What Boards and Executives Should Know About SEC Final Rules Under Sarbanes-Oxley

John P. Beavers
February 2003

Most of the provisions of the Sarbanes-Oxley Act, passed by Congress and signed by the President on July 30, 2002, require SEC rules for implementation. Under the Act, most of those rules were due by January 26, 2003. The SEC and its staff have worked at a feverish pace in proposing rules, receiving comments, and then issuing final rules. This article highlights the provisions and the dates for compliance that boards and executives need to know. Board members and executives are encouraged to seek the advice of legal counsel familiar with these rules to ascertain the impact of the rules on their particular circumstances.

Audit Committee Financial Expert

Section 407 of Sarbanes-Oxley requires the SEC to adopt rules mandating public companies to disclosure whether or not they have an audit committee financial expert. The SEC has done so in its rules requiring disclosure of information regarding directors, executives, promoters, and control persons in Regulations S-B and S-K.

Highlights:

The final rules require a company to disclose annually whether it has at least one “audit committee financial expert” on its audit committee, and if so, the name of the audit committee financial expert and whether the expert is independent of management. A company that does not have an audit committee financial expert must disclose this fact and explain why it has no such expert.

The final rules broaden the definition of audit committee financial expert to include, in addition to accountants, professional financial analysts and investment bankers with experience in either in analyzing and evaluating financial statements or in actively supervising those who do as well as CFOs who actively supervise those who prepare and audit financial statements. The final rules also attempt to clarify that an audit committee financial expert need not have experience with a comparable company by dividing the definition in “attributes” that the audit committee expert is required to have and “experience” through which the expert acquired those attributes.

The financial experts must have all five of the following required attributes:

1. An understanding of financial statements and GAAP;

2. An ability to assess the general application of such principles in connection with the accounting for estimates, accruals, and reserves. This is a change from the proposed rules that was widely construed as requiring experience applying such generally accepted accounting principles with generally comparable companies;

3. Experience preparing, auditing, analyzing, or evaluating financial statements that present a breadth and level of complexity of accounting issues that are generally comparable to the breadth and complexity of issues that can reasonably be expected to be raised by the company’s financial statements, or experience actively supervising one or more persons engaged in such activities. This is a change from the proposed rule that did not recognize experience analyzing or evaluating financial statements or was widely construed as only including those who prepare or audited financial statements rather persons such as CFOs who supervise those who do;

4. An understanding of internal controls and procedures for financial reporting; and

5. An understanding of audit committee functions.

These attributes must be acquired from:

• Education and experience as a principal financial officer, principal accounting officer, controller, public accountant or auditor, or experience in one or more positions that involve the performance of similar functions;

• Experience actively supervising a principal financial officer, principal accounting officer, controller, public accountant, auditor or person performing similar functions;

• Experience overseeing or assessing the performance of companies or public accountants with respect to the preparation, auditing, or evaluation of financial statements; or

• Other relevant experience which, if relied upon, must be fully disclosed.

The final rules eliminate the proposed requirement that a person’s experience applying GAAP in connection with accounting for estimates, accruals, and reserves be “generally comparable” to the estimates, accruals, and reserves used in the registrant’s financial statements. Instead, the final rules require experience with accounting issues of the same breadth and level of complexity as the company’s. However, we are not sure that the new standard is much more helpful than the proposed standard.

Citation: 228 CFR §406 (Regulation S-B) and 229 CFR §406 (Regulation S-K).
Date for Compliance: With the filings of Form 10-K for fiscal years ending on or after July 15, 2003, and filings of Form 10-KSB for fiscal years ending on or after December 15, 2003.

External Auditor Independence

Sections 203 through 206 of Sarbanes-Oxley set forth a number of provisions requiring auditor independence for implementation by the SEC. The SEC has done so primarily through its rules regarding the content and requirement for financial statements, known as Regulation S-X.

Highlights:

Disqualifying Non-Audit Services. The SEC has further defined the nine non-audit services identified by Sarbanes-Oxley that, if provided by an accounting firm, would disqualify its independence. Those disqualifying non-audit services, include:

• Bookkeeping or other services related to the accounting records or financial statements of the audit client;

• Financial information systems design and implementation, such as providing any service related to the audit client’s information system, unless it is reasonable to conclude that the results of these services will not be subject to audit procedures during an audit of the client’s financial statements;

• Appraisal or valuation services, fairness opinions, or contribution-in-kind reports which provide an opinion on the adequacy of consideration in a transaction;

• Actuarial services involving the determination of amounts recorded in the financial statements and related accounts for the audit client;

• Internal audit outsourcing services relating to the audit client’s internal accounting controls, financial systems, or financial statements;

• Management functions or human resources, including acting, temporarily or permanently, as a director, officer, or employee of an audit client; performing any decision-making, supervisory, or ongoing monitoring function for the audit client; seeking out prospective candidates for managerial, executive, or director positions; negotiating on the audit client’s behalf; or undertaking reference checks of prospective candidates;

• Broker or dealer, investment adviser, or investment banking services, such as acting as a broker-dealer (registered or unregistered), promoter, or underwriter on behalf of an audit client. These activities will make the accountant an advocate for the audit client and will impair the accountant’s independence;

• Legal services under circumstances in which the service is provided, could be provided only by someone licensed, admitted, or otherwise qualified to practice law in the jurisdiction in which the service is provided; and

• Expert services unrelated to the audit, such as providing expert opinions or other expert services to an audit client, or a legal representative of an audit client, for the purpose of advocating that audit client’s interests in litigation or in a regulatory or administrative proceeding or investigation.

Tax Services. Under the final rules, the external auditor will be able to continue to provide tax compliance, tax planning, and tax advice to audit clients, subject to audit committee pre-approval requirements.

Disqualifying Employment with the Company. Employment by the company of persons who within one year had been members of the accounting firm’s audit engagement team for the company disqualifies the accounting firm’s independence.

Required Audit Partner Rotation and Time-Out. Failure of audit partners on the audit engagement team to rotate after no more than five or seven consecutive years and remain out for five or two consecutive years, depending on the audit partner’s involvement in the audit, disqualifies the accounting firm’s independence. The final rules contain an exemption for small accounting firms with five or fewer public companies and ten or fewer partners. An “audit partner” means a partner (i) who is a member of the audit engagement team and has responsibility for decision-making on significant auditing, accounting, and reporting matters that effect the financial statements, or (ii) who maintains regular contact with management and the audit committee.

Prohibited Audit Partner Compensation. Any audit partner’s earning or receiving compensation for procuring engagements with the audit client to provide any services other than audit, review or attest services will disqualify that accounting firm’s independence.

Citation: 17 CFR §210.2-01(c)(2), (6) and (8) (Regulation S-X).
Date for Compliance: Generally, April 30, 2003, but varying depending upon the particular provision.

Up-the-Ladder Attorney Reporting

Section 307 of Sarbanes-Oxley requires the SEC to adopt rules mandating attorneys to report evidence of a material violation of securities laws or breach of fiduciary duty or similar violation by a public company or any agent thereof to appropriate officers within the company and, thereafter, to the highest authority within the company. The SEC has done so by adopting in its final rules new standards of professional conduct for attorneys appearing and practicing before the SEC in representation of public companies.

Highlights:

The final rules require each attorney, whether in-house or with outside counsel, to report evidence of a material violation of securities law or breach of fiduciary duty (a material violation) “up-the-ladder” within the company either to the chief legal counsel or to the CEO or the equivalent. If there is not an appropriate and timely response, the reporting attorney’s up-the-ladder reporting obligation continues to the audit committee, another committee of independent directors, or the full board of directors.

The SEC has deferred adoption of obligations requiring attorneys to report material violations to the SEC ("reporting-out") and make a public withdrawal from representation ("noisy-withdrawal") if there is not an appropriate and timely response after reporting up-the-ladder within the company. The SEC has also proposed an alternative to the attorney’s reporting-out and noisy-withdrawal obligations that requires the company rather than the attorney to make the report to the SEC and disclose the withdrawal.

Under the final rules, any attorney is subject to the up-the-ladder and other reporting obligations if the attorney has an attorney-client relationship with the company. Accordingly, any company counsel, whether in-house or with an outside law firm, will have up-the-ladder and other reporting obligations to the extent that he or she provides advice regarding US securities laws or any document to be filed with the SEC. Importantly, however, the up-the-ladder reporting obligations will not apply to independent counsel who advise or represent the board, board committees, or individual board members and not the company.

The phrase “evidence of a material violation,” which triggers an attorney’s up-the-ladder reporting obligation, is defined in language akin to that of a double negative. Under the final rules, evidence of a material violation means credible evidence, based upon which it would be unreasonable, under the circumstances, for a prudent and competent attorney not to conclude that it is reasonably likely that a material violation has occurred, is ongoing, or is about to occur.

The final rules on the new standards of conduct allow a company to establish a “qualified legal compliance committee” (QLCC) as an alternative procedure for reporting evidence of a material violation. A QLCC must consist of at least one member of the company’s audit committee, or an equivalent committee of independent directors, and two or more independent board members, and must have the responsibility to recommend that a company implement an appropriate response to evidence of a material violation. Under the new standards, an attorney’s up-the-ladder reporting obligation ends by reporting evidence of a material violation to a QLCC. We recommend that boards seriously consider creating a QLCC to not only receive reports of evidence of material violations from attorneys, but to also serve as a switchboard to receive, review, and send to the appropriate person or committees all other reports required from officers or otherwise coming from employees or other agents regarding any alleged wrongdoing by the company or its agents.

Citation: 17 CFR 205.1 et seq.
Date for Compliance: July 30, 2003.

Audit Committee’s Pre-Approval of All Auditor Engagements

Sections 201 and 202 of Sarbanes-Oxley call for a company’s audit committee to pre-approve all audit and non-audit services provided by the external auditor of the company’s financial statements, to be implemented by the SEC. In its final rules, the SEC has done so primarily through its rules regarding the content and requirement for financial statements, known as Regulation S-X.

Highlights:

The final rules require that a company’s audit committee must pre-approve all services, both audit and permitted non-audit, to be provided by the external auditor of a company’s financial statements. The rules permit the audit committee to establish policies and procedures for pre-approval provided they are consistent with the Act, detailed as to the particular service, and designed to safeguard the continued independence of the accountant.

Citation: 17 CFR §210.2-01(c)(7) (Regulation S-X).
Date for Compliance: Generally, April 30, 2003.

Required External Auditor Reporting to the Audit Committee

Section 204 of Sarbanes-Oxley requires the external auditor to timely report certain matters to the company’s audit committee, to be implemented by the SEC. The SEC has done so primarily through its rules regarding the content and requirement for financial statements, known as Regulation S-X.

Highlights:

The final rules require the external auditor to report, prior to the filing of its audit report with the SEC, to the audit committee (i) all critical accounting policies and practices used by the company; (ii) all material alternative accounting treatments of financial information within GAAP that have been discussed with management, including the ramifications of the use of such alternative treatments and disclosures and the treatment preferred by the accounting firm; and (iii) other material written communications between the accounting firm and management.

Citation: 17 CFR §210.2-07 (Regulation S-X).
Date for Compliance: Generally, April 30, 2003.

Codes of Ethics

Section 406 of Sarbanes-Oxley requires the SEC to adopt rules mandating public companies to disclose whether or not they have a code of ethics. The SEC has done so in its rules requiring disclosure of information regarding management and certain security holders in Regulations S-B and S-K.

Highlights:

The final rules require a company to disclose annually whether the company has adopted a code of ethics for its principal executive officer, principal financial officer, principal accounting officer or controller, or persons performing similar functions. If it has not, the company is required to explain why it has not. The rules also require the company to disclose on a current basis amendments to, and waivers from, the code of ethics relating to any of these officers.

Under the final rules, the code of ethics must promote all five of the following:

1. Honest and ethical conduct, including the ethical handling of actual or apparent conflicts of interest between personal and professional relationships;

2. Full, fair, accurate, timely, and understandable disclosure in reports and documents that a company files with, or submits to, the Commission and in other public communications made by the company;

3. Compliance with applicable governmental laws, rules, and regulations;

4. Prompt internal reporting of code violations to an appropriate person or persons identified in the code; and

5. Accountability for adherence to the code.

Citation: 228 CFR §401(h) (Regulation S-B) and 229 CFR §401(h) (Regulation S-K).
Date for Compliance: With the filings of Form 10-K and Form 10-KSB for fiscal years ending on or after July 15, 2003.

Restricting Insider Trading during Pension Fund Blackout Periods

Section 306 of Sarbanes-Oxley prohibits trading by insiders during pension fund blackout periods pursuant to rules required to be adopted by the SEC. The SEC has done so principally by adopting a new Regulation BTR.

Highlights:

The statutory trading prohibition of Section 306 is limited to equity securities that a director or executive officer “acquires in connection with his or her service or employment as a director or executive officer.” The final rules create a presumption that any equity securities sold or otherwise transferred during a blackout period will be treated as “acquired in connection with service or employment as a director or executive officer” unless he or she establishes that the equity securities were acquired from another source and this identification is consistent with the treatment of the securities for tax purposes and all other disclosure and reporting requirements.

A director or executive officer is prohibited from trading any such securities during any blackout period lasting more than three consecutive business days that suspends the ability of at least 50% of the participants or beneficiaries under all individual account plans maintained by the company to purchase, sell, or otherwise acquire or transfer an interest in the company’s equity securities held in an account plan.

In addition, the final rules apply to indirect, as well as direct, acquisitions and dispositions of equity securities as long the director or executive officer has a “pecuniary interest” in the transaction. “Pecuniary interest” has the same meaning as in the Section 16 Forms 3 and 4 reporting rules. Accordingly, acquisitions or dispositions of equity securities by family members, partnerships, corporations, limited liability companies, and trusts will be deemed to be acquisitions or dispositions by a director or executive officer if he or she has a pecuniary interest in the equity securities.

The final rules contain exceptions from the blackout sanctions for several categories of transactions that occur automatically, are made pursuant to an advance election, or are otherwise outside the control of the director or executive officer, including:

• Acquisitions of equity securities under dividend or interest reinvestment plans;

• Purchases or sales of equity securities that satisfy the affirmative defense conditions of Exchange Act Rule 10b5-1(c);

• Purchases or sales of equity securities, other than “discretionary transactions” (as defined under the Section 16 rules) pursuant to certain employee benefit plans;

• Compensatory grants and awards of equity securities pursuant to programs under which grants and awards occur automatically;

• Exercises, conversions, or terminations of certain derivative securities, which, by their terms, occur only on a fixed date, or are exercised, converted, or terminated by a counter-party who is not subject to the influence of the director or executive officer;

• Acquisitions or dispositions of equity securities involving a bona fide gift or a transfer by will or the laws of descent and distribution;

• Acquisitions or dispositions of equity securities pursuant to a domestic relations order;

• Sales or other dispositions of equity securities compelled by the laws or other requirements of an applicable jurisdiction;

• Acquisitions or dispositions of equity securities in connection with a merger, acquisition, divestiture, or similar transaction occurring by operation of law; and

• Increases or decreases in equity securities holdings resulting from a stock split, stock dividend, or pro rata rights distribution.

Citation: 17 CFR §245.100 et seq. (Regulation BTR).
Date for Compliance: January 26, 2003.

Reporting of Off-Balance-Sheet Arrangements

Section 401 of Sarbanes-Oxley requires the SEC to adopt rules mandating disclosure in annual and quarterly financial reports of “all material off-balance sheet transactions, arrangements, obligations (including contingent obligations), and other relationships of the company with unconsolidated entities or other persons, that may have a material current or future effect on financial condition, changes in financial condition, results of operations, liquidity, capital expenditures, capital resources, or significant components of revenues or expenses.” The SEC has done so in its rules governing “Management’s Discussion and Analysis” (MD&A) in its Regulations S-B and S-K.

Highlights:

The SEC’s final rules primarily target off-balance sheet transactions or arrangements where “risks of loss are not fully transparent to investors.” The definition of off-balance sheet arrangements includes any of the following:

• Guarantee contracts;

• Retained or contingent interests in assets transferred to an unconsolidated entity;

• Derivative instruments that are classified as equity; and

• Material variable interests in unconsolidated entities that conduct certain activities.

Disclosure is required if the arrangement with either have, or are reasonably likely to have, a current or future effect on the registrant’s financial condition, changes in financial condition, revenues or expenses, results of operations, liquidity, capital expenditures or capital resources that is material to investors. Required disclosure in the MD&A includes:

• The nature and business purpose of the registrant’s off-balance sheet arrangements;

• The importance to the registrant for liquidity, capital resources, market risk or credit risk support, or other benefits;

• The financial impact and exposure to risk; and

• Known events, demands, commitments, trends, or uncertainties that implicate the registrant’s ability to benefit from its off-balance sheet arrangements.

In addition, the final rules require disclosure, in a tabular format, of the amounts of payments due under specified contractual obligations, aggregated by category of contractual obligation, for specified time periods. The categories of contractual obligations to be included in the table are defined by reference to the applicable accounting literature.

Citation: 17 CFR 228.303 (Regulation S-B) and 17 CFR 229.303 (Regulation S-K).
Date for Compliance: With financial statements for the fiscal years ending on or after June 15, 2003.

Section 401(b) of Sarbanes-Oxley requires the SEC to issue rules mandating that any public disclosure or release of “pro forma financial information” by a public company be presented in a manner that (1) does not contain an untrue statement of a material fact or omit to state a material fact necessary in order to make the “pro forma financial information,” in light of the circumstances under which it is presented, not misleading; and (2) reconciles the “pro forma financial information” presented with the financial condition and results of operations of the company under GAAP. The SEC has done so principally by adoption a new Regulation G.

Highlights:

The final rules apply to public disclosure or release of material information that includes a “non-GAAP financial measure.” A non-GAAP financial measure is defined as a numerical measure of a company’s financial performance that (1) excludes amounts, or is subject to adjustments that have the effect of excluding amounts, that are included in the comparable measure calculated and presented in accordance with GAAP in the statement of income, balance sheet, or statement of cash flows (or equivalent statements) of the company; or (2) includes amounts, or is subject to adjustments that have the effect of including amounts, that are excluded from the comparable measure so calculated and presented. Statistical and operating measures are not intended to be covered.

The final rules prohibit material misstatements or omissions that would make the presentation of the material non-GAAP financial measure, under the circumstances in which it is made, misleading, and will require a quantitative reconciliation (by schedule or other clearly understandable method) of the differences between the non-GAAP financial measure presented and the comparable financial measure or measures calculated and presented in accordance with GAAP.

The most complicated requirement of new Regulation G is that the company is required to reconcile each non-GAAP financial measure with “the most directly comparable financial measure calculated and presented in accordance with GAAP.”

Citation: 17 CFR §244.100 et seq. (Regulation BTR). See also 17 CFR 228.10 (Regulation S-B0 and 17 CFR 229.10 (Regulation S-K).
Date for Compliance: For disclosures made on or after March 28, 2003.

Retention of Audit Records

Section 802 of Sarbanes-Oxley requires the SEC to adopt rules mandating that external auditors who audit or review a company’s financial statements retain certain records relevant to that audit or review. The SEC has done so through its rules regarding the content and requirement for financial statements, known as Regulation S-X.

Highlights:

The final rules require the external auditor to retain for seven years (two years longer than that required by Sarbanes-Oxley) records relevant to the audits or reviews of companies’ financial statements, including (i) workpapers and other documents that form the basis of the audit or review, and (ii) memoranda, correspondence, communications, other documents, and records (including electronic records), that are created, sent, or received in connection with the audit or review, and contain conclusions, opinions, analyses, or financial data related to the audit or review.

Citation: 17 CFR §210.2-06 (Regulation S-X).
Date for Compliance: For audits and reviews completed on or after October 31, 2003.

Disclosures of Material Changes in Financial Condition or Operations

Section 409 of Sarbanes-Oxley requires the SEC to adopt rules mandating public companies to disclose “on a rapid and current basis such additional information concerning material changes in the financial condition or operations of the [company].” The SEC has done so by amending Form 8-K to add a new item 12.

Highlights:

Under the final rules, Form 8-K requires public companies to furnish to the SEC releases or announcements disclosing material non-public financial information about completed annual or quarterly fiscal periods. These amendments do not require the issuance of earnings releases or similar announcements but instead trigger a disclosure under a new item of Form 8-K. The new item 12 of Form 8-K requires identification of the announcement or release and attachment of the text thereof as an exhibit.

Citation: Item 12 of Form 8-K.
Date for Compliance: For earnings releases and similar announcements made after March 28, 2003.

Other Final Rules

Other final rules adopted by the SEC under Sarbanes-Oxley in 2002 are for CEO/CFO certifications required in Forms 10-K or 10-KSB and Forms 10-Q and 10-QSB and for accelerated filing of Forms 3 and 4 regarding changes in certain reporting persons’ ownership of a public company’s securities.

Endnotes

 1.  A lead and concurring audit partner must rotate every five years with a five-year time-out; other audit partners must rotate every seven years with a two-year time-out.