Independent Community Bankers of America ICBA
December 11, 2002
Jonathan G. Katz
RE: File No. S7-40-02; Proposed Rule Regarding Disclosures Required by Sections 404, 406 and 407 of the Sarbanes-Oxley Act of 2002
Dear Secretary Katz:
The Independent Community Bankers of America ICBA1 welcomes the opportunity to comment on rules proposed by the Securities and Exchange Commission (SEC) to implement sections of the Sarbanes-Oxley Act that would require a number of new disclosures regarding "financial experts" that serve on a public company's audit committee, annual internal control reports, and adoption of a code of ethics for certain corporate officers.
The ICBA recognizes the importance of implementing the controls that Congress called for in the Sarbanes-Oxley Act to ensure that investors are protected from a repeat of Enron and WorldCom bankruptcies. However, the ICBA is concerned that the SEC has proposed a rule much more stringent than Congress had intended, with elements that will present serious compliance difficulties for a large segment of institutions that file financial reports with the SEC and/or are have publicly traded securities subject to SEC oversight. We are particularly concerned that the definition of "financial expert" is too narrow and institutions, particularly smaller ones, will not be able to attract and retain independent directors to serve on the audit committee who will fit the definition.
In considering the impact of the proposal on the banking industry, it is important to recognize that banking is a highly regulated industry. In response to financial problems in the banking industry, over a decade ago Congress passed the Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA) to address auditing and accounting issues that contributed to financial problems that hit the banking industry. Banking regulators followed FDICIA with implementing regulations (12 C.F.R. Part 363). Bank accounting and auditing functions are scrutinized by banking regulators as part of regular bank examinations. Thus, the banking industry has been far ahead of corporate America in its attention to accounting and auditing issues.
The typical SEC-reporting community bank is locally owned and operated. Many are located in smaller communities or rural areas. Some have securities listed on a national securities exchange. Many, however, do not have listed securities but have more than 500 shareholders making them subject to SEC reporting. Yet, these small, thinly traded institutions would be subject to the same requirements that the SEC proposes for the largest corporations in America, public traded companies whose stock may be held throughout the world. We urge the SEC to make accommodations in its proposal to recognize the differences in the institutions that must comply with a final rule.
Summary of ICBA Positions, Recommendations
The following is a summary of major ICBA positions on elements of the proposal:
Financial Expert Definition
The Sarbanes-Oxley Act requires publicly traded companies and issuers of SEC-registered securities to disclose whether their audit committees include a "financial expert" and if not, why not. The SEC is required to adopt rules defining the term "financial expert" and the Act enumerates several attributes that the agency should consider in crafting the definition. In establishing the definition of "financial expert," the Sarbanes-Oxley Act requires that the SEC consider whether a person has, through education and experience as a public accountant, auditor, principal financial officer, controller or principal accounting officer of an issuer, or from a position involving the performance of similar functions:
In the preamble of the proposed rule, the SEC notes that it has historically encouraged companies to establish independent audit committees to oversee the work and independence of auditors. In 1999 the agency adopted rules requiring that companies disclose whether their audit committee members are independent. Banking regulators also strongly encourage all banks to establish an audit committee with a similar role consisting, if possible, entirely of outside directors. Bank examiners may criticize a bank for not doing so.
The SEC proposes that to qualify as a "financial expert" a person must have all of the qualifications listed above. In addition, the SEC lists the factors the board of directors should consider including the level of the person's accounting or financial education, such as whether the person has: earned an advanced degree in finance or accounting; is a certified public accountant in good standing and the length of time of their practice; has served as a principal financial officer, controller or principal accounting officer of a company that was subject to SEC filings; and other qualifications regarding the person's experience and expertise in understanding and evaluating the company's financial statements and their ability to make knowledgeable and thorough inquiries about the statements. In addition, the SEC proposes to require that the financial expert's experience be related to companies that were publicly reporting companies at the time the person held the position.
The definition of "financial expert" proposed by the SEC goes significantly beyond the guidance contained in the Sarbanes Oxley Act, and is so narrow and restrictive that few companies will be able to find such a person. Sect. 407(b) of the Act does not mandate that the SEC require all of these characteristics. The Act only offers factors for consideration such as experience in the preparation or auditing of financial statements of generally comparable issuers; and the application of such principles in connection with the accounting for estimates, accruals, and reserves. It does not require that a "financial expert" have experience with comparable accounting issues and application of principles regarding estimates, accruals and reserves. In our view, by expanding the requirements as the SEC has done in its proposed rule, the SEC has turned the "financial expert" into an "accounting expert." We do not believe that this was the intent of the Sarbanes-Oxley Act.
ICBA is greatly concerned that institutions, particularly smaller ones such as publicly traded community banks or those that are not publicly traded but must file financial reports with the SEC, will not be able to attract and retain directors who will fit the SEC's proposed definition of a financial expert. Community banks polled by the ICBA indicated that very few have a director currently on their board that would qualify as a financial expert under the narrow definition proposed by the SEC. Community banks serving smaller rural communities have told ICBA that it would be very difficult for them to find someone in their area who would qualify as a financial expert. Often outside directors of community banks are CEOs or CFOs of area companies, hospitals or other organizations; attorneys; certified public accountants; or other individuals experienced in developing and successfully running corporations. Community banks often select as directors people from their community that have business backgrounds that can help direct the bank in service to its community. Indeed, the Manual of Examination Policies of the Federal Deposit Insurance Corporation notes that bank directors are not only responsible to the stockholders who elect them, but they must also be concerned with the safety of depositor's funds and the pervasive influence the bank exercises on the community it serves. These responsibilities go beyond those of a typical corporate director.
Particularly onerous is the proposed requirement that the individual have experience auditing or preparing financial statements for an organization similar to the one on whose audit committee they would serve. Some observers have noted that Federal Reserve Chairman Alan Greenspan would not meet the qualifications to be a financial expert. Recently, WorldCom announced that that the former chairman of the Financial Accounting Standards Board Dennis Beresford would be added to its board of directors. While he clearly has most of the qualities that the SEC has proposed for a financial expert, does he truly have experience in preparing or auditing the financial statements comparable to those of WorldCom? Individuals whom banking regulators may find suited to serve as bank directors may not be certified public accountants with experience preparing or auditing financial statements generally comparable to those of the issuer.
If this requirement is retained, a community bank located in a small community that seeks a qualified financial expert according to the SEC's proposed definition is likely to find the only person available is a senior officer or CFO of a competing community bank. Not only is this an unpalatable proposition, but the Depository Institution Management Interlocks Act (12 USC Sec. 3201-3208) would likely prohibit such service by one individual at competing institutions. The community bank could not seek someone from its own audit firm and might seek someone from another audit firm with experience auditing community banks, an option that may not be readily available in a smaller community. America has a very diverse economy when both large and small organizations can thrive. In our view, it may be very difficult for smaller or relatively unique larger institutions to attract individuals to serve on their audit committees that have experience with "comparable" organizations.
Nor is such experience necessary for the members of the audit committee to effectively acquit their responsibilities. In the view of ICBA, companies should seek individuals to serve on their audit committees with the knowledge and expertise appropriate to the complexity of the organization, not a hard and fast set of requirements for all. Community banks have suggested that whether a director holds a certain degree or professional designation may be less important to their effectiveness as a member of the board or audit committee than their ability and willingness to ask the right questions and challenge management's actions. The members of the audit committee are not the preparers of the financial statements or auditors of the company. Their job is to monitor performance and oversee the process. Individuals should not be required to possess all the attributes of the proposed definition to be effective audit committee members.
Likewise, we see do not see the need for a financial expert to have experience in the preparation and auditing of financial statements; experience in reviewing and analyzing statements should be sufficient. It should not be necessary for a financial expert to have experience with public companies as proposed. As noted above, many community banks that would be subject to this rule do not have listed securities but are subject to SEC reporting because they have more than 500 shareholders. Most community banks have relatively simple financial statements, yet the SEC is proposing the same standard for them as for the largest, most complex financial institutions and corporations in America. For the largest, most complex organizations, the SEC proposed standard may well be appropriate, but is the same education and skill level truly necessary for directors on the audit committee of the smallest, least complex?
Mandating that individuals serving on the audit committee as a financial expert meet all the qualifications contained in the proposal will be particularly onerous for smaller companies, and those in rural areas that do not have people in their community qualified to serve. The SEC recognized the difficulty smaller institutions would experience in seeking qualified accounting expertise when it issued its final rule on auditor independence. In the case of community banks, these are institutions that are already heavily regulated and examined. Attracting people from outside the area will be expensive. For community banks that are under heavy regulatory scrutiny already, the increased cost is not likely to be offset by increased shareholder benefits. The qualifications specified in the Sarbanes-Oxley Act should be used as a guideline, not a requirement.
The Sarbanes-Oxley Act does not specifically require disclosure of the number or names of financial experts or whether the financial expert is independent2, but the SEC believes that it is appropriate to require these disclosures. Community bankers have expressed concerns that when a company discloses that it does have a financial expert on its audit committee and identifies that person, he or she may be perceived to be the primary person responsible for accurate and proper reporting of the institution's financial condition and events that may affect it. The focus may move from the entire board and management to the financial expert. Not only is this wrong, as all of the board and management must share this responsibility, but who would be willing to serve as a financial expert, knowing that he or she carries such a heavy burden of responsibility? We believe that being publicly identified as a company's financial expert is a strong disincentive to accept such a position. Companies already disclose the names and other information about members of their board of directors. We believe that a company should simply be required to disclose that it has a qualified financial expert who is independent. Also, the SEC should specify the degree of responsibility and obligation along with limits of liability for financial experts to encourage a willingness to serve on the part of qualified individuals.
We also urge the SEC to allow institutions that do not have a financial expert on their board to be permitted to disclose the steps they are taking to increase the education of their directors and why they believe that the directors currently on the board are well qualified to serve investor interests even though they may not meet the narrow SEC definition of financial expert. This would permit them to move towards a goal of increasing the financial expertise on the audit committee without undue consequences of declining stock value or depositor scrutiny for not having one. We ask that the SEC provide at least one reporting year as a transition period from the time that a final rule is published until the first disclosure. This would permit institutions time to search for directors that could qualify as a financial expert and appoint them to the board or identify the qualifications of current board members.
Code of Ethics
The Sarbanes-Oxley Act requires that the SEC issue rules requiring companies subject to the requirements of section 13(a) or 15(d) of the Exchange Act to disclose whether they have adopted a code of ethics for senior financial officers that applies to the company's principal financial officer and controller or principal accounting officer or persons performing similar functions. Companies must also disclose amendments to, and waivers from, the code of ethics relating to any of those officers. If it has not adopted a code of ethics, the company must explain why it has not.
For the purposes of this disclosure, the SEC proposes that "code of ethics" means a codification of standards that are reasonably necessary to deter wrongdoing and to promote honest and ethical conduct, including the handling of actual or apparent conflicts of interest between personal and professional relationships; avoidance of conflicts of interest, including disclosure to an appropriate person of any material transaction or relationship that reasonably could cause a conflict; full, fair, accurate, timely, and understandable disclosure in reports and documents that a company files with the SEC and in other public communications; compliance with applicable laws, rules and regulations; the prompt internal reporting of code violations to an appropriate person; and accountability for adherence to the code.
We agree with the SEC that ethics codes should vary from company to company and that decisions as to the specific provisions of the code, compliance procedures and disciplinary measures for ethical breaches are best left to the company. ICBA does not object to including CEOs among those subject to the code of ethics, as proposed by the SEC. Most community banks already have codes of ethics for directors and officers, and frequently all employees. Insured depository institutions are already governed by regulations that address conflicts of interest and insider transactions. For example, Regulation O restricts the amount and terms of loans from banking institutions to their insiders, including prohibition against preferential lending, prior approval by a bank's board of directors for loans above a certain size, restriction on loans to executive officers and reporting and disclosure requirements on such loans. Bank officers, directors and other related parties may be subject to civil penalties for violations of Regulation O. In addition, bank examiners inquire into bank policies and procedures designed to bring conflicts of interest to the attention of the board of directors when they are asked to approve loans or other transactions in which an officer, director or principal stockholder may be involved. Board minutes are expected to clearly reflect deliberations on any matter involving a potential conflict of interests.
We recommend that smaller companies only be required to disclose annually whether they have a code of ethics, and provide information as to how to obtain a copy of the code as part of its annual report. This disclosure should include the procedures for obtaining a waiver. Requiring only annual disclosure for smaller companies will alleviate much of the regulatory burden attendant to the requirement for periodic reporting of events related to the code of ethics. An annual disclosure of these events for smaller companies should be sufficient. We do have concerns about individual privacy should organizations be required to disclose the identity of individuals who have received waivers along with specific information about why a waiver was needed. We do not see a need to state when the code of ethics was adopted. The key issue is whether or not a company has one, not how long it has been in existence. We suggest that the SEC specify that the disclosures must begin with annual reports beginning December 31, 2003; companies may voluntarily disclose the information prior to that once the final rule is published.
Management's Internal Controls and Procedures for Financial Reporting
The SEC proposes to define "internal controls and procedures for financial reporting" as the controls that pertain to the preparation of financial statements for external purposes that are fairly presented in conformity with generally accepted accounting principles and addressed by the Codification of Statements on Auditing Standards 319 or any superseding definition or other literature that is issued or adopted by the Public Company Accounting Oversight Board. The ICBA views this as an appropriate definition, as Statement 319 has already been adopted by banking regulators.
Section 36 of the Federal Deposit Insurance Act (as added by FDICIA) and the FDIC's implementing regulations (12 CFR Part 36
3) applies to insured depository institutions which have at least $500 million in assets and requires that an institution prepare an annual report containing a statement of management's responsibility for establishing and maintaining an adequate internal control structure and an assessment of the effectiveness of internal controls for financial reporting. The FDIC permits each institution to determine its own standard for an internal control structure and procedures for financial reporting. Any assessment by management should include sufficient information to enable the independent public accountant to separately examine and report on management's assessment. The assessment must include all significant items. Section 36 requires management to assess its own control structure and procedures for compliance with designated laws and regulations. Thus, the banking industry already has requirements regarding management reports established by law.
The SEC states that it is coordinating with the FDIC and other federal banking regulators to eliminate, to the extent possible, any unnecessary duplication between the SEC's proposed internal control report and the FDIC's internal control report requirements. We commend this and strongly urge the SEC to continue its work with the FDIC and the other banking regulators to ensure that the SEC's rules are consistent with the rules established for banking institutions. We particularly urge the SEC to maintain the $500 million threshold for this requirement for depository institutions and their holding companies. The banking industry is already a heavily regulated industry. For over ten years, a law and regulations have been in place to govern the auditing and reporting requirements for insured depository institutions with at least $500 million in assets, some of which are public companies while others are not. With the passage of FDICIA, Congress established a framework to protect public depositors and taxpayers, a framework that has worked well. In addition, all insured depository institutions, regardless of size, must follow a specific set of guidelines for reporting financial information through Call Reports and Thrift Financial Reports. All are subject to regular comprehensive bank examinations (every 12 to 18 months) which includes review of the institution's record keeping; internal control procedures; accounting controls, standards and treatment; external audit; and internal audit, to name a few.
The SEC proposes to amend its rules to require quarterly and annual certifications and quarterly evaluations of internal controls and procedures for financial reporting. The Sarbanes-Oxley Act does not require quarterly evaluations and in our view, a quarterly reporting requirement is overly burdensome. An annual evaluation is adequate as it can address any significant changes during the period covered. Banking institutions are required to make an internal controls assessment annually and we do not see sufficient justification to change the reporting timeframe.
The SEC proposes that its rules for reporting requirements would apply for companies whose fiscal years end on or after September 15, 2003 to give the Public Company Accounting Oversight Board time to adopt standards for attestation engagements as well as for companies and auditors to prepare for the expected increase in workload. We believe that companies will need more time to prepare for this change and suggest that companies be given at least another 6 months beyond the date proposed by the SEC.
The SEC also believes that the effectiveness of changes to certifications by management in a company's annual reports also should be delayed until the company has had the opportunity to perform the comprehensive evaluation of internal controls and procedures for financial reporting contemplated. Management would not need to provide the proposed amended certifications until the first annual report in which the company includes the internal control report that is required. ICBA supports such a delay.
ICBA is concerned that many community banks will not have, and will find it difficult to attract, an independent director for their audit committee that meets the narrow qualifications of a "financial expert" proposed by the SEC, qualifications more stringent than those called for the Sarbanes-Oxley Act. The SEC should not require that a financial expert have all of the proposed qualifications contained in the proposal. We urge the SEC to recognize that smaller community banks and other institutions, particularly those serving smaller communities, will face significant challenges complying with the proposal regarding the definition of financial expert.
Smaller companies should only be required to disclose annually whether they have a code of ethics and provide information about how to obtain a copy. Annual reporting would alleviate much of the reporting burden for these institutions.
We strongly urge the SEC to work closely with the banking regulators to coordinate its internal controls reporting requirements with existing rules promulgated by the banking regulators, including an exemption for depository institutions with less than $500 million in assets. The banking industry is subject to substantial regulatory scrutiny of their auditing and accounting functions. A final rule issued by the SEC should not conflict with those currently in force.
We appreciate the opportunity to comment.