The Sarbanes-Oxley Act of 2002 (Act), the US corporate reform legislation signed into law by President Bush on 30 July 2002, will cause sweeping changes in various US securities, criminal and other laws affecting US and non-US companies, public accounting firms, investment bankers, lawyers and public company directors and executive officers.
The Act has broad implications for the corporate governance and audit and financial reporting process and other disclosure and compensation practices of US and non-US companies whose securities are quoted in the main US markets. Certain provisions of the new law could significantly increase the risks and magnitude of personal liability for the directors and executive officers of non-US and US companies. Because of the unexpected speed with which the legislation was passed before the US Congress’ annual August recess, it is anticipated that several provisions of the Act will result in unanticipated consequences and practical difficulties.
Many provisions of the Act mandate, supplement, pre-empt or require modifications to various proposed rule changes that have been pending before the U.S. Securities and Exchange Commission (SEC) and the stock exchanges in response to recent events. In many cases, the Act directs the SEC to adopt rules and regulations (in some cases, as indicated below, within 30 days) necessary or appropriate to clarify and implement the new law.
Many of the sweeping changes imposed by the Act will directly and significantly affect non-US companies and individuals. This is because the Act makes virtually no distinction in most cases between non-US and US companies. The provisions of the Act apply generally to "an issuer (as defined in section 3 of the Securities Exchange Act of 1934…), the securities of which are registered under section 12 of that Act …or that is required to file reports under section 15(d)." In plain language, this implicates non-US and US companies alike whose securities are quoted on the main US securities markets or who have filed registration statements with the SEC.
The SEC has broad exemptive authority under the Securities Exchange Act of 1934 (Exchange Act), which it has used in the past to exempt non-US companies and individuals from various provisions under the Exchange Act and other securities laws. Unless and until the SEC acts to exempt non-US companies from various provisions of the Act, they will apply with full force to non-US companies. In this case, for the first time, non-US companies may become subject to various provisions of US securities laws that did not previously apply or that the US stock exchanges routinely waived, such as audit committee composition and independence rules, signature and certification requirements, among other provisions. It is unclear at this time whether and in which cases the SEC will elect to exercise this broad exemptive authority.
The key provisions of the Act affecting non-US companies include the following:
- enhanced corporate responsibility requirements, including CEO and CFO certifications;
- increased regulation and oversight of the accounting profession;
- more stringent auditor and audit committee independence requirements;
- increased company disclosure; and
- increased criminal penalties.
Clients and others are encouraged to contact members of McDermott Will & Emery’s Corporate Responsibility Practice Group identified at the end of this advisory or their regular McDermott Will & Emery lawyer for further information regarding the Act or other congressional, SEC or regulatory initiatives concerning securities law, corporate governance and related matters.
Oversight of Accounting Profession
The Act creates a Public Company Accounting Oversight Board (Board) to register, oversee, regulate, inspect and discipline public accounting firms, including non-US firms that "prepare or furnish an audit report with respect to any issuer," whose audit reports are included in SEC filings and individuals associated with such firms. Non-US public accounting firms that do not issue audit reports may still be subject to Board registration and oversight if the Board determines that they provide substantial assistance in preparing audit reports. The Board will establish and enforce auditing, quality control, ethics and independence standards and rules.
The SEC will appoint a five-member Board (after consultation with the chairman of the US Federal Reserve and US Secretary of the Treasury) to staggered five-year terms within 90 days of enactment of the Act. Two, but no more than two, members of the Board shall be or have been certified public accountants. The SEC will have oversight and enforcement authority over the Board funded by new fees imposed on publicly traded companies based on their market capitalisation. The Act requires the Board to be ready to discharge its duties pursuant to the Act within 270 days of the Act’s enactment.
Public accounting firms registering with the Board will be required to submit detailed information in their registration applications and mandated annual reports, including information regarding their clients, services provided and fees received for audit, non-audit and other accounting services. Public accounting firms will be required to pay registration and annual fees to cover the costs of processing and reviewing applications and annual reports. Under the Act, registration with the Board will not create a basis for subjecting non-US public accounting firms to the general jurisdiction of US courts.
Non-US public accounting firms that issue opinions or otherwise provide material services upon which a registered public accounting firm relies in issuing all or part of an audit report will, under the Act, be deemed to have consented to supplying audit work papers at the request of the SEC or the Board. The SEC and the Board (subject to SEC approval) will have authority to exempt any non-US public accounting firm from the Act or any rules issued under the Act.
It is unclear whether and to what extent the SEC and the Board might exercise their exemptive authority to exempt non-US public accounting firms from any of these provisions.
Subject to the exemptive authority granted to the SEC, the Act amends the Exchange Act to prohibit registered public accounting firms from performing for an audit client any of the following services (some of which are already prohibited) by regulation:
- bookkeeping and similar services;
- financial information systems design and implementation;
- appraisal or valuation services, fairness opinions or contribution-in-kind reports;
- actuarial services;
- internal audit outsourcing services;
- management functions or human resources;
broker or dealer, investment advisor or investment banking services;
- legal services and expert services unrelated to audit; and
- any other services proscribed by the Board.
In addition, subject to de minimis exceptions and exemptive authority granted to the SEC, the provision of other non-audit services by outside auditors (such as tax services) will require pre-approval by the audit committee and disclosure of such approval in periodic reports filed with the SEC.
The lead or co-ordinating audit partner with responsibility for an audit must be rotated at least once every five years and the legislation directs that a study be done by the US Comptroller General as to the advisability of a law requiring rotation of audit firms periodically. The Act also precludes an audit firm from serving as outside auditor where a former employee of the audit firm is working as a CEO, CFO, controller or chief accounting officer within a year of the individual’s participation in the audit firm’s audit of the client.
The auditor independence provisions of the Act are likely to generate significant controversy, particularly in light of the more advanced state of development of the multidisciplinary partnerships between lawyers and accountants in the UK and Europe. The rules on their face apply to non-US and US companies alike. Under the Act, the Board’s exemptive authority may be exercised only on a case-by-case basis, which would seem to preclude blanket exemptions for non-US companies. The rules are also subject to the SEC’s much broader exemptive authority and to implementation by the SEC in the form of regulations.
Audit Committee Independence
Not later than 270 days after the Act’s enactment, the SEC shall require that the listing standards of the stock exchanges and Nasdaq will mandate that audit committees be composed solely of "independent" members, with the board members qualifying as independent being only those who receive no compensation other than directors’ fees and who are not "affiliated persons" (a term not defined in the Act) of the company or its subsidiaries. This requirement appears to go beyond a proposed change to the New York Stock Exchange (NYSE) listing standards that reserve some discretion to boards of directors to determine whether or not direct or indirect relationships between a director and the company are material to the ability of the director to act independently.
The Act also mandates that audit committees have direct responsibility for hiring and overseeing the work of the auditors, establish procedures for the receipt and handling of anonymous submissions from employees regarding questionable accounting practices and receive reports from the auditors regarding critical accounting policies and material communications between the auditors and company management.
As written, the audit committee independence rules would apply to both non-US and US companies. The NYSE, however, in its 1 August 2002 press release announcing the approval by the NYSE board of directors of recommended changes to its listing standards and the imminent submission of a rule filing to the SEC for review, contemplates exemptions for non-US companies. Under the proposed NYSE rules, non-US companies would disclose any significant ways in which their corporate governance practices differ from the NYSE listing rules. According to the press release, in a clarification of a listing committee recommendation to the NYSE board, disclosure could be made in a brief, general summary of material differences. The NYSE proposed rules were largely developed before passage of the Act and may need to be further revised in various respects to comply with the Act.
CEO and CFO Certifications
Subject to possible civil and criminal penalties for false certifications, commencing upon a final SEC rule to be implemented by 29 August 2002, CEOs and CFOs of all companies filing periodic reports will be required to make certifications. The certifications will state, to the best of the CEO’s and CFO’s knowledge, as to the accuracy and completeness of each periodic report, that the financial statements in the report present fairly the company’s financial condition and results of operations, and that they have evaluated the adequacy of the company’s internal controls. This provision of the Act is in addition to, and does not affect, the SEC order of 27 June 2002, requiring one-time sworn statements by the CEOs and CFOs of the largest 947 US-based public companies, but it is substantially similar to a pending SEC rule proposal (SEC Release No. 34-46079, issued 17 June 2002) to require certifications on an ongoing basis. (Please see our previously released memorandum On the Subject… "Executive Certification of Periodic Reports", August 2002).
The SEC issued a supplement to its previously pending proposed rule for certification on 1 August 2002 (SEC Release No. 34-46300). The release makes clear that the new certification requirement will apply to non-US and US companies alike. The release specifically mentions certification by non-US companies filing annual reports on Form 20-F and Canadian companies filing on Form 40-F. However, there is no mention of certification by non-US companies submitting current reports on Form 6-K that may contain the equivalent of a quarterly financial report. The language of section 302 of the Act, with its reference to annual or quarterly reports "filed or submitted" under the Exchange Act, could suggest that non-US companies will be required to include certifications with respect to Form 6-K reports, at least to the extent that they contain a quarterly report.
Under section 302(b) of the Act, the certification rules will also apply to companies "having reincorporated or having engaged in any transaction that resulted in the transfer of the corporate domicile or offices" of the company from inside to outside the US. If the certification provisions of the Act were intended to apply fully to all non-US companies, this provision would be of extremely limited effect. The SEC may interpret this provision to mean that non-US companies were not intended to be included within the full scope of the certification requirements.
The Act also adds another certification provision to US federal criminal law under which the CEO and CFO are required to certify that Exchange Act reports comply with US securities laws and the information in such reports present fairly the company’s financial condition and results of operations. A CEO or CFO that knowingly files a certification with respect to a deficient report may be fined up to $1 million and/or imprisoned for up to 10 years. A wilful violation is punishable by a fine up to $5 million and/or imprisonment of up to 20 years. This certification provision was effective upon enactment of the Act on 30 July 2002.
This certification provision applies by the terms of the Act only to reports that are "filed" under the Exchange Act (rather than to those that are "filed or submitted") and as such applies only to submissions by non-US companies on Form 20-F or Form 40-F, not on Form 6-K.
The interplay between the basic certification requirements and the criminal provisions of the Act relating to certification is at present ambiguous. The US Congress, the US Justice Department, the SEC or formal legislative history when available, may eventually clarify the effects of these provisions.
Disgorgement of Compensation and Stock Sale Profits by CEOs and CFOs Upon Restatements Due to Misconduct
The Act requires forfeiture of certain bonuses and profits realised by the CEO and CFO of a company that is required to prepare an accounting restatement due to the company’s "material noncompliance, as a result of misconduct, with any financial reporting requirement under the securities laws." Specifically, the CEO and CFO must reimburse to the company any bonus or other incentive- or equity-based compensation received and any profit realised from the sale of the company’s stock sold, during a specified recapture period. Reimbursement is required whether or not the CEO or CFO engaged in or knew of the misconduct. The "recapture period" is the 12-month period following "the first public issuance or filing with the SEC (whichever first occurs) of the financial document embodying such financial reporting requirement.".
This provision applies to both non-US and US companies. The SEC may exercise its authority to exempt non-US companies.
Prohibition of Personal Loans to Senior Executives
Effective on enactment, the Act prohibits "personal loans" to executive officers and directors subject to certain narrow exceptions. It is unclear how this prohibition will apply to standard executive compensation practices, such as cashless stock option exercises, split-dollar life insurance and other arrangements.
Under the plain language of the Act, this provision applies to non-US as well as US companies. The SEC may exercise its authority to exempt non-US companies.
Retirement Fund Blackout Periods
Effective 180 days after enactment of the Act, directors and executive officers will be prohibited from purchasing or selling the company’s equity securities during certain "black-out periods" imposed on tax-qualified defined contribution plans, such as Section 401(k) plans. In general, a "blackout period" is defined under the Act as a temporary suspension of trading in company stock of more than three days applicable to 50 percent or more of plan participants. The prohibition on purchases or sales is "with respect to such equity security if such director or officer acquires such equity security in connection with his or her service or employment as a director or executive officer." This provision is confusing when the wording is carefully parsed and is subject to certain exceptions and further SEC rulemaking and clarification. See our recently released On the Subject… "Sarbanes-Oxley Act Implications for Executive Compensation".
Under the plain language of the Act, this provision applies to non-US as well as US companies. The SEC may exercise its authority to exempt non-US companies in much the same manner as it has previously exempted non-US companies from the provisions of Section 16 of the Exchange Act.
Off-Balance Sheet Transactions and Pro Forma Financial Information
The Act mandates final rules from the SEC within 180 days of enactment of the law regarding enhanced financial information disclosures in periodic reports filed with the SEC, including information on off-balance sheet transactions and reconciliation of any "pro forma" financial information to that resulting from application of generally accepted accounting principles.
Each report that contains financial statements filed with the SEC must reflect all material correcting adjustments identified by the auditor.
These provisions will probably be applied to non-US companies without modification, affecting the financial statements included in annual reports on Form 20-F and Form 40-F.
The Act will require companies to disclose "on a rapid and current basis such additional information concerning material changes in the financial condition or operations" as the SEC determines is necessary or useful. This provision appears consistent with a pending SEC proposal (SEC Release No. 34-46084, issued June 17, 2002) to add 11 new items that a US company would be required to file under Form 8-K.
To the extent this provision applies only to requirements relating to Forms 8-K, it will have no direct impact on non-US companies. As a matter of best practice, however, non-US companies may find that more rapid and frequent reporting on Forms 6-K is appropriate.
Accelerated Insider Transaction Reporting
Officers and directors subject to the short-swing reporting and profit recapture provisions of Section 16 of the Exchange Act will be required under new rules the SEC is directed to adopt within 30 days of the Act’s enactment to report their transactions in their company’s stock and related derivative securities electronically within two business days (unless the SEC determines that two days is not feasible).
Non-US companies are currently exempt from all requirements of Section 16 of the Exchange Act. See Exchange Act Rule 3a12-3(b).
Financial Expert on Audit Committee and Code of Ethics for Senior Financial Officers
Companies will be required to disclose whether- and if not, why not- at least one member of the audit committee is a "financial expert" as defined by the SEC in further rulemaking under specified guidelines set forth in the Act.
Companies will be required to disclose whether- and if not, why not- it has a code of ethics for senior financial officers.
Both of these provisions of the Act cover non-US companies. Non-US companies may receive some form of exemptive relief from these provisions, in keeping with the current approach to corporate governance differences between non-US and US companies.
Management Assessment of Internal Controls
The Act requires the SEC to prescribe rules requiring each annual report required under the Exchange Act to contain an "internal control report" which must state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting and contain an assessment, as of the end of the most recent fiscal year, of the effectiveness of such control structure and procedures. In addition, audit reports are required to attest to, and report on, such management assessments.
This provision applies to both non-US and US companies. The SEC may exercise its authority to exempt non-US companies.
SEC Reviews of Periodic Filings
The Act will require the SEC to review the periodic reports of each company at least once every three years and provides criteria for the SEC to consider in prioritising reviews, including, among others, the occurrence of a restatement, volatility in a company’s stock price, size of market capitalisation and emerging companies with disparities in price to earnings ratios. The Act also provides for a significant increase in SEC funding (to $776 million in fiscal 2003).
This provision of the Act will almost certainly result in a higher degree of scrutiny being applied to the filings and submissions made by non-US companies with the SEC and, perhaps in particular, to the financial statements of non-US companies.
Expanded Criminal Penalties, Non-Discharge of Securities Claim Liabilities in Bankruptcy and Whistleblower Provisions
The Act provides for enhanced criminal penalties for a broad array of white-collar crimes and an increase in the statute of limitations for securities fraud lawsuits. The statute of limitations for private rights of action with respect to securities fraud is extended to the earlier of two years after the discovery of facts constituting the violation or five years after the violation.
The Act will make it a crime for an officer or director of a company to fraudulently influence, coerce, manipulate or mislead an independent auditor in the performance of an audit. The Act also imposes criminal penalties for the destruction, alteration and falsification of documents in federal investigations and bankruptcy proceedings, extends the maximum prison term to 25 years for securities fraud, enhances white-collar crime penalties and imposes corporate fraud accountability.
The Act provides that debts arising from claims that result from violations of securities law cannot be discharged in bankruptcy.
In addition, the Act provides for a temporary freeze on extraordinary payments to employees of companies under investigation by the SEC and makes it a crime to retaliate against corporate whistleblowers.
Analyst Conflicts of Interest
The SEC will be required under the Act to adopt rules to enhance protections against conflicts arising between the provision of securities research and investment banking.
Professional Responsibility Standards for Attorneys
The Act requires the SEC to establish minimum standards of professional conduct for lawyers appearing and practising before the SEC in any way in the representation of companies, including a rule that states the following:
- requires a lawyer to report evidence of a material violation of securities law or breach of fiduciary duty or similar violation by the company or any agent thereof, to the chief legal counsel or the chief executive officer of the company (or the equivalent thereof); and
- if the counsel or officer does not appropriately respond to the evidence (adopting, as necessary, appropriate remedial measures or sanctions with respect to the violation), requiring the lawyer to report the evidence to the audit committee of the board of directors of the company or to another committee of the board of directors comprised solely of directors not employed directly or indirectly by the company, or to the board of directors.
This provision of the Act will likely result in changes in the relationship between non-US companies and their US-qualified lawyers.