influence, Disgorgement of Profits and Officer and Director Bars Improper Influence Prohibited. Unlawful for any officer or director (or person acting under their direction) to fraudulently influence, coerce, manipulate or mislead an auditor in the performance of an audit (§ 303) Types of conduct that the SEC believes might constitute improper influence under proposed rules, depending on the facts and circumstances of each case, include: Offering or paying bribes or other financial incentives, including offering future employment to the auditing firm or contracts for non-audit services Providing an auditor inaccurate or misleading legal analysis Threatening to cancel or canceling existing non-audit or audit engagements if the auditor objects to the issuer’s accounting Seeking to have a partner removed from the audit engagement because the partner objects to the issuer’s accounting Blackmail Physical threats 29 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) § 304: CEOs and CFOs Required to Disgorge Profits Upon Restatement of Financials. If a company is required to restate financials as a result of a material non-compliance with a financial reporting requirement as a result of misconduct, the CEO and CFO must disgorge: all bonus, incentive-based compensation, equity-based compensation and profits from sales of company’s securities during the 12-month period following the first public issuance or filing with the SEC (whichever occurs first) of the financial document “embodying” that financial reporting requirement § 305: Officer and Director Bars. The SEC has authority to bar individuals from acting as an officer or director of a public company if conduct demonstrates person is unfit to serve in such capacity – standard changed to simple “unfitness” from “substantial unfitness” 30 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) Final Rules Regarding Attorneys’ Professional Responsibilities The SEC has adopted minimum standards of professional responsibility for attorneys appearing and practicing before the SEC If an attorney appearing and practicing before the SEC in the representation of a Company becomes aware of evidence that would lead a reasonable attorney to believe a material violation of securities laws is occurring or is about to occur, s/he would be required to report to the corporation’s chief legal officer; the chief legal officer has an obligation to investigate If the reporting attorney has not received an appropriate response within a reasonable time, a report must be made to the Audit Committee or the full Board of Directors In the alternative, if the company had previously formed a Qualified Legal Compliance Committee (“QLCC”), an attorney will satisfy his reporting requirement by reporting material violations of securities laws to the QLCC Proposed Rules regarding ‘Noisy Withdrawal’ November 2002 proposal provided that if the reporting attorney has not received an appropriate response from the company’s officers or Board and believes the violation is ongoing or about to occur and is likely to result in substantial financial injury to the company or its shareholders, s/he would be required to If the reporting attorney is outside legal counsel, make a “Noisy Withdrawal” Withdraw representation Notify the SEC of withdrawal Disaffirm to the SEC any tainted submissions to the SEC the reporting attorney participated in preparing If the reporting attorney is in-house, s/he is required to disaffirm any tainted submission to the SEC, but is not required to resign Alternative proposal Attorney would be required to provide a written notice of withdrawal to the issuer if the attorney had reported evidence of a material violation and had not received an appropriate response Issuer would be required to report withdrawal to SEC within 2 business days on a Form 8-K Attorney would be permitted, but not required, to notify SEC if the Company did not report the withdrawal to the SEC § 308: Creation of Restitution Fund for Defrauded Shareholders. The Act directs the SEC to create an investor restitution fund and to deposit in such fund any fines it recovers from executives who violate the securities laws. 31 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) § 406: Corporate Code of Ethics Sarbanes-Oxley requires each reporting company to disclose whether or not it has adopted a written code of ethics for its senior financial officers and, if not, the reasons therefor The SEC has broadened the scope of the law to apply the code of ethics to the company’s principal executive officer, principal financial officer, principal accounting officer or controller and persons performing similar functions "Code of ethics" is a codification of standards reasonably designed to deter wrongdoing and promote: Honest and ethical conduct, including the ethical handling of actual or apparent conflicts of interest between personal and professional relationships Full, fair, accurate, timely and understandable disclosure in reports and documents that a registrant files with, or submits to, the SEC and in other public communications made by the registrant Compliance with applicable governmental laws, rules and regulations The prompt internal reporting to an appropriate person or persons identified in the code of violations of the code of conduct Accountability for adherence to the code of conduct The rules require the company to immediately disclose, within 5 business days, by filing a Form 8-K or (provided the company has stated its intent to do so in its most recent Form 10-K) on its website: any amendment to the code of ethics any waiver (including an implicit or de facto waiver) of a provision of the code of ethics advice: build in exceptions into the code of ethics to avoid waivers (e.g., gifts from outsiders up to $150) The company has three options for making its code of ethics publicly available: file its code of ethics as an exhibit to its annual report on Form 10-K post on its corporate website Undertake in annual report to provide a copy to any person free of charge 32 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) § 408: Minimum Review of Issuers by SEC. The Act requires the SEC to review reports of issuers listed on a national securities exchange or traded on an automated quotation facility at least once every three years (Not applicable to unlisted companies) § 804: Extended Statute of Limitations. Statutes of limitations for private securities litigation from one to two years after discovery and from three to five years after the violation 33 Corporate Responsibility, Disclosure and Enforcement (Sarbanes-Oxley) § 806: Whistleblower Protection. Companies are prohibited from discriminating in the terms of employment for employees who lawfully provide information or assistance in securities fraud investigations Under § 301 (new § 10A(m)(4) of the 1934 Act) Audit Committees to establish protocol to address “whistle blower” communications Receipt, retention and treatment of complaints received by the company regarding accounting, internal controls, or auditing matters Confidential and anonymous submissions by employees of concerns regarding questionable accounting or auditing matters Under § 301 (new § 10A(m)(6) of the 1934 Act audit committee) must have authority and funding available to engage independent counsel and outside advisers 34 Criminal Statutes and Penalties (Sarbanes-Oxley) Criminal Statutes and Penalties § 802: Alteration of Documents – punishable by fines and 20 years imprisonment Applicable to anyone who destroys, alters or falsifies records in connection with a federal investigation § 802: Destruction of Corporate Audit Records By Outside Accountants – punishable by fines and up to 10 years imprisonment Any outside accountant who conducts an audit is required to maintain work papers for seven years Work papers include papers that support an auditor’s conclusions as well as those that “cast doubt” on those conclusions § 807: Securities Fraud – punishable by fines and up to 25 years imprisonment The new law is broader than pre-existing criminal securities law provisions, which are limited to being “in connection with the purchase or sale of securities” § 906: False Certification of Financial Reports – punishable by fines and up to 20 years imprisonment § 903: Mail and Wire Fraud – maximum imprisonment increased from five to 20 years 35 Accounting and Auditing Practices (Sarbanes-Oxley) Accounting and Auditing Practices Public Company Accounting Oversight Board and Related Matters (Slide 37) Prohibition of Certain Non-audit Services (Slide 37) Audit Committee Approval (Slide 38) Audit Committee Membership (Slide 39) Financial Expert Rules (Slide 40) Additional Audit-Related Measures (Slide 41) 36 Accounting and Auditing Practices (Sarbanes-Oxley) § 101: Public Company Accounting Oversight Board and Related Matters. Independent, non-profit board to oversee audit of public companies—the board is required to begin functioning in early 2003 § 201: Prohibition of Certain Non-audit Services. Public accounting firms will be prohibited from providing the following non-audit services contemporaneously with the audit of a public company: Bookkeeping services Financial information systems design and implementation Appraisal or valuation services, fairness opinion, or contribution-in-kind reports Actuarial services Internal audit outsourcing services Management functions or human resources Broker or dealer, investment advisor, or investment banking services Legal services and expert services unrelated to the audit Any other services that the Public Company Accounting Oversight Board determines, by regulation, is impermissible Firms can provide tax and other non-audit services that are not “prohibited” only if approved in advance by the audit committee 37 Accounting and Auditing Practices (Sarbanes-Oxley) §§ 201(h) and 202 : Audit Committee Approval. Other audit and non-audit services including tax services may be performed by registered public accounting firms but must be pre-approved by audit committee and disclosed in periodic reports Requires disclosure to investors in periodic reports of approval of non-audit services Preapproval of Services Sarbanes-Oxley requires pre-approval of audit and “nonaudit services” by the audit committee No “blanket approval” permitted; services must be specifically identified in order to be approved Pre-approval required for all other non-audit services – including tax services Comfort letters are considered audit services and do not require preapproval Contains de minimis (5% of accounting engagement revenues) exception for inadvertent provision of non-audit services 38 Accounting and Auditing Practices (Sarbanes-Oxley) Audit Committee Membership § 301: The SEC has proposed rules that would prohibit exchanges and Nasdaq from listing companies that did not meet minimum audit committee standards Audit Committees : Responsible for appointment, compensation and oversight of independent auditor Composed entirely of “independent” members No consulting, advisory or other compensation from issuer, or No affiliated persons of issuer or its subsidiaries No indirect payments (family members or professional service corporations) Establish procedures for receiving complaints received by issuer regarding accounting, internal accounting controls or auditing matters, and the confidential, anonymous submission by employees of concerns regarding questionable accounting or auditing matters Have the authority to engage independent counsel and other advisers Have appropriate funding for payment of compensation of the registered public accounting firm employed by the issuer and any advisors employed by the audit committee Applies only to companies listed on a national exchange or automated inter-dealer quotation system of national securities association (not applicable to pink sheet companies) Exchange rules must be operative no later than the first anniversary of the publication of final rules (final rules required by April 26, 2003) Exception for IPOs (90 day transition period) Certain exceptions for foreign private issuers where local law or customs require deviation 39 Accounting and Auditing Practices (Sarbanes-Oxley) Audit Committee Financial Expert Rule 401(h) under Sarbanes-Oxley § 407 Board of Directors required to determine whether it has at least one “audit committee financial expert” and disclose such person’s name Company required to disclose whether or not the audit committee financial expert is independent (applying the listing standards of the NYSE, AMEX or NASD, as applicable) “Audit Committee Financial Expert” is a person who has the following attributes: An understanding of GAAP and financial statements The ability to assess the general application of GAAP in connection with the accounting for estimates, accruals and reserves Experience preparing, auditing, analyzing or evaluating financial statements that present a breadth and level of complexity of accounting issues that are generally comparable to the breadth and complexity of issues that can be reasonably expected to be raised by the Company’s financial statements, or experience actively supervising one or more persons engaged in such activities An understanding of internal controls and procedures for financial reporting An understanding of audit committee functions The SEC in its release intended to expand the definition of an Audit Committee Financial Expert to someone who obtained their experience in scrutinizing financial statements in industries such as investment banking, venture capital and financial analysis, not just accounting (e.g., Warren Buffett or Alan Greenspan) Each audit committee financial expert must have all five attributes (collective expertise among members is insufficient). If the Board of Directors has to find a new member with these attributes, this is consistent with the Sarbanes-Oxley Act. Audit committee financial expert must have acquired their qualification through any one or more of the following (education alone being insufficient): Education and experience as a principal financial officer, principal accounting officer, controller, public accountant or auditor or experience in one or more positions that involve the performance of similar functions; Experience actively supervising a principal financial officer, principal accounting officer, controller, public accountant, auditor or person performing similar functions; Experience overseeing or assessing the performance of companies or public accountants with respect to the preparation, auditing or evaluation of financial statements; or Other relevant experience. SEC Rule contains Safe Harbor for Financial Experts: No increased or decreased duties, obligations or liabilities for being an audit committee financial expert than for other Audit Committee members or Board members 40 Accounting and Auditing Practices (Sarbanes-Oxley) Additional Audit-Related Measures § 301: Audit Committee Authority. Audit Committee vested with the sole authority to engage and terminate the independent auditors, to compensate them and to oversee them and the power to engage independent counsel and advisers. Note that this shifts the management of the relationship between the company and independent auditors from the Board and management to the Audit Committee § 203: Audit Partner Rotation. Lead audit partner and lead review partner must rotate every five years § 204: Reports to Audit Committee. Auditor must report to audit committee on critical accounting policies and practices and on all alternative disclosures and treatments of financial information discussed with management and the consequences of the use of these alternative disclosures and treatments § 206: Disqualification. Accounting firm may not perform audit services for a company whose CFO, CEO or senior accounting officers were employed by the firm in the year preceding the initiation of an audit and who participated in the audit 41 Other SEC Reforms Other SEC Reforms New SEC Rules for Acceleration of Periodic Report Filing Deadlines Proposed Additional Form 8-K Events 42 Other SEC Reforms New SEC Rules for Acceleration of Periodic Report Filing Deadlines Adopted by the SEC on September 5, 2002 “Accelerated filers” must meet shortened deadlines for 10-Ks and 10-Qs Applies to accelerated filers with fiscal years ending on or after December 15, 2002 Requires Website disclosure of SEC filings “Accelerated Filer” $75 million public float as of end of most recently completed second fiscal quarter Subject to reporting requirements for at least one year Previously filed at least one annual report on Form 10-K Not applicable to 10-KSB and 10-QSB filers 43 Other SEC Reforms New filing deadlines phased in over three years: Form 10-K 90 days where fiscal year ends on or after December 15, 2002 75 days where fiscal year ends on or after December 15, 2003 60 days where fiscal year ends on or after December 15, 2004 Form 10-Q 45 days where fiscal year ends on or after December 15, 2002 40 days where fiscal year ends on or after December 15, 2004 35 days where fiscal year ends on or after December 15, 2005 44 Other SEC Reforms Additional Form 8-K Events Sarbanes-Oxley § 409: Companies must disclose material changes to financial condition “on a rapid and current basis”: SEC to issue rules In June 2002, the SEC proposed rules mandating disclosure events, which indicates its previous views regarding additional and accelerated disclosure requirements: new material agreements or terminations thereof (not in ordinary course) termination or reduction of significant business relationship creation or triggering of material direct or contingent financial obligation, including default or acceleration material write-offs, restructurings or impairments change in company rating or outlook change in exchange, delisting notice or delisting conclusion or notice that investors should no longer rely on previously issued financial statements material limitations on employee benefit plans, including blackout periods private placements of equity securities material modifications to rights of security holders, charter or bylaws appointment or departure of principal officer or election of new directors no action to date on proposal Additional 8-K events triggered by Sarbanes-Oxley: changes or waivers to codes of ethics required to be disclosed on Form 8-K issuance of earnings announcements and releases required to be disclosed on Form 8-K Withdrawal of attorney pursuant to §307 proposed rules would require filing of Form 8-K 45 Proposed NYSE and Nasdaq Corporate Governance Standards Proposed NYSE and Nasdaq Corporate Governance Standards Proposed NYSE and Nasdaq Corporate Governance Standards (Slide 47) Majority of Board Must Be “Independent Directors” (Slides 48-52) Audit Committee Proposals (Slides 53-56) Stockholder Approval of Equity Compensation Plans (Slide 57) Adoption and Disclosure of Corporate Governance Guidelines and Code of Business Conduct and Ethics (Slides 58-59) Other Corporate Reform Proposals (Slides 60) 46 Overview (NYSE and Nasdaq) Proposed NYSE and Nasdaq Corporate Governance Standards History: February 2002 – the SEC requests NYSE and Nasdaq to review corporate governance standards June 2002 – initial proposals of NYSE Corporate Accountability and Listing Standards Committee August 2002 – final proposals adopted by NYSE and submitted to the SEC for approval (pending) October 2002, Revised February 2003 – final proposals adopted by Nasdaq and submitted to the SEC for approval (pending) Purpose: To empower directors, officers and employees to perform their functions effectively and strengthen shareholder monitoring of company and director performance to reduce lax and unethical corporate behavior Effectiveness: After SEC approval, certain provisions will be effective immediately while others have transition periods from six to 24 months 47 NYSE and Nasdaq Corporate Governance Proposals Majority of Independent Directors Listed companies, other than controlled companies, must have a majority of independent directors Purpose: to increase the quality of oversight and lessen the possibility of conflicts of interest Effective: NYSE: 24 months after SEC approval of new listing standards Nasdaq: Immediately following company’s first annual meeting after January 1, 2004 48 NYSE Corporate Governance Proposals Tightened NYSE Definition of “Independent Director” Under the proposed NYSE rules an “independent director” requires an absence of any “material relationship” with the listed company Either directly or indirectly as a partner, shareholder or officer of any entity with a relationship to the listed company Board must make affirmative determination that director has no material relationship, which can include, among other things, commercial, consulting or legal advisory relationships But significant stock ownership by itself is not a bar to independence because concern is independence from management; however, Sarbanes-Oxley § 301 prohibits “affiliated persons” from serving on the audit committee 49 NYSE Corporate Governance Proposals Specified relationships deemed to be “material” until after five year cooling off period A director is not independent if: employed by the company within the preceding five years affiliated with or employed by a present or former auditor of the company, until five years after end of affiliation or auditing relationship employed by another company in the preceding five years if at the same time an executive officer of the company was a director on such other company’s compensation committee an immediate family member to one of the foregoing categories of persons within the past five years 50 Nasdaq Corporate Governance Proposals Tightened Nasdaq Definition of “Independent Director” Director is not independent if: Affiliated with or employed by a present or former auditor of the company, until three years after end of affiliation or auditing relationship Employed by or family member was executive officer in company during last three years Director or family member received more than $60,000 (excluding compensation for board service) from company in past three years (including political contributions) Executive officer of not-for-profit to which company paid more than $200,000 or 5% of gross revenues Part of interlocking compensation committee within past three years Director would not be independent for purposes of audit committee membership if he or she owns or controls 20% or more (or such lesser amount as the SEC shall establish) of the company’s voting securities 51 NYSE and Nasdaq Corporate Governance Proposals NYSE Proposals for Regular Meetings of Nonmanagement Directors Non-management directors must hold regularly scheduled meetings without management “Non-management” – directors who are not company officers, but not necessarily independent No one presiding director at meetings required, but must disclose presiding director or method for selection at each meeting Non-management directors must disclose a method for interested parties to contact them Effective within six months of SEC approval Nasdaq Proposal for Meetings of Independent Directors Independent directors required to meet regularly in executive session 52 NYSE and Nasdaq Corporate Governance Proposals NYSE and Nasdaq Proposals for Audit Committees NYSE Nasdaq Effective Date Effective within six months of SEC approval, although total independence for each within 24 months First annual meeting after January 1, 2004 to modify composition of board and committees Member Compensation Member compensation permitted solely from directors fees Payment permitted only for board or committee service Members must be financially literate (or become so within a reasonable period) and at least one must have accounting or related financial management experience, as interpreted in each case by the board Same standard as NYSE Financial Literacy NYSE deferred to the SEC on requirement that one member be a “financial expert” 53 Nasdaq would require ability to read and understand financial statements at time of appointment NYSE and Nasdaq Corporate Governance Proposals NYSE Audit Committee Powers and Responsibilities Nasdaq Right to hire and fire independent auditors and to approve any significant non-audit relationship with such auditors Obtain and review at least annually auditing firm’s report on its internal quality-control procedures and material issues, if any, raised in the last five years concerning the same from internal, peer, governmental or professional reviews or inquiries Discuss annual audited financial statements, including MD&A, with management and auditors Discuss earnings releases and financial information and guidance provided to analysts and rating agencies Obtain outside legal, accounting or other expert advice as appropriate Discuss risk assessment and risk management guidelines and policies with management Meet separately and periodically with management and auditors to review audit problems and management responses Set hiring policies for former audit firm employees Report regularly to full board 54 Right to hire and fire independent auditors and to approve any significant non-audit relationship with such auditors Review and approve related party transactions Engage and determine funding for independent counsel and other advisors Establish procedures for receipt, retention and treatment of complaints received by company and ensure treated confidentially and anonymously (See also S/O 301) Prohibition on serving on audit committee if directors owns or controls 20% or more of the Company’s voting securities NYSE Corporate Governance Proposals Additional NYSE Proposals Required Committees: Companies must establish committees composed entirely of independent directors and written charters for : Nominating and Corporate Governance Committee Compensation Committee Audit Committee Charter Requirements: Charters should address committee member qualifications, appointments and removals, committee structure and operations, including with respect to reporting to the board Service with Other Companies: If member serves on same committee for more than three other public companies, board must determine no impairment of ability to serve and disclose determination in proxy statement Approval of Directors: Approval of director nominations by independent directors required 55 Nasdaq Corporate Governance Proposals Additional Nasdaq Proposals Approval of Compensation: CEO and other executive compensation to be approved by independent directors One non-independent director who is not an officer may participate for two years pursuant to the “exceptional and limited circumstances” exemption Approval of Directors: Approval of director nominations by independent directors required One non-independent director may participate if he or she owns more than 20% of company’s securities or pursuant to “exceptional and limited circumstances” exemption 56 NYSE and Nasdaq Corporate Governance Proposals Stockholder Approval of Equity Compensation Plans Company must obtain approval from its stockholders for all equity compensation plans, as well as any material revisions to the terms of these plans Broad-based plans would no longer be exempt from stockholder approval requirements Exceptions to this requirement include inducement options and tax qualified and excess benefit plans NYSE proposal seeks to prohibit discretionary voting by brokers relating to these matters 57 NYSE and Nasdaq Corporate Governance Proposals Adoption and Disclosure of Corporate Governance Guidelines and Code of Business Conduct and Ethics NYSE Subject matter of Code of Business Conduct and Ethics Nasdaq Conflicts of interest Conflicts of interest Compliance with laws and regulations Corporate opportunities Confidentiality Fair dealing Protection and proper use of company assets Compliance with laws and regulations Encourage reporting of illegal or unethical behavior Waivers Any waiver of the Code must be made only by the Board or a committee and must be disclosed promptly to shareholders Any waiver of the Code as to executive officers and directors must be made only by the board of directors and must be publicly available Website Required to be disclosed on company’s website None 58 NYSE Corporate Governance Proposals Adoption and Disclosure of Corporate Governance Guidelines and Code of Business Conduct and Ethics May be expanded to all executive officers and directors Waivers (including after-the-fact waivers) and amendments may be disclosed on Form 8-K or the company’s website Must be filed with annual report Annual CEO Certifications to NYSE for Corporate Governance Standards CEO must certify to the NYSE annually that he or she is not aware of any violation by the company of NYSE corporate governance listing standards Effective six months after SEC approval NYSE may issue public reprimand to any violating company 59 Nasdaq Corporate Governance Proposals Other Nasdaq Proposals Nasdaq may delay re-listing a company based upon corporate governance violation that occurred when company’s appeal of delisting was pending Directors must participate in continuing education Listed companies prohibited from making loans to directors and officers Going concern qualification in audit opinion must be disclosed in press release Material misrepresentation or omission by company to Nasdaq may form basis for delisting (the SEC has already approved this proposal) Harmonize disclosure of material information with Regulation FD (e.g., webcasts) 60 Sarbanes-Oxley Act of 2002 and Other SEC Reforms Michael J. Halloran, Senior Partner Pillsbury Winthrop LLP Presentation to Institute for Corporate Counsel March 20-21, 2003 Acknowledgment and appreciation are given to Dan Dashiell of Pillsbury Winthrop LLP for his work in the preparation of this presentation. This presentation is a general review of the subjects covered and does not constitute an opinion or legal advice. ©2003 Pillsbury Winthrop LLP. All Rights Reserved.