- Sarbanes-Oxley Act of 2002
- August 11, 2003
- Law Firm: Perkins Coie LLP - Seattle Office
President Bush signed the Sarbanes-Oxley Act of 2002 into law on July 30, 2002, creating the most radical redesign of federal securities laws since the 1930s. Some provisions are effective immediately, while others will be effective as soon as the SEC adopts the relevant rules, which it must do within mandated time periods ranging from 30 days to one year. One of the two CEO/CFO certification requirements appears to be effective immediately, while the second CEO/CFO certification requirement will be effective no later than August 29, 2002. The prohibition on new loans to directors and executive officers is effective immediately, and accelerated Form 4 deadlines will also be effective no later than August 29, 2002.
This Update summarizes the key points of the Act, but does not cover all the provisions of this very complex legislative package. Implementation of the Act will require resolution of ambiguities and further rulemaking by the SEC. Please contact your client service lawyer to discuss how the Act will apply to your specific circumstances.
Executive Officers and Directors of Public Companies
Certification of Financial Reports by CEOs and CFOs. The Act contains two divergent provisions requiring certification by CEOs and CFOs of periodic reports filed with the SEC. Section 906 of the Act, which appears to be effective immediately, requires CEOs and CFOs to certify in each periodic report containing financial statements that
- the report fully complies with the requirements of Sections 13(a) and 15(d) of the Securities Exchange Act of 1934, and
- the information contained in the report fairly presents, in all material respects, the company's financial condition and results of operations.
Certifying officers of domestic public companies will face penalties for false certification of financial information of $1,000,000 and/or up to 10 years imprisonment if the violation was "knowing" and $5,000,000 and/or up to 20 years imprisonment if the violation was "willful."
In addition to the Section 906 certification described above, Section 302 of the Act directs the SEC to adopt rules, which must be effective no later than August 29, 2002, that will require CEOs and CFOs to certify in each annual and quarterly report filed with the SEC that
- they have reviewed the report;
- based on their knowledge,
- the report does not contain any material misstatements or omissions and
- the financial statements and other financial information included in the report fairly present in all material respects the company's financial condition and results of operations; and
- they have designed and reviewed the effectiveness of internal controls to ensure that they receive material information and they have disclosed to the audit committee any fraud and all significant deficiencies in the design or operation of the internal controls.
The Section 302 certification is substantially similar to the certification requirements proposed by the SEC on June 17. We expect the SEC will issue interpretive guidance to help companies comply with both of these certification requirements.
Ban on Personal Loans to Executive Officers and Directors. Section 402 of the Act provides that, effective immediately, no public company may make, extend, modify or renew any personal loan to its executive officers or directors. There will be limited exceptions for loans made in the ordinary course of the company's business, on market terms, for home improvement and manufactured home loans, consumer credit, or extension of credit under an open-end credit plan or charge card. Companies may maintain currently outstanding loans to executive officers and directors provided that the terms of the loans are not materially modified.
Dramatically Accelerated Reporting of Trades by Insiders. Section 403 of the Act dramatically shortens the deadline, effective August 29, 2002, for insiders (including executive officers, directors and 10% shareholders) to file a Form 4 to report any trading in their company's securities. The Form 4 will be due within two business days after the execution date of the transaction, rather than prior to the tenth day of the month following the transaction, which is the deadline under current rules. The SEC may extend this deadline if it determines the two-day period is not feasible.
No later than July 30, 2003, insiders will be required to file Form 4 electronically. In addition, each issuer who maintains a corporate Web site will be required to post a copy of the filing on its Web site by the end of the business day following the filing, and the SEC will be required to make the filing available electronically within the same time frame. Although the mandatory electronic filing requirement is one year away, we strongly recommend that companies encourage their insiders to switch to electronic filing as soon as possible in order to meet the accelerated filing deadline.
Prohibition on Insider Trades During Pension Fund Blackout Periods. Section 306 of the Act prohibits trading by directors and executive officers during any blackout period imposed under a company's 401(k) plan or other profit sharing or retirement plan (other than certain regularly scheduled no-trade periods) of any of their company's equity securities obtained as compensation for their services to the company, effective January 26, 2003. Any profits realized by an officer or director in violation of this provision, regardless of that person's intent, may be recovered by the company, including through a shareholder derivative suit.
Disgorgement of CEO and CFO Compensation and Profits. Section 304 of the Act provides that if a company is required to restate its financial statements due to material noncompliance with any financial reporting requirement that resulted from misconduct, effective immediately, the CEO and CFO must reimburse the company for any bonus or other incentive- or equity-based compensation received during the 12-month period preceding the relevant filing. However, the Act does not specify whose misconduct will be relevant or the level of misconduct (e.g., negligent, knowing or willful) required for imposition of this penalty.
Public Company Disclosures
Real-Time Current Disclosure by Public Companies. Section 409 of the Act adds a new Sec. 13(l) to the 1934 Act that will require each public company to disclose "on a rapid and current basis" additional information about the company's financial condition or operations. By specifying that this rapid and current disclosure will be "as the Commission determines, by rule, is necessary or useful," Sarbanes-Oxley appears to contemplate that Section 409 not be self-executing, but that it be implemented by SEC rulemaking. There is no deadline for such rulemaking.
Annual Financial Reports. Effective immediately under Section 401 of the Act, all annual reports filed with the SEC containing financial statements will be required to include all material corrections identified by a public accounting firm.
Additional Disclosures Required in Periodic Reports. The Act directs the SEC to adopt rules, effective no later than January 26, 2003, to require the following additional disclosures:
- Off-Balance Sheet Transactions (Section 401). All annual and quarterly reports will be required to disclose all material off-balance sheet transactions, arrangements and obligations (including contingent obligations).
- Pro Forma Financial Information (Section 401). Pro forma financial information included in a periodic report filed with the SEC, or in a press release or other public disclosure, will be required to be presented in a manner that is not misleading and must be reconciled with the company's financial condition and results of operations under GAAP.
- Code of Ethics (Section 406). Each public company will be required to disclose in its periodic reports whether or not (and if not, why not) it has adopted a code of ethics for senior financial officers (CFO and principal accounting officer or controller), and will be required to immediately disclose any change in or waiver of this code of ethics.
- Management Assessment of Internal Controls (Section 404). Each annual report on Form 10-K must contain a statement of management's responsibility to establish and maintain adequate internal controls and procedures for its financial reporting and a report evaluating the effectiveness of these controls and procedures. The company's public accountants must report on and attest to the assessment made by the company's management.
- Audit Committees and Outside Audit Firms
Audit Committees: Functions and Role Requirements to Be Effected Through Listing Standards. Section 301 of the Act directs the SEC to adopt rules, effective no later than April 26, 2003, that direct the national securities exchanges and Nasdaq to effect certain listing standards (similar, in part, to recent proposals by such exchanges) that impose the following requirements on audit committees' functions and role:
- Independence. The audit committee must be composed entirely of independent directors. To be "independent" under the Act, the audit committee member may not accept any consulting, advisory or other compensatory fee from the company, except in his or her capacity as a board or board committee member, and may not own or control 5% or more of the voting securities of the company or be an officer, director, partner or employee of the company.
- Authority to Engage Advisors. The audit committee must have the authority, and any funding it finds appropriate, to engage the outside auditing firm, independent counsel and other advisers as it determines necessary to carry out its duties.
- Employee Complaint Procedures. Audit committees must establish procedures for the receipt, retention and treatment of complaints regarding accounting, internal accounting controls or auditing matters, and for the confidential, anonymous submission by employees of concerns regarding questionable accounting or auditing matters.
Financial Expertise of Audit Committee. Section 407 of the Act directs the SEC to issue rules, effective no later than January 26, 2003, requiring disclosure in companies' periodic reports whether or not (and if not, why not) at least one member of the audit committee is a "financial expert" as the SEC may define such term.
Auditor Independence.The Act directs the SEC to adopt rules, effective no later than January 26, 2003 (except as otherwise specified below), regarding auditor independence as follows:
- Audit Committee Oversight of Outside Auditing Firm. Section 301 of the Act requires the national securities exchanges and Nasdaq to adopt the following listing requirements, effective no later than April 26, 2003:
- audit committees must be directly responsible for the appointment, compensation, and oversight of the work of any registered public accounting firm employed by the company (including resolution of disagreements between management and the auditor regarding financial reporting) for the purpose of preparing or issuing an audit report or related work;
- the accounting firm must report directly to the audit committee.
- Prohibited Non-Audit Services; Pre-Approval of All Services (Sections 201 and 202).
- The Act prohibits registered public accounting firms from providing to any issuer, "contemporaneously with the audit," any professional services other than those provided in connection with an audit or a review of the financial statements of the company.
- Registered public accounting firms may engage in any non-audit services, including tax services, that the Act does not specifically prohibit. All audit services and permitted non-audit services must be pre-approved by the audit committee. The Act provides a narrow waiver of the pre-approval requirement for permitted non-audit services in some circumstances.
- Audit committee approval of any non-audit services must be disclosed in the company's periodic reports.
- Audit committees may delegate to one or more independent committee members authority to grant pre-approvals of both audit and non-audit services, so long as the delegatee presents his or her decisions at each scheduled committee meeting.
- Auditor Reports to Audit Committees. Section 204 of the Act requires registered public accounting firms to make timely reports to the audit committee of:
- all critical accounting policies and practices to be used;
- all alternative treatments of financial information within GAAP that have been discussed with management, ramifications of the use of such alternatives, and the treatment preferred by the accounting firm; and
- other material written communications between the accounting firm and management, such as any management letter or schedule of unadjusted differences.
Audit Partner Rotation. Section 203 of the Act prohibits registered public accounting firms from providing audit services for a company if either the lead audit partner or the reviewing audit partner has been performing audit services for that issuer in each of the previous five years. Effectively, this requires a new lead partner and a new reviewing partner at least once every five years.
Auditor Conflict of Interest - One-Year Cooling-Off Period. Section 206 of the Act prohibits registered public accounting firms from auditing a company if the company's CEO, CFO, chief accounting officer or any equivalent employee was employed by the auditing firm and participated in the audit of that issuer during the one-year period preceding initiation of the current audit.
Prohibition Against Misleading Outside Auditor. Section 303 of the Act directs the SEC to adopt rules, effective no later than April 26, 2003, that make it unlawful for any officer or director, or anyone acting under their direction, to fraudulently influence, coerce, manipulate or mislead any independent public or certified accountant engaged in the performance of an audit of a company's financial statements for the purpose of rendering them materially misleading.
Criminal and Civil Penalties for Securities Violations
Criminal Penalties. The Act creates several new crimes for securities violations, effective immediately, including:
- destroying, altering or falsifying records with the intent to impede or influence any federal investigation or bankruptcy proceeding will be punishable by a fine and a prison sentence of up to 20 years (Section 802);
- knowing and willful failure by an accountant to maintain all audit or workpapers for five years after the end of the fiscal period in which the audit or review was conducted will be punishable by a fine and a prison sentence of up to 10 years (Section 802); and
- knowingly executing a scheme to defraud investors in connection with any security will now be explicitly punishable by a fine and a prison sentence of up to 25 years (Section 807). This provision appears to be a significant expansion of the current securities fraud laws.
The Act also significantly increases the maximum fines and prison sentences for other existing securities-related crimes. In addition, the Act directs the U.S. Sentencing Commission to adopt Federal Sentencing Guidelines that will reflect the "serious nature of the offenses and the penalties set forth in the Act, the growing incidence of serious fraud offenses ... and the need to deter, prevent and punish such offenses."
Civil Liabilities. The Act makes the following changes to civil liabilities, effective immediately:
- amends the bankruptcy code to prevent the use of bankruptcy to avoid liability incurred due to federal or state securities laws violations (Section 803);
- extends the statute of limitations for investors to file a civil action for securities fraud from one year to two years after discovery of the facts and from three years to five years after the actual occurrence of the fraud (Section 804); and
- provides protection to whistle-blowing employees, agents and contractors who lawfully provide information or otherwise assist investigations being conducted by a federal regulatory or law enforcement agency, a congressional member or committee, or any supervisor of the employee (Section 806).
Attorney Obligation to Report Violations
Under Section 307 of the Act, the SEC must adopt rules, effective no later than January 26, 2003, to require attorneys appearing and practicing before the SEC in representing public companies to report evidence of a material violation of the securities laws or breach of fiduciary duty by a company (or its agent) to the company's general counsel or CEO and, if no appropriate response is made, to the company's audit committee, independent directors or board of directors.