New York State Bar Association
One Elk Street
Albany, NY 12207
Business Law Section
Committee on Securities Regulation
November 27, 2002
Securities and Exchange Commission
450 Fifth Street, N.W.
Washington, D.C. 20549
E-mail address: firstname.lastname@example.org
Attention: Jonathan G. Katz, Secretary
Re: File No. S7-40-02
Disclosure Required by Sections 404, 406 and 407 of the Sarbanes-Oxley Act of 2002
Release Nos. 33-8138; 34-46701; IC-25775
Ladies and Gentlemen:
The Committee on Securities Regulation (the "Committee") of the Business Law Section of the New York State Bar Association appreciates the invitation in Release No. 33-8138 (the "Release") to comment on proposed disclosure requirements intended to implement Sections 404, 406 and 407 of the Sarbanes-Oxley Act of 2002 which require rulemaking by the Commission. The Release also proposes amendments to the recently adopted rules on officer certification adopted by the Commission to implement Section 302 of Sarbanes-Oxley.
The Committee is composed of members of the New York Bar, a principal part of whose practice is in securities regulation. The Committee includes lawyers in private practice and in corporation law departments. A draft of this letter was reviewed at a meeting of the Committee, and the views expressed in this letter are generally consistent with those of the majority of members who reviewed and commented on the letter in draft form. The views set forth in this letter, however, are those of the Committee and do not necessarily reflect the views of the organizations with which its members are associated, the New York State Bar Association, or its Business Law Section.
A. Summary of Comments
The Committee supports the Commission's objectives to implement the corporate disclosure and financial reporting reforms of the Sarbanes-Oxley Act in a manner that will strengthen investor confidence. We generally support the proposed new disclosures and reports provided that certain important modifications recommended in this letter are made.
We have recommended changes that will more fully effectuate the overall goals of Sarbanes-Oxley by increasing the financial expertise available to audit committees, focusing code of ethics disclosures on material matters, and avoiding costly quarterly assessments of internal controls and procedures for financial reporting.
We believe that the Commission has not adopted the best approach in defining "financial expert" for purposes of the proposed disclosure about financial experts serving on a company's audit committee. We urge the Commission to broaden the definition of financial expert to encompass a broad range of relevant financial and accounting experience. This will enlarge the pool of available experts and increase the likelihood that companies will avail themselves of such expertise on their audit committees. We recommend a number of specific changes to accomplish this. We also urge the Commission to provide a one-year transition period, and respond to the requests for comment in the Release on a number of other issues.
We have no objections to the proposed disclosures on code of ethics provided that reporting of waivers is limited to material waivers. We also request the Commission to provide that including website addresses in annual reports in order use Internet reporting of code waivers and amendments does not incorporate website content by reference. Finally, this rulemaking should be limited to annual report disclosures and to the principal executive officer and senior financial officers.
In addition, we urge the Commission to require the assessment and report on the effectiveness of internal controls and procedures for financial reporting only on an annual basis. Expanding the assessments and reports to a quarterly basis would be costly and require that annual audit procedures be performed on a quarterly basis. Finally, the effectiveness of the proposed rules should be delayed until attestation standards are issued or adopted by the Public Company Accounting Oversight Board ("PCAOB").
B. Proposed Disclosure about Financial Experts Serving on a Company's Audit Committee (Sarbanes-Oxley Section 407)
The proposed rules would require a company to disclose in its annual report on Form 10-K whether there is a "financial expert", as defined in the rules, on its audit committee, and to disclose the number and names of any such financial experts. The Commission has taken a much more restrictive view of what would be an acceptable level of financial expertise than the current requirements for financial experience on audit committees. For example, NYSE listing standards require that at least one member of the audit committee have "accounting or related financial management expertise," but leave the level of expertise to the judgment of the board of directors. NASDAQ and the AMEX have a requirement for general finance or accounting experience, and provide a broad range of experience that would qualify.
The Commission recognized that "it is possible that a person who has previously qualified as a financial expert under the broader guidelines included in the rules of the self-regulatory organizations may not have sufficient expertise and experience to be considered a financial expert under our proposed rules." We believe that many companies that presently meet the NYSE, NASDAQ or AMEX requirements do not have a director on their audit committee who would qualify as a "financial expert" under the proposed definition.
1. The Commission has not adopted the best approach available and should broaden the definition of financial expert in order to improve corporate governance and effectuate the overall objectives of Sarbanes-Oxley.
The attributes regarding a financial expert set forth in Section 407, taken together, in effect refer to a professional accountant. However, although Section 407 directs the Commission to consider those attributes in defining "financial expert," it does not mandate that the definition requires all or any of those attributes. In addition, 407 does not preclude a definition based on other factors. Thus, the Commission has alternate approaches available in defining financial expert. For example, it could require experience gained as a professional accountant, leave the determination of an acceptable level of expertise to the judgment of the board of directors, or provide guidance on a range of experience and qualifications for the board to consider in determining an acceptable level of expertise. The Commission adopted the first, and most restrictive, approach.
The proposed definition of "financial expert" could be read to require (i) an accountant with (ii) experience preparing or auditing financial statements of a (iii) publicly reporting company, probably in the (iv) same industry as the company. While particular individuals with those attributes may make excellent audit committee members, the board would have no leeway or flexibility to consider other individuals regardless of the other experience and qualifications those individuals might bring to the audit committee.
Although Section 407 and the proposed rule are couched in terms of disclosure, and do not require that a company have a "financial expert," this type of disclosure may have the same effect as substantive regulation. This is because companies will have a strong incentive to take what is perceived to be a desired action in order to avoid an unfavorable disclosure and possible adverse consequences. However, in this case, by in effect restricting the means of compliance to engaging currently or formerly practicing accountants as directors, the rule would tend to force companies into actions that do not serve the best interests of investors or the companies.
The far preferable approach, and one that would best serve the objectives of the statute and the public interest, would be to define "financial expert" to encompass a broad range of relevant financial and accounting experience and qualifications. We urge the Commission to broaden the definition of "financial expert." As the Commission noted in the Release, a financial expert, by reason of his or her financial sophistication or expertise, can serve as a resource for the audit committee in carrying out its functions. The manifest purpose of Section 407 of Sarbanes-Oxley is to encourage audit committees to avail themselves of such resources.
However, we expect that many companies will have great difficulty identifying persons who (i) come within this very narrow definition, (ii) are willing to accept an inevitably heightened liability exposure, at a compensation level acceptable to the company, and (iii) at least as important, meet the company's own other criteria for board membership. We fear that the narrow definition will make it more common, and therefore more "acceptable," not to have a "financial expert" on the audit committee. A broader definition of "financial expert" - which the statute clearly permits - would lead to more appointments of persons with financial and accounting experience, and thus a greater increase in the expertise available to audit committees, which would better serve the statutory purpose.
We urge the Commission to modify proposed Item 309 of Regulation S-K (and each of the other comparable proposed provisions) to broaden the definition of "financial expert," and provide the board with discretion to consider alternative experience in making a determination in its business judgment of whether an audit committee member is a "financial expert." In that connection, we recommend that the Commission make the following specific modifications to proposed Item 309 (and other comparable provisions).
Experience as a chief executive officer should qualify for being a financial expert. The position of CEO should be added to the other positions whose experience qualifies to be a financial expert, listed in the first paragraph of Instruction 1 to Item 309. The Commission's own actions treat CEOs as having financial expertise. For example, the rules implementing Section 302 of Sarbanes-Oxley require CEOs to sign quarterly and annual certifications requiring far more financial expertise than Congress required under that Section of the Act. The resulting filings and certifications also lead investors to assume CEOs have that financial expertise. In addition, the Commission added CEOs to the senior financial officers specified in Section 406 of Sarbanes-Oxley that are subject to the code of ethics rules proposed in the Release as new Item 406 of Regulation S-K. It is inconsistent to treat CEOs as financially sophisticated for Sections 302 and 406 and then find them not qualified to be an expert under Section 407. Finally, as a matter of good policy, the pool of available experts (particularly those with broad experience making them good directors for purposes in addition to the audit committee) is far too small to justify the exclusion of CEOs.
Clauses b., c., and d. of instruction 1 should not be mandatory; the board should be permitted to consider other experience. We believe clauses b., c., and d. should be modified in a manner to increase the pool of available experts with broad experience, which should encourage more companies to avail themselves of such expertise for their audit committees. Instructions 1 and 4 should permit a finding of financial expertise based on other experience, notwithstanding a failure to satisfy clause b (experience with comparable accounting principles), clause c (experience preparing or auditing comparable financial statements), or clause d. (experience with internal controls and financial reporting procedures). In such a case, the board should have a reasonable alternative basis for determining, in its business judgment, that the director in question has a level of understanding in accounting, financial reporting, audits and internal controls for effective oversight by the audit committee of the company's accounting and financial reporting processes and audits of its financial statements.
Experience reviewing or analyzing financial statements should qualify. The Commission specifically requested comment on whether experience reviewing or analyzing financial statements should be sufficient to qualify as a financial expert for a person who does not have the direct experience preparing or auditing financial statements specified in clause c. We believe the answer is emphatically yes. Sophisticated financial analysts, bankers, chief executive officers, money managers, professional investors and other professionals can clearly provide useful financial expertise to many companies' audit committees, and a broader definition would encourage their use.
The board should be permitted to consider experience with non-reporting companies. While experience with many private companies may not be similar to that required for public companies, that is not always the case. Experience with a non-reporting company should not be automatically excluded. Instead, the first paragraph of Instruction 1 should provide the board with discretion to determine whether the experience with a private company in a particular case was similar to that required for a public company. For example, working at many private companies -- including those preparing for an initial public offering, or that formerly were reporting companies, or that are owned by private equity firms or other professional investors -- will frequently provide financial and accounting experience quite similar to that obtained at reporting companies.
Experience should not have to be with accounting estimates, accruals and reserves "generally comparable" to those of the company. Eliminate the requirement in clause b. that the experience be with "generally comparable" estimates, accruals and reserves. It should be sufficient that the director in question has general experience with the judgmental processes and disciplines applied in making accounting estimates, accruals and reserves. Such experience, even from a different industry context, will provide valuable perspective to audit committee deliberations. Moreover, for competitive and antitrust reasons, companies are typically reluctant - and indeed may be prohibited - from adding directors affiliated with companies in the same industry. In such cases, the only director candidates meeting the clause b. requirement may be retired or for other reasons inactive, which could unduly limit the pool of persons available to serve.
Experience should not be limited to accounting principles "generally comparable" to those of the company. Clause c. should not be limited to experience with accounting issues "generally comparable" to those of the registrant. The board in such a case should have the discretion to determine in its business judgement whether a director has an understanding from experience with other accounting issues of the accounting issues raised by the company's financial statements. This should provide companies somewhat greater leeway in determining that a prospective director qualifies as a financial expert, which we believe, for the reasons discussed above, will encourage a greater overall increase in the financial expertise actually added to audit committees.
Supervising or overseeing the preparation of financial statements, and subsidiary, divisional or business unit financial statements should qualify. A sentence should be added to clause c. clarifying that, depending on the particular circumstances, "preparing" financial statements may encompass supervising their preparation; and that the financial statements in question may be subsidiary, divisional or other business unit statements. Similarly, the first paragraph of Instruction 1 should provide that, depending on the circumstances, senior managers overseeing the preparation of financial statements may be in a position involving the performance of functions similar to those of a principal financial officer, controller or principal accounting officer.
The board should be permitted to consider experience with non-reporting companies in clause d. of Instruction 3. For the reasons discussed above in connection with the first paragraph of Instruction 1, the board should be permitted to consider under clause d. of Instruction 3, experience with a company that was not at the time a reporting company under the Exchange Act
Experience with a subsidiary, division or business unit should be considered as a factor in Instruction 3. Add whether the person has experience, as a supervisor or manager, assessing financial reporting by a subsidiary, division or business unit, or overseeing the preparation of financial information for inclusion in published financial statements, as a factor to be considered in Instruction 3 of Item 309.
Redundant clauses should be combined or deleted in Instruction 3. Redundant clauses in Instruction 3 should be eliminated in order to focus the board or nominating committee making the determinations on the essential factors. For example, clauses b. and c. regarding professional certifications can be combined as b. is largely a subset of c., and clause g. experience with financial statements can be eliminated as merely duplicative of other clauses.
Retaining outside consultants or other experts to provide financial expertise. In addition, to further encourage audit committees to avail themselves of financial expertise, we would expand upon the requirement to explain why an audit committee does not have a financial expert, contained in the last sentence of Item 309. Companies in that position should be required to disclose, if applicable, that the audit committee has retained consultants or other experts, or taken other steps (and describing them) to obtain the benefits of financial expertise. The availability of such consultants or other experts could provide a resource comparable to that of a "financial expert."
2. Individual liability under state and federal law; definition of "expert" under the Securities Act.
The Commission, for the avoidance of any doubt, should add specific language to Item 309 (and each of the other comparable provisions), or to the instructions for Item 309, to the effect that a "financial expert" is not, by reason of that designation, an "expert" for purposes of the Securities Act.
In addition, although the Commission asserted in the Release that "mere designation of the financial expert should not impose a higher degree of individual responsibility or obligation," we think that may likely be the effect under state corporations law. Moreover, the high standards set by the Commission in the proposed definition could make it more likely that a director identified as a financial expert would be held to a higher degree of liability as an expert under state law. In any event, we believe that the Commission should express its intention that designation as a financial expert not increase a director's liability under state law, while recognizing that such state law consequences are ultimately within the purview of state courts and legislatures. The Commission is, however, responsible for the Securities Acts, and should therefore clarify in the rules themselves the intended liability consequences of this new required disclosure.
Disclosure of independence is appropriate. It would be appropriate to require disclosure of whether the financial experts are independent, although for listed companies that may become a requirement generally for audit committee members. Companies not listed on a national securities exchange or NASDAQ, however, may still have non-independent audit committee members, and the relative sophistication of independent and non-independent members would clearly be of interest to investors. We would not, however, incorporate the independence requirement into the definition of "financial expert," as this might discourage unlisted companies from adding some - albeit non-independent - financial expertise whenever they determine they cannot or will not obtain an independent financial expert.
The rules should permit either the board or the nominating committee to determine expertise. It would be appropriate for either the full board or the nominating committee to make the determination of whether audit committee members qualify as financial experts. The choice should left to the board of each company, with a requirement to disclose which body will make the determination.
Disclosure should be required in the proxy statement with incorporation by reference in the annual report. We believe that the Item 309 disclosure should be included in annual meeting proxy statements and in Form S-1 and F-1 registration statements under the Securities Act (but not in short-form registration statements), as such information is related to other governance matters addressed in those filings. Disclosure in quarterly reports or current reports on Form 8-K should not be required. Because we believe that the disclosure more appropriately belongs in the proxy statement, the rules should permit incorporation by reference in the annual reports in the same manner as other information in Part III of Form 10-K can be incorporated by reference from the proxy statement.
We urge that the Commission provide for a one-year transition period before the disclosure requirements become effective. This is necessary to provide companies who choose to do so an opportunity to conduct what we expect to be in many cases a most challenging search for suitable board members who also qualify as financial experts.
C. Code of Ethics Disclosure (Sarbanes-Oxley Section 406)
The proposed disclosures would expand Section 406 by applying the requirements to the principal executive officer as well as the senior financial officers, requiring that the code be filed as an exhibit, and adding to the code requirements provisions regarding internal reporting of violations, accountability, and avoidance of conflicts of interest including disclosure to an appropriate person of matters that reasonably could give rise to such a conflict. Those additions are consistent with good corporate governance, and it can be expected that most public companies will have codes in effect that satisfy the proposed requirements. Also, we agree with the approach of the Commission in leaving to each individual company the ability to fashion the exact wording and procedures of its code. We do, however, have some comments on the waiver reporting provisions and the specific requests for comments.
Companies would be required to report waivers of the code, "including an implicit waiver," within two business days. The Release requests comments on whether the requirement should be modified to ensure that "de facto, post hoc" waivers after the occurrence of a violation are reported. We believe that the proposed language is sufficient to cover cases where a violation is acceded to without sanction, but we urge the Commission to limit reporting to material waivers. This would facilitate the administration of code provisions in close cases of interpretation or accountability, and would also encourage officers to seek interpretations in uncertain areas and self-report inadvertent or unintentional violations.
2. The Commission should expressly provide that references to websites do not incorporate website information by reference.
Sarbanes-Oxley 406 specifically provides for Internet reporting of amendments and waivers as an alternative to filing with the Commission. The proposed rules would require companies that elect to report amendments and waivers on their websites to provide their website addresses in their annual reports on Form 10-K. However, because the issue of incorporation by reference where a company provides a website address in a filing with the Commission has been raised in various other contexts, the same question could arise here.
The Commission addressed this issue recently in connection with requiring disclosure of website access to Exchange Act reports in a company's annual report on Form 10-K. There, the adopting release provided that inclusion of a company's website to met that requirement would not, by itself, include or incorporate by reference the information on the site into the filing, unless the company otherwise acted to incorporate the information by reference (Release Nos. 33-8128; 34-46464, September 5, 2002, p. 23). The Commission should provide the same protection here where Commission rules would similarly require inclusion of a company's website address in its Form 10-K reports.
3. The rules should be limited to disclosure in the 10-K annual report, and to the principal executive officer and senior financial officers.
The annual disclosure in Form 10-K, as proposed, together with the immediate disclosure of amendments and waivers (which should be limited to material waivers), will insure that current information about the code of ethics is available. Consequently, there is no need to also require redundant disclosure in quarterly reports, proxy statements, and other reports and registration statements under the Securities Act or Exchange Act.
The Release requests comment on whether the code of ethics should be expanded to cover other ethical principles, and whether the rules should cover directors and other officers. NYSE and NASDAQ proposals regarding the content of codes of conduct covering all employees as well as directors and all officers are currently pending before the Commission. Those proposals were made in response to the Commission's initiative for corporate governance and listing standards reform. Consideration of other code of conduct provisions and coverage of directors and other officers properly belongs in that proceeding, and does not belong within the very specific rulemaking directed by Sarbanes-Oxley 406.
4. Mandatory disclosure of website address by all reporting companies should be considered separately from this rulemaking.
The Commission has previously considered the use of the Internet for delivery of documents and furnishing of information and conducting securities offerings, and associated issues such as incorporation of web site information and issuer liability for web site content. For example, the Commission raised many of these issues in SEC Interpretation: Use of Electronic Media, Release Nos. 33-7856, 34-42728, April 28, 2000. The Commission also summarized its efforts to encourage the use of electronic media in proposing the website disclosure of access to Exchange Act reports, Release No. 33-8089; 34-45741, April 12, 2002, pp. 13-15, and notes 25 and 68-77.
We applaud the efforts of the Commission to encourage use of electronic means to further the objectives of the Securities Acts and increase the availability of information to investors. The Release asked for comment on whether to require all reporting companies to disclose their website addresses, for example on the front cover of all Exchange Act reports, proxy statements, and Exchange Act and Securities Act registration statements. That question should be considered in the context of the issues discussed above, including incorporation by reference and issuer liability for web site content, and not in this narrow rulemaking directed by Sarbanes-Oxley on a different subject. Our Committee would be happy to work with the Staff in developing practical and efficient procedures to further take advantage of the use of electronic media consistent with the objectives of the Securities Acts.
D. Management's Internal Controls and Procedures for Financial Reporting (Sarbanes-Oxley Section 404)
The Commission proposes to require a report on an assessment by management of the effectiveness of a company's internal controls and procedures for financial reporting ("internal controls and procedures") in annual reports on Form 10-K, as required by Section 404 of Sarbanes-Oxley. Section 404 also requires an annual attestation by the independent auditor of the assessment made by management of the internal controls and procedures. The Commission would expand the statutory provisions by requiring that the auditor's attestation be included in the annual report and, more significantly, by requiring an assessment of the internal controls and procedures and a related report by management on a quarterly basis in addition to the annual requirement.
We believe that the requirement for a quarterly assessment of the internal controls and procedures is unreasonable and would impose a burden in excess of the limited, if any, incremental value of quarterly assessments.
1. The Commission should not require assessment and reporting of the effectiveness of internal controls and procedures on a quarterly basis.
The current proposal constitutes a substantial and costly extension beyond the quarterly officer certification recently required under Exchange Act rules 13a-14 and 15d-14 implementing Section 302 of Sarbanes-Oxley. Under those rules, the specified officers must certify that the annual or quarterly report indicates whether or not there have been significant changes to the company's internal controls, including any corrective action with respect to significant deficiencies and material weaknesses, since their last evaluation. New Item 307 of S-K similarly requires the company to disclose in annual or quarterly reports whether there have been such changes.
However, these existing rules do not require a full blown internal controls and procedures audit or assessment, or any evaluation at all, on either a quarterly or annual basis by the company or the certifying officers. This should be contrasted with the disclosure controls and procedures, defined in those new rules, which do require an evaluation on an annual and a quarterly basis.
The reasons given in the Release for the proposed quarterly assessment is to provide a basis for the quarterly report on whether there have been any significant changes in the internal controls and procedures, and for "symmetry" between the requirements for disclosure controls and procedures and internal controls and procedures. However, our understanding is that an assessment is not necessary in order to report significant changes that may have been made. Furthermore, the significant difference between disclosure controls and procedures and internal controls and procedures calls for different treatment.
There is a substantial difference in nature between the newly defined disclosure controls and procedures, which companies are presently developing or documenting, and the extensive, long-standing internal controls and procedures and assessment procedures, which are the subject of auditing and accounting literature and guidelines over a number of years. In fact, the Commission recognized that the requirement for an attestation report on the company's annual assessment of the internal controls and procedures must await the establishment of attestation standards by the new PCAOB.
In contrast to the officers' evaluation of disclosure controls and procedures, the requirement that management report on an annual basis its assessment of the design and operation of internal controls and procedures runs parallel to the customary work of company auditors with respect to annual audits. Typically, the auditors as part of their annual audit engagement assess the company's internal controls and procedures and identify weaknesses and deficiencies. The auditor would then bring identified weaknesses and deficiencies to the attention of management and the company's audit committee in the form of a "management letter."
Moreover, in a customary auditor's engagement letter, auditors commit to report directly to management and the audit committee as to matters coming to the auditors' attention during the course of their audit work that they believe are significant deficiencies in the design and operation of internal controls and procedures within the accounting literature such as AU Section 391. Section 404 represents a sharp departure in responsibility for the assessment of internal controls and procedures from the typically contractual arrangement of annual assessments by auditors to management.
Management and the certifying officers will, however, have the benefit of the audit process and assessment in conducting their own assessment and making their reports and certifications on an annual basis. That would not be the case for a quarterly assessment. Imposing a new quarterly assessment (and certification) requirement would require the equivalent of annual audit processes to be undertaken by the reporting officers in the context of quarterly financial statements as to which the auditors themselves are not conducting audits. This is an unreasonable requirement, particularly for the CEO and CFO who have certification liability exposure.
Accordingly, we urge the Commission to require the assessment and report on the effectiveness of internal controls only on an annual basis.
2. The effectiveness of the proposed rules should be delayed until attestation standards are issued or adopted by the PCAOB.
The Release requests comments on whether the effectiveness of the proposed rules should be deferred until attestation standards are issued or adopted by the PCAOB. The rules should not be effective until the attestation standards are issued or adopted by the PCAOB. Section 404(b) itself requires that the auditor's attestation be made in accordance with standards issued or adopted by the PCAOB. In addition, Section 103(a)(2)(A)(iii) of Sarbanes-Oxley is a companion section to 404, and requires the PCAOB to adopt auditing standards regarding the auditor's testing of the internal controls and procedures required by Section 404(b). Accordingly, compliance with the new rules should not be required until the applicable standards are in place.
We hope the Commission finds these comments helpful. We would be happy to meet with the Staff to discuss these comments further.
COMMITTEE ON SECURITIES REGULATION
By___Gerald S. Backman
GERALD S. BACKMAN
CHAIRMAN OF THE COMMITTEE
Michael J. Holliday, Chair
Paul D. Brusiloff
Robert E. Buckholz
Edward H. Cohen
David A. Garbus
Richard E. Gutman
The Honorable Harvey L. Pitt, Chairman
The Honorable Paul S. Atkins, Commissioner
The Honorable Roel C. Campos, Commissioner
The Honorable Cynthia A. Glassman, Commissioner
The Honorable Harvey J. Goldschmid, Commissioner
Alan L. Beller, Esq., Director of Division of Corporation Finance
Giovanni P. Prezioso, Esq., General Counsel