Proposed Rule:
Disclosure Required by Sections 404, 406 and 407 of the Sarbanes-Oxley Act of 2002

Securities and Exchange Commission

17 CFR PARTS 210, 228, 229, 240, 249, 270 and 274

[Release Nos. 33-8138; 34-46701; IC-25775; File No. S7-40-02]

RIN 3235-AI66

Disclosure Required by Sections 404, 406 and 407 of the Sarbanes-Oxley Act of 2002

Agency: Securities and Exchange Commission.

Action: Proposed rule.

Summary: We propose to require companies to include a number of new disclosures in their Exchange Act filings. First, companies would be required to disclose the number and names of persons that the board of directors has determined to be the "financial experts" serving on the company's audit committee and whether they are independent of management, and if not, an explanation of why they are not. Second, companies would be required to include an annual internal control report of management stating the following: management's responsibilities for establishing and maintaining adequate internal controls and procedures for financial reporting for the company; management's conclusions about the effectiveness of the company's internal controls and procedures for financial reporting as of the end of the company's most recent fiscal year; and that the company's registered public accounting firm has attested to, and reported on, management's evaluation of the company's internal controls and procedures for financial reporting. Third, companies would be required to disclose whether they have adopted a code of ethics that covers their principal executive officers and senior financial officers, or if they have not, an explanation of why they have not, as well as amendments to, and waivers from, the code of ethics relating to any of those officers. These proposed rules would implement the requirements in Sections 404, 406 and 407 of the Sarbanes-Oxley Act of 2002. We also propose to make revisions to our recently adopted rules requiring a company's principal executive and financial officers to certify the company's quarterly and annual reports and requiring the company to conduct quarterly evaluations of its disclosure procedures and controls. These rules would be amended to require quarterly and annual certifications and quarterly evaluations of internal controls and procedures for financial reporting. We also would amend the form of the principal officers' certification contained in the quarterly and annual report forms.

Dates: Comments should be received on or before November 29, 2002.

Addresses: To help us process and review your comments more efficiently, comments should be sent by hard copy or e-mail, but not by both methods.

Comments sent by hard copy should be submitted in triplicate to Jonathan G. Katz, Secretary, U.S. Securities and Exchange Commission, 450 Fifth Street, NW, Washington, DC 20549-0609. Comments also may be submitted electronically at the following e-mail address: rule-comments@sec.gov. All comment letters should refer to File No. S7-40-02; if e-mail is used, this file number should be included in the subject line. Comment letters will be available for inspection and copying in the Commission's Public Reference Room, 450 Fifth Street, NW, Washington, DC 20549-0102. Electronically submitted comment letters will be posted on the Commission's Internet Web Site (http://www.sec.gov).¹

For Further Information Contact: Ray Be, Special Counsel, or N. Sean Harrison, Special Counsel, Division of Corporation Finance, at (202) 942-2910, with respect to registered investment companies, Katy Mobedshahi, Senior Counsel, Division of Investment Management, at (202) 942-0721, or with respect to accounting issues, Michael Thompson, Professional Accounting Fellow, Office of Chief Accountant, at (202) 942-4400, U.S. Securities and Exchange Commission, 450 Fifth Street, NW, Washington, DC 20549.

Supplementary Information: We are proposing amendments to Form 8-K,² Form 10-K,³ Form 10-KSB,⁴ Form 10-Q,⁵ Form 10-QSB,⁶ Form 20-F,⁷ Form 40-F,⁸ Form 12b-25,⁹ Rule 12b-25,¹⁰ Rule 13a-14,¹¹ Rule 13a-15,¹² Rule 15d-14,¹³ and Rule 15d-15¹⁴ under the Securities Exchange Act of 1934,¹⁵ Regulation S-B,¹⁶ Regulation S-K¹⁷ and Regulation S-X.¹⁸ We are also proposing amendments to Form N-SAR¹⁹ and proposed Form N-CSR²⁰ under the Securities Exchange Act of 1934 and the Investment Company Act of 1940,²¹ and Rule 30a-2²² and proposed Rule 30a-3 under the Investment Company Act of 1940.

I. Background

The strength of the U.S. financial markets depends on investor confidence. Recent events involving allegations of misdeeds by corporate executives, independent auditors and other market participants have undermined that confidence.²³ In response to this threat to the U.S. financial markets, Congress passed, and the President signed into law, the Sarbanes-Oxley Act of 2002 (the "Sarbanes-Oxley Act"),²⁴ which effects sweeping corporate disclosure and financial reporting reform.

This release is one of several that the Commission is required to issue to implement provisions of the Sarbanes-Oxley Act. In this release we propose rules to implement the following three provisions of the Sarbanes-Oxley Act:

• Section 407, requiring the Commission to adopt rules: (1) requiring a company to disclose whether its audit committee includes at least one member who is a financial expert; and (2) defining the term "financial expert";
   
• Section 406, requiring the Commission to adopt rules requiring a company to disclose whether it has adopted a code of ethics for the company's senior financial officers, and if not, the reasons therefor, as well as any changes to, or waiver of any provision of, that code of ethics; and
   
• Section 404, requiring the Commission to adopt rules requiring a company's management to present an internal control report in the company's annual report containing: (1) a statement of the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and (2) an assessment, as of the end of the company's most recent fiscal year, of the effectiveness of the company's internal control structure and procedures for financial reporting. Section 404 also requires the company's registered public accounting firm²⁵ to attest to, and report on, management's assessment.

In connection with our proposed rules to implement the internal control report requirements included in Section 404 of the Sarbanes-Oxley Act, we also propose several conforming revisions to our recently adopted certification rules and related requirements.²⁶

II. Discussion of Proposals

A. Proposed Disclosure About Financial Experts Serving
on a Company's Audit Committee

Many of the recent corporate scandals have centered on the quality of a company's financial disclosure. These events have, among other things, highlighted problems that can occur as a result of inadequate oversight of a company's management and auditors by the company's board of directors or audit committee. The Commission historically has encouraged companies to establish independent audit committees to oversee the work and independence of auditors. For example, in 1972 the Commission recommended that companies establish audit committees composed of outside directors.²⁷ Others have expressed their support for independent audit committees, including the National Commission on Fraudulent Financial Reporting, also known as the Treadway Commission,²⁸ and the General Accounting Office.²⁹ In 1999, we adopted rules requiring companies to disclose whether their audit committee members are independent, as defined by the relevant listing standards.³⁰

In 1998, the New York Stock Exchange, Inc. (the "NYSE") and the National Association of Securities Dealers, Inc. (the "NASD") sponsored a committee to study the effectiveness of audit committees. This committee became known as the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees (the "Blue Ribbon Committee"). In its 1999 report, the Blue Ribbon Committee recognized the importance of the audit committee in overseeing the corporate accounting and financial controls and reporting of companies.³¹ The Blue Ribbon Committee noted that, because of this important role, an audit committee has "a more recognizable need for members with accounting and/or related financial expertise." Without some level of financial competence, members of an audit committee may be unable to adequately perform their vital corporate duties. In response to this report, the NYSE, the NASD,³² the American Stock Exchange, Inc. (the "AMEX") and the Pacific Exchange, Inc. (the "PCX") adopted rules regarding the composition of listed companies' audit committees.³³

The NYSE's and the PCX's rules require at least one member of a listed company's audit committee to have "accounting or related financial management expertise, as the Board of Directors interprets such qualification in its business judgment."³⁴ The NASD and the AMEX have similar rules that require each listed company to certify that it has, and will continue to have, at least one member of the audit committee that has past employment experience in finance or accounting, a professional certification in accounting, or comparable experience or background that demonstrates the individual's financial sophistication.³⁵ These rules provide, by way of example, that a person who is or has been a chief executive officer, chief financial officer or other senior corporate officer with financial oversight responsibilities satisfies this criterion. In addition, all four self-regulatory organizations require all members of the audit committee to be independent and to be (or soon become) financially literate, subject to limited exceptions.³⁶ While the NYSE and PCX rules permit a company's board of directors to interpret the financial literacy requirements, the NASD and AMEX rules define financial literacy as "the ability to read and understand fundamental financial statements, including a company's balance sheet, income statement, and cash flow statement."³⁷

Although the NYSE, NASD, AMEX and PCX already have rules regarding the financial expertise of audit committee members, not all companies that are required to file reports under Sections 13(a) and 15(d) of the Exchange Act are subject to these requirements. Furthermore, the Sarbanes-Oxley Act directs us to adopt rules defining the term "financial expert" and specifies several attributes that we must consider in crafting the definition. These attributes are more detailed and rigorous than those reflected in the current self-regulatory organization rules. Therefore, it is possible that a person who previously qualified as a financial expert under the broader guidelines included in the rules of the self-regulatory organizations may not have sufficient expertise and experience to be considered a financial expert under our proposed rules.³⁸ In particular, our proposed rules would require a financial expert to have experience preparing or auditing financial statements of a company that files reports with us and experience with internal controls and procedures for financial reporting (or similar expertise and experience in the board of directors' judgment). The proposed disclosure requirements regarding audit committee financial experts are described below.

1. Proposed Disclosure Requirements

We propose to add new Item 309 to Regulations S-K and S-B. In addition, we propose to add new Item 15(b) to Form 20-F and new Instruction B.(8) to Form 40-F. These proposed items would be identical in substance and entitled, "Audit Committee Financial Experts." The proposed items would require companies to disclose:

• The number and names of persons that the board of directors has determined to be the financial experts serving on the company's audit committee; and
   
• Whether the financial expert or experts are "independent," as that term is used in Section 10A(m)(3) of the Exchange Act, and if not, an explanation of why they are not.³⁹

If the company does not have a financial expert serving on its audit committee, the company must disclose that fact and explain why it has no financial expert. For purposes of the proposed disclosure, the term "audit committee" would be defined by Section 3(a)(58) of the Exchange Act.⁴⁰

Although the Sarbanes-Oxley Act does not specifically require disclosure of the number or names of the financial experts,⁴¹ we believe that it is appropriate to propose these requirements. Investors likely would be interested in knowing how many financial experts a company's board has determined are serving on its audit committee, or whether it has determined that all of the audit committee members are financial experts. Furthermore, disclosure of the names of the company's financial expert or experts would assist investors in evaluating the company's annual report and proxy or information statement disclosure that describes the background and business experience of the company's directors.⁴²

The primary benefit of having a financial expert serving on a company's audit committee is that the person, with his or her enhanced level of financial sophistication or expertise, can serve as a resource for the audit committee as a whole in carrying out its functions.⁴³ The mere designation of the financial expert should not impose a higher degree of individual responsibility or obligation on a member of the audit committee. Nor do we intend for the financial expert designation to decrease the duties and obligations of other audit committee members or the board of directors. Furthermore, in order to avoid any confusion in the context of Section 11 of the Securities Act,⁴⁴ we do not intend for such a person to be considered an expert for purposes of Section 11 solely as a result of his or her designation as a financial expert on the audit committee. The role of the financial expert is to assist the audit committee in overseeing the audit process, not to audit the company. A conclusion that a financial expert is an "expert" for purposes of Section 11 might suggest a higher level of due diligence than is consistent with the audit committee's oversight responsibilities.

Section 407 of the Sarbanes-Oxley Act does not require disclosure of whether the financial expert is independent. However, we believe that such disclosure may be important to investors. Investors may be interested to know, for example, if the only financial expert on the audit committee is the company's chief financial officer or another individual who is responsible for, or participates in, the preparation of the company's financial statements. Therefore, we propose to require disclosure of whether the identified financial expert or experts on the audit committee are independent, as that term is used in Section 10A(m)(3) of the Exchange Act, and if not, an explanation of why they are not. In addition, we intend to propose rules directing the national securities exchanges and national securities association to require a company to have a completely independent audit committee as a condition to listing.⁴⁵

Some companies do not have boards of directors and therefore do not have board audit committees. For example, some limited liability companies and limited partnerships that do not have a corporate general partner may not have an oversight body that is the equivalent of an audit committee. It may be important to investors to be aware that such entities do not have such oversight bodies. Therefore, we do not propose to exempt these entities from the proposed financial expert disclosure requirements. If a limited liability company or limited partnership does not have a similar oversight body, it must explain that its organizational structure does not provide for such a body and that it therefore does not have an audit committee. We do, however, propose to exempt asset-backed issuers from this proposed disclosure requirement. Because of the nature of these entities, such issuers are subject to substantially different reporting requirements. Most significantly, such issuers are not required to file financial statements like other companies. Therefore, we do not believe disclosure of whether such companies have a financial expert on its audit committee would be of interest to investors.

Request for Comment

• Would investors benefit from disclosure of the number of the financial experts serving on the company's audit committee? Or would it suffice to require disclosure only of whether at least one financial expert serves on the audit committee?
   
• Do investors need to know the names of the financial experts on the audit committee? Would disclosure of the names discourage people from serving as financial experts on an audit committee?
   
• Should the Commission specifically address the issue of the degree of individual responsibility, obligation or liability under state or federal law of a person designated as a financial expert as a result of the designation? If the Commission should address this issue, how should it do so?
   
• Should we use a term other than "financial expert"? For example, would the term "audit committee financial expert" be a more appropriate title?
   
• Is there other relevant information about the financial expert or experts that a company should have to disclose? For example, should we expand the disclosure required under Item 401(e) of Regulations S-K and S-B, as it relates to directors that the company has determined to be financial experts? If so, how?
   
• Should we require disclosure of whether the financial experts are independent, as proposed? If so, should we define "independent" in the same manner as the term is used in Section 10A(m)(3) of the Exchange Act?
   
• Should we incorporate an independence requirement into the definition of "financial expert" so that any designated financial expert must be independent to qualify under the definition?

2. Proposed Definition of "Financial Expert"

The Sarbanes-Oxley Act requires the Commission, in defining the term "financial expert," to consider whether a person has, through education and experience as a public accountant or auditor or a principal financial officer, controller,⁴⁶ or principal accounting officer of an issuer, or from a position involving the performance of similar functions:

1. an understanding of generally accepted accounting principles and financial statements;
    
2. experience in: (a) the preparation or auditing of financial statements of generally comparable issuers; and (b) the application of such principles in connection with the accounting for estimates, accruals, and reserves;
    
3. experience with internal accounting controls; and
    
4. an understanding of audit committee functions.

The "financial expert" definition included in the proposed rules incorporates these four "attributes" with several modifications.⁴⁷ We also propose to require the financial expert's experience to be related to companies that were, at the time he or she held the position, publicly reporting companies. We believe this requirement is appropriate because a person with experience as a principal financial officer or principal accounting officer of a private company may not have been exposed to the reporting requirements of public companies.

Moreover, the proposed definition states that the board of directors can conclude that a person is a financial expert if, in lieu of having experience as a public accountant, auditor, principal financial officer, principal accounting officer, or controller, or experience in a position involving the performance of similar functions, the person has experience in a position that results, in the judgment of the board of directors, in the person having similar expertise and experience. If the board makes such a determination, it would be required to disclose the basis for that determination. To qualify as a financial expert, a person would, in all cases, have to possess all of the attributes listed in the proposed definition.

The instructions to proposed Item 309 of Regulations S-K and S-B would therefore define the term "financial expert" to mean a person who has, through education and experience as a public accountant or auditor or a principal financial officer, controller, or principal accounting officer of a company that, at the time the person held such position, was required to file reports pursuant to Section 13(a) or 15(d) of the Exchange Act, or experience in one or more positions that involve the performance of similar functions (or that results, in the judgment of the company's board of directors, in the person's having similar expertise and experience), the following attributes:

1. An understanding of generally accepted accounting principles and financial statements;
    
2. Experience applying such generally accepted accounting principles in connection with the accounting for estimates, accruals, and reserves that are generally comparable to the estimates, accruals and reserves, if any, used in the registrant's financial statements;
    
3. Experience preparing or auditing financial statements that present accounting issues that are generally comparable to those raised by the registrant's financial statements;
    
4. Experience with internal controls and procedures for financial reporting;⁴⁸ and
    
5. An understanding of audit committee functions.

In determining whether a potential financial expert has all of the requisite attributes, the board of directors⁴⁹ must evaluate the totality of an individual's education and experience.⁵⁰ The company should consider a variety of factors in making that evaluation, including:

• The level of the person's accounting or financial education, including whether the person has earned an advanced degree in finance or accounting;
   
• Whether the person is a certified public accountant, or the equivalent, in good standing, and the length of time that the person actively has practiced as a certified public accountant, or the equivalent;
   
• Whether the person is certified or otherwise identified as having accounting or financial experience by a recognized private body that establishes and administers standards in respect of such expertise, whether that person is in good standing with the recognized private body, and the length of time that the person has been actively certified or identified as having this expertise;
   
• Whether the person has served as a principal financial officer, controller or principal accounting officer of a company that, at the time the person held such position, was required to file reports pursuant to Section 13(a) or 15(d) of the Exchange Act, and if so, for how long;
   
• The person's specific duties while serving as a public accountant, auditor, principal financial officer, controller, principal accounting officer or position involving the performance of similar functions;
   
• The person's level of familiarity and experience with all applicable laws and regulations regarding the preparation of financial statements that must be included in reports filed under Section 13(a) or 15(d) of the Exchange Act;
   
• The level and amount of the person's direct experience reviewing, preparing, auditing or analyzing financial statements that must be included in reports filed under Section 13(a) or 15(d) of the Exchange Act;
   
• The person's past or current membership on one or more audit committees of companies that, at the time the person held such membership, were required to file reports pursuant to Section 13(a) or 15(d) of the Exchange Act;
   
• The person's level of familiarity and experience with the use and analysis of financial statements of public companies; and
   
• Whether the person has any other relevant qualifications or experience that would assist him or her in understanding and evaluating the registrant's financial statements and other financial information and to make knowledgeable and thorough inquiries whether:
   
• he financial statements fairly present the financial condition, results of operations and cash flows of the company in accordance with generally accepted accounting principles; and
   
• The financial statements and other financial information, taken together, fairly present the financial condition, results of operations and cash flows of the company.

In the case of a foreign private issuer, the board of directors also should consider the person's experience with public companies in the foreign private issuer's home country, generally accepted accounting principles used by the issuer, and the reconciliation of financial statements with U.S. generally accepted accounting principles.

This is not intended to be an exhaustive list of the factors that the board of directors should consider in assessing whether a person qualifies as a financial expert. Moreover, the proposed rules do not specify the number of listed factors that a financial expert should satisfy; satisfaction of any specific number of factors would be neither necessary nor sufficient for a person to be considered a financial expert. Most of these factors require a qualitative assessment of a potential expert's level of knowledge or experience.

The fact that a person previously has served on an audit committee would not, by itself, justify the board of directors in "grandfathering" that person as a financial expert under our proposed definition. Similarly, the fact that a person has experience as a public accountant or auditor, or a principal financial officer, controller or principal accounting officer or experience in a similar position would not, by itself, justify the board of directors in deeming the person to be a financial expert. The board of directors would have to confirm that these persons have the requisite attributes and the right mix of education and experience.

Some individuals who are particularly knowledgeable and experienced in accounting and financial issues may have the requisite attributes and mix of knowledge and experience to qualify as financial experts, even though they may not have served in one of the specifically identified positions. The board of directors would have to determine whether an individual's qualifications, in the aggregate, satisfy the financial expert definition.

Because of the significant role the audit committee plays in the filing of a public company's financial statement, including the preparation and filing of their own report, we would find it hard to believe that an accountant serving as a financial expert on an audit committee would not be practicing before the Commission.⁵¹ Therefore, any accountant, while suspended or barred from practice under Rule 102(e)⁵² of the Commission's Rules of Practice, generally would not be eligible to serve as a financial expert.

Request for Comment

• Should we modify the proposed definition of "financial expert" in any way? If so, how?
   
• Should we require a financial expert to have direct experience preparing or auditing financial statements of reporting companies? Should experience reviewing or analyzing such financial statements suffice? If so, why?
   
• Should a financial expert have to possess all of the "attributes" listed in the proposed definition? Should we broaden the scope of individuals who may qualify as such an expert?
   
• Do the five attributes adequately describe the qualities that a financial expert should have? Should we add any attributes?
   
• Although we do not intend for the list of factors that a company should consider in assessing a potential financial expert's qualifications to be exhaustive, should we add any factors to the list? If so, what other factors should we include? Conversely, should we delete any proposed factors from the list? If so, which factors should we delete?
   
• Should the proposed rules provide for a different standard or methodology for assessing a financial expert's qualifications? If so, describe the preferred standard or methodology.

3. Determination by the Board of Directors
of Who Is a Financial Expert

The Sarbanes-Oxley Act does not explicitly state who at the company should determine whether any of the audit committee members is a financial expert. Management is responsible for preparing the financial statements. Therefore, it seems inappropriate for management to assess the qualifications of audit committee members. Similarly, it does not seem appropriate for the members of the audit committee, alone, to assess their own qualifications. We believe that the board of directors in its entirety, as the most broad-based body within the company, is best-equipped to make the decision. Therefore, we propose to require the company to disclose the number and names of the persons that the board of directors has determined to be the financial expert or experts serving on the company's audit committee.

Certain foreign private issuers have a two-tier board, with one tier designated as the management board and the other tier designated as the supervisory or non- management board. In this circumstance, we believe that the supervisory or non-management board would be the body within the company that is best-equipped to make the decision.

Request for Comment

• Will investors find this information useful? Is there more useful information on how financial experts are determined?
   
• Should our rules require the company to disclose the persons who are responsible for making the financial expert determination on behalf of the company? Is the board of directors the appropriate body to make such determination?

4. Impracticability of a "Bright-Line" Test

We considered, but do not propose, a "bright-line" test for making the financial expert determination that eliminates all elements of subjectivity. We do not believe that such a test would best further the purposes of the statute. Our proposed "financial expert" definition requires a qualifying individual to possess all of the specified attributes, and in that respect, does provide somewhat of a "bright-line" by setting forth several fairly specific and objective standards to limit the pool of potential financial expert candidates. The "factors" also provide guidance to assist the board of directors in making the financial expert determination. Clearly, certain factors such as level of education and years spent in a financial position are important indicia of whether an individual has such knowledge and experience.

However, we are not convinced that any bright-line rule or fixed formula that requires a financial expert to have specific academic credentials or a specific number of years of service in a financial or accounting position can ensure that an individual has the level of understanding and experience required by the statute. As the Blue Ribbon Committee stated regarding corporate governance and audit committees, "one size doesn't fit all."⁵³ Indeed, the more complicated the business, the greater the need for a higher threshold of financial expertise. Therefore, we believe that a bright-line test would be inappropriate for such determinations.

Request for Comment

• Should we create a bright-line test for the definition of "financial expert"? If so, what should the test be?

5. Location of Disclosure

The Sarbanes-Oxley Act expressly states that companies must include the financial expert disclosure in their periodic reports required pursuant to Section 13(a) or 15(d) of the Exchange Act. We propose to require companies to include the new disclosure in their annual reports on Forms 10-K⁵⁴ and 10-KSB.⁵⁵ We do not propose to require companies to also include this disclosure in their quarterly reports because we think that annual disclosure would adequately fulfill investors' informational needs. In this regard, we note that our pending Form 8-K proposals would require a company to disclose the arrival or departure of a director.⁵⁶ This information would be included in Part III of those forms. Consequently, the company could incorporate this information by reference from its definitive proxy or information statement that involves an election of directors, if the company voluntarily chooses to include this information in its proxy or information statement and then files such statement with the Commission no later than 120 days after the end of the fiscal year covered by the Form 10-K or 10-KSB.⁵⁷ We also propose to require this disclosure in annual reports filed by a foreign private issuer on Form 20-F⁵⁸ and by a Canadian issuer on Form 40-F.⁵⁹

Request for Comment

• Should we also require the proposed financial expert disclosure to appear in the company's proxy or information statement? Is this information relevant to a security holder's decision to vote for a particular director or to elect, approve or ratify the choice of an independent public accountant?
   
• Should we require the company to also disclose this information in its quarterly reports?
   
• Should we also require such disclosure in registration statements filed under the Securities Act?
   
• Should the company have to disclose specifically the arrival or departure of a financial expert promptly after the occurrence of the event? If so, should we modify our Form 8-K proposed item regarding the arrival and departure of a director to also require a company to disclose whether the departing director was, or arriving director will be, a financial expert serving on the company's audit committee? Should a company make appropriate disclosures if: a financial expert leaves the audit committee, but remains on the board of directors; or an existing director joins the audit committee as a financial expert? Should a company only have to file a Form 8-K if it previously disclosed in its annual report that it had a financial expert and now has none?
   
• A company currently may not have an audit committee member who qualifies as a financial expert under the proposed definition but may intend to seek one. In such a case, the proposed rules would require a company to disclose that it does not have a financial expert on its audit committee. However, the company could explain that it is searching for a qualified individual to serve on its audit committee. Should we provide companies with a transition period to find such a person? If so, what would be an appropriate transition period?

6. Registered Investment Companies

We are proposing to implement Section 407 of the Sarbanes-Oxley Act with respect to registered management investment companies by adding disclosure requirements similar to those in proposed Item 309 of Regulation S-K to proposed Form N-CSR.⁶⁰ Proposed Item 4 of Form N-CSR would require a registered management investment company to disclose annually: (i) the number and names of persons that the board of directors has determined to be the financial experts serving on the investment company's audit committee; (ii) whether the financial expert or experts are independent, and if not, an explanation of why they are not; and (iii) if the investment company does not have a financial expert serving on its audit committee, the fact that there is no financial expert and an explanation of why it has no financial expert.⁶¹ In addition, the investment company would be required to disclose the basis for a determination by its board of directors that a person is a financial expert if, in lieu of having experience as a public accountant, auditor, principal financial officer, principal accounting officer, or controller, or experience in a position involving the performance of similar functions, the person has experience in a position that results, in the judgment of the board, in the person having similar experience and expertise.⁶² We are proposing the same definition of "financial expert" for investment companies as for operating companies, except that we are not including the factor relevant to foreign private issuers.⁶³

A financial expert would be considered to be "independent" if he or she: (i) meets the criteria set forth in Section 10A(m)(3)(B)(i) of the Exchange Act; and (ii) is not an "interested person" of the investment company as defined in Section 2(a)(19) of the Investment Company Act of 1940.⁶⁴ We have substituted the Section 2(a)(19) test for the criteria set forth in Section 10A(m)(3)(B)(ii) of the Exchange Act, which would apply to operating companies and require that the audit committee member not be an affiliated person of the issuer or any subsidiary in order to be considered "independent." The Section 2(a)(19) test is more appropriate for registered investment companies because it is tailored to capture the broad range of affiliations with investment advisers, principal underwriters, and others that are relevant to "independence" in the case of investment companies.

The proposed disclosure requirements would apply to all registered management investment companies, regardless of whether they are required to file reports under Section 13(a) or 15(d) of the Exchange Act. They would not apply to unit investment trusts, which are unmanaged investment companies that hold specified securities and, unlike managed investment companies, are not required to provide shareholder reports containing audited financial statements.

Request for Comment

• Should the definition of "financial expert" be modified for investment companies? Are the factors that are relevant in determining whether someone is a "financial expert" different for investment companies?
   
• What definition of "independence" should the disclosure requirements apply with respect to financial experts? Should the definition incorporate the criteria set forth in Section 10A(m)(3)(B)(i) of the Exchange Act and Section 2(a)(19) of the Investment Company Act, as proposed, or a different test, for example, the test used for operating companies?
   
• Should disclosure with respect to financial experts on an investment company's audit committee be required annually, as proposed? Should this disclosure be required on each report on Form N-CSR or N-SAR, i.e., semi-annually?
   
• For investment companies that would be required to file reports on proposed Form N-CSR, should the financial experts disclosure be required on Form N-CSR or Form N-SAR? Should small business investment companies, which otherwise would not be required to file proposed Form N-CSR, be required to use Form N-CSR for this purpose?

B. Proposed Code of Ethics Disclosure

1. Proposed Rules Compared to Section 406 of the Sarbanes-Oxley Act

Section 406(a) of the Sarbanes-Oxley Act directs the Commission to issue rules requiring a company that is subject to the reporting requirements of Section 13(a) or 15(d) of the Exchange Act to disclose whether or not the company has adopted a code of ethics for its senior financial officers that applies to the company's principal financial officer and controller or principal accounting officer, or persons performing similar functions. The Sarbanes-Oxley Act states that the rules also must require companies that have not adopted such a code of ethics to explain why they have not done so.

The Act defines the term "code of ethics," as used in Section 406, to mean such standards as are reasonably necessary to promote:

• Honest and ethical conduct, including the ethical handling of actual or apparent conflicts of interest between personal and professional relationships;
   
• Full, fair, accurate, timely and understandable disclosure in the periodic reports required to be filed by the issuer; and
   
• Compliance with applicable governmental rules and regulations.

Section 406(b) of the Sarbanes-Oxley Act further directs the Commission to require a company subject to the Exchange Act reporting requirements to immediately disclose on Form 8-K, or by Internet or other electronic means of dissemination, any change in, or waiver of, a provision of its code of ethics for its senior financial officers.

Although Section 406 of the Sarbanes-Oxley Act focuses on whether or not a company has adopted a code of ethics applicable to its senior financial officers, we believe that it is appropriate to propose rules that also apply to a company's principal executive officer. Investors not only have an interest in knowing whether a public company holds its senior financial officers to certain ethical standards, but also whether a public company holds its principal executive officer to ethical standards as well. Therefore, we believe that it is consistent with the purposes of the Sarbanes-Oxley Act to extend the scope of Section 406 to also include a company's principal executive officer. Specifically, we propose to require a company to disclose whether it has adopted a written code of ethics that applies to its principal executive officer, principal financial officer, principal accounting officer or controller, or persons performing similar functions. We also propose to broaden the definition of the term "code of ethics" used in Section 406 of the Sarbanes-Oxley Act to include three additional factors described in more detail below.

2. Description of the Proposed Code of Ethics Disclosure Requirements

We propose to add new Item 406 to Regulations S-B and S-K, new Item 15(c) to Form 20-F and new Instruction B.(9) to Form 40-F to require a company subject to the Exchange Act reporting requirements to disclose:

• Whether the company has adopted a written code of ethics that applies to the company's principal executive officer, principal financial officer, principal accounting officer or controller, or persons performing similar functions;⁶⁵ and
   
• If the company has not adopted such a code of ethics, the reasons it has not done so.

For purposes of this new disclosure item, we would define the term "code of ethics" to mean a codification of standards that is reasonably designed to deter wrongdoing and to promote:⁶⁶

1. Honest and ethical conduct, including the ethical handling of actual or apparent conflicts of interest between personal and professional relationships;
    
2. Avoidance of conflicts of interest, including disclosure to an appropriate person or persons identified in the code⁶⁷ of any material transaction or relationship that reasonably could be expected to give rise to such a conflict;
    
3. Full, fair, accurate, timely, and understandable disclosure in reports and documents that a company files with, or submits to, the Commission and in other public communications made by the company;
    
4. Compliance with applicable governmental laws, rules and regulations;⁶⁸
    
5. The prompt internal reporting to an appropriate person or persons identified in the code of violations of the code;⁶⁹ and
    
6. Accountability for adherence to the code.

The second, fifth and sixth prongs of this proposed definition supplement the requirements specified by Section 406 of the Sarbanes-Oxley Act. We believe that these items are consistent with the objectives of that section. A comprehensive code of ethics should set forth guidelines requiring avoidance of conflicts of interests and material transactions or relationships involving potential conflicts of interests without proper approval. Moreover, an effective code of ethics should describe the company's system for the internal reporting of code violations.⁷⁰ The code also should state clearly the consequences for non-adherence to code provisions.

In addition to providing the required disclosure, a company also would have to file a copy of its ethics code as an exhibit to its annual report.⁷¹ We believe investors would find such disclosure useful.

Request for Comment

• Should the rules address whether a company has a code of ethics that applies to its principal executive officer, as proposed, or should the rules track the language of Section 406 of the Sarbanes-Oxley Act and require a company only to disclose whether it has a code of ethics that applies to its senior financial officers?
   
• Should we expand the definition of "code of ethics," as proposed, or should the definition adhere to the language in Section 406(c) of the Sarbanes-Oxley Act? Are there other ethical principles that should be included in the definition?
   
• Should the rules cover a broader group of officers? If so, which group of officers should they cover? Should the general counsel be covered? Should all executive officers be covered?⁷²
   
• Should the proposed rules require a company to disclose whether it has a code of ethics that applies to its directors? Do most companies have a code of ethics that applies to the board of directors? Does the same code of ethics generally apply to the company's executive officers and its directors?
   
• Should we require the company to describe its procedures to ensure compliance with the code of ethics?
   
• Should we require the company to describe its procedures for granting a waiver from a provision of its code of ethics?
   
• Should we require the company to disclose the date of adoption of its code of ethics and the date of the most recent update or the company's frequency of review of the code?
   
• Should the company have to file the code of ethics as an exhibit to its annual report as proposed? If not, should we also require the company to describe the principal topics that the code addresses?
   
• Should we require disclosure regarding the existence of a code of ethics in our other reports and registration statements, including our Securities Act and Exchange Act registration statements?

3. Content of the Code of Ethics

The proposed rules do not specify every detail that the company must address in its code of ethics, or prescribe any specific language that the code of ethics must include. They further do not specify the procedures that the company should develop, or the types of sanctions that the company should impose, to ensure compliance with its code of ethics. We believe that ethics codes do, and should, vary from company to company and that decisions as to the specific provisions of the code, compliance procedures and disciplinary measures for ethical breaches are best left to the company. In addition, such an approach is consistent with our disclosure-based regulatory scheme.

Many companies already maintain codes of ethics or conduct.⁷³ These codes often contain specific policies and restrictions addressing, among other things, such issues as insider trading and conflicts of interest. The proposed rules would not require a company to adopt a code of ethics if it has not already done so, or to amend its existing code of ethics, but they would require a company that does not have a code of ethics that meets the definition in the rule for the specified officers to explain why it does not have such a code. A pre-existing ethics code may satisfy the requirements of proposed Item 406, but a company should review its code upon our adoption of final rules to determine whether the code meets all of the standards included in the rules' definition of a "code of ethics." If a company has a code, but it does not satisfy all parts of the definition, the company would not be able to affirm that it has the type of code contemplated by the rules.

4. Types of Companies That Would Be Subject to
the Proposed Code of Ethics Disclosure Requirements
and Location of the Disclosure

All companies that file Form 10-K or 10-KSB reports would be subject to the proposed disclosure requirement. ⁷⁴ We also propose to require this disclosure in annual reports filed by a foreign private issuer on Form 20-F and by a Canadian issuer on Form 40-F.

Request for Comment

• Should we require a company to also provide the proposed code of ethics disclosure in its quarterly reports? Should such disclosure be made in a company's proxy and information statements? Should it be disclosed in Securities Act registration statements?
   
• Should the requirement apply to foreign private issuers, as proposed? If not, why?

5. Proposed Form 8-K or Internet Disclosure Regarding Changes to, or Waivers from, the Code of Ethics

Section 406(b) of the Sarbanes-Oxley Act directs us to require "immediate disclosure" by a company of any change to, or waiver from, the company's code of ethics for its senior financial officers.⁷⁵ As discussed above, we propose to require the basic ethics code disclosure with respect to a company's principal executive officer as well as to its senior financial officers. We therefore also propose to require current disclosure regarding changes to, or the company's grant of a waiver from, a provision of the code of ethics that applies to these same persons.

On June 17, 2002, we proposed amendments to Form 8-K that would expand significantly the number of disclosure items triggering a Form 8-K filing requirement and accelerate the Form 8-K filing deadline.⁷⁶ In those proposals, we stated that we were reviewing possible changes by self-regulatory organizations to their corporate governance provisions, including changes that would require a company to promptly disclose any revision that it makes to its code of ethics, or ethics waiver that it grants.

In light of the directive in Section 406(b), we propose to add an item to the list of Form 8-K triggering events to require disclosure of the following:

• a change to a company's code of ethics that applies to the specified officers; or
   
• a grant of a waiver of an ethics code provision to a specified officer.⁷⁷

If choosing to provide the required disclosure on Form 8-K, the company would have to file the report within two business days after it made the change or granted the waiver.⁷⁸ As an alternative to reporting this information on Form 8-K, Section 406(b) of the Sarbanes-Oxley Act contemplates a company's use of the Internet as a method of disseminating this disclosure.⁷⁹ Many companies maintain websites to provide information about themselves to the public. A company's website is often an obvious place for investors to find information about a company.⁸⁰ We therefore propose to allow a company to use its own Internet website, if it has a website, as an alternative means of disseminating the proposed required disclosure about changes in, or waivers from, its code of ethics.⁸¹ Under the proposed rules, a company would be able to take advantage of the Internet dissemination option only if it had disclosed in its most recently filed annual report on Form 10-K or 10-KSB:⁸²

• that it intends to disclose these events on its Internet website, and
   
• its Internet website address.

If a company elects to disclose this information on its website, it would have to do so within the same two-business day time period that we propose to require for Form 8-K filings. In addition, we propose that a company electing to provide disclosure in this manner would have to make the disclosure available on its website for a period of at least 12 months after it initially posts the disclosure. Although the proposed rules would permit a company to remove information from its website after the 12-month posting period, we propose to require the company to retain this disclosure for a period of not less than five years and to make it available to the Commission or its staff upon request.⁸³ We propose a 12-month period because we believe that it would be inappropriate to allow a company to comply with this provision by only briefly posting the disclosure on its website. Reports on Form 8-K are available to the public indefinitely after filing with the Commission.

Request for Comment

• Are there any privacy concerns that we should consider that would warrant narrowing the disclosure requirements regarding a grant of a waiver from the code?
   
• Is a "waiver" a sufficiently distinct and formal event that the obligation to disclose will not present any difficulties of interpretation? Should we modify the requirement to ensure that "de facto, post hoc" waivers of codes-granted or acceded to after the occurrence of the "violation" are reported?
   
• Should companies that use the Internet for these disclosures also be required to have technology that allows investors to be notified by e-mail when new information is posted to the website?
   
• Should we require the filing of a Form 8-K regardless of whether a company provides the proposed disclosure on its website? Do investors need access to this information for longer than 12 months? How can we permit Internet disclosure and maintain a lasting public record of the information?
   
• Should we specify where and how this disclosure should appear on a company's website if the company opts for the website method of dissemination?
   
• Are there other means of electronic dissemination that our proposed rules should permit?
   
• Should we require a company choosing to disclose information about ethics code changes or waivers through its Internet website to provide advance notice in the company's annual report of its intent to satisfy the disclosure requirements in this manner, as proposed?
   
• Should we require all Exchange Act reporting companies to disclose their website addresses? If so, should we specify the location of this disclosure? For example, should it have to appear on the front cover of all periodic and current reports, along with the company's street address? Should a company have to disclose its website address in, or on the front cover of, all of its Exchange reports? Proxy and information statements? Exchange Act registration statements? Securities Act registration statements?

Foreign Private Issuers

Foreign private issuers are not required to file current reports on Form 8-K.⁸⁴ Instead, they are required to file under the cover of Form 6-K⁸⁵ copies of all information that the foreign private issuer: makes, or is required to make, public under the laws of its jurisdiction of incorporation; files, or is required to file, under the rules of any stock exchange; or otherwise distributes to its security holders.⁸⁶ We do not propose to change these reporting requirements. We are proposing changes to Form 20-F and 40-F that would require a foreign private issuer to disclose any change to its code of ethics made during the foreign private issuer's past fiscal year that applies to the foreign private issuer's senior officers. The foreign private issuer additionally would have to file the change as an exhibit to Form 20-F or 40-F. Under the proposals, a foreign private issuer also would have to disclose any grant of a waiver from the code by the company to one of these officers, that occurred during the foreign private issuer's last fiscal year. A foreign private issuer could also make the disclosure under cover of a Form 6-K or on its Internet website. We plan to strongly encourage foreign private issuers to make these disclosures promptly.

Request for Comment

• Should we require foreign private issuers to file disclosure about ethics code changes and waivers within two days under cover of Form 6-K? Should we otherwise require a foreign private issuer to promptly disclose ethics code changes and waivers?

6. Registered Investment Companies

We are proposing to amend Forms N-SAR and N-CSR to require a registered investment company to:

• Disclose annually whether each of the investment company, its investment adviser, and its principal underwriter has adopted a written code of ethics that applies to the principal executive officer, principal financial officer, principal accounting officer or controller, or persons performing similar functions of, respectively, the investment company, its investment adviser, and its principal underwriter;⁸⁷
   
• If the investment company, its investment adviser, or its principal underwriter has not adopted a code of ethics, explain why it has not done so;⁸⁸
   
• If the investment company, its investment adviser, or its principal underwriter has, during the period covered by the report, amended or granted a waiver from any code of ethics applicable to the investment company's, investment adviser's, or principal underwriter's principal executive officer, principal financial officer, principal accounting officer or controller, or persons performing similar functions, provide a brief description of the amendment or waiver in the investment company's report on proposed Form N-CSR or Form N-SAR, as applicable. In the alternative, the investment company may disclose this information on its Internet website within two business days after the occurrence of the amendment or waiver, if the investment company has disclosed in its most recently filed report on Form N-SAR or N-CSR its intention to provide disclosure in this manner and its Internet address, it makes the information available on its website for a 12-month period, and it retains the information for a period of not less than six years following the end of the fiscal year in which the amendment or waiver occurred;⁸⁹ and
   
• Include any written code of ethics and amendment to that code of ethics as an exhibit to the investment company's reports on Form N-CSR or N-SAR.⁹⁰

The proposed disclosure requirements would apply to all registered investment companies, regardless of whether they are required to file reports under Section 13(a) or 15(d) of the Exchange Act. Management investment companies generally would provide the required disclosure on proposed Form N-CSR, and small business investment companies and unit investment trusts would provide the required disclosure on Form N-SAR.⁹¹ The proposed amendments would apply the same definition of a code of ethics that we are proposing for operating companies.⁹²

We recognize that Investment Company Act Rule 17j-1 currently requires investment companies, and their investment advisers and principal underwriters, to adopt codes of ethics designed to prevent fraud resulting from personal trading in securities by portfolio managers and other employees.⁹³ The amendments we are proposing today would address a broader range of conduct, including disclosure provided in filings with the Commission; compliance with governmental laws, rules and regulations; and ethical conduct generally, including the handling of actual or apparent conflicts of interest. As a result, we believe that the proposals should apply with equal force to investment companies and operating companies. However, to the extent that an investment company, or its investment adviser or principal underwriter, is considering implementing new or changed code of ethics provisions as a result of today's proposals, it may wish to incorporate these provisions, together with its existing code of ethics under Rule 17j-1, into a single comprehensive code of ethics.⁹⁴

The proposed disclosure requirements would generally cover the same entities covered by Rule 17j-1 (investment companies, investment advisers, principal underwriters) because these are the entities with respect to which conflicts of interest and other ethical issues are most likely to arise. Like Rule 17j-1, the proposed amendments would cover the code of ethics of an investment company's principal underwriter only if: (i) the principal underwriter is an affiliated person of the investment company or the investment company's investment adviser; or (ii) an officer, director, or general partner of the principal underwriter serves as an officer, director, or general partner of the investment company or of its investment adviser.⁹⁵ Unit investment trusts do not have a corporate-type management structure, but rather are created by a sponsor or depositor that accumulates a portfolio of securities and deposits them with a trustee under the terms of a trust indenture. Therefore, a unit investment trust would not be required to disclose whether it has a code of ethics because it has no officers. Rather, for unit investment trusts, we are proposing to require disclosure with respect to codes of ethics of the trust's sponsor, depositor, trustee or principal underwriter.⁹⁶ For unit investment trusts, the proposed amendments would cover the code of ethics of a principal underwriter only if: (i) the principal underwriter is an affiliated person of the trust or the trust's sponsor, depositor, or trustee; or (ii) an officer, director, or general partner of the principal underwriter serves as an officer, director, or general partner of the trust's sponsor, depositor, or trustee.⁹⁷

Request for Comment

• Is the proposed definition of a code of ethics appropriate? Are there any modifications that should be made to this definition in the case of investment companies?
   
• Do the proposed code of ethics disclosure requirements cover the appropriate entities, in addition to the registered investment company itself? Should any entities be removed, or should other entities (e.g., the administrator) be added?
   
• Do the code of ethics disclosure requirements cover the appropriate individuals at those entities? Should any of these individuals be removed, or should other individuals be added?
   
• Should we require registered investment companies, like domestic operating companies, to use Form 8-K to disclose amendments to, or waivers of, a code of ethics within two business days? Or is our proposed approach of requiring periodic reporting of this information on Form N-CSR or Form N-SAR appropriate? Should we propose a separate form for prompt reporting of this information? If we require periodic reporting of amendments and waivers on Forms N-CSR and N-SAR, is the proposed alternative option for disclosure of amendments and waivers on the investment company's Internet website within two business days necessary or appropriate?
   
• For what period of time should we require an investment company to retain information about amendments to, or waivers from, codes of ethics, if it elects to post this information on its website? Should the retention period be not less than six years from the end of the fiscal year in which the amendment or waiver occurred, which would be consistent with the standard retention period for investment company records, or should it be some other period?⁹⁸

C. Management's Internal Controls and Procedures for Financial Reporting

1. Management's Internal Control Report

Section 404 of the Sarbanes-Oxley Act directs the Commission to prescribe rules that would require each annual report that a company, other than a registered investment company,⁹⁹ files pursuant to Section 13(a) or 15(d) of the Exchange Act to contain an internal control report: (1) stating management's responsibilities for establishing and maintaining adequate internal control structure and procedures for financial reporting; and (2) containing an assessment, as of the end of the company's most recent fiscal year, of the effectiveness of the company's internal controls and procedures for financial reporting.¹⁰⁰

Twice in the past, the Commission has proposed an internal control report requirement. First, in 1979, following enactment of the Foreign Corrupt Practices Act ("FCPA"),¹⁰¹ we proposed rules that would have required a company to annually disclose certain information about its internal accounting controls.¹⁰² The proposed rules would have required a company's management to state its opinion as to whether the company's systems of internal accounting control provided reasonable assurance that:

• Transactions were executed in accordance with management's general and specific authorization;
   
• Transactions were recorded as necessary: (a) to permit preparation of financial statements in conformity with generally accepted accounting principles (or other applicable criteria); and (b) to maintain accountability for assets;
   
• Access to assets was permitted in accordance with management's general or specific authorization; and
   
• The recorded accountability for assets was compared with the existing assets at reasonable intervals and appropriate action was taken with respect to any differences.

The proposed rules also would have required an independent public accountant to examine and report on management's statement.

Commenters criticized the 1979 proposal for the scope and content of the proposed management statement, and its close correlation to the FCPA requirements. Many commenters viewed the proposal as requiring a report on compliance with the law. Others pointed to the significant voluntary and private-sector initiatives that had been undertaken in this area and urged us not to preempt such efforts by promulgating formal legal requirements. While we did not agree with all of the commenters' concerns, the Commission at that time decided not to proceed with the rulemaking to allow existing voluntary and private-sector initiatives for public reporting on internal accounting control to continue to develop. In 1980, the Commission formally withdrew the proposal.¹⁰³

Following the recommendations of the Treadway Commission, the Commission again proposed rules in 1988 that would have required companies to include in their annual reports a report of management's responsibilities with respect to financial reporting, including its responsibilities for the company's internal control system, and an assessment of the effectiveness of that system.¹⁰⁴ Our 1988 proposal differed from the 1979 proposal in several respects. Under the 1988 proposal, management's report would have been signed on behalf of the company's principal executive, financial, and accounting officers, and would have contained:

• A description of management's responsibilities for the preparation of the company's financial statements and other financial information included in a document containing the financial statements;
   
• A description of management's responsibilities for establishing and maintaining a system of internal control directly related to, and designed to provide reasonable assurance as to the integrity and reliability of, financial reporting;
   
• An assessment of the effectiveness of the company's system of internal control that encompassed material matters; and
   
• A statement of how management responded to any significant recommendations concerning its system of internal controls made by its internal auditors and its independent accountants.

Our 1988 proposal attempted to avoid a direct correlation with the FCPA by including a materiality threshold and focusing on the company's entire system of internal controls, rather than just its internal accounting controls. We received more than 180 comment letters in response to the 1988 proposal, with a majority of commenters supporting it. Many commenters, however, expressed concern over being required to disclose management's response to significant auditor recommendations on the management report. Furthermore, several commenters noted that private sector organizations were working to develop standards for reporting on the effectiveness of a company's internal controls.¹⁰⁵ The Commission did not act on the proposals.

In light of the mandates of the Sarbanes-Oxley Act, we again are proposing to require companies to include a report on their internal controls and procedures for financial reporting in their annual reports.

a. Proposed Disclosure

We propose to amend Item 307 of Regulations S-K and S-B, as well as Forms 20-F and 40-F, to require a company's annual report to include an internal control report of management that includes:

• A statement of management's responsibilities for establishing and maintaining adequate internal controls and procedures for financial reporting;
   
• Conclusions about the effectiveness of the company's internal controls and procedures for financial reporting based on management's evaluation of those controls and procedures in accordance with Exchange Act Rule 13a-15 or 15d-15, as of the end of the company's most recent fiscal year;¹⁰⁶ and
   
• statement that the registered public accounting firm that prepared or issued the company's audit report relating to the financial statements included in the company's annual report has attested to, and reported on, management's evaluation of the company's internal controls and procedures for financial reporting.

The proposed amendments do not specify the exact content of the proposed management report, as this likely would result in boilerplate responses of little value. We believe that management should tailor the report to the company's circumstances.

b. Internal Controls and Procedures for Financial Reporting

A key aspect of management's responsibility for the preparation of financial information is its responsibility to establish and maintain an internal control system.¹⁰⁷ On August 29, 2002, we issued a release adopting new Exchange Act Rules 13a-14 and 15d-14 to implement Section 302 of the Sarbanes-Oxley Act. In that release we stated that the term "internal controls"¹⁰⁸ as used in Section 302 of the Sarbanes-Oxley Act is a pre-existing concept that pertains to a company's financial reporting and control of its assets.¹⁰⁹ However, because there are a variety of different definitions of the term "internal controls" and its meaning has changed over time, there continues to be confusion regarding the meaning and scope of the term.

One of the first attempts to define internal controls was reflected in 1958 in the Statement on Auditing Procedure No. 29, in which the Committee on Auditing Procedure of the AICPA subdivided the definition of internal control into the following two components: "administrative control" and "accounting control."¹¹⁰ This statement explained that the term "accounting control" related directly to the safeguarding of assets and the reliability of financial records. Examples included systems of transaction authorization and approval, physical controls over assets, and the plan of organization for separating duties concerned with record-keeping from duties concerned with operations or asset custody. "Administrative control" was defined as mainly concerning operational efficiency or adherence to managerial policies. Examples included statistical analyses, performance reports, training programs, and quality-control procedures.

In 1972, the Statement on Auditing Procedure No. 54 redefined the administrative control and accounting control concepts.¹¹¹ SAP No. 54 defined administrative control as the plan of organization, procedures, and records concerned with the decision processes leading to management's authorization of transactions. Accounting control was defined as a plan of organization and the procedures and records that are concerned with the safeguarding of assets and the reliability of financial records and consequently are designed to provide reasonable assurance that:

• Transactions are executed in accordance with management's general or specific authorization;
   
• Transactions are recorded as necessary (1) to permit preparation of financial statements in conformity with generally accepted accounting principles; and (2) to maintain accountability for assets;
   
• Access to assets is permitted only by management's authorization; and
   
• The recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.

In 1992, the Committee of Sponsoring Organizations of the Treadway Commission ("COSO") undertook an extensive study of internal control. COSO defined internal control as "a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives" in three categories-effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations. COSO further stated that internal control over each of these objectives consisted of the control environment, risk assessment, control activities, information and communication, and monitoring. In 1995, the AICPA's Auditing Standards Board in Statement on Auditing Standards No. 78 codified this definition of internal controls.¹¹²

We believe that the purpose of internal controls and procedures for financial reporting is to ensure that companies have processes designed to provide reasonable assurance that:

• the company's transactions are properly authorized;
   
• the company's assets are safeguarded against unauthorized or improper use; and
   
• the company's transactions are properly recorded and reported

to permit the preparation of the registrant's financial statements in conformity with generally accepted accounting principles. We believe that these objectives are embodied in the definition of the term "internal controls" as the term is defined in AICPA's Codification of Statements on Auditing Standards (AU) Section 319 and is consistent with Section 103 of the Sarbanes-Oxley Act.¹¹³ Accordingly, we propose to refer to AU Section 319 to define currently internal controls and procedures for financial reporting, pending action by the Public Company Accounting Oversight Board.¹¹⁴ The proposed definition would state that the term "internal controls and procedures for financial reporting" means controls that pertain to the preparation of financial statements for external purposes that are fairly presented in conformity with generally accepted accounting principles as addressed by the Codification of Statements on Auditing Standards §319 or any superseding definition or other literature that is issued or adopted by the Public Company Accounting Oversight Board.

Request for Comment

• Should we propose a definition of internal controls and procedures for financial reporting? If so, is the proposed definition appropriate?
   
• Should we define the term using AICPA's Codification of Statements on Auditing Standards Section 319 definition? If not, are there any other definitions we should use?
   
• Should we propose specific disclosure criteria and standards for the management report? If so, what disclosure criteria and standards should we consider?

2. Attestation to, and Report on, Management's Internal Control Report by the Company's Auditor

Section 404(b) of the Sarbanes-Oxley Act requires every registered public accounting firm that prepares or issues an audit report for an issuer other than a registered investment company¹¹⁵ to attest to, and report on, management's assessment of the issuer's internal controls and procedures for financial reporting. The attestation and report required by Section 404(b) must be made in accordance with standards for attestation engagements "issued or adopted" by the Public Company Accounting Oversight Board (the "PCAOB").

We are proposing amendments to Regulation S-X to reference the attestation report that will be prepared by registered public accounting firms and to require a company to file the attestation in annual reports on Forms 10-K, 10-KSB, 20-F and 40-F.¹¹⁶ Section 404(b) of the Sarbanes-Oxley Act does not require filing of the attestation report, but we believe that it is essential in satisfying the purposes of this provision of the Sarbanes-Oxley Act to require a company to file both the internal control report and auditor's attestation report in its annual report.

Request for Comment

• If we adopt the proposed amendments before the PCAOB is operational, should we delay effectiveness of the rules until such time as attestation engagements standards are issued or adopted by the PCAOB?
   
• Should the company have to file the attestation report as part of the annual report? If so, should the report have to appear in a particular part of the annual report? Where?

3. Quarterly Evaluation of Internal Controls and Procedures for Financial Reporting

On August 29, 2002, we adopted new Exchange Act Rules 13a-14 and 15d-14 to implement Section 302 of the Sarbanes-Oxley Act. These rules require the principal executive and financial officers of reporting companies to certify the information in their companies' quarterly and annual reports. Specifically, new Rules 13a-14 and 15d-14 require each of these officers to disclose that:

• he or she has reviewed the report;
   
• based on his or her knowledge, the report does not contain any untrue statement of a material fact or omit to state a material fact necessary in order to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by the report;
   
• based on his or her knowledge, the financial statements, and other financial information included in the report, fairly present in all material respects the financial condition, results of operations and cash flows of the issuer as of, and for, the periods presented in the report;
   
• he or she and the other certifying officers:
  

  (1)	are responsible for establishing and maintaining "disclosure controls and procedures" (a newly-defined term reflecting the concept of controls and procedures related to disclosure embodied in Section 302(a)(4) of the Sarbanes-Oxley Act) for the issuer;
  (2)	have designed such disclosure controls and procedures to ensure that material information is made known to them, particularly during the period in which the periodic report is being prepared;
  (3)	have evaluated the effectiveness of the issuer's disclosure controls and procedures as of a date within 90 days prior to the filing date of the report; and
  (4)	have presented in the report their conclusions about the effectiveness of the disclosure controls and procedures based on the required evaluation as of that date;

• he or she and the other certifying officers have disclosed to the issuer's auditors and to the audit committee of the board of directors (or persons fulfilling the equivalent function):
  

  (1)	all significant deficiencies and material weaknesses in the design or operation of internal controls (a pre-existing term relating to internal controls regarding financial reporting) which could adversely affect the issuer's ability to record, process, summarize and report financial data and have identified for the issuer's auditors any material weaknesses in internal controls; and
  (2)	any fraud, whether or not material, that involves management or other employees who have a significant role in the issuer's internal controls; and

• he or she and the other certifying officers have indicated in the report whether or not there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses.

For purposes of the Exchange Act Rules 13a-14 and 15d-14, "disclosure controls and procedures" are defined as controls and other procedures of an issuer that are designed to ensure that information required to be disclosed by the issuer in the reports filed or submitted by it under the Exchange Act¹¹⁷ is recorded, processed, summarized and reported, within the time periods specified in the Commission's rules and forms.¹¹⁸ "Disclosure controls and procedures" include, without limitation, controls and procedures designed to ensure that information required to be disclosed by an issuer in its Exchange Act reports is accumulated and communicated to the issuer's management, including its principal executive and financial officers, as appropriate to allow timely decisions regarding required disclosure.

We also adopted new Item 307 of Regulations S-K and S-B¹¹⁹ to require disclosure in the company's annual and quarterly reports about the principal officers' evaluation of the company's disclosure controls and procedures and whether or not there have been significant changes to the company's internal controls-disclosure that the principal officers must certify that they have made.

Regarding internal controls and procedures for financial reporting, our recently adopted rules require the company's principal executive and financial officers to disclose "any significant changes in the company's internal controls or in other factors that could significantly affect these controls subsequent to the date of their evaluation, including any corrective actions with respect to significant deficiencies and material weaknesses." Despite the reference to an evaluation in this disclosure requirement, our rules currently do not require the company's principal executive and financial officers, or the company itself, to conduct periodic evaluations of the company's internal controls. New Exchange Act Rules 13a-15 and 15d-15 do, however, require a company to conduct a quarterly evaluation of the company's disclosure controls and procedures.

As explained above, Section 404 of the Sarbanes-Oxley Act directs us to propose and adopt rules that would require management to annually assess the company's internal control structure and procedures for financial reporting. Section 404 contemplates only an annual evaluation of the company's internal controls. A company's officers already must certify to significant changes to internal controls as required by Section 302 of the Sarbanes-Oxley Act.

To provide a basis for this quarterly disclosure about changes to the company's internal controls and procedures for financial reporting, and to create symmetry between our requirements for periodic evaluations of both the company's disclosure controls and procedures and its internal controls and procedures for financial reporting, we propose to require the company's management to evaluate the effectiveness of the design and operation of the company's internal controls and procedures for financial reporting, as well as its disclosure controls and procedures, with respect to each annual and quarterly report that it is required to file under the Exchange Act.¹²⁰ In addition, we propose to modify the requirement in Exchange Act Rules 13a-15 and 15d-15 that the evaluation be conducted within the 90-day period prior to the filing date of the quarterly or annual report, to require that the evaluation be made as of the end of the period covered by the report.¹²¹ We are also proposing conforming changes¹²² to Exchange Act Rules 13a-14, 13a-15, 15d-14 and 15d-15 and the form of certification in Forms 10-Q, 10-QSB, 10-K, 10-KSB, 20-F and 40-F.

Request for Comment

• Should we propose changes to Exchange Act Rules 13a-14, 13a-15, 15d-14 and 15d-15 to require periodic evaluations of both the company's disclosure controls and procedures and its internal controls and procedures for financial reporting?

4. Federal Deposit Insurance Act Internal Control Reports

In 1993, the Federal Deposit Insurance Corporation (FDIC) adopted rules implementing Section 36 of the Federal Deposit Insurance Act¹²³ that requires, among other things, an insured depository institution with total assets of $500 million or more to prepare an annual management report that contains:

• A statement of management's responsibilities for preparing the institution's annual financial statements, for establishing and maintaining an adequate internal control structure and procedures for financial reporting, and for complying with designated laws and regulations relating to safety and soundness;¹²⁴ and
   
• Management's assessment of the effectiveness of the institution's internal control structure and procedures for financial reporting as of the end of the fiscal year and the institution's compliance with the designated laws and regulations during the fiscal year.¹²⁵

The FDIC's rules additionally require the institution's independent public accountant to examine, and attest to, management's assertions concerning the effectiveness of the institution's internal controls over financial reporting.¹²⁶

Furthermore, the FDIC's rules permit an insured depository institution that is the subsidiary of a holding company to satisfy its internal control report requirement with an internal control report of the consolidated holding company's management if:

• Services and functions comparable to those required of the subsidiary by Section 36 of the Federal Deposit Insurance Act are provided at the holding company level; and
   
• The subsidiary has, as of the beginning of its fiscal year, total assets of less than $5 billion, or total assets of $5 billion or more and a composite rating of 1 or 2 under the Uniform Financial Institutions Rating System.¹²⁷

Bank and thrift holding companies that are required to file reports under Section 13(a) or 15(d) of the Exchange Act would be subject to the internal control reporting requirements that we are proposing today. Although our proposed amendments are similar to the FDIC's internal control report requirements, our proposed rules differ in a few respects.¹²⁸

We are coordinating with the FDIC and other federal banking regulators to eliminate, to the extent possible, any unnecessary duplication between our proposed internal control report and the FDIC's internal control report requirements. We expect to provide further guidance on this subject in our release adopting final rules under Section 404 of the Sarbanes-Oxley Act.

5. Registered Investment Companies

Section 404 of the Sarbanes-Oxley Act does not apply to registered investment companies, and we are not proposing to extend any of the requirements that would implement section 404 to registered investment companies.¹²⁹ We are, however, proposing to make the following technical changes to our rules and forms implementing Section 302 of the Sarbanes-Oxley Act for registered investment companies in order to conform to the rule changes that we are proposing for operating companies and for other reasons.

• Exchange Act Rules 13a-15(c) and 15d-15(c), Paragraph (b)(4)(iii) of Investment Company Act Rule 30a-2, and proposed Investment Company Act Rule 30a-3(b). The proposed amendments would specify that an investment company's management must evaluate the effectiveness of its disclosure controls and procedures, with the participation of the principal executive and financial officers, as of the end of the period covered by each report filed on Form N-SAR or Form N-CSR.
   
• Paragraph (d) of Investment Company Act Rule 30a-2. The proposed amendments would include the same definition of "internal controls and procedures for financial reporting" that we are proposing in Exchange Act Rules 13a-14(d) and 15d-14(d).
   
• Instruction (a)(i) to Item 77Q3 of Form N-SAR and Item 5(a) of proposed Form N-CSR. The proposed amendments would require the disclosure about the evaluation of the investment company's disclosure controls and procedures by the investment company's management to be as of the end of the period covered by the report being filed.
   
• Paragraph (b)(4)(vi) of Investment Company Act Rule 30a-2, Instruction (a)(ii) of Item 77Q3 of Form N-SAR, and Item 5(b) of proposed Form N-CSR. The proposed amendments would require disclosure of any significant changes to the registrant's internal controls and procedures for financial reporting made during the period covered by the report.
   
• Item 6(a) of proposed Form N-CSR; paragraphs 1, 2, and 3 of the certification in instruction (a)(iii) to Item 77Q3 of Form N-SAR; and paragraphs 1, 2, and 3 of the certification section of proposed Form N-CSR. The proposed amendments would expressly require the shareholder reports to be filed as an exhibit to proposed Form N-CSR rather than as an Item response,¹³⁰ and would also revise the form of certification in Forms N-SAR and N-CSR to make clear that the report being certified includes any exhibits.
   
• Paragraph (b)(4) of Investment Company Act Rule 30a-2, paragraph 4 of the certification in Instruction (a)(iii) to item 77Q3 of Form N-SAR, and paragraph 4 of the certification section of proposed Form N-CSR. The proposed amendments would require the signing officers to state that they are responsible for establishing and maintaining internal controls and procedures for financial reporting, and that they have disclosed to the investment company's auditors and audit committee all significant deficiencies in the design and operation of internal controls and procedures for financial reporting which could adversely affect the investment company's ability to record, process, summarize and report financial information required to be disclosed in the reports that it files or submits under both the Securities Exchange Act and the Investment Company Act.
   
• Exchange Act Rule 12b-25(a) and (b)(2)(ii) and Form 12b-25.¹³¹ The proposed amendments would require an investment company to file a Form 12b-25 if it will not be able to file a report on proposed Form N-CSR in a timely manner. Filing of a Form 12b-25 would provide the investment company with an automatic extension of time to file proposed Form N-CSR of up to 15 calendar days following the prescribed due date.
   
• General Instruction E of proposed Form N-CSR. A proposed technical amendment would clarify that terms used in Form N-CSR have meanings as defined in the Investment Company Act of 1940 and the rules and regulations thereunder.

Request for Comment

• Should any rules regarding internal controls and procedures for financial reporting be applied to registered investment companies? If so, which specific rules and procedures should apply?
   
• When we adopted the certification rules implementing Section 302 of the Sarbanes-Oxley Act, we stated that a single evaluation of the effectiveness of the disclosure controls and procedures for a series fund or family of investment companies could be used in multiple certifications for the funds in the series or family, as long as the evaluation had been performed within 90 days of the date of the certified report.¹³² What is the effect of today's proposed changes requiring that the evaluation be as of the end of the period covered by the report on the ability to use a single evaluation for a series fund or family of investment companies where the funds have different fiscal years? Should we adopt the approach of today's proposal, retain the approach that we previously adopted, or adopt a different approach?

6. Transition Period for Compliance with Rules Regarding Evaluations of, and Reports and Attestations on, Internal Controls and Procedures for Financial Reporting

The annual internal controls report by management, as well as the related attestation and report on management's evaluation by auditors are proposed new requirements. Although we believe that management and auditors currently review such controls and procedures in conjunction with a company's annual audit, we understand that in many cases such reviews may not be as thorough or as detailed as the proposed rules would require. We expect that companies and their auditors will require substantial time to develop processes under relevant standards and to train appropriate personnel to ensure compliance with these requirements imposed by the Sarbanes-Oxley Act. Similarly, companies and accounting firms likely will need additional time to actually perform these activities.

The Sarbanes-Oxley Act does not impose a deadline for compliance with Section 404. Rather, the wording of this section contemplates action by both the PCAOB as well as registered public accounting firms. Specifically, the statute requires that auditor attestations conform with standards for attestation engagements adopted by the PCAOB. We therefore believe that Congress did not intend for the provisions of this section to take effect until the PCAOB has established the relevant attestation standards.¹³³ Accordingly, we propose to delay the effectiveness of our rules under Section 404 to enable the PCAOB to act and other relevant parties to prepare for compliance.

Specifically, we propose that the rules under Section 404, if adopted, would apply to companies whose fiscal years end on or after September 15, 2003. This should provide the PCAOB sufficient time to adopt standards for attestation engagements, as well as for companies and auditors to prepare for the expected increase in workload.

We would not require companies to provide such reports or attestations before the proposed date of effectiveness. However, to the extent that a company desires to provide voluntarily an annual report on the effectiveness of its internal controls and procedures for financial reporting, we believe that existing accounting literature should be followed. Similarly, although we do not require attestations by auditors before the proposed rules become effective, we believe that to the extent such attestations are made, accountants would perform such attestations in conformity with existing accounting literature regarding attestation engagements, including Section 501 of the AICPA's Statement on Standards for Attestation Engagements.

Similarly, we believe that the effectiveness of changes to certifications by management in a company's annual and quarterly reports also should be delayed until the company has had the opportunity to perform the comprehensive evaluation of internal controls and procedures for financial reporting contemplated by Section 404. Therefore, we propose that management need not provide the proposed amended certifications until the first annual report in which the company includes the internal control report required under Section 404. Accordingly, until a company is required to provide such report, it need only provide certifications as adopted on August 29, 2002.¹³⁴

Request for Comment

• What transition period do companies and registered public accounting firms need to prepare to perform these undertakings? Is the compliance date we propose adequate? If not, what date should we adopt?

D. Asset-Backed Securities Issuers

In the release adopting the certification requirements,¹³⁵ we noted that issuers of asset-backed securities have a reporting obligation under either Sections 13(a) or 15(d) of the Exchange Act, at least for a period of time. Because of the nature of asset-backed issuers, the staff of the Division of Corporation Finance has granted requests allowing asset-backed issuers to file modified reports under the Exchange Act.¹³⁶ The modified reporting structure for asset-backed issuers allows issuers or depositors to file modified annual reports on Form 10-K and to file reports on Form 8-K tied to payments on the underlying assets in the trust. These reports include a copy of the servicing or distribution report required by the issuer's governing documents and information on the performance of the assets, payments on the asset-backed securities and any other material developments that affect the issuer. Because the information included in these reports for asset-backed issuers differs significantly from that provided by other issuers, as well as the structure of asset-backed issuers we are proposing to exclude them from the disclosure requirements under proposed Items 307, 309 and 406 of Regulation S-K and S-B.

E. General Request for Comment

We request and encourage any interested person to submit comments regarding:

We request comment from the point of view of registrants, investors and other users of information about the proposals. With regard to any comments, we note that such comments are of greatest assistance to our rulemaking initiative if accompanied by supporting data and analysis of the issues addressed in those comments.

III. Paperwork Reduction Act

Form 10-K, Form 10-KSB, Form 20-F, Form 40-F, Form 10-Q, Form 10-QSB, Form 8-K, and Form 12b-25 under the Exchange Act, Regulation S-K, Regulation S-B, and Forms N-SAR and N-CSR under the Exchange Act and the Investment Company Act contain "collection of information" requirements within the meaning of the Paperwork Reduction Act of 1995.¹³⁷ We are submitting a request for approval of the proposed revisions to these requirements to the Office of Management and Budget ("OMB") for review in accordance with 44 U.S.C. §3507(d) and 5 CFR 1320.11. An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid control number.

Periodic Reporting Requirements

Form 10-K (OMB Control No. 3235-0063) prescribes information that a registrant must disclose annually to the market about its business. Form 10-KSB (OMB Control No. 3235-0420) prescribes information that a registrant that is a "small business issuer" as defined under our rules must disclose annually to the market about its business. Form 20-F (OMB Control No. 3235-0288) prescribes information that a registrant that is a foreign private issuer must disclose annually to the market about its business. Form 40-F (OMB Control No. 3235-0381) prescribes information that a registrant that is eligible to use that form must disclose annually to the market about its business.

Form 10-Q (OMB Control No. 3235-0070) prescribes information that a registrant must disclose quarterly to the market about its business. Form 10-QSB (OMB Control No. 3235-0416) prescribes information that a registrant that is a "small business issuer" as defined under our rules must disclose quarterly to the market about its business.

We are proposing to add several disclosure requirements to these forms relating to: (1) whether a financial expert serves on a company's audit committee; (2) the existence of a company code of ethics for specified officers, and (3) management's assessment of the effectiveness of a company's internal controls and procedures for financial reporting. These proposals would increase the amount of information that a registrant must compile and disclose in these forms. With respect to the first two items, the information in these required disclosures should be readily available to the management of a registrant. Therefore, we expect the burden to compile and report this information to be minimal. The third item requires management to evaluate the effectiveness of the company's internal controls and procedures for financial reporting. We expect that performing these acts will impose a substantially greater burden than the other two disclosure requirements.

Financial Expert. This proposed disclosure requirement would increase the disclosure burden by requiring a registrant to report the number and names of persons that the board of directors has determined to be financial experts on its audit committee as well as whether the expert is independent, and if not, an explanation of why they are not. It would not require a registrant to have a financial expert on its audit committee. Item 401 of Regulations S-K and S-B already requires registrants to ascertain and disclose the business experience of all of its directors. The inquiry that registrants should make to satisfy this disclosure requirement should assist the registrant in determining whether a particular director is a financial expert under the rules. If the registrant does not have a financial expert, the rule only requires that the registrant explain why it does not have such a person on its audit committee. Therefore, we believe the added burden of the proposed rule would be minimal. For purposes of the PRA, we estimate that the proposed disclosure requirements regarding financial experts will result in a minimal incremental increase of 0.5 burden hours per issuer in connection with preparing each annual report.

Code of Ethics. The proposed rule would require a registrant to disclose whether it has adopted a written code of ethics for its principal executive officer, principal financial officer, principal accounting officer or controller, or persons serving similar functions. If it has not, it must explain why. The proposed rule would not require any company to adopt such a code of ethics. Management should be readily able to determine whether or not its company has adopted a code of ethics. In certain cases, the required disclosure would require minimal analysis regarding why the company does not have a code. In addition, in the first year, registrants must file a copy of the code with the Commission. In the case of large manuals that must be filed, we expect a small added cost to file such a document on EDGAR. In addition, we estimate that the disclosure requirements regarding codes of ethics will also cause a minimal increase of 0.5 burden hours per issuer in connection with each annual report.

Management Assessment of Internal Controls and Procedures for Financial Reporting. The proposed rules would require management to assess its internal controls and procedures for financial reporting every quarter. In addition, registrants must provide an internal control report in its annual report as well as obtain an attestation on that evaluation from the independent accountant that audited its financial statements. The performance of, and report on, the assessment will impose costs on registrants. This requirement would not apply to registered investment companies.

Although we expect such evaluation to impose a burden on companies, they are already required to evaluate on a quarterly basis the company's disclosure controls and procedures. We believe that a significant portion of internal controls and procedures for financial reporting are included in disclosure controls and procedures. We already received OMB approval for the added burden of evaluating disclosure controls and procedures. Therefore, for purposes of this release, we need only consider the added incremental burden imposed on companies by the evaluation of that portion of internal controls and procedures for financial reporting that is not subsumed by the disclosure controls and procedures evaluation. In that submission, we estimated that the evaluation of disclosure controls and procedures would add a burden on each issuer of 5 hours per quarterly and annual report. We estimate that the proposed rules would impose and additional 5 burden hours per issuer in connection with each quarterly and annual report. We do not have any data to support this estimate. However, because much of the burden is subsumed in the previous estimate, we believe an estimate of 5 burden hours per quarter is conservative. In addition, in conjunction with annual reports, a company must provide an internal control report. Although the burden of the evaluation has already been considered, the company must compile its conclusions into a publicly disclosed report. We expect that preparation of this report would add an additional 5 hours in conjunction with the annual report.

For PRA purposes, we do not need to consider the added burden to the company of obtaining an attestation on that internal control report by the company's auditor. The Sarbanes-Oxley Act currently requires companies to obtain such an attestation. Our proposed rules do not establish standards for the contents or format of such attestation. In addition, the proposed rules requiring attestation would not be effective until the PCAOB has had the opportunity to establish such standards. The proposed rules would establish no requirements beyond those required by the Sarbanes-Oxley Act except the requirement that the attestation be filed. We do consider the incremental increase in burden caused by this proposed requirement. We estimate that the costs of filing such an attestation report would be minimal. Similar to our estimates regarding disclosure of readily known information, such as the existence of a code of ethics, we estimate that such filing would create an added burden of 0.5 hours.

The burden hours for complying with these proposed requirements are set forth below in the following table. Estimates regarding burden within the company, for third party services, and for professional costs were obtained by contacting a number of law firms and other persons regularly involved in completing the forms.

	Annual Responses	Total Hours/ Form	Total Burden138	75% Company139	25% Professional	$300 Professional Cost
10-K	9,384	11.5	107,916	80,937	26,979	8,093,700
10-KSB	3,789	11.5	43,574	32,680.5	10,893.5	3,268,050
20-F	1,096	11.5	12,604	3,151	9,453	2,835,900
40-F	127	11.5	1461	365.25	1,095.75	328,725
10-Q	26,746	5	133,730	100,297.5	33,432.5	10,029,750
10-QSB	11,608	5	58,040	43,530	14,510	4,353,000

Our current OMB inventories and requested burden estimates are presented in the following table.

	Current Hour Burden	Expected Hour Increase	Total Expected Burden	Current Cost Burden	Expected Cost Increase	Total Expected Cost
10-K	12,337,614	80,937	12,418,551	1,233,761	8,093,700	1,241,854,700
10-KSB	3,435,676	32,680.5	3,468.356.5	343,568,000	3,268,050	346,836,050
20-F	583,248	3,151	586,399	524,496,000	2,835,900	527,331,900
40-F	175	365.25	440.25	440.5138,500	328,725	467,225
10-Q	3,109,223	100,297.5	3,209,520.5	310,922,000	10,029,750	320,951,750
10-QSB	1,279,782	43,530	1,323.312	127,978,000	4,353,000	132,331,000

Form 8-K

Form 8-K (OMB Control No. 3235-0060) prescribes information about significant events that a registrant must disclose on a current basis. Form 8-K also may be used, at a registrant's option, to report any events that the registrant deems to be of importance to shareholders. Companies also may use the form to disclose the nonpublic information required to be disclosed by Regulation FD.¹⁴⁰ We are proposing to require disclosure in the Form 8-K of any change in, or waiver of any provision of, a company code of ethics for senior executive officers. Alternatively, companies may disclose the required information on their websites.

We currently estimate that Form 8-K results in a total annual compliance burden of 627,300 hours and an annual cost of $81,377,000. We estimate the number of Form 8-K filers to be 13,200, based on the actual number of Form 10-K and 10-KSB filers during the 2001 fiscal year. For purposes of this analysis, we estimate that the number of reports on Form 8-K filed is 276,800.¹⁴¹ We estimate that each entity spends, on average, approximately 5 hours completing the form. We note that a company need not file a Form 8-K to report these events if it discloses the information on its Internet website. If a company elects to disclose such information only on its website, the proposed rules would require the company to keep such information on its website for 12 months and to keep such disclosure for five years. We estimate that the cost of disclosing and maintaining the information on a company's website would be no more than the cost to file a Form 8-K. Therefore, for a particular reporting event, whether disclosed on Form 8-K or through a company's website, we estimate the burden would be 5 hours. We estimate that 75% of the burden is prepared by the company and that 25% of the burden is prepared by outside counsel retained by the company at an average cost of $300 per hour. The staff estimated the average number of hours each entity spends completing the form, and the average hourly rate for outside securities counsel, by contacting a number of law firms and other persons regularly involved in completing the forms.

Under the proposals, we estimate that, on average, completing and filing a Form 8-K if the proposed new disclosure items are adopted would require the same amount of time currently spent by entities completing the form-approximately 5 hours. We believe that changes to a company's code of ethics and waivers from a code will be relatively rare events. Therefore, we expect that on average, a company will file a Form 8-K to report such an event once every three years, resulting in a total increase of 4,400 filings on Form 8-K per year. The additional filings would result in an added annual burden of 16,500 hours (4,400 × 5 × .75 = 16,500) and a total annual burden of 643,800 (627,300 + 16,500). We estimate that, if the proposals are adopted, the additional filings would result in an added annual cost of $1,650,000 (4,400 × 5 × .25 × $300 = $1,650,000) and a total annual cost to issuers of $83,027,000 ($81,377,000 + $1,650,000 = $83,027,000).

Regulation S-K and Regulation S-B

Regulation S-K (OMB Control No. 3235-0071) includes the requirements that a registrant must provide in filings under both the Securities Act and the Exchange Act. Regulation S-B (OMB Control No. 3235-0417) includes the requirements that a small business issuer must provide in filings under the Securities Act and the Exchange Act.

The proposed changes to these items would create new items under Regulation S-K and Regulation S-B. However, the filing requirements themselves are included in Form 10-K, Form 10-KSB, Form 10-Q, Form 10-QSB, Form 20-F, Form 40-F, and Form 8-K. We have reflected the burden for these new requirements in the burden estimate for those forms. These items in Regulation S-K and Regulation S-B do not impose any separate burden. We assign one burden hour each to Regulations S-B and S-K for administrative convenience to reflect the fact that these regulations do not impose any direct burden on companies.

Investment Company Forms

Form N-SAR (OMB Control No. 3235-0330) under the Exchange Act and the Investment Company Act is used by registered investment companies to file periodic reports with the Commission. We estimate that 4500 investment companies, including 798 unit investment trusts and 2 small business investment companies, currently file reports on Form N-SAR. The current estimated total compliance burden of Form N-SAR is 154,450 hours. Unit investment trusts would be required to make the proposed disclosure regarding codes of ethics on Form N-SAR, and small business investment companies would be required to make the proposed disclosure regarding codes of ethics and financial experts on Form N-SAR. We estimate that the proposed disclosure requirements will increase the annual burden of filing Form N-SAR by 0.5 hours per unit investment trust, and by 1.0 hour per small business investment company. Therefore, the new estimated total compliance burden of filing Form N-SAR would be 154,851 hours.

We issued a release proposing Form N-CSR on August 30, 2002, pursuant to Section 8(a) of the Investment Company Act [15 U.S.C. 80a-8] and Section 13 of the Securities Exchange Act [15 U.S.C. 78m]. Proposed Form N-CSR would be used by registered management investment companies to file certified shareholder reports with the Commission. We estimate that 3700 registered management investment companies would be required to file reports on Form N-CSR, and the total compliance burden for Form N-CSR would be 111,000 hours, excluding the amendments proposed in this release. We esti