Speech by SEC Commissioner:
Remarks before the National Association of State Treasurers
Commissioner Paul S. Atkins
U.S. Securities and Exchange Commission
Incline Village, Nevada
September 20, 2005
Thank you, Tim, for that kind introduction. Before I begin, I must remind you that the views that I express here are my own and do not necessarily represent those of the Securities and Exchange Commission or my fellow commissioners. It is a pleasure to be here with you. Thanks to Brian Krolicki and his staff in the Treasurer's Office of Nevada for arranging this conference.
As treasurers in your respective states, you bear critically important and wide-ranging responsibilities. In carrying out these duties, you undoubtedly find that there is a quickly growing list of subject areas that you need to master and market developments that you need to monitor. Fortunately, you do not stand alone. The National Association of State Treasurers, for example, offers a forum in which you can learn from the successes and even the mistakes of your colleagues. NAST affiliates, the State Debt Management Network and the College Savings Plans Network, are additional avenues for the exchange of innovative ideas.
I encourage you also to think of the Securities and Exchange Commission as a partner with you in serving the citizens of your states. We share a common mission of increasing Americans' knowledge about and comfort with investing and saving for their futures. In addition, the SEC works to maintain the strong and secure securities markets that enable you to invest confidently trillions of dollars of state funds. I will talk today about a number of issues on the SEC's agenda that implicate these common interests. I then look forward to listening to you. We at the SEC benefit from hearing your unique perspective derived from your experiences as you, among other tasks, manage your state's funds, sit on public investment boards, and oversee 529 plans.
We at the SEC, along with everyone else in the country, have been gripped by the events from the Gulf Coast. The rest of the nation stands behind those of you who are contending now with the consequences of Hurricane Katrina. The SEC, for its part, is doing what it can to help investors, issuers, and securities firms affected by the hurricane so that they can focus on getting their lives and businesses back to normal. We have established a Katrina Regulatory Relief and Assistance website1 and phone and email hotlines to provide immediate responses to questions from investors and registrants.2 The SEC is compiling a list of alternate contact information for SEC Registered Investment Advisers located in areas affected by Hurricane Katrina. To prevent additional hardship for victims, the SEC is on the lookout for Katrina-related securities scams and will vigorously prosecute those who attempt to take advantage of this tragedy to defraud already desperate victims.
The SEC also is trying to do what it can to help ease the regulatory burden in the aftermath of the hurricane. Last week, the SEC announced a package of regulatory relief measures. Specifically, we extended filing deadlines and relaxed proxy and information statement delivery requirements for affected public companies. We also temporarily exempted investment companies from the requirement to transmit reports to shareholders in the affected areas. In addition, we are providing relief to investment advisers and transfer agents. We also loosened independence requirements on accountants so that accounting firms can assist their clients in rebuilding their financial records. We took similar steps following the attacks of September 11, 2001.
As you probably know, Chairman Chris Cox recently took over the reins at the SEC. He is an engaged and energetic leader. I look forward to working with the Chairman and the other commissioners on the many weighty issues before the SEC. In tackling these issues, I hope that the SEC will take a fresh approach that is guided by a sensitivity toward the costs as well as the benefits of our actions. One of the benefits that we must not overlook is the benefit of an extensive menu of investment options to fit the varying tastes of the investors whom we serve. One-size-fits-all regulatory mandates, although generally well-intentioned, deprive investors of decision-making power that is rightfully theirs and may impose costs on investors that do not produce a proportionate return.
Three recent actions by the SEC, which were taken over two dissenting voices (one of which was mine), represent the type of regulatory mandate that we ought to avoid going forward. I am speaking of our new fund governance, hedge fund, and National Market System rules. The U. S. Court of Appeals for the District of Columbia has intervened in one of these matters - the governance rules that the SEC imposed on mutual funds requiring each to have an independent chairman and other features. The DC Circuit found that we violated the Administrative Procedure Act and the Investment Company Act by not taking costs into account in our mutual fund governance rulemaking. The DC Circuit again rebuked the SEC when we "responded" to the court's request for further deliberation by rubber stamping the original rulemaking within eight days of the court's decision.
I anticipate that the other two disputed actions will also cause problems for the SEC. The impending February 1st registration deadline for hedge fund advisers comes at a time when the SEC is already experiencing a budget shortage and, more specifically, a shortage of examiners to cover existing registrants. A GAO report that came out yesterday points to this shortage of examiners. The new hedge fund adviser registration requirement will divert precious time and attention to the oversight of advisers that manage the money of a relatively tiny number of sophisticated investors - fewer than 200,000. This takes attention and personnel away from mutual funds and retail investment advisors, where more than 95 million people have their investments. It is basically a question of allocation of scarce - and expensive - government resources to where it will help the most people who do not necessarily have the resources and political clout to help themselves. Despite my deep reservations about using SEC resources in this manner, I share proponents' hope that hedge fund registration will help to give us greater insights into the role hedge funds play in the market.
The SEC will also face problems in the months to come in connection with the implementation of the Regulation NMS rulemaking. The Commission explicitly punted many determinations to the no-action process. Difficult decisions lie ahead and should not be made without due appreciation for costs.
Perhaps nothing in recent memory has more starkly illustrated the need to perform honest and probing cost/benefit analyses before requirements take effect than the regulatory regime that has grown up under Section 404 of the Sarbanes-Oxley Act. For those of you who are not already familiar with this rule, Section 404 requires that management complete an annual internal control report and then have the company's auditor attest to, and report on, management's assessment. The goals of Section 404 - strengthening and tightening controls over financial reporting -- are laudable.
As we enter the second year of the 404 process, however, it is becoming increasingly evident that everyone greatly underestimated the costs. When the SEC first released its implementation rules for 404 we estimated aggregate costs of about $1.24 billion or $94,000 per public company. In the SEC's defense, we made this estimate before the Public Company Accounting Oversight Board, or PCAOB, released its 300 page Auditing Standard No. 2. Unfortunately, our estimates were not just low, they were incredibly low. Surveys indicate that actual costs incurred for 404 compliance were TWENTY times higher than what we estimated.
We have taken several steps to attempt to correct the situation. The SEC hosted a roundtable in April to hear what went wrong and what needed to be done to address any excesses that may have arisen with Section 404 implementation. We learned that the internal controls rule and the PCAOB standard were being applied in an overly-prescriptive manner. In May, both the SEC staff and the PCOAB issued statements that were geared towards moving companies and auditors off their granular approach and towards a more risk-based model. Nevertheless, we are now starting to hear that cost reductions for year two of the section 404 process will not approach the 50% reductions on which many had been counting. Cost reductions from year one will instead be in the neighborhood of 5-20%, and I predict that the reduction will be at the low end of this range.
Many counsel patience; they suggest that 404 compliance is an evolving process that will take time to get right. Is that a reasonable assumption - do we have years to get this right? Shareholders should not and indeed cannot accept the prospect of years of costs like the one we just went through. Some justify any cost in this area as the price to pay to prevent another Enron-type collapse. It goes without saying that good internal controls, which have been required since the 1970s, are important and valuable for a company and its shareholders. But it is certainly not clear to me that documentation of internal controls such as is taking place under section 404 would have been able to prevent the type of collusive fraud by management that we saw in the recent corporate failures.
What types of changes should shareholders demand? Complaints seem to derive not from the statute itself or our SEC rule, but center more on the implementation of the PCAOB's Auditing Standard Number 2. Investors should insist that the SEC fulfill its statutory charge and actively oversee the PCAOB's actions rather than simply rubber stamping them.
The biggest problem seems to be the fact that accountants and companies fear being second-guessed. There appears to be general agreement between the SEC and the PCAOB that there was overkill by the auditors (and by management) in the first year. Companies are being found to have tens of thousands of "key" internal controls. All of these must be documented and audited. The SEC, in adopting the internal control provision, did not demand perfection, but called only for "reasonable" measures. The SEC and the PCAOB, however, need to give further comfort to auditors and management that they will not be second-guessed when they use their professional judgment. Getting this point across is very difficult, particularly in the current environment with its regulators and litigators equipped with piercing hindsight.
How about the results to date? Are the weaknesses being reported actually "material"? Are the accounting firms using more or less consistent definitions of "material weakness" across companies and industries? Is the definition of "key internal control" sufficiently clear, or is it too muddled in bureaucratese? Does the fact that a company discloses material weaknesses have any affect on its stock price? One would expect the market to price a risk premium into a company's stock, depending on the weakness identified. Has that been the case with any of these companies to date? I would encourage economists and investors to take the time to consider these questions.
It is obvious to me that the cost/benefit analysis has fallen by the wayside in this process. I have heard stories of a company determining that it has 60,000 key internal controls. Just the other day, a turn-around CEO of a large company formerly plagued by scandal said that he would be thrilled having 60,000 controls - he said that his company and its auditors have documented 200,000! Recently, the CFO of a large European company told me that the company determined that it had 500 key controls, but its outside auditor found 20,000 key internal controls. Do the costs and burdens to audit and document tens or hundreds of thousands of controls provide commensurate benefits? How can they? How can this possibly be consistent with the definition of "key internal control" in the first place?
One of the costs of overly prescriptive approaches to rulemaking is decreased investor choice. Investors should be able to invest in companies and products of their own choosing. In order for them to make informed decisions, they need accurate and straightforward disclosure. I am optimistic that new technologies and more widespread access to the Internet will facilitate the provision of such disclosure. One initiative for which new technologies appear particularly promising is our "point-of-sale" initiative.
Last March, having received many comments on the rules that we first published in January 2004, we reopened the comment period on proposed rules that would require broker-dealers to provide their customers with information regarding the costs and conflicts of interest that arise from the distribution of mutual fund shares, 529 college savings plan interests, and variable insurance products. The release that we published in March included new point-of-sale and confirmation forms specifically tailored to 529 savings plans. Forms focused only on 529 plan investments can include information that is uniquely relevant in the 529 context, such as the identity of the state that sponsors the plan and the potential tax benefits of choosing an in-state plan. On the other hand, in introducing forms for 529s and revising the previously-published forms for other investments to include additional details, the SEC went beyond the relatively narrow scope of the initial point-of-sale initiative.
We asked many questions, including questions specifically about 529 disclosure. NAST affiliate, the College Savings Plan Network, was among the commenters to respond. CSPN pointed to potential problems with our proposed approach. I share CSPN's concerns; the point-of-sale proposal still needs work so that it better takes into account the unique characteristics of each of the products to which it applies. In considering how to proceed from here on this initiative, we should look at whether the Internet can be harnessed to present information in an interactive manner that is meaningful to investors.
Finally, I would like to turn briefly to an enforcement issue that is of relevance to you as public, institutional investors - the framework for determining whether to assess penalties on corporations. In situations that involve financial fraud where corporate managers have been cooking the books and lying to shareholders, I would argue that corporate monetary penalties are generally inappropriate. This is a relatively discrete, but important category of enforcement cases. A fine on a corporation whose managers have engaged in financial fraud punishes the very shareholders who were injured by the financial fraud. Shareholders own corporations and shareholders, at the end of the day, bear most of the costs imposed on corporations. Fundamentally, the corporation -- by that I mean the shareholders -- may already have been punished through reputational and stock-price damage. Why make them also bear the cost of a penalty?
In other cases, however, the corporation may be a criminal enterprise, or the shareholders themselves may have somehow benefited from the fraud to the detriment of other corporations or the marketplace as a whole. In such cases, the fine serves as a disgorgement of ill-gotten profits, and fines against shareholders would seem to be appropriate. Some situations in which the company -- and the shareholders -- may have benefited at the expense of others include anti-trust matters, environmental problems, and money-laundering transgressions.
On the other hand, corporations fined for disclosure-based transgressions use shareholder money to pay for behavior of which the shareholders were the victims. We have to ask ourselves: Who are the victims? Who really is paying the fines? By imposing such fines, are we not punishing the very people who were already punished through the marketplace when the stock price was clobbered?
Although these shareholders sometimes end up with a portion of the disgorgement and penalties generated by the Commission action, it would be more efficient, more equitable, and a more effective deterrent simply to charge the individuals responsible for the fraud. Not surprisingly, the officers and employees at fault often prefer to negotiate a deal in which the company pays hefty fines and individuals are not charged at all. It becomes a dangerous combination if prosecutors have one eye on the public relations effect of their actions (that, after all, is the deterrent effect, that the proponents of hefty corporate fines are looking for) and if management at some defendant companies are all too willing to offer up the shareholders' money -- after all, it is other people's money -- in order to try to deflect personal responsibility of particular managers.
Thank you for your time and attention. I look forward to working with you as you strive to serve the citizens of your states. I welcome your questions and comments now or as they arise in the future. Please feel free to call, or if you are in Washington, DC, to stop by my office.
2 Investors: 1-800-SEC-0330 or Help@sec.gov; Registrants: (202) 551-3300 or firstname.lastname@example.org