RECENT GOVERNANCE DEVELOPMENTS IN THE UNITED STATES Robert D. Strahota Assistant Director, Office of International Affairs* U.S. Securities and Exchange Commission Prepared for Fourth South Eastern Europe Corporate Governance Roundtable March 7, 2003 *The U.S. Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any publication or presentation by its employees. The views expressed in this presentation are those of Mr. Strahota and do not necessarily reflect the views of the Commission, individual Commissioners, or Mr. Strahota’s colleagues on the staff of the Commission. SARBANES-OXLEY OVERVIEW • On July 30, 2002, President Bush signed the Sarbanes-Oxley Act of 2002 (SOX) into law • SOX is the most important securities legislation affecting public companies and accounting oversight since the Securities and Exchange Commission (SEC) was formed in 1934 • While the new law was prompted by problems encountered in the U.S., these problems are global in dimension • SOX’ provisions generally make no distinction between U.S. and foreign issuers who seek to access U.S. capital markets – The terms “issuer” and “public company” as used in many places throughout SOX mean an issuer the securities of which are registered under the Securities Exchange Act of 1934 (Exchange Act), which is required to file reports under the Exchange Act, or that has filed a registration statement for a public offering of its securities under the Securities Act of 1933 that has not become effective and that has not been withdrawn • SEC’s mandate is to implement SOX fully for all issuers, foreign and domestic, but it is prepared to consider how it may fulfill this mandate through rulemaking and interpretive authority in ways that accommodate home country requirements and regulatory approaches to foreign issuers and accountants SOX AUDIT COMMITTEE REQUIREMENTS • Before Enron and subsequent financial reporting abuses arose, the NYSE, AMEX and Nasdaq markets already had strengthened their audit committee requirements by requiring at the minimum a three-person committee comprised entirely of independent directors with financial sophistication and at least one committee member required to have accounting/auditing expertise • In July 2002, the NYSE approved recommendations of its Corporate Accountability and Listing Standards Committee that would require domestic issuers to have a majority of independent directors, strengthen the definition of independent director, and require that audit committees of NYSE listed companies have the sole authority to hire and fire the independent auditors • Before SOX, the markets’ audit committee, independent director and other corporate governance requirements generally have not applied to foreign issuers with listed securities SOX AUDIT COMMITTEE REQUIREMENTS • SOX defines “audit committee” as: “a committee (or equivalent body) established by and amongst the board of directors of an issuer for purposes of overseeing the accounting and financial reporting processes of the issuer and audits of the financial statements of the issuer; and …if no such committee exists with respect to an issuer, the entire board of directors of the issuer” • For certain purposes, however, SOX imposes additional requirements regarding the composition and responsibilities of an “audit committee” SOX AUDIT COMMITTEE REQUIREMENTS • SOX adds Section 10A(m) to the Exchange Act and requires that by April 26, 2003 the SEC, by rule, must direct the national securities exchanges and NASD to prohibit the listing of securities of any company, including foreign companies, that do not meet the following requirements: – Each member of the company’s audit committee must be a director and must otherwise be independent; : – The audit committee must be responsible for hiring, retention, compensation and oversight of the independent auditors – The audit committee must be responsible for pre-approval or all audit and nonaudit services – The audit committee must receive reports from the independent auditors regarding critical accounting polices and practices, discussions that have taken place with management regarding alternative treatments of financial information under GAAP, and any accounting disagreements and other material written communications between the auditors and management – The audit committee must establish procedures to receive and address complaints regarding accounting, internal control and audit issues, and to provide company employees an opportunity to make confidential, anonymous submissions regarding accounting and auditing matters – The audit committee must have authority to engage independent counsel and other advisers; the company must provide adequate funding for the committee AUDIT COMMITTEE REQUIREMENTS • Section 10A(m)(1)(b) requires that SEC rules shall provide for an issuer to have an opportunity to cure any defects that would be a basis for the U.S. listing prohibition • “Independence” means that an audit committee member is not an affiliate (control person) of the issuer or any subsidiary and that the member receives no consulting, advisory or compensatory fee from the issuer except is his capacity as a member of the audit committee, another board committee or the board of directors • SEC is given authority to exempt from the independence requirement “a particular relationship with respect to audit committee members, as the Commission deems appropriate in light of the circumstances.” • SOX audit committee requirements apply to domestic and foreign issuers. Congress provided only specific, limited exemption authority in such provisions. Therefore, it doubtful that Congress intended the SEC’s general exemption authority under Section 36(a) of the Exchange Act to be used to grant exemptions ACCOMODATIONS FOR FOREIGN ISSUERS • In Exchange Act Release No. 34-47137 (January 8, 2003), SEC proposed rules that would provide that in the case of foreign issuers: – Where there are two-tier boards, the audit committee requirement would apply to the supervisory board – Non-management employees may sit on the audit committee of a foreign issuer if the employee is selected or named to the board of directors or audit committee pursuant to home country legal or listing requirements – One member of the audit committee may be a shareholder, or representative of a shareholder or group, owning more than 50% of the issuer’s voting securities, if the “compensation” part of the independence requirement is satisfied, the member in question has only observer status, and is not a voting member or the chair of the audit committee, or an executive officer of the issuer – One member of the audit committee may be a representative of a foreign government or foreign governmental entity, if the “compensation” requirement is satisfied and the member is not an executive officer STATUTORY AUDITOR EXEMPTION • An exemption from the independence and auditor oversight requirements of the proposed rule also would be provided for boards of auditors or statutory auditors of foreign issuers that fulfill the remaining requirements of the proposed rule, if: – those boards operate under legal or listing provisions that are intended to provide oversight of the outside auditors that is independent of management; – their membership excludes executive officers; and – such board or body, to the extent permitted by law, is responsible for the appointment and retention of the outside auditor • A foreign issuer availing itself of any of these exemptions would be required to disclose its reliance upon the exemption[s] and its assessment of whether, and if so, how such reliance may materially adversely affect the ability of its audit committee to act independently or satisfy other requirements of the proposed rule ACCOMODATIONS - CONTINUED • For both U.S. and foreign issuers: – An instruction to the rules would clarify that audit committee responsibility for hiring, retention, compensation and oversight of the independent auditors relates to allocation of this responsibility as between the audit committee and management and is not intended to conflict with any requirement under the issuer’s governing law, documents or home country requirements that requires shareholders to elect, approve or ratify the selection of the independent auditor – One member of the audit committee need not be independent for 90 days after effectiveness of an IPO or Exchange Act registration statement – Membership on a parent companies board will not by itself prevent an otherwise independent board member from being considered an independent director of a subsidiary • The proposed rule would require exchanges to provide companies with an opportunity to cure any defects in audit committee requirements before de-listing is considered, and a delayed implementation date for the rule itself is anticipated CEO AND CFO CERTIFICATION OF FINANCIAL REPORTS • On August 27, the SEC adopted Exchange Act rules required to implement Section 302 of SOX, which requires a public company’s CEO and CFO to certify the contents of the company’s quarterly and annual reports. • The CEO and CFO must certify that: – he or she has reviewed the report; – based on his or her knowledge, the report does not contain any untrue statement of a material fact or omit to state a material fact necessary in order to make the statements made, in light of the circumstances under which such statements were made, not misleading; – based on his or her knowledge, the financial statements, and other financial information included in the report, fairly present in all material respects the financial condition and results of operations of the issuer as of, and for, the periods presented in the report; CEO AND CFO CERTFICATION CONTINUED The CEO and CFO – are responsible for establishing and maintaining "disclosure controls and procedures" (a newly-defined term reflecting the concept of controls and procedures related to disclosure) for the issuer; – have designed such disclosure controls and procedures to ensure that material information is made known to them, particularly during the period in which the periodic report is being prepared; – have evaluated the effectiveness of the issuer's disclosure controls and procedures within 90 days of the date of the report; and – have presented in the report their conclusions about the effectiveness of the disclosure controls and procedures based on the required evaluation CERTIFICATION - CONT. • The CEO and CFO also must certify that they have disclosed to the company’s auditors and to the audit committee of the board of directors (or persons fulfilling the equivalent function): – All significant deficiencies in the design or operation of internal controls (a pre-existing term relating to internal controls regarding financial reporting) which could adversely affect the issuer's ability to record, process, summarize and report financial data and have identified for the company's auditors any material weaknesses in internal controls; – Any fraud, whether or not material, that involves management or other employees who have a significant role in the issuer's internal controls; and – Whether or not there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses. PRO FORMA (NON-GAAP) FINANCIAL INFORMATION • SOX directs the SEC to issue final rules by January 26, 2003, providing that any public disclosure or release by an issuer of “pro forma financial information” in any periodic or other report filed with the SEC or in any other public disclosure or release, shall be presented in a manner that: – Is not false or misleading; and – Reconciles with the financial condition and results of operations of the issuer under generally accepted accounting principles (GAAP) • On January 15, in Exchange Act Release 34-47226, SEC adopted rules under Section 401(b) that apply to the public disclosure or release of information that includes a “non-GAAP financial measure” • Under new Regulation G, the two statutory requirements above will apply when an issuer discloses or releases material information that includes a non-GAAP financial measure NON-GAAP FINANCIAL MEASURES • A “non-GAAP financial measure” is a numerical measure of a company’s financial performance that: – Excludes amounts, or is subject to adjustments that have the effect of excluding amounts, that are included in the comparable measure calculated and presented in accordance with GAAP in the statement of income, balance sheet or statement of cash flows (or equivalent statements) of the company; or – Includes amounts, or is subject to adjustments that have the effect of including amounts, that are excluded from the comparable measure so calculated and presented • Statistical and operating measures are not covered • More detailed requirements apply to the use of non-GAAP financial measures included in filings with the SEC, including filings by foreign issuers on Form 20-F • Non-GAAP measures used by a foreign issuer would have to be reconciled to the GAAP used in the preparation of the issuer’s primary financial statements LIMITED EXEMPTION FOR FOREIGN ISSUERS • Regulation G includes a limited exemption for foreign issuers where: – The securities of the issuer are listed or quoted on a securities exchange or interdealer quotations system outside the United States; – The non-GAAP financial measure and the most comparable GAAP financial measure are not calculated and presented in accordance with US GAAP; and – The disclosure is made by or on behalf of the issuer outside of the United States or included in a written communication that is released by or on behalf of the issuer outside the United States • The exemption is available even if one or more of the following circumstances are present: – a written communication is released in the United States as well as outside the United States, so long as the communication is released in the United States contemporaneously with or after the release outside the United States and is not otherwise targeted at persons located in the United States; – foreign journalists, U.S. journalists or other third parties have access to the information; – the information appears on one or more web sites maintained by the issuer, so long as the web sites, taken together, are not available exclusively to, or targeted at, persons located in the United States; or – the information is submitted to the Commission under cover of a Form 6-K DISCLOSURE OF CHANGES IN FINANCIAL CONDITION AND OPERATIONS • SOX Section 409 amended the Exchange Act to require public companies to disclose “on a rapid and continuous basis such additional information concerning material changes in the financial condition or operations of the issuer …as the Commission determines by rule, is necessary or useful for the protection of investors and the public interest. • The SEC implemented Section 409 by amending its Form 8-K disclosure requirements to require public companies to furnish to the SEC releases or announcements disclosing material non-public information about completed annual or fiscal periods within five business days of their release • Public disclosure of such information orally, telephonically, by Web cast, broadcast or similar means will not require a filing if such presentation occurs within 48 hours of a related release or announcement that is submitted on Form 8-K, the presentation is broadly accessible to the public and if a Web cast, it is published on the company’s Web site ENHANCED MD&A DISCLOSURE • In January 2002, SEC reminded companies of the related party disclosure requirements of FAS No. 57, and indicated that where related party transactions are material, Management’s Discussion and Analysis (MD&A) should include a discussion of those transactions to the extent necessary to an understanding of the company’s financial statements • In May 2002, SEC proposed MD&A disclosure for the most recent fiscal year and interim period about: – Critical accounting estimates a company makes in applying its accounting policies; this requires qualitative and quantitative disclosure – Initial adoption by a company of an accounting policy that has a material impact on its financial presentation – requires qualitative disclosure • These pre-SOX MD&A changes and proposals, respectively, would apply to the MD&A of foreign issuers required in Form 20-F registration statements and annual reports MD&A DISCLOSURE ABOUT OFF-BALANCE SHEET ARRANGEMENTS AND AGGREGATE CONTRACTUAL OBLIGATIONS • On January 27, 2003, in Exchange Act Release 34-47264, the SEC adopted further MD&A amendments to implement SOX Section 401(a) requiring the SEC to require disclosure of the above types of information in annual and quarterly reports filed with the SEC • These requirements apply to a foreign issuer’s MD&A disclosures • For purposes of these requirements, contractual arrangements include: – Certain guarantee contracts – Retained or contingent interests in assets transferred to an unconsolidated entity – Derivative instruments that are classified as equity; and – Material variable interests in unconsolidated entities that conduct certain activities OTHER RULES; AVAILABILITY • Pursuant to SOX, on January 23, 2003, in Exchange Act Release No. 47235, the SEC adopted rules relating to: – Disclosure of whether a public company’s audit committee includes at least one director who is an “audit committee expert,” as defined by SEC rules, and if not, why not (SOX Section 407); and – Disclosure of whether the public company has a code of ethics for senior financial officers (SOX Section 406) • As adopted, each of these rules applies to domestic and foreign issuers. In the case of foreign issuers, the rules clarify that the expertise required of the audit committee expert relates to the issuer’s home country GAAP rather than U.S. GAAP • All of the SEC’s rule proposals and final rules are publicly available on the SEC’s Web site, www.sec.gov under Proposed Rules and Final Rules, respectively ADDITIONAL SOX PROVISIONS AFFECTING SEC REPORTING ISSUERS • Requires an issuer’s financial statements filed with the SEC to reflect all material correcting adjustments identified by a registered public accounting firm in accordance with generally accepted accounting principles or the rules of the SEC • Provides that if there is a material restatement of an issuer’s reported financial results due to the material noncompliance of the company, as a result of misconduct, the CEO and CFO shall reimburse the issuer for any bonus or incentive or equity-based compensation received within the 12 months following the filing of the financial statements subsequently required to be restated • Prohibits personal loans to executive officers and directors of the issuer, subject to limited exceptions • Each of these provisions applies to domestic and foreign reporting issuers SOX ATTORNEY’S OBLIGATION TO REPORT ILLEGAL ACTS • • In compliance with Section 307 of SOX, on January 29, 2003, in Exchange Act Release No. 47276, the SEC issued rules that set forth minimum standards of professional conduct for attorneys appearing and practicing before the SEC in any way in the representation of issuers. The standards require an attorney to report “evidence of a material violation of securities laws or breach of fiduciary duty or similar violation by the company or any agent thereof” to the chief legal counsel and the chief executive officer of the company (or the equivalent); and if they do not respond appropriately to the evidence, require the attorney to report the evidence to the audit committee, another committee of independent directors, or the full board of directors ACCOMODATIONS FOR FOREIGN ATTORNEYS • As adopted the rules exclude “non-appearing foreign attorneys,” which are defined as attorneys who – Are admitted to practice outside the United States; – Do not hold themselves out as practicing, or giving legal advice regarding, U.S. law; and – Conduct activities that would constitute appearing and practicing before the SEC only (i) incidental to a foreign law practice; or (ii) in consultation with U.S. counsel • Based upon many adverse comments received regarding the effect of the proposed rules on attorney client privilege, the final rules do not include a mandatory “noisy withdrawal” provision. Instead, the SEC is seeking further comment on that issue and also on a proposed new alternative, whereby the company would be required to disclose its counsel’s withdrawal to the SEC as a material event CHANGES IN INTERNAL ACCCOUNTING CONTROL REQUIREMENTS • SOX Section 303 strengthens Exchange Act’s Section 13(b)(2) internal accounting control requirements by making it unlawful for any officer or director or person acting under the direction thereof to fraudulently influence, coerce, manipulate or mislead any independent accountant engaged to audit the financial statements of an issuer for purposes of rendering the financial statements materially misleading • On October 18, 2002, SEC proposed two rules to implement Section 303. The first rule tracks the language of Section 303. The second rule lists as examples of intimidation: – Bribes or promises of future emoluments, including audit and non-audit services; – Threatening to cancel audit or non-audit services – Issuance of misleading legal advice to an auditor – Seeking to remove an audit partner – Blackmail – Physical threats CHANGES IN INTERNAL ACCOUNTING CONTROL REQUIREMENTS • SOX requires the new Public Company Accounting Oversight Board (PCAOB) to adopt rules that will require the independent auditor to describe in its audit report the scope of its testing of the internal control structure and procedures of the company, and to present (in such report or in a separate report): – The findings of the auditor from such testing – An evaluation whether the internal control structure and procedures achieve substantially the principal internal accounting control requirements of Exchange Act Section 13(b)(2) • This requirement differs from the independent auditor’s current obligation under GAAS to evaluate internal controls of the company for purposes of planning the scope of the audit. • This requirement is in addition to the independent auditor’s obligation under SOX to attest to management’s report and assessment of the internal control structure and procedures for financial reporting AUDIT FIRM ROTATION VS. AUDIT PARTNER ROTATION • SOX makes it unlawful for an accounting firm registered with PCAOB to provide audit services to an SEC reporting company if the lead (or coordinating) partner (having primary responsibility for the audit), or the audit partner reviewing the audit, has performed audit services for the company in each of the company’s 5 previous fiscal years • SOX directs the U.S. Comptroller General to study and review the potential effects of requiring mandatory audit firm rotation and to report to Congress within one year NEW INDEPENDENCE STANDARDS SOX provides that beginning 180 days after the commencement of the PCAOB’s operations, registered public accounting firms will be prohibited form performing the following non-audit services for their audit clients contemporaneously with the audit: • Bookkeeping or other services related to the accounting records or financial statements of the client • Financial information systems design and implementation • Appraisal or valuation services, fairness opinions, or contribution-inkind reports • Actuarial services • Internal audit outsourcing services • Management functions or human resources • Broker or dealer, investment adviser, or investment banking services • Legal services and expert services unrelated to the audit, and • Any other service the PCAOB determines is impermissible NEW SEC AUDITOR INDEPENDCE RULES • Pending PCAOB action, on January 22,2003, the SEC has adopted similar independence standards in Exchange Act Release No. 3447265. These standards: • Revise the rules related to non-audit services that, if provided to an audit client, would impair an accounting firm’s independence • Require that certain partners on the audit engagement team rotate after no more than five or seven consecutive years, depending on the partner’s involvement in the audit, and include a cooling-off period; and • Establish rules that an accounting firm will not be independent if certain members of management of the issuer have been members of the accounting firm’s audit engagement team within the one-year period preceding the commencement of audit procedures ACCOMODATIONS FOR FOREIGN ACCOUNTANTS • The rules, as adopted, address several concerns raised in both foreign and domestic comments on the proposed rules • The partner rotation requirement will apply to partners that serve the client at the parent level. Partners serving a company’s subsidiary will be subject to rotation only if they are lead partners and the subsidiary’s revenues constitute 20% or more of the consolidated assets or revenues of the parent • The cooling-off period will apply to the lead and concurring partners and to any member of the audit engagement team, unless exempted, who provides more than 10 hours of audit, review or attest services • The restrictions on employment will apply only with regard to key positions at the company level, and not to subsidiaries or affiliates • Tax services, which are permitted under SOX, will not be prohibited despite their definition under local law as legal services, which are prohibited under SOX SOX ESTABLISHES A PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD • PCAOB’s purpose is to oversee the audit of public companies (defined in the same manner as issuers, above) • PCAOB is a non-governmental body with corporate powers • PCAOB will have five full-time members, one of whom is designated chairperson, appointed by SEC after consultation with the Chairman of the Board of Governors of the Federal Reserve System and the Secretary of the Treasury; no member may serve more than two 5-year terms; removal permitted only for good cause • Only two of the Board members may be CPAs and if one of such members is the chairperson, he or she may not have been a practicing CPA for at least five years prior to appointment • Board funding is to come primarily from annual issuer support fees and registration fees; FASB also will be funded in this manner PCAOB’S DUTIES • PCAOB’s duties are to: – Establish or adopt, or both, by rule, auditing, quality control, ethics, independence and other standards relating to the preparation of audit reports for public companies – Enforce compliance with SOX, the Board’s rules, professional standards, and the securities laws relating to the preparation and issuance of audit reports and the obligations and liabilities of accountants with respect thereto, by registering public accounting firms and (if the PCAOB and SEC decide to do so) associated persons of registered firms – Conduct inspections of disciplinary proceedings concerning and, where justified, impose appropriate registered public accounting firms – Conduct investigations and sanctions upon registered public accounting firms and associated persons of such firms – Set the budget and manage the operations of the Board and the staff of the Board – Perform such other functions as the Board (or the SEC by rule or order) determines as necessary or appropriate in accordance with the PCAOB’s statutory mandate PCAOB’S AUTHORITY • PCAOB has authority directly, or by acceptance of standards proposed by others, to establish audit standards, related attestation standards, quality control and ethics standards to be used by registered public accounting firms in audits of public companies, including: – Audit work paper retention requirements – Concurring or second partner review requirements – Internal accounting control testing procedures – Reporting requirements to the PCAOB for registered public accounting firms • PCAOB is required to establish a mandatory inspection program for registered public accounting firms and associated persons, which will be more comprehensive than, and will replace the peer review program conducted for SEC Practice Section members of the AICPA under oversight of the former Public Oversight Board • PCAOB has comprehensive authority to investigate, require testimony and documents from, and sanction registered public accounting firms and associated persons for violations of SOX, securities laws and professional standards, including failure to reasonably supervise associated persons and failure to cooperate with an investigation; SEC may assist PCAOB investigations, including issuance of subpoenas to third persons not otherwise within the Board’s jurisdiction SEC OVERSIGHT OF PCAOB • SEC oversight of PCAOB is similar in many respects to the SEC’s oversight of the National Association of Securities Dealers under the Exchange Act • SEC is responsible for the planning for, establishment and administrative transition to the PCAOB’s operation, and must determine by April 26, 2003 that the Board is organized and has the capacity to carry out the Act’s requirements • SEC’s oversight authority includes: authority to approve and amend Board rules; receiving notice of Board investigations; authority to inspect and sanction the Board, including censure and removal of members; review of Board disciplinary actions; and oversight of the Board’s budget and funding process • Nothing in SOX affects the SEC’s existing authority with respect to the federal securities laws and accounting, auditing and independence standards, including its authority to take enforcement action against accountants directly DISCLOSURE OF PROXY VOTING POLICES AND VOTING RECORDS BY INVESTMENT COMPANIES • On January 31, 2003, in Investment Company Act Release 25922, the SEC adopted rules that require registered management investment companies to: – provide disclosure about how they vote proxies relating to portfolio securities they hold; – require disclosure of the policies and procedures that they use to determine how to vote proxies relating to portfolio securities – file with the SEC and make available to shareholders the specific proxy votes that they cast in shareholder meetings of issuers of portfolio securities. REGULATION OF CREDIT RATING AGENCIES • On January 24, the SEC issued a report pursuant to SOX Section 702 regarding the role and function of credit rating agencies in the operation of the securities markets • The report addresses: – the role of credit rating agencies in the evaluation of issuers of securities, including the importance of that role to investors and the functioning of the securities markets; – impediments to the accurate appraisal by credit rating agencies of the financial resources and risks of issuers of securities; – any barriers to entry into the business of acting as a credit rating agency, and any measures needed to remove such barriers; – any measures which may be required to improve the dissemination of information concerning such resources and risks when credit rating agencies announce credit ratings; and – any conflicts of interest in the operation of credit rating agencies and measures to prevent such conflicts or ameliorate the consequences of such conflicts • Within the next 30 days, the SEC also plans to issue a concept release soliciting public comments on credit rating agency regulation