GT Alert

The Sarbanes-Oxley Act of 2002 Effects Sweeping Changes to the U.S. Federal Securities Laws

August 2002
By Michael H. Hein, Clifford E. Neimeth, Ira N. Rosner and Fern S. Watts, Greenberg Traurig

  View or download the PDF version of this Alert here.

Signed into law by President Bush on July 30, 2002, the Sarbanes – Oxley Act of 2002 (the "Act") presents what may be among the most sweeping set of changes to U.S. federal securities laws since the New Deal. Designed to address widespread outrage and waning investor confidence resulting from a series of financial meltdowns, earnings restatements and other corporate and accounting abuses, the Act is in many ways unprecedented. For example, in addition to regulating disclosure and securities trading, the traditional jurisdiction of U.S. federal securities laws, the Act also addresses matters of substantive corporate governance and executive fiduciary responsibility, such as loans to officers and directors, management oversight, director due diligence and executive compensation, as well as professional responsibilities of external auditors and attorneys, areas traditionally left to the states and self regulatory organizations ("SROs") such as the NYSE, AMEX and NASDAQ. The Act is complex, with over 70 sections, and will present numerous challenges to corporate executives, financial officers and professional service providers. What’s more, given the pace with which the Act was pushed through the conference committee process and adopted by Congress, various inconsistencies and ambiguities already have emerged and will continue to do so. The Act will certainly receive the prompt attention of the Securities and Exchange Commission ("SEC") as it promulgates the many regulations required to implement the Act’s broad-based mandate.

This GT Alert presents a number of key aspects of the Act that we believe are of most immediate concern to corporate executives and directors, and to our public company clients.

What concerns must be addressed immediately?

A number of the Act’s provisions have immediate or near-immediate effectiveness:

• Effective immediately, all periodic reports that contain financial statements filed with the SEC must be accompanied by a certification of the CEO and the CFO, referred to as the Section 906 Certification, that the report fully complies with the requirements of the Securities Exchange Act of 1934, as amended (the "Exchange Act"), and fairly presents, in all material respects, the financial condition and results of operations of the issuer. The Section 906 Certification will be necessary for the next filed periodic report (such as the second quarter Form 10-Q due by August 14th for calendar year companies) and applies to all public companies (including reporting foreign issuers) regardless of size. A signing officer who knowingly or willfully provides a false Section 906 certification can be subject to fines of up to $5 million or imprisonment for up to 20 years, or both. It remains unclear what the precise language and form of the Section 906 Certification should be. For example, to whom is it properly addressed and can it be qualified by knowledge; should it be filed as an exhibit, a separate 8-K or even as a supplemental letter filed on EDGAR with or separate from the subject report?

• Effective upon the SEC’s adoption of implementing rules by August 29, 2002, CEOs and CFOs will be required to provide in each filed annual and quarterly report a far more extensive certification, referred to as the Section 302 Certification, as to a variety of matters including, among others, the accuracy of the filed report, the design and sufficiency of the issuer’s internal accounting controls, the disclosure to the audit committee of any significant weaknesses in the issuer’s internal controls, as well as any fraud that involves management or other employees who have a significant role in preparing the financial statements, and whether the report indicates any significant changes in internal controls, including corrective actions for deficiencies. Again, this applies to all filing public companies, foreign or domestic. The SEC already has pending proposed rules addressing the substance of the Section 302 Certification for which comments are due by August 19, 2002 (See Exchange Act Release No. 34-46300). Issuers will need to develop internal systems and safeguards to provide signing officers with sufficient assurance that both the Section 302 and Section 906 Certifications can be given.

• Effective immediately, public companies are forbidden from providing, directly or indirectly, any extensions of credit, or renewing any extension of credit, as a personal loan to a director or executive officer. Loans outstanding on or prior to July 30, 2002 are not affected, provided that there is no material modification, extension or renewal of the loan.

• As of August 29, 2002, so-called "Section 16 insiders" must file Form 4 transaction reports within two days after the subject transaction rather than by the 10th day of the following month which, previously, allowed as many as 40 days between the transaction and the filing. By July 30, 2003, all Section 16 reports must be filed via EDGAR.

• Effective immediately, "whistleblower" protection is provided to employees who provide information to, or otherwise assist in, an investigation of securities law violations and securities fraud. This is designed to prohibit retaliatory discharge, demotion or other changes in employment conditions of employees assisting in an investigation.

• Effective immediately, liabilities related to securities fraud are not dischargeable in bankruptcy.

• Effective immediately, the SEC has been granted enhanced enforcement powers, the statute of limitations for federal securities fraud claims has been extended to up to five years, and certain criminal penalties for securities law violations have been enhanced.

How does the Act affect the audit committee’s composition?

• The audit committee must be comprised solely of "independent" directors (i.e., non-employee, non-affiliate directors), although the SEC will have authority to grant limited exemptions. The requisite number of audit committee members has been relegated to the SROs. A director who is an officer, director or general partner of a controlling stockholder presumably will be disqualified from audit committee membership due to affiliate status.

• The SEC has been directed to adopt by January 26, 2003 regulations requiring issuers to disclose in their periodic reports whether at least one audit committee member is a financial expert (and if not, why not). The SEC has authority to define "financial expert" (based upon the member’s education and experience as an auditor, principal financial or accounting officer, and the member’s experience with GAAP financial statement preparation, audit committee functions and internal accounting controls).

• Audit committee members may not receive consulting fees from the issuer. They may, however, receive director and committee member fees, including, in the form of stock awards and option grants. (Compensatory arrangements must be disclosed in the issuer’s annual proxy statement and Form 10-K.)

How does the Act affect the function of the audit committee and external auditor-audit committee relationship?

• The SEC has been directed to adopt regulations by April 26, 2003 requiring audit committees to establish procedures for addressing "whistleblower" complaints received by the issuer as to possible accounting irregularities, fraud, internal controls, and the audit process, and by that date the SEC is directed to order all national securities exchanges to prohibit the listing of securities of any reporting issuer the audit committee of which has not established such procedures.

• All audit services (including comfort letters, consents, statutory audits for insurance companies, etc.) must be preapproved by the audit committee, and the audit committee is now exclusively responsible for the retention, compensation and oversight of the external auditor (to the exclusion of management, the full board and the stockholders) and the resolution of all disagreements between management and the external auditor regarding financial reporting. The preapproval of non-audit services can be delegated to any member of the audit committee, provided that the decision of any audit committee member is presented to the full audit committee at its next scheduled meeting.

• The audit committee must receive a CEO and CFO certification as to any significant deficiencies or material weaknesses in the issuer’s internal controls and with respect to any possible internal fraud or accounting irregularities (and the audit committee should meet periodically with the issuer’s "disclosure swat team" discussed below).

• The audit committee must have the authority to engage independent counsel and other professional advisors to assist in discharging the committee’s function.

• We believe that the Act does not purport to change the principal role (i.e., fiduciary responsibility) of the audit committee from one of oversight of the issuer’s financial reporting process to one of independent verification of the accuracy and completeness of financial disclosure.

• The Act has identified nine categories of "impermissible" non-audit services (e.g., financial information systems design and implementation, bookkeeping, legal and expert services, internal audit outsourcing services, appraisal/valuation services, fairness opinions, actuarial services, HR and management services). All permissible non-audit services must be preapproved by the audit committee and disclosed in the issuer’s periodic reports.

• The lead engagement partner for the external audit team and the lead external auditor review partner must be rotated every five years.

• The external auditor cannot provide audit services to an issuer whose CEO, CFO, principal accounting officer or controller was employed by the audit firm and participated in any audit of the issuer during the preceding year.

• We note that the audit committee should establish a formal document retention policy for itself because the Act makes it a criminal offense to knowingly alter, destroy, mutilate, conceal or falsify a record or document with the intent to obstruct or influence an investigation.

• The issuer is required to fund, as determined by the audit committee, all compensation payable to the external auditor and professional advisors (including separate counsel) employed by the audit committee.

• While an audit committee is required to review and discuss an issuer’s annual report with management and the external auditors, the SEC has been directed to adopt regulations requiring issuers to provide in their annual reports an internal control report containing an assessment of the effectiveness of the issuer’s internal control structure and procedures. This "review and discuss" requirement should encompass the foregoing and assure that the internal control provisions have been properly established. External auditors will be required to attest to management’s internal control assessment.

• By October 28, 2002, the SEC has been directed to adopt regulations requiring issuers to disclose in their Exchange Act filings whether they have established a "code of ethics" for their senior financial officers (and if not, why not). In addition, any modification or waiver of the code of ethics will require immediate Form 8-K disclosure.

• In connection with its audit, the external auditor must report to the audit committee its assessment of the critical accounting policies and practices used by the issuer; all alternative treatments of financial information within GAAP that have been discussed with management (including the effect thereof and the treatment preferred by the external auditor); any disagreements between management and the external auditor; and any other material written communications between management and the external auditor (i.e., management letters and schedules of unadjusted differences).

How does the Act affect the role of the CEO, CFO and internal accounting and financial personnel?

• We suggest that each issuer consider the establishment of a "disclosure swat team" that is assigned specific responsibility for assuring the integrity of the issuer’s internal controls, information and data gathering, collection and assembly procedures, and assuring the efficacy of the issuer’s financial reporting functions.

• The team should periodically report to the CEO and CFO.

• The team should be composed of those officers and employees most knowledgeable and who have lead responsibility for the development and assessment of both financial and non-financial information. (At a minimum, the issuer’s chief accounting officer and chief legal officer should be team members who should consult with representatives of the external auditor, the issuer’s outside SEC counsel and the issuer’s internal audit employees.)

• The team should also include the heads of the issuer’s significant subsidiaries, divisions and business units (especially to the extent the issuer engages in segment reporting).

• The employment by an issuer of a CEO, CFO, controller, principal accounting officer or equivalent person who was employed by the issuer’s external auditor and worked on the issuer’s audit during the 12 months preceding the inception of the current audit engagement disqualifies such external auditor from providing audit services to the issuer.

• The Act prohibits any "officer or director of an issuer" and persons "acting under the direction thereof" from taking any action to fraudulently influence, coerce, manipulate or mislead any external auditor engaged in preparing an audit report, for the purpose of rendering such report false or misleading.

• We suggest that the CEO and CFO establish comprehensive and reliable internal due diligence procedures and maintain their own detailed backup file memoranda and minutes of formal meetings with the "disclosure swat team" which document the scope, frequency and level of inquiry, investigation and comfort that each has undertaken and received to support the accuracy and completeness of the statements made in their Section 302 and Section 906 Certifications.

What changes will we have to make in our periodic reports? Will we have to file them sooner?

• Other than the Section 302 and Section 906 certifications discussed above, the Act does not mandate any immediate changes to the content or filing dates of periodic reports. Of course, the SEC has already proposed accelerated filing dates for annual and quarterly reports, as well as current reports, but final action has not yet been taken (See Exchange Act No. 34-46084). The Act also authorizes the SEC to require disclosure on a "rapid and current" basis additional information concerning material changes in financial condition and operations of an issuer. Again, the SEC already has a rule proposal pending which would enhance the requirements to report various events and transactions on a current basis via Form 8-K. Once the Public Company Accounting Oversight Board mandated by the Act (discussed below) has been established, the Act will require all filed financial reports to reflect all material correcting adjustments identified by an external auditor registered with the Public Company Accounting Oversight Board.

• By January 26, 2003, the SEC is required to issue final rules requiring disclosure in quarterly and annual reports of all material off-balance sheet transactions and arrangements that may have a material current or future effect on an issuer’s results or financial condition. The Act also requires the SEC to conduct a comprehensive study of the extent of off-balance sheet transactions and special purpose entities and the adequacy of disclosure.

• By January 26, 2003, the SEC is required to issue final rules requiring that "pro forma" financial information included in filed reports or in any public disclosure or press or other release be presented in a manner that is not misleading and is reconciled with GAAP financial results. We advise our clients to be judicious in their use of "pro forma" information.

• The Act requires the SEC to adopt rules mandating that annual reports contain an internal control report which must include a management assessment of the issuer’s internal controls structure and procedures, attested to by the external auditors, and additional disclosures regarding whether the issuer maintains a code of ethics for senior financial officers. Changes to the code of ethics will have to be disclosed on a prompt basis.

How does the Act relate to the SEC’s one-time only CFO/CEO attestation directive issued to the 947 $1.2 billion revenue companies on June 27, 2002?

• In effect, Section 302 of the Act orders the SEC to promulgate rules prior to August 29, 2002 that will make this directive permanent and applicable to all issuers filing reports under Section 13(a) or 15(d) of the Exchange Act.

Are the Section 302 and Section 906 certifications applicable to filings such as proxy statements and Forms 8-K?

• Sections 302 and 906 of the Act do not apply to the issuer’s proxy or information statements filed pursuant to Regulations 14A or 14C under the Exchange Act, nor does it apply to so-called Williams Act filings. We do not know at this time whether that was an oversight that will be addressed later (to the extent such filings may contain and incorporate by reference substantial issuer or registrant-related financial information).

• It is unclear at this time whether the Section 906 Certification requirement applies to Current Reports on Form 8-K and the issue may turn on the content of the report and whether the information is "filed" or merely "furnished" for Regulation FD purposes. Absent further definitive guidance or clarification from the SEC, we suggest close consultation with counsel.

Is the Section 302 Certification applicable only to domestic issuers?

• No. Foreign private issuers as defined in Rule 3b-4(c) under the Exchange Act are subject to the certification requirement, although (similar to domestic issuer current reports on Form 8-K) it appears that Section 302 does not apply to reports on Form 6-K because such reports would not be considered "periodic reports," such as Forms 20-F and 40-F.

Will the SEC change the way or frequency with which it reviews our reports?

• The Act mandates that the SEC review Exchange Act reports "on a regular and systematic basis." In addition, the SEC must review every reporting issuer’s Exchange Act filings at least once every three years. In establishing its review system, the SEC is required to consider issuers (i) that have restated their financial results, (ii) are so-called "large capitalization" issuers, (iii) that are emerging or earlier-stage companies with disparate P/E ratios, (iv) have significant stock price volatility, and (v) whose business operations significantly impact a material sector of the domestic economy. In support of this and the Act’s other requirements, the SEC’s funding has been increased by more than $770 million for fiscal 2003 with instructions to add not fewer than 200 additional investigative professionals.

Does the Act affect compensation of our officers? What impact is there on stock options?

• If an issuer is required, as a result of misconduct, to restate its financial statements due to material non-compliance with the accounting rules, the CEO and CFO must reimburse the issuer for (1) any bonus or other incentive or equity-based compensation received during the 12-month period following the first public issuance or filing with the SEC of the financial statements being restated and (2) profits realized from the sale of issuer securities during such 12-month period.

• The Act does not specifically address stock options. Recently, several large public companies announced that they are voluntarily revising the accounting treatment they afford to executive option grants. For example, General Electric announced that it would begin to account for the value of stock options granted to employees as an expense, thereby reducing its reported earnings. In addition, responding to criticism that options-heavy pay packages have given executives enormous incentives to create short-term profits, General Electric said it would require its top officers to hold, for at least a year, some of the shares they acquire after exercising options and that those officers would have to hold substantial stock positions as long as they work at GE. Other large companies such as Procter & Gamble, Coca-Cola, The Washington Post Company, Bank One and Amazon.com have similarly decided to account for stock option grants as an expense.

Do currently outstanding loans to our directors and officers have to be repaid immediately?

• As noted above, effective immediately, the Act prohibits all public companies from, directly or indirectly, extending, maintaining, arranging, or renewing, any extension of credit, in the form of a personal loan to or for any of its directors or executive officers. However, extensions of credit that were outstanding as of July 30, 2002 are not prohibited provided that there is no material modification to any term of the extension of credit or renewal of the extension of credit after that date. The term "credit" may be interpreted broadly to include other financial arrangements, including guaranties of indebtedness, in addition to traditional loans.

• The Act provides a limited exception for extensions of credit by companies that are engaged in the consumer credit business. This exception permits home improvement loans and manufactured home loans, consumer credit, extensions of credit under an open-end credit plan or charge card, and extensions of credit by a broker-dealer to its employees for purposes of trading in securities, provided that the extension of credit is made in the ordinary course of the consumer credit business of the issuer, is of a type that is generally made available by that issuer to the public and is made on market terms, or on terms that are no more favorable than those offered by the issuer to the general public.

• Any violation of the prohibition on extensions of credit to directors and officers is a criminal offense.

Does the Act limit trading in our stock by officers and directors?

• The Act prohibits all executive officers and directors of any issuer from purchasing, selling or otherwise acquiring or transferring any equity securities of that issuer obtained in connection with their employment or service during employee benefit plan "blackout" periods. Generally, a blackout period is any period of more than three consecutive business days during which at least 50% of the participants in the issuer’s 401(k) or similar plans are subject to specified restrictions on trading in the issuer’s securities held for their account in such plans.

• Any profits realized from a prohibited transaction will be recoverable by the issuer regardless of the officer’s or director’s intent. If the issuer fails to take action to recover these profits within 60 days following a stockholder request, the issuer’s stockholders will have the right to commence a private action to recover these profits on the issuer’s behalf.

• The issuer will be required to notify timely each director and executive officer, as well as the SEC, of each blackout period. Generally, the notice must be provided no later than 30 days prior to any anticipated blackout period, subject to some exceptions. The notice will be required to state the reasons for the blackout, the investment and other rights affected, and the duration of the blackout.

• The SEC is directed to issue rules to clarify this provision of the Act and provide for exemptions.

• Effective August 29, 2002, the Act significantly shortens the period of time for executive officers, directors and principal stockholders to file Section 16 reports of transactions in the issuer’s securities to two business days after the transaction is executed.

What else should we know about the Act?

• Effective upon the SEC’s adoption of implementing rules, but not later than January 26, 2003, attorneys appearing and practicing before the SEC will be required to report "evidence of a material violation of securities law, breach of fiduciary duty or similar violation" by the issuer or any of its agents to the chief legal counsel or the chief executive officer. In the event that the officer does not appropriately respond to the evidence by adopting appropriate remedial measures or sanctions with respect to the violation, the attorney must report the evidence to the audit committee or another committee of the board of directors comprised solely of directors not employed directly or indirectly by the issuer or to the board of directors. We believe this codifies long-standing state bar association ethics requirements for attorneys and judicial pronouncements regarding the role of counsel in this context.

• The Act criminalizes certain conduct and increases penalties for a variety of offenses. Moreover, a violation of the Act is treated as a violation of the Exchange Act.

• The Act also makes it easier for the SEC to bar an individual from acting as a director or an officer of an issuer by reducing the standard of fitness required for a ban. Also, the Act provides the SEC direct power to bar a person from acting as a director or officer of an issuer through an administrative proceeding rather than in a court action. The Act makes it unlawful for an issuer knowingly to employ a barred person in an accountancy or financial management capacity.

• Effective immediately, the Act criminalizes the knowing alteration, destruction, mutilation, concealment or falsification of any record with the intent to impede, obstruct or influence any governmental investigation or other governmental function or any bankruptcy proceeding. The penalty is a fine and/or imprisonment for up to 20 years.

• Effective immediately, the Act criminalizes the knowing and willful destruction of any audit or review workpapers. Under the Act, external auditors are required to maintain all such workpapers for five years. The penalty is a fine and/or imprisonment for up to 10 years.

• Effective immediately, the Act extends the statute of limitations for private lawsuits involving securities fraud to the earlier of two years after the discovery of the underlying facts or five years after the violation.

• Effective immediately, the Act provides that the knowing commission of securities fraud with respect to an issuer is punishable by a fine and/or imprisonment for up to 25 years.

• The Act directs the SEC to adopt regulations requiring greater separation of research analysts from the asset management and investment banking divisions of financial institutions and prescribing "quiet periods" during which underwriters of public offerings cannot publish research (or "street") reports.

• The Act authorizes the study of, among other matters, (i) the role of financial advisors and investment banking firms in providing "earnings management" advice and services to issuers (which may have the effect of distorting the issuer’s financial condition), (ii) whether, in effect, U.S. GAAP and so-called "rules-oriented" accounting standards should be replaced or augmented by a more "principles oriented" system of accounting (such as that used by European issuers under IAS), (iii) the consolidation of external auditors and whether there should be mandatory rotation of external auditors, and (iv) the functions of credit rating agencies.

• The Act established a five-member "Public Company Accounting Oversight Board" (the "Board") the members of which (two of whom must be CPAs) will serve five-year, full-time terms (subject to a two-term maximum), and who will be appointed by the SEC in consultation with the Secretary of the U.S. Treasury Department and the Chairman of the Federal Reserve Board. The appointments must be made not later than October 28, 2002. Three of the members must be from outside the accounting profession and the Board must be operating under the auspices of the SEC not later than April 26, 2003. The Board principally will be funded by fees charged to reporting issuers and external auditors will pay annual registration fees to cover the Board’s costs of processing applications and annual reports.

• Only those external auditors registered with the Board will be permitted to audit public companies.

• The Act requires the Board to adopt "auditing and related attestation standards" and "ethics standards" to be used by external auditors in the preparation and issuance of their audit examination reports.

• The Act requires the Board to promulgate standards for external auditor quality controls, including internal and external consulting on audit issues, audit supervision, hiring and training of audit personnel, client intake and engagement matters, ethical considerations and independence matters.

• The Board will have authority to investigate violations of the Act, the Board’s rules and professional accounting and auditor conduct rules, and may compel testimony and document production and impose sanctions for non-compliance (including revocation or suspension of a registered firm’s registration, the imposition of civil penalties and denial of authority to audit public companies).

• The Board may refer investigations to the SEC, or with the SEC’s approval, to the U.S. Department of Justice.

Conclusion

Coming to grips with the Act will be a challenge for the public company community and the professionals who serve it. Much of the heavy lifting has been left to SEC rulemaking to implement many of the Act’s provisions and to clarify their requirements. Whether the Act will result in new or greater liability for directors and officers only time can tell, although one can expect the SEC and private plaintiffs’ bar to explore the Act’s limits.

Each public company will need to evaluate carefully how it complies with the Act’s requirements, by appropriately modifying and monitoring its internal accounting and financial reporting processes, relationships with external auditors and other professional advisors, audit committee charters, codes of conduct, compensation policies, executive contracts, human resource and investor relations policies and many other aspects of daily operations.

We encourage our public company clients to consult with counsel, as necessary, to develop tailor-made systems and procedures to assure compliance with the Act.

In that this is a fluid and evolving area that necessarily affects multiple levels of the issuer’s reporting function, management accountability and the role of independent directors, the issuer/external auditor relationship, SRO listing standards, corporate transparency and the like, we will supplement this Alert as and when material developments occur and "best practices" evolve.

© 2002 Greenberg Traurig

Additional Information:

For more information, please review our Corporate & Securities Practice description, or feel free to contact one of our attorneys.

• Corporate & Securities Practice Area
• Corporate & Securities Attorneys