The Sarbanes-Oxley Act of 2002 Effects Sweeping Changes to the U.S.
Federal Securities Laws
By Michael H. Hein,
Clifford E. Neimeth,
Ira N. Rosner and
Fern S. Watts, Greenberg Traurig
View or download the PDF version of this Alert
Signed into law by President Bush on July 30, 2002, the Sarbanes – Oxley
Act of 2002 (the "Act") presents what may be among the most sweeping set
of changes to U.S. federal securities laws since the New Deal. Designed
to address widespread outrage and waning investor confidence resulting from
a series of financial meltdowns, earnings restatements and other corporate
and accounting abuses, the Act is in many ways unprecedented. For example,
in addition to regulating disclosure and securities trading, the traditional
jurisdiction of U.S. federal securities laws, the Act also addresses matters
of substantive corporate governance and executive fiduciary responsibility,
such as loans to officers and directors, management oversight, director
due diligence and executive compensation, as well as professional responsibilities
of external auditors and attorneys, areas traditionally left to the states
and self regulatory organizations ("SROs") such as the NYSE, AMEX and NASDAQ.
The Act is complex, with over 70 sections, and will present numerous challenges
to corporate executives, financial officers and professional service providers.
What’s more, given the pace with which the Act was pushed through the conference
committee process and adopted by Congress, various inconsistencies and ambiguities
already have emerged and will continue to do so. The Act will certainly
receive the prompt attention of the Securities and Exchange Commission ("SEC")
as it promulgates the many regulations required to implement the Act’s broad-based
|"The Sarbanes – Oxley Act of
2002 presents what may be among the most sweeping set of changes
to U.S. federal securities laws since the New Deal."
This GT Alert presents a number of key aspects of the Act that we believe
are of most immediate concern to corporate executives and directors, and
to our public company clients.
What concerns must be addressed immediately?
A number of the Act’s provisions have immediate or near-immediate effectiveness:
- Effective immediately, all periodic reports that contain financial
statements filed with the SEC must be accompanied by a certification of
the CEO and the CFO, referred to as the Section 906 Certification, that
the report fully complies with the requirements of the Securities Exchange
Act of 1934, as amended (the "Exchange Act"), and fairly presents, in
all material respects, the financial condition and results of operations
of the issuer. The Section 906 Certification will be necessary for the
next filed periodic report (such as the second quarter Form 10-Q due by
August 14th for calendar year companies) and applies to all public companies
(including reporting foreign issuers) regardless of size. A signing officer
who knowingly or willfully provides a false Section 906 certification
can be subject to fines of up to $5 million or imprisonment for up to
20 years, or both. It remains unclear what the precise language and form
of the Section 906 Certification should be. For example, to whom is it
properly addressed and can it be qualified by knowledge; should it be
filed as an exhibit, a separate 8-K or even as a supplemental letter filed
on EDGAR with or separate from the subject report?
- Effective upon the SEC’s adoption of implementing rules by August
29, 2002, CEOs and CFOs will be required to provide in each filed annual
and quarterly report a far more extensive certification, referred to as
the Section 302 Certification, as to a variety of matters including, among
others, the accuracy of the filed report, the design and sufficiency of
the issuer’s internal accounting controls, the disclosure to the audit
committee of any significant weaknesses in the issuer’s internal controls,
as well as any fraud that involves management or other employees who have
a significant role in preparing the financial statements, and whether
the report indicates any significant changes in internal controls, including
corrective actions for deficiencies. Again, this applies to all filing
public companies, foreign or domestic. The SEC already has pending proposed
rules addressing the substance of the Section 302 Certification for which
comments are due by August 19, 2002 (See Exchange Act Release No. 34-46300).
Issuers will need to develop internal systems and safeguards to provide
signing officers with sufficient assurance that both the Section 302 and
Section 906 Certifications can be given.
- Effective immediately, public companies are forbidden from providing,
directly or indirectly, any extensions of credit, or renewing any extension
of credit, as a personal loan to a director or executive officer. Loans
outstanding on or prior to July 30, 2002 are not affected, provided that
there is no material modification, extension or renewal of the loan.
- As of August 29, 2002, so-called "Section 16 insiders" must file Form
4 transaction reports within two days after the subject transaction rather
than by the 10th day of the following month which, previously, allowed
as many as 40 days between the transaction and the filing. By July 30,
2003, all Section 16 reports must be filed via EDGAR.
- Effective immediately, "whistleblower" protection is provided to employees
who provide information to, or otherwise assist in, an investigation of
securities law violations and securities fraud. This is designed to prohibit
retaliatory discharge, demotion or other changes in employment conditions
of employees assisting in an investigation.
- Effective immediately, liabilities related to securities fraud are
not dischargeable in bankruptcy.
- Effective immediately, the SEC has been granted enhanced enforcement
powers, the statute of limitations for federal securities fraud claims
has been extended to up to five years, and certain criminal penalties
for securities law violations have been enhanced.
How does the Act affect the audit committee’s composition?
- The audit committee must be comprised solely of "independent" directors
(i.e., non-employee, non-affiliate directors), although the SEC will have
authority to grant limited exemptions. The requisite number of audit committee
members has been relegated to the SROs. A director who is an officer,
director or general partner of a controlling stockholder presumably will
be disqualified from audit committee membership due to affiliate status.
- The SEC has been directed to adopt by January 26, 2003 regulations
requiring issuers to disclose in their periodic reports whether at least
one audit committee member is a financial expert (and if not, why not).
The SEC has authority to define "financial expert" (based upon the member’s
education and experience as an auditor, principal financial or accounting
officer, and the member’s experience with GAAP financial statement preparation,
audit committee functions and internal accounting controls).
- Audit committee members may not receive consulting fees from the issuer.
They may, however, receive director and committee member fees, including,
in the form of stock awards and option grants. (Compensatory arrangements
must be disclosed in the issuer’s annual proxy statement and Form 10-K.)
How does the Act affect the function of the audit committee and external
auditor-audit committee relationship?
- The SEC has been directed to adopt regulations by April 26, 2003 requiring
audit committees to establish procedures for addressing "whistleblower"
complaints received by the issuer as to possible accounting irregularities,
fraud, internal controls, and the audit process, and by that date the
SEC is directed to order all national securities exchanges to prohibit
the listing of securities of any reporting issuer the audit committee
of which has not established such procedures.
- All audit services (including comfort letters, consents, statutory
audits for insurance companies, etc.) must be preapproved by the audit
committee, and the audit committee is now exclusively responsible for
the retention, compensation and oversight of the external auditor (to
the exclusion of management, the full board and the stockholders) and
the resolution of all disagreements between management and the external
auditor regarding financial reporting. The preapproval of non-audit services
can be delegated to any member of the audit committee, provided that the
decision of any audit committee member is presented to the full audit
committee at its next scheduled meeting.
- The audit committee must receive a CEO and CFO certification as to
any significant deficiencies or material weaknesses in the issuer’s internal
controls and with respect to any possible internal fraud or accounting
irregularities (and the audit committee should meet periodically with
the issuer’s "disclosure swat team" discussed below).
- The audit committee must have the authority to engage independent
counsel and other professional advisors to assist in discharging the committee’s
- We believe that the Act does not purport to change the principal role
(i.e., fiduciary responsibility) of the audit committee from one of oversight
of the issuer’s financial reporting process to one of independent verification
of the accuracy and completeness of financial disclosure.
- The Act has identified nine categories of "impermissible" non-audit
services (e.g., financial information systems design and implementation,
bookkeeping, legal and expert services, internal audit outsourcing services,
appraisal/valuation services, fairness opinions, actuarial services, HR
and management services). All permissible non-audit services must be preapproved
by the audit committee and disclosed in the issuer’s periodic reports.
- The lead engagement partner for the external audit team and the lead
external auditor review partner must be rotated every five years.
- The external auditor cannot provide audit services to an issuer whose
CEO, CFO, principal accounting officer or controller was employed by the
audit firm and participated in any audit of the issuer during the preceding
- We note that the audit committee should establish a formal document
retention policy for itself because the Act makes it a criminal offense
to knowingly alter, destroy, mutilate, conceal or falsify a record or
document with the intent to obstruct or influence an investigation.
- The issuer is required to fund, as determined by the audit committee,
all compensation payable to the external auditor and professional advisors
(including separate counsel) employed by the audit committee.
- While an audit committee is required to review and discuss an issuer’s
annual report with management and the external auditors, the SEC has been
directed to adopt regulations requiring issuers to provide in their annual
reports an internal control report containing an assessment of the effectiveness
of the issuer’s internal control structure and procedures. This "review
and discuss" requirement should encompass the foregoing and assure that
the internal control provisions have been properly established. External
auditors will be required to attest to management’s internal control assessment.
- By October 28, 2002, the SEC has been directed to adopt regulations
requiring issuers to disclose in their Exchange Act filings whether they
have established a "code of ethics" for their senior financial officers
(and if not, why not). In addition, any modification or waiver of the
code of ethics will require immediate Form 8-K disclosure.
- In connection with its audit, the external auditor must report to
the audit committee its assessment of the critical accounting policies
and practices used by the issuer; all alternative treatments of financial
information within GAAP that have been discussed with management (including
the effect thereof and the treatment preferred by the external auditor);
any disagreements between management and the external auditor; and any
other material written communications between management and the external
auditor (i.e., management letters and schedules of unadjusted differences).
How does the Act affect the role of the CEO, CFO and internal accounting
and financial personnel?
- We suggest that each issuer consider the establishment of a "disclosure
swat team" that is assigned specific responsibility for assuring the integrity
of the issuer’s internal controls, information and data gathering, collection
and assembly procedures, and assuring the efficacy of the issuer’s financial
- The team should periodically report to the CEO and CFO.
- The team should be composed of those officers and employees most
knowledgeable and who have lead responsibility for the development and
assessment of both financial and non-financial information. (At a minimum,
the issuer’s chief accounting officer and chief legal officer should
be team members who should consult with representatives of the external
auditor, the issuer’s outside SEC counsel and the issuer’s internal
- The team should also include the heads of the issuer’s significant
subsidiaries, divisions and business units (especially to the extent
the issuer engages in segment reporting).
- The employment by an issuer of a CEO, CFO, controller, principal accounting
officer or equivalent person who was employed by the issuer’s external
auditor and worked on the issuer’s audit during the 12 months preceding
the inception of the current audit engagement disqualifies such external
auditor from providing audit services to the issuer.
- The Act prohibits any "officer or director of an issuer" and persons
"acting under the direction thereof" from taking any action to fraudulently
influence, coerce, manipulate or mislead any external auditor engaged
in preparing an audit report, for the purpose of rendering such report
false or misleading.
- We suggest that the CEO and CFO establish comprehensive and reliable
internal due diligence procedures and maintain their own detailed backup
file memoranda and minutes of formal meetings with the "disclosure swat
team" which document the scope, frequency and level of inquiry, investigation
and comfort that each has undertaken and received to support the accuracy
and completeness of the statements made in their Section 302 and Section
What changes will we have to make in our periodic reports? Will we have
to file them sooner?
- Other than the Section 302 and Section 906 certifications discussed
above, the Act does not mandate any immediate changes to the content or
filing dates of periodic reports. Of course, the SEC has already proposed
accelerated filing dates for annual and quarterly reports, as well as
current reports, but final action has not yet been taken (See Exchange
Act No. 34-46084). The Act also authorizes the SEC to require disclosure
on a "rapid and current" basis additional information concerning material
changes in financial condition and operations of an issuer. Again, the
SEC already has a rule proposal pending which would enhance the requirements
to report various events and transactions on a current basis via Form
8-K. Once the Public Company Accounting Oversight Board mandated by the
Act (discussed below) has been established, the Act will require all filed
financial reports to reflect all material correcting adjustments identified
by an external auditor registered with the Public Company Accounting Oversight
- By January 26, 2003, the SEC is required to issue final rules requiring
disclosure in quarterly and annual reports of all material off-balance
sheet transactions and arrangements that may have a material current or
future effect on an issuer’s results or financial condition. The Act also
requires the SEC to conduct a comprehensive study of the extent of off-balance
sheet transactions and special purpose entities and the adequacy of disclosure.
- By January 26, 2003, the SEC is required to issue final rules requiring
that "pro forma" financial information included in filed reports or in
any public disclosure or press or other release be presented in a manner
that is not misleading and is reconciled with GAAP financial results.
We advise our clients to be judicious in their use of "pro forma" information.
- The Act requires the SEC to adopt rules mandating that annual reports
contain an internal control report which must include a management assessment
of the issuer’s internal controls structure and procedures, attested to
by the external auditors, and additional disclosures regarding whether
the issuer maintains a code of ethics for senior financial officers. Changes
to the code of ethics will have to be disclosed on a prompt basis.
How does the Act relate to the SEC’s one-time only CFO/CEO attestation
directive issued to the 947 $1.2 billion revenue companies on June 27, 2002?
- In effect, Section 302 of the Act orders the SEC to promulgate rules
prior to August 29, 2002 that will make this directive permanent and applicable
to all issuers filing reports under Section 13(a) or 15(d) of the
Are the Section 302 and Section 906 certifications applicable to filings
such as proxy statements and Forms 8-K?
- Sections 302 and 906 of the Act do not apply to the issuer’s proxy
or information statements filed pursuant to Regulations 14A or 14C under
the Exchange Act, nor does it apply to so-called Williams Act filings.
We do not know at this time whether that was an oversight that will be
addressed later (to the extent such filings may contain and incorporate
by reference substantial issuer or registrant-related financial information).
- It is unclear at this time whether the Section 906 Certification requirement
applies to Current Reports on Form 8-K and the issue may turn on the content
of the report and whether the information is "filed" or merely "furnished"
for Regulation FD purposes. Absent further definitive guidance or clarification
from the SEC, we suggest close consultation with counsel.
Is the Section 302 Certification applicable only to domestic issuers?
- No. Foreign private issuers as defined in Rule 3b-4(c) under the Exchange
Act are subject to the certification requirement, although (similar to
domestic issuer current reports on Form 8-K) it appears that Section 302
does not apply to reports on Form 6-K because such reports would not be
considered "periodic reports," such as Forms 20-F and 40-F.
Will the SEC change the way or frequency with which it reviews our reports?
- The Act mandates that the SEC review Exchange Act reports "on a regular
and systematic basis." In addition, the SEC must review every reporting
issuer’s Exchange Act filings at least once every three years. In establishing
its review system, the SEC is required to consider issuers (i) that have
restated their financial results, (ii) are so-called "large capitalization"
issuers, (iii) that are emerging or earlier-stage companies with disparate
P/E ratios, (iv) have significant stock price volatility, and (v) whose
business operations significantly impact a material sector of the domestic
economy. In support of this and the Act’s other requirements, the SEC’s
funding has been increased by more than $770 million for fiscal 2003 with
instructions to add not fewer than 200 additional investigative professionals.
Does the Act affect compensation of our officers? What impact is there
on stock options?
- If an issuer is required, as a result of misconduct, to restate its
financial statements due to material non-compliance with the accounting
rules, the CEO and CFO must reimburse the issuer for (1) any bonus or
other incentive or equity-based compensation received during the 12-month
period following the first public issuance or filing with the SEC of the
financial statements being restated and (2) profits realized from the
sale of issuer securities during such 12-month period.
- The Act does not specifically address stock options. Recently, several
large public companies announced that they are voluntarily revising the
accounting treatment they afford to executive option grants. For example,
General Electric announced that it would begin to account for the value
of stock options granted to employees as an expense, thereby reducing
its reported earnings. In addition, responding to criticism that options-heavy
pay packages have given executives enormous incentives to create short-term
profits, General Electric said it would require its top officers to hold,
for at least a year, some of the shares they acquire after exercising
options and that those officers would have to hold substantial stock positions
as long as they work at GE. Other large companies such as Procter & Gamble,
Coca-Cola, The Washington Post Company, Bank One and Amazon.com have similarly
decided to account for stock option grants as an expense.
Do currently outstanding loans to our directors and officers have to
be repaid immediately?
- As noted above, effective immediately, the Act prohibits all public
companies from, directly or indirectly, extending, maintaining, arranging,
or renewing, any extension of credit, in the form of a personal loan to
or for any of its directors or executive officers. However, extensions
of credit that were outstanding as of July 30, 2002 are not prohibited
provided that there is no material modification to any term of the extension
of credit or renewal of the extension of credit after that date. The term
"credit" may be interpreted broadly to include other financial arrangements,
including guaranties of indebtedness, in addition to traditional loans.
- The Act provides a limited exception for extensions of credit by companies
that are engaged in the consumer credit business. This exception permits
home improvement loans and manufactured home loans, consumer credit, extensions
of credit under an open-end credit plan or charge card, and extensions
of credit by a broker-dealer to its employees for purposes of trading
in securities, provided that the extension of credit is made in the ordinary
course of the consumer credit business of the issuer, is of a type that
is generally made available by that issuer to the public and is made on
market terms, or on terms that are no more favorable than those offered
by the issuer to the general public.
- Any violation of the prohibition on extensions of credit to directors
and officers is a criminal offense.
Does the Act limit trading in our stock by officers and directors?
- The Act prohibits all executive officers and directors of any issuer
from purchasing, selling or otherwise acquiring or transferring any equity
securities of that issuer obtained in connection with their employment
or service during employee benefit plan "blackout" periods. Generally,
a blackout period is any period of more than three consecutive business
days during which at least 50% of the participants in the issuer’s 401(k)
or similar plans are subject to specified restrictions on trading in the
issuer’s securities held for their account in such plans.
- Any profits realized from a prohibited transaction will be recoverable
by the issuer regardless of the officer’s or director’s intent. If the
issuer fails to take action to recover these profits within 60 days following
a stockholder request, the issuer’s stockholders will have the right to
commence a private action to recover these profits on the issuer’s behalf.
- The issuer will be required to notify timely each director and executive
officer, as well as the SEC, of each blackout period. Generally, the notice
must be provided no later than 30 days prior to any anticipated blackout
period, subject to some exceptions. The notice will be required to state
the reasons for the blackout, the investment and other rights affected,
and the duration of the blackout.
- The SEC is directed to issue rules to clarify this provision of the
Act and provide for exemptions.
- Effective August 29, 2002, the Act significantly shortens the period
of time for executive officers, directors and principal stockholders to
file Section 16 reports of transactions in the issuer’s securities to
two business days after the transaction is executed.
What else should we know about the Act?
- Effective upon the SEC’s adoption of implementing rules, but not later
than January 26, 2003, attorneys appearing and practicing before the SEC
will be required to report "evidence of a material violation of securities
law, breach of fiduciary duty or similar violation" by the issuer or any
of its agents to the chief legal counsel or the chief executive officer.
In the event that the officer does not appropriately respond to the evidence
by adopting appropriate remedial measures or sanctions with respect to
the violation, the attorney must report the evidence to the audit committee
or another committee of the board of directors comprised solely of directors
not employed directly or indirectly by the issuer or to the board of directors.
We believe this codifies long-standing state bar association ethics requirements
for attorneys and judicial pronouncements regarding the role of counsel
in this context.
- The Act criminalizes certain conduct and increases penalties for a
variety of offenses. Moreover, a violation of the Act is treated as a
violation of the Exchange Act.
- The Act also makes it easier for the SEC to bar an individual from
acting as a director or an officer of an issuer by reducing the standard
of fitness required for a ban. Also, the Act provides the SEC direct power
to bar a person from acting as a director or officer of an issuer through
an administrative proceeding rather than in a court action. The Act makes
it unlawful for an issuer knowingly to employ a barred person in an accountancy
or financial management capacity.
- Effective immediately, the Act criminalizes the knowing alteration,
destruction, mutilation, concealment or falsification of any record with
the intent to impede, obstruct or influence any governmental investigation
or other governmental function or any bankruptcy proceeding. The penalty
is a fine and/or imprisonment for up to 20 years.
- Effective immediately, the Act criminalizes the knowing and willful
destruction of any audit or review workpapers. Under the Act, external
auditors are required to maintain all such workpapers for five years.
The penalty is a fine and/or imprisonment for up to 10 years.
- Effective immediately, the Act extends the statute of limitations
for private lawsuits involving securities fraud to the earlier of two
years after the discovery of the underlying facts or five years after
- Effective immediately, the Act provides that the knowing commission
of securities fraud with respect to an issuer is punishable by a fine
and/or imprisonment for up to 25 years.
- The Act directs the SEC to adopt regulations requiring greater separation
of research analysts from the asset management and investment banking
divisions of financial institutions and prescribing "quiet periods" during
which underwriters of public offerings cannot publish research (or "street")
- The Act authorizes the study of, among other matters, (i) the role
of financial advisors and investment banking firms in providing "earnings
management" advice and services to issuers (which may have the effect
of distorting the issuer’s financial condition), (ii) whether, in effect,
U.S. GAAP and so-called "rules-oriented" accounting standards should be
replaced or augmented by a more "principles oriented" system of accounting
(such as that used by European issuers under IAS), (iii) the consolidation
of external auditors and whether there should be mandatory rotation of
external auditors, and (iv) the functions of credit rating agencies.
- The Act established a five-member "Public Company Accounting Oversight
Board" (the "Board") the members of which (two of whom must be CPAs) will
serve five-year, full-time terms (subject to a two-term maximum), and
who will be appointed by the SEC in consultation with the Secretary of
the U.S. Treasury Department and the Chairman of the Federal Reserve Board.
The appointments must be made not later than October 28, 2002. Three of
the members must be from outside the accounting profession and the Board
must be operating under the auspices of the SEC not later than April 26,
2003. The Board principally will be funded by fees charged to reporting
issuers and external auditors will pay annual registration fees to cover
the Board’s costs of processing applications and annual reports.
- Only those external auditors registered with the Board will be permitted
to audit public companies.
- The Act requires the Board to adopt "auditing and related attestation
standards" and "ethics standards" to be used by external auditors in
the preparation and issuance of their audit examination reports.
- The Act requires the Board to promulgate standards for external
auditor quality controls, including internal and external consulting
on audit issues, audit supervision, hiring and training of audit personnel,
client intake and engagement matters, ethical considerations and independence
- The Board will have authority to investigate violations of the Act,
the Board’s rules and professional accounting and auditor conduct rules,
and may compel testimony and document production and impose sanctions
for non-compliance (including revocation or suspension of a registered
firm’s registration, the imposition of civil penalties and denial of
authority to audit public companies).
- The Board may refer investigations to the SEC, or with the SEC’s
approval, to the U.S. Department of Justice.
Coming to grips with the Act will be a challenge for the public company
community and the professionals who serve it. Much of the heavy lifting
has been left to SEC rulemaking to implement many of the Act’s provisions
and to clarify their requirements. Whether the Act will result in new or
greater liability for directors and officers only time can tell, although
one can expect the SEC and private plaintiffs’ bar to explore the Act’s
Each public company will need to evaluate carefully how it complies with
the Act’s requirements, by appropriately modifying and monitoring its internal
accounting and financial reporting processes, relationships with external
auditors and other professional advisors, audit committee charters, codes
of conduct, compensation policies, executive contracts, human resource and
investor relations policies and many other aspects of daily operations.
We encourage our public company clients to consult with counsel, as necessary,
to develop tailor-made systems and procedures to assure compliance with
In that this is a fluid and evolving area that necessarily affects multiple
levels of the issuer’s reporting function, management accountability and
the role of independent directors, the issuer/external auditor relationship,
SRO listing standards, corporate transparency and the like, we will supplement
this Alert as and when material developments occur and "best practices"
© 2002 Greenberg Traurig
For more information, please review our Corporate & Securities Practice
description, or feel free to contact one of our attorneys.
This GT ALERT is issued for general purposes only and is not intended
to be construed or used as legal advice. Greenberg Traurig attorneys provide
practical, result-oriented strategies and solutions tailored to meet our
clients’ individual legal needs. The Firm’s responsive approach to client
service often cuts across legal subject matter, applying the right experience
and resources to provide cost-effective solutions.