Speech by SEC Commissioner:
Remarks before the Joint Meeting of SEC Government-Business Forum on Small Business Capital Formation Forum and the SEC Advisory Committee on Smaller Public Companies
Commissioner Paul S. Atkins
U.S. Securities and Exchange Commission
San Francisco, CA
September 19, 2005
Thank you for that kind introduction, Mark, and for the opportunity to talk with you all today. At the outset of my remarks, I must note that the views that I express here are my own and do not necessarily represent those of the Securities and Exchange Commission or my fellow commissioners.
It is wonderful to be back in California, if only for a short amount of time. Back in Washington, we are emerging from an incredibly hot summer and the pace of things is picking up. Congress is back in session from the summer break and Redskins fever is beginning again. Sadly, it looks as if Washingtonians’ hopes to see the Nationals make the playoffs in their inaugural season is not going to come true. Still, it is a great sight to see baseball being played again in the nation’s capital.
On a more serious note, we at the SEC, along with everyone else in the country, have been gripped by the events from the Gulf Coast. The SEC, for its part, is doing what it can to help investors, issuers, and securities firms affected by the hurricane so that they can focus on getting their lives and businesses back to normal. We have established a Katrina Regulatory Relief and Assistance website1 and phone and email hotlines to provide immediate responses to questions from investors and registrants.2 The SEC is compiling a list of alternate contact information for SEC Registered Investment Advisers located in areas affected by Hurricane Katrina. To prevent additional hardship for victims, the SEC is on the lookout for Katrina-related securities scams and will vigorously prosecute those who attempt to take advantage of this tragedy to defraud already desperate victims.
The SEC also is trying to do what it can to help ease the regulatory burden in the aftermath of the hurricane. Last week, the SEC announced a package of regulatory relief measures. Specifically, we extended filing deadlines and relaxed proxy and information statement delivery requirements for affected public companies. We also temporarily exempted investment companies from the requirement to transmit reports to shareholders in the affected areas. In addition, we are providing relief to investment advisers and transfer agents. We also loosened independence requirements on accountants so that accounting firms can assist their clients in rebuilding their financial records. We took similar steps following the attacks of September 11, 2001. These efforts make clear that the SEC wants those issuers &151; and their employees affected by Katrina to focus on getting their lives and businesses back to normal.
You probably know that we have a new leader at the SEC. Chairman Chris Cox’s start at the agency has been quite impressive. He has already demonstrated that he is going to be an engaged and effective leader. He is also the first Californian on the SEC since Richard Breeden in the early 1990s. (That is, assuming that you Northern Californians still claim Southern California!) His presence alone adds some diversity away from any East Coast “lock” on the Commission. I look forward to working with Chairman Cox on the many weighty issues before the SEC.
I am here primarily to emphasize the SEC’s commitment to the Forum on Small Business Capital Formation and the SEC’s Advisory Committee on Smaller Public Companies. These are two very important groups with a similar critical mission. Small businesses are a driving force of the U.S. economy. They are a catalyst of innovation, and regulators need to be mindful not to dissuade smaller businesses from accessing the public market. Both of these organizations are important reminders that we need to be both aware and responsive to the needs of smaller companies.
On a personal note, I must say that I have been an eager supporter of our forming the Advisory Committee. I have long been a proponent of the SEC’s use of advisory committees like this one. You might not know that I have now worked alongside five SEC chairmen: as a staffer to Richard Breeden and Arthur Levitt in the early 1990s and as a fellow commissioner with Harvey Pitt, Bill Donaldson, and now Chris Cox. During my first tour at the SEC, I was involved in the organization of four advisory committees. They focused on several issues: emerging markets, clearance and settlement, regulatory reform, and individual investor concerns. Their members brought together people from all sorts of backgrounds and interests: individual investors, corporate issuers, independent directors, securities industry, and institutional investors.
Because of this good experience that I have had up close with advisory committees in the past, I have been advocating ever since I became a commissioner that we use advisory committees more. Some have argued that they are ponderous, hard to control, and sometimes tell you things that you do not want to hear. My response is that getting outsiders involved in the regulatory process only makes government smarter, more responsive, and less burdensome.
I want to thank the members of both of these groups for your hard work and your service. I also want to thank Alan Beller, Gerry LaPorte and the SEC’s Corporation Finance staff for the help that they are providing you. This is important work that you are doing and I think it is safe to speak for my colleagues and say that your work is deeply appreciated.
Especially in a crowd that is not exclusively lawyers, I try to avoid citing statutory sections for fear that the quickest way to lose an audience is to start a sentence with “Section X, paragraph Y, of the Securities Act requires…” But, for this topic, I will break my own rule &151; everyone seems to know exactly what “404” means. These two groups clearly do, as surely everyone else in this hall does.
The goals of Section 404 are laudable. Emphasizing the need and importance of good controls over financial reporting is critically important. The premise of the law is to establish accountability of management for the integrity of financial information and to give a disclosure gauge to shareholders as to how much credence they should place upon the financial statements. If there are material weaknesses in the internal controls around the processes that lead to putting together the financial statements, then shareholders might want to cast a more critical eye on those statements.
Company management and its outside auditor should be working hand-in-hand to get this right. I fear that in the current environment, however, many executives feel as if they are not working hand-in-hand with their auditors, but actually in hand-TO-hand combat with their auditors as they go through the 404 process!
How about the results to date? As of September of this year, there have been 978 material weaknesses reported. Are the weaknesses being reported actually “material”? Are the accounting firms using more or less consistent definitions of “material weakness” across companies and industries? Is the definition of “key internal control” sufficiently clear, or is it too muddled in bureaucratese? Does the fact that a company discloses material weaknesses have any affect on its stock price? One would expect the market to price a risk premium into a company’s stock, depending on the weakness identified. Has that been the case with any of these companies to date? I would encourage economists and investors to take the time to consider these questions.
As you know, the SEC has made some accommodations in the 404 area for smaller public companies. In November 2004, we gave companies with less than $700 million in public float additional time to comply with our requirements. In March of this year, we gave companies with less than $75 million of public float another year before they had to start complying with 404. And, in just a few days, the SEC plans to extend the compliance date for these companies for another year. This is, of course, consistent with the Advisory Committee’s and the Forum’s recent recommendations to us.
For larger companies, we are entering the second year of the 404 process. It is indisputable that everyone greatly underestimated the costs involved in the 404 process. When the SEC first released its implementation rules for 404, we estimated that the aggregate costs of the rule would be about $1.24 billion or $94,000 per public company. In the SEC’s defense, we made this estimate before the PCAOB released its 300 page Auditing Standard No. 2. Unfortunately, our estimates were not just low, they were incredibly low. Surveys indicate that actual costs incurred for 404 compliance were TWENTY times higher than what we estimated.
Realizing that we must correct this situation, the SEC hosted a roundtable in April to hear what went wrong and what needed to be done to address any excesses that may have arisen with Section 404 implementation. We learned that the internal controls rule and PCAOB standard were being applied in an overly-prescriptive manner. It was not being applied in a top-down, risk-based way.
Many had predicted last year that almost half of the costs incurred to comply with Section 404 were first-time start up costs that would not be repeated in year 2. In order to help make this prediction a reality, both the SEC and PCOAB issued statements in March that were geared towards moving companies and auditors off their granular approach and more towards a risk-based model as we originally contemplated. We are now starting to hear that cost reductions will not be near what we were hoping for, but in the neighborhood of 5-20%. I predict the reduction will be at the low end of this range.
Many suggest that 404 compliance is an evolving process, one that I believe will take years to get right. Is that a reasonable assumption &151; and a reasonable situation &151; do we have years to get this right? I do not think that shareholders should &151; or could &151; accept the prospect of years of costs like the one we just went through. Some justify any cost in this area as the price to pay to prevent another Enron-type collapse. Well, I certainly think that good internal controls, which have been required since the 1970s, are important and valuable for a company and its shareholders. But it is certainly not clear to me that documentation of internal controls would have been able to prevent the type of collusive fraud by management that we saw in the recent corporate failures.
The bottom line is that excessive general and administrative costs are ultimately borne by shareholders &151; through slower growth, lower returns, smaller dividends. I do not have to tell you that businesses must find the right balance in overhead costs &151; including accounting, legal, compliance &151; because out-of-control spending diverts money away from investment and innovation. Of course, every business to survive and ultimately prosper must be in compliance with the law and applicable regulations. We see plenty of examples on E-Bay, in business school case studies, in court decisions, and among inmates in federal penitentiaries of what can happen when companies ignore their legal duties and get this balance wrong.
In the end, though, government also must be sensitive toward balancing the costs as well as the benefits of its actions. One-size-fits-all regulatory mandates, although generally well-intentioned, can take decision making out of the hands of those closest to the situation. Across-the-board mandates deprive investors of the decision-making power that is rightfully theirs and may impose costs on investors that do not produce a proportionate return.
I like to compare these sorts of rules to buying insurance on a house. Some people are very risk averse and arguably buy too much insurance in order to feel safe. They bear that cost voluntarily and with notice. Others might not buy any &151; preferring to self-insure and take the risk. Many more are somewhere in the middle. Some in fact call many of our SEC mandates “insurance” against unhappy or tragic events for shareholders. Thus, in many cases, these rules decide for shareholders how much “insurance” they should have through a one-size-fits-all approach. Insurance generally may be helpful &151; it protects against the down side and can bolster confidence. Unfortunately, sometimes we may have no idea whether a particular insurance policy is worthwhile, is related to the risks it seeks to address, or will provide any commensurate benefits to those who pay the premiums.
From my days at an accounting firm, I am probably the only one of the SEC commissioners or PCAOB board members who has ever actually done a control review for a company. I have seen how these reviews can add great value to a company, helping to add insights for management as to how better to address risks of the company’s business and its internal organization. But, I have also seen, especially in troubled situations, how sometimes (without proper supervision and strategic direction) a control review can take on a life of its own and balloon into a massive project, with volumes of documents and flow-charts that seem obsolete as soon as they are printed and distributed &151; for little practical benefit, except to the accounting firm’s bottom line.
Thus, I am very sympathetic to the concerns that I have heard about 404 to date. There is enough blame to go around &151; corporate management and the auditing firms have been much too conservative in exercising their judgment in addressing fundamental aspects of these reviews, including scope and goals. I understand why conservatism in this current environment has ruled the day, but we need to make some changes. I have not heard much complaint about the statute or our SEC rule, but more about the implementation of the PCAOB’s Auditing Standard Number 2. There appears to be general agreement between the SEC and the PCAOB that there was overkill by the auditors (and by management) in the first year. There are differing views, however, as to whether the PCAOB’s AS 2 is a workable standard.
The biggest problem seems to be the fact that accountants and companies fear being second-guessed. The SEC and the PCAOB need to give people more comfort that they will allow people to use their professional judgment and that second-guessing will not happen. Getting this point across is very difficult.
One point must continue to be emphasized &151; our rule adopting the internal control provision provides that the control process must provide “reasonable assurance” regarding its control structures. It also states that records should be maintained in “reasonable detail” and that a company’s policies and procedures provide “reasonable assurance” that transactions are recorded accurately in accordance with GAAP. Let me be clear &151; reasonable means reasonable &151; it does not mean absolute or certain or perfect.
It is obvious to me that the cost/benefit analysis has fallen by the wayside in this process. I have heard stories of a company determining that it has 60,000 key internal controls. Just the other day, a turn-around CEO of a large company formerly plagued by scandal said that he would be thrilled having 60,000 controls &151; he said that his company and its auditors have documented 200,000! Recently, the CFO of a large European company told me that the company determined that it had 500 key controls, but its outside auditor found 20,000 key internal controls. Do the costs and burdens to audit and document tens or hundreds of thousands of controls provide commensurate benefits? How can they? How can this possibly be consistent with the definition of “key internal control” in the first place?
When you lay all of these requirements on companies that do not have the resources and the staff to deal with it like the largest public companies, these real problems are further exacerbated. Just this month, FEI has released a survey on internal control reporting for smaller companies &151; defined generally as those companies with less than $700 million market cap or $500 million in revenue. I cannot personally attest to the survey’s methodology or reach, but the results are certainly worth considering seriously. The survey pointed out that smaller companies’ business decisions are being impacted by Section 404. Many companies are reporting that they are not updating their IT systems because of Section 404. Companies are also delaying establishing new lines of businesses and foreign subsidiaries due to Section 404. Is this what Congress intended when it enacted Sarbanes-Oxley?
The implementation of section 404 turns a great deal on choices made by the PCAOB. As the PCAOB continues to mature and to set the ground rules by which it will operate, the Commission needs, as the statute requires, to keep a close eye on its activities. We would be derelict in our responsibility to the investing public if we simply rubber stamped the PCAOB’s actions.
I should also just mention just briefly another area where the SEC is being responsive to the recommendation of your groups. At our next open meeting in two days, we will consider whether to accelerate the required filings of quarterly statements to 35-days and for annual reports to 60-days. Consistent with your recommendations, we will propose accelerating the filing deadlines only for the largest accelerated filers, those with public float of $700 million or more. These efforts should help address concerns that your groups have raised about the undue burdens caused by these filing deadline accelerations. As we determined which companies should be compelled to accelerate their filings we took into account the view of the accounting firms and the Advisory Committee’s “Six Determinants of a Smaller Public Company”. These views were very instructive.
Chairman Cox recently said that he expects that the SEC and the PCAOB will give significant weight to the findings and recommendations of the SEC Advisory Committee on Smaller Public Companies. Our upcoming actions in the 404 and filing deadline areas demonstrate that the SEC does value the advice and recommendations of the Advisory Committee and, of course, the similarly-focused Small Business Capital Formation Forum.
Many of the decisions that the SEC makes turn on the merits of doing a cost-benefit analysis before the SEC acts. When it comes to smaller companies, the costs that we impose are often a bigger percentage of revenues and profits than with the larger companies. Do our costs yield a related benefit in proportion to that bigger percentage of revenues and profits? Of course, it is also true that smaller, younger, high-growth companies are also the ones where controls may be weaker and thus the potential for things to go wrong greater. Thus, your work is vital to helping us get the balance right. Another factor that is often overlooked is that larger companies often have the ability, means, and stature to communicate with regulators like the SEC about their concerns. Groups like yours are critical to filling in this void.
It is safe to say that the upcoming year will be an exciting and important one for investors and the SEC. I would welcome your questions and comments. My phone and office are always open to you. Please call or stop by if you have any comments or concerns. Thank you for your time and attention.
2 Investors: 1-800-SEC-0330 or Help@sec.gov; Registrants: (202) 551-3300 or firstname.lastname@example.org