United States: Overview of the Sarbanes-Oxley Act of 2002

The Congress recently passed the Sarbanes-Oxley Act of 2002 (H.R. 3763). This legislation, which the President signed yesterday, contains sweeping changes in the areas of corporate governance, financial disclosure, auditor independence, and corporate criminal liability.*

We at MBR&M want to give you an overview of the provisions in the bill most relevant to publicly traded companies. This legislation places important new or expanded responsibilities on publicly traded companies and their officers and directors, including audit committees of their boards of directors. Many of these will take effect immediately upon the signing of the legislation by the President or upon adoption of implementing regulations that the SEC will be required to adopt shortly thereafter. It is therefore essential that the management and boards of directors of publicly traded companies take immediate action to become familiar with the new requirements and to develop procedures to comply with those requirements.

This survey memorandum will only familiarize you with the many aspects of the new law. Therefore, we are also working on a firm memorandum that will address various securities and corporate law issues with more detail and nuance. It should be available very soon.

If you have immediate questions or concerns about how these new laws will affect you, please do not hesitate to contact any MBR&M lawyers, including those listed at the end of this memorandum.

The bill specifies categories of non-audit services that a "registered public accounting firm" (i.e., an accounting firm that has qualified and registered with the new Public Company Accounting Oversight Board created by the legislation) will be prohibited from providing to an audit client. They include: services related to the accounting records or financial statements of the audit client; financial information systems design and implementation; appraisal or valuation services; actuarial services; internal audit out-sourcing; broker, dealer, investment adviser, or investment banking services; and legal and other expert services unrelated to audit.

A registered public accounting firm will be permitted to provide non-audit services not proscribed by the above limitations, including tax services, but only with pre-approval of the issuer's audit committee or its designee.

Both the lead audit partner and the reviewing partner on a publicly traded company's audit must be changed every five years. In addition, the legislation will require that a study be made concerning whether publicly held companies should be required to change audit firms after specified time periods.

A registered public accounting firm providing audit services will be required to report to the audit committee all critical accounting policies and practices, alter-native treatments of financial information under GAAP that have been discussed with management, their ramifications, the accounting firm's preferred treatment and material written communications between the auditor and management.

The bill seeks to address the so-called "revolving door" issue by prohibiting a registered public accounting firm from providing audit services to an issuer if that issuer's CEO, CFO, chief accounting officer, or controller was employed by the accounting firm within the previous year.

While these provisions are effective immediately, most of them will not apply to audit firms until the Public Company Accounting Oversight Board is established and certified by the SEC. This SEC certification is required by April 26, 2003.

The listing standards of securities exchanges and Nasdaq must require that:

• The audit committee be directly responsible for the appointment, compensation, and oversight of the work of a registered public accounting firm providing audit services.
• The audit committee be composed of independent members of the board of directors. A director will not be independent under the new law if, other than as an audit committee member, director, or member of another committee, the director accepts fees of any sort from the issuer or is an affiliated person of the issuer or its subsidiaries. These independence requirements will be in addition to the audit committee independence requirements of the New York and American Stock exchanges and the Nasdaq Stock Market.
• The audit committee establish procedures for the proper handling of complaints regarding accounting and auditing matters, and for anonymous submissions by employees of concerns about accounting and auditing matters.
• The audit committee has the authority to consult independent counsel and any other advisors it considers necessary in fulfilling its duties.
• Each issuer provides funding, as determined by the audit committee, for the compensation of the registered public accounting firm providing its audit services, and for independent counsel and other advisors that might be hired by the audit committee.

CEOs and CFOs will be required to certify in each annual and quarterly report that: (1) they have reviewed the report and to the best of their knowledge it does not contain an untrue statement of, nor does it omit, any material fact; (2) it fairly presents the financial condition and results of operations of the issuer; (3) the signing officers are responsible for internal controls and have designed them such that material information relating to the issuer and its consolidated subsidiaries is made known to them; (4) they have disclosed to the auditors and audit committee any material weaknesses and any fraud (material or not) affecting their internal controls; and (5) whether there have been any significant changes in internal controls that could affect such controls in the future. These certification requirements are more extensive than either the certifications the SEC has ordered the CEOs and CFOs of the 947 largest companies to make or the certifications that the SEC proposed in June of this year to require of all publicly traded companies as an ongoing matter.

It will be unlawful for any officer or director to take any action to fraudulently influence or coerce any accountant auditing the issuer's financial statements for the purpose of rendering the financial statements misleading. While such activities would likely violate existing federal securities and other laws, this new pro-vision would make it easier to take enforcement action against such activities in the future.

If an issuer is required to prepare an accounting restatement because it has failed to comply with financial reporting requirements under the federal securities laws, the CEO and CFO will be required to reimburse the issuer for any bonus, incentive-based or equity-based compensation, or profits realized from the sale of securities of the issuer that are received within a year following the earlier of the public issuance or the filing of the restatement.

The standard that must be met under federal securities laws for a court to enjoin an individual from serving as an officer or director of an issuer is lowered from "substantial unfitness" to simply, "unfitness."

The new law will make it unlawful for a company's directors or officers to buy company securities, or sell or transfer any such securities acquired by them in connection with their employment, during a blackout period imposed on employee plans generally. Any profits from any such prohibited sales will be recoverable by the issuer. "Blackout" is defined as any period greater than three business days during which at least half of the participants in the company's individual account plans are unable to buy, sell or transfer their stock. The term would not include regularly scheduled suspensions incorporated into the individual account plan and timely disclosed to employees, or any suspension imposed solely in connection with a merger, acquisition, or divestiture involving the plan or the plan sponsor.

New SEC rules will require an attorney representing an issuer before the SEC to report evidence of a violation of the federal securities laws or a breach of fiduciary duty by the company or its officers or directors to the company's chief legal counsel or CEO, and if they do not respond appropriately, to report such activity to its audit committee or the board. This new provision will require great care on the part of company officers and counsel to assure that there is full communication and disclosure of all relevant facts in the course of corporate legal representation. In addition, it may be anticipated that there will be a substantial period of genuine uncertainty as to the proper application of this new provision since it is often the case that both the facts and the requirements of the relevant law in any given situation are not susceptible of clear determination. In such situations, the answer to the question of what is an appropriate response may be equally unclear. SEC rules are required by January 26, 2003.

In Title IV, which generally deals with disclosure, there is a broad new prohibition on loans made directly or indirectly by issuers to their executives. Exception is made for home improvement and manufactured home loans, consumer credit, extensions of credit under an open end credit plans, charge cards, or any extension of credit by a broker or dealer to an employee to buy, trade, or carry securities; so long as such loans or credit are made or provided in the ordinary course of the consumer credit business of an issuer, are of a type generally made available to the public, and are made on market terms or terms no more favorable than those offered to the public. A special exception to this prohibition is provided for banking institutions and their holding companies, which are already subject to insider lending prohibitions and limitations under the federal banking statutes and regulations.

Most Title III provisions and section 402 restrictions on loans are effective immediately. While some provisions require SEC rule making, these legislative man-dates are in addition to new rules or existing rules that are now, or soon will be in effect.

Financial reports and statements filed with the SEC will be required to reflect any correcting adjustments identified by a registered public accounting firm in accordance with GAAP and SEC rules. Annual and quarterly reports will be required to disclose all off-balance sheet transactions and obligations with unconsolidated entities or other persons that may have a material effect on the issuer's financial condition. Pro forma financial data will be required to be presented in a way that is not misleading and that can be reconciled with the financial condition of the issuer under GAAP. This provision is directed at, but appears not to be limited to, the practice of a number of companies in recent years of presenting various pro forma or "normalizing" adjustments to their GAAP revenues, net income, cash flows or other financial statements to exclude the effects of what they refer to as "one time" or "nonrecurring" items or events. While pro forma adjustments often assist in presenting a truer or more complete picture of long term trends, the SEC and others have criticized them on the basis that some companies have placed too much emphasis to the adjusted amounts and have obscured, or in some cases have not presented, their GAAP results of operations and cash flows.

Officers, directors and 10% shareholders of publicly traded companies are required under current Section 16(a) of the Exchange Act to file publicly available reports with the SEC concerning their ownership of equity securities of their company, including reports of changes in such ownership on SEC Form 4. Under current law and SEC regulations, Form 4 reports are generally required to be filed within 10 days after the end of the month in which any purchase, sale or other change in such ownership occurs.

Officers, directors and ten percent shareholders will now be required to file Form 4 reports of such changes within two business days of such transactions. To assure compliance with this new, very short time frame, companies should immediately notify their reporting persons of the change in the law and should also take advantage of the procedures the SEC already has in place to facilitate such filings. These procedures include obtaining powers of attorney to permit company personnel to sign and submit Section 16 reports on behalf of the reporting persons and facsimile transmission of signed copies of the required reports to a law firm or agent for delivery to the SEC.

Annual reports to the SEC will be required to include an internal control report that affirmatively states the responsibility of management for internal controls relating to financial reporting, and includes an assessment of the effectiveness of the internal control structure and procedures management has established. Each registered public accounting firm that prepares an audit report will be required to report on and attest to the internal control assessment made by management.

An issuer will be required to disclose whether it has adopted a code of ethics for senior financial officers, and to make a prompt Form 8-K disclosure of any change or waiver of that code. The new law also provides guidance as to the principles such a code should embrace.

The New York and American Stock Exchanges and the Nasdaq Stock Market have established more stringent qualification standards for audit committee members in recent years. The legislation will now require publicly traded companies to disclose whether their audit committees have at least one member who is a "financial expert," as defined by the SEC. In defining that term, the SEC must consider specific factors, including understanding of and experience with GAAP and the preparation or auditing of financial statements, experience with internal accounting controls, and an understanding of audit committee functions. These new qualification criteria may be more exacting than those established by the stock exchanges and Nasdaq to date.

Due principally to budgetary and staff limitations, the SEC has not generally conducted extensive reviews of the Exchange Act reports of publicly traded companies. The SEC now will be required to conduct regular, systematic reviews of disclosures by issuers for the protection of investors. In scheduling these reviews, the SEC must consider whether the issuer has issued material restatements of financial results, any significant volatility in issuer stock price relative to other issuers, and whether the issuer has a large market capitalization, as well as other factors.

SEC Chairman Harvey Pitt has previously proposed moving toward a system of more prompt, "real time" disclosure of material developments by publicly traded companies. In this connection, the SEC has proposed to expand the list of matters required to be reported on Form 8-K and also has proposed to shorten the time periods for filing Exchange Act reports. The legislation will now require the SEC to adopt rules requiring issuers to disclose to the public, on a rapid and current basis, and in plain English, material changes in financial condition or operations where necessary for the protection of investors and the public interest.

Most Title IV provisions are effective immediately. Disclosures requirements regarding off-balance sheet entities and pro forma financials will require new SEC rules by January 26, 2003. New SEC rules on codes of ethics are due by January 26, 2003.

Effective immediately, the SEC is empowered to censure any person practicing before it who is found not to possess the requisite qualifications to represent others, to be lacking in character or integrity, or to have willfully violated securities laws or assisted in such violation.

The bill creates two new felonies. One punishes those who knowingly destroy, alter, or falsify records in federal investigations and bankruptcy proceedings with up to 10 years imprisonment and criminal fines. Another punishes those who knowingly and willfully destroy corporate audit records with up to 20 years imprisonment and criminal fines.

The new law extends the statute of limitations for securities fraud to the earlier of: (1) two years after the act is discovered, or (2) five years after the act itself.

An issuer will be prohibited from firing or otherwise discriminating against personnel who lawfully act in an investigation to provide information that they reasonably believe constitutes fraud. Such personnel will have the right to petition the Secretary of Labor for redress and, if no action is taken within a specified period of time, to seek redress in federal district court.

A new felony is created to punish acts of securities fraud with up to 25 years imprisonment and criminal fines.

A CEO and CFO will be required to include with any periodic financial report filed at the SEC a written statement certifying the accuracy of that report. Whoever certifies such a statement with knowledge that the report is inaccurate can be fined up to $1 mil-lion and imprisoned for up to ten years. If someone willfully does so, he or she can be fined up to $5 million and imprisoned up to 20 years.

The new law provides that anyone who corruptly tampers with or destroys a document, intending to impair its availability in an official proceeding, can be imprisoned for up to 20 years and subjected to criminal fines.

The SEC is authorized under the new law, as a part of any cease-and-desist order issued in connection with the violation of federal securities laws, to prohibit (up to and including permanently) a person from acting as an officer or director where that person's conduct demonstrates unfitness to serve in such a capacity.

The penalties under Section 32(a) of the 1934 Act for willful violations of securities laws or for false and misleading statements in SEC filings are increased from $1,000,000 or imprisoned not more than 10 years, to $5,000,000 or imprisoned not more than 20 years for individuals; and from $2,500,000 to $25,000,000 for corporations.

The new law provides that anyone who knowingly takes action to harm a person with the intent to retaliate against him or her for providing authorities with truthful information relating to a possible federal offense can be imprisoned up to 10 years and subjected to criminal fines.

Almost all of the provision described here are effective immediately.

This memorandum does not address the provisions of H.R. 3763 which create a sweeping new auditor regulatory regime. Significant changes may occur in GAAS and GAAP as a result of this new regulatory structure and changes affecting the Financial Accounting Standards Board. MBR&M of course has been, and will continue to be, following developments very closely in all areas addressed by this legislation.

Moreover, given the scope of the new law, a thorough understanding of all of its provisions will require extensive study and evaluation of the many sets of new regulations the Act requires. As noted, additional client memoranda will be developed to address this need.

Copyright © 2007, Mayer, Brown, Rowe & Maw LLP. and/or Mayer Brown International LLP. This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.

Mayer Brown is a combination of two limited liability partnerships: one named Mayer Brown LLP, established in Illinois, USA; and one named Mayer Brown International LLP, incorporated in England.