Accounting, Patriot Laws Raise Concern for Telcos -- Public and Private

Michael K. Powell, chairman of the Federal Communications Commission, recently signaled the commission's intent to relax existing regulations, making it easier for telecommunications companies to expand. For example, Powell has made clear his desire to roll back regulations that prevent telecommunications companies from entering new lines of business. Likewise, effective Jan. 1, the commission removed certain spectrum limitations to which wireless carriers were subject.

This trend toward deregulation may, over time, lead to increased partnerships in the telecom industry, through mergers, joint ventures or otherwise, as companies have greater flexibility to offer consumers and business customers a single package of services that traditionally have been purchased separately. However, while the relaxation of FCC regulations may remove certain speed bumps for growing telecom companies, other recently enacted legislation could create new potholes and, in some cases, virtual roadblocks for telecom industry players attempting to expand. In particular, telecom companies should consider recently implemented provisions under the Sarbanes-Oxley Act of 2002 and the USA Patriot Act.

SARBANES-OXLEY

Sarbanes-Oxley, enacted in July 2002 partly in response to recent bankruptcies and financial misstatements of telecom carriers such as WorldCom Inc., subjects public companies to myriad disclosure requirements and requires them to implement a series of internal policies and procedures. While most of the act's provisions directly cover only publicly traded companies, various provisions also will significantly impact private businesses. This may be particularly true for telecom firms, which may be subject to a higher standard of conduct after the relatively large number of recent industry-related scandals.

First, many of the provisions under Sarbanes-Oxley are likely to become standards for "best practices" for both public and private companies. In particular, lenders, investors and other stakeholders may require private firms to comply with certain provisions of the act, such as its required financial disclosures, audit committee interaction with accountants and implementation of codes of conduct, even if such compliance is not legally required. In addition, the corporate governance standards implemented by both private and public companies are likely to be compared to those affected by their industry competitors. As a result, even private companies may feel increasing pressure to adopt reforms implemented by their public company rivals.

Further, under existing securities laws, when a public company acquires a private target, the public company may be required to file financial statements of the private company (assuming certain asset or income tests are met). Under Sarbanes-Oxley, each public company CEO and CFO is required to certify financial statements filed by the issuer; for example, that they fairly present the financial condition of the company.

In the context of a potential telecom acquisition, CEOs and CFOs may be required to certify financial statements which include private telecom company operations, including certifications for periods during which the acquiring company did not own the private firm and where those officers were not involved in the preparation of the private company's financial statements.

Accordingly, public company acquirers likely will conduct much more comprehensive diligence of a target's financial disclosure before effecting the transaction. This diligence likely will include an assessment of the target's management team, a review of internal controls (and any significant deficiencies in their design or operation which could adversely impact disclosure of financial information) and an evaluation of the level of aggressiveness of the target's accounting policies. It also could include meetings with the people involved in the target's compilation of financial data and require targets to make representations and warranties concerning internal controls, disclosure controls and procedures and other financial disclosure issues, along with related indemnification provisions.

USA PATRIOT ACT

The USA Patriot Act, the short name for the statute formally titled the "Uniting and Strengthening America Providing Appropriate Tools to Intercept Terrorism (USA PATRIOT Act) of 2001," strengthens the U.S. government's ability to combat terrorism and prevent and detect money laundering activities.

Among other items, the act:

• provides federal law enforcement officials with greater authority to gather and share evidence, particularly in the area of wire and electronic communications;
• creates new federal crimes, increases the penalties for existing federal crimes and adjusts existing federal criminal procedure, particularly with respect to acts of terrorism; and
• modifies immigration law, increasing the ability of the federal government to prevent terrorists from entering the country and to detain foreign terrorists.

Certain provisions of the act went into effect immediately, while others became effective more recently.

Telecom companies, of course, quickly have become familiar with the Patriot Act's requirements in the law enforcement area, as federal officials increasingly seek to intercept voice and data communications. However, the act sets out other requirements which over time may have unanticipated impacts on various types of businesses, including telecommunications firms.

Title III of the Patriot Act, "International Money Laundering and Anti-Terrorist Financing Act of 2001," imposes various new obligations on "financial institutions," a term defined quite broadly to encompass a wide variety of companies throughout the economy. For example, loan or finance companies, operators of credit card systems, telegraph companies, travel agents and any other business designated by the government through regulation whose cash transactions have a high degree of usefulness in criminal, tax or regulatory matters, are designated as "financial institutions."

That designation imposes significant obligations, including the requirement to establish a written anti-money-laundering program, which, at a minimum, includes:

• development of internal anti-money laundering policies, procedures and controls designed to detect and prevent money laundering;
• designation of an internal compliance officer who will assure day-to-day compliance with the program;
• an ongoing employee training program, under which employees must be educated about the applicable legal requirements, acceptable record-keeping measures, and the identification and handling of suspicious transactions or money laundering activities; and
• an independent audit function to monitor the program.

The Patriot Act also requires financial institutions to implement "reasonable procedures" to verify the identity of any person seeking to open an account, to maintain records of information used to verify a person's identity and to consult lists of known or suspected terrorists or terrorist organizations.

The applicability of the Patriot Act to telecommunications providers depends on how a particular company runs its business. For example, if a telephone company provides financing for CPE or other types of equipment through its own affiliate, it may be deemed a "loan or finance company" under the act, which would subject it to the obligations discussed above. On the other hand, if equipment purchases are instead financed through an independent third party, the telephone company would not be subject to the act directly, but could still be required to comply with its record-keeping obligations to allow that independent third party to comply. Thus, any company with affiliates engaged, directly or indirectly, in any line of business listed as a "financial institution" either in the Bank Secrecy Act or by regulation may be swept into the Patriot Act's requirements.

If a business is covered by the act as a nontraditional "financial institution," noncompliance can prove costly. For example, the failure to comply with regulations issued under the Patriot Act can result in civil penalties of $25,000 per day, or a maximum of $250,000 per day for willful criminal violations. Given the complexity of the Patriot Act and the severe penalties for noncompliance, many companies that traditionally would not be considered "financial institutions" nevertheless have developed programs to comply with the act.

Ultimately, now is not the time for telecommunications companies to rejoice in deregulation of the industry. Instead, firms will continue to grapple with increasingly broad and ambiguous rules, in an environment where the risks of noncompliance may be greater than ever.