Speech by SEC Commissioner:
Remarks before the Conference on Listed Companies and Legislators in Dialogue Danish Ministry of Economic and Business Affairs
Commissioner Cynthia A. Glassman
U.S. Securities and Exchange Commission
November 17, 2005
SEC Initiatives Affecting Foreign Issuers
Good morning. I very much appreciate the invitation from the Danish Ministry of Economic and Business Affairs to participate in today's conference. I am delighted and honored to be invited to your beautiful (and chilly) country, and I appreciate the opportunity to meet with colleagues on this side of the Atlantic. Before I go any further, let me state that the views I express here this morning are my own, and not necessarily those of the Commission or its staff.
Despite that disclaimer, I would like to assure you of the Commission's commitment to the US-EU Financial Markets Regulatory Dialogue ("Dialogue"). Begun in 2002, the Dialogue is the most active of the many ongoing dialogues among international financial regulators and government entities. Members of the Dialogue include the U.S. Treasury Department, the Federal Reserve, the SEC and the European Commission. The Dialogue provides a cooperative forum in which we can address regulatory concerns of mutual interest and, to the extent possible, ease the implementation of regulations affecting issuers and intermediaries operating on both sides of the Atlantic.
Last month, I met with a group of German companies and bankers in Berlin, and - just the other day - I had the privilege of meeting with Swedish companies as well as officials from the Financial Supervisory Authority of Sweden. Hearing firsthand about the challenges listed companies face in doing business in multiple jurisdictions, and being able to discuss these issues with fellow regulators face-to-face is invaluable. Dialogue and continuing cooperation among EU and U.S. regulators is surely the best way to deal with significant issues of mutual interest. So again, I thank you for the opportunity to be here today.
One of the issues that comes up frequently at home and abroad relates to the burdens that certain of the provisions of the Sarbanes-Oxley Act of 2002 impose on public companies. While there are clearly areas in which we need to consider modification, I believe that overall Sarbanes-Oxley has been instrumental in raising standards of corporate behavior and restoring investor confidence. I'd like to begin my remarks by giving you some background.
Sarbanes-Oxley was enacted in response to financial frauds at Enron, WorldCom and other corporations, and the realization that many of the "gatekeepers" responsible for preventing fraud had fallen down on the job. Congress determined that dramatic steps were needed to right the system and restore investor confidence. Congress directed the SEC to adopt rules to increase the accountability of CEOs and CFOs, improve the quality of financial reporting and raise professional, legal and ethical standards for the gatekeepers of our financial system, including analysts, auditors, audit committees, boards of directors and attorneys. Congress also directed the creation of the Public Company Accounting Oversight Board ("PCAOB") to enhance auditor oversight.
In response to the Congressional mandate, the Commission went forward with certain rule changes already underway, including the acceleration of the filing dates for periodic reports for certain issuers and additions to the events requiring the filing of a current report on Form 8-K. We also adopted numerous new rules. We required CEO certification of quarterly and annual reports and more timely disclosure of personal securities trading by corporate insiders. We required heightened standards of auditor independence, the disclosure of off-balance sheet arrangements, and the inclusion of a reconciliation to U.S. GAAP for earnings releases and other pro forma financial information. At the same time, the New York Stock Exchange and Nasdaq amended their listing criteria to prohibit the listing of the securities of any issuer not in compliance with Sarbanes-Oxley requirements for a fully independent audit committee that is responsible for approving the hiring and compensation of auditors and establishing "whistleblower" procedures for complaints pertaining to financial matters. Last, but not least, the Commission adopted rules requiring securities lawyers to report evidence of fraudulent corporate conduct "up the ladder" to the chief legal or chief executive officer of the corporation and, if necessary, to the board of directors.
Before they became effective, we learned that some of the rules presented conflicts with the laws and regulations governing capital markets in EU member countries. As a result of the insightful comment letters from the foreign community, public roundtable discussions at the Commission and the PCAOB, and continuing dialogue among U.S. and EU financial regulators, we made certain accommodations for foreign issuers and their auditors. We provided an exemption for certain foreign banks from the prohibition on loans to company insiders, comparable to the exemption available to U.S. banks, and a safe harbor for disclosures of non-GAAP financial measures made outside the United States. We clarified that an audit committee's financial expert could gain his or her expertise by demonstrating an understanding of the issuer's home country GAAP, rather than U.S. GAAP. We permitted non-management employees to serve as audit committee members, consistent with "co-determination" and similar requirements in Germany and other countries, and also permitted alternative structures -- such as statutory auditors or boards of auditors -- where these structures are provided for under local law.
Foreign audit firms were provided additional time to register with the PCAOB, and the PCAOB agreed to rely on the inspection and investigative regimes of the firm's home country to the extent possible. In addition, certain non-U.S. attorneys were excluded from the new professional conduct rules for lawyers.
With two or so years' of experience under the new Sarbanes-Oxley rules, we are now in a position to better assess the rules' overall effectiveness. Many of the rules have achieved positive results, even if they are hard to quantify. There is no doubt in my mind, for example, that the CEO and CFO certification requirements have been effective. Corporate governance has improved, with corporate boards becoming more focused on their oversight role. Directors are devoting more time and effort to their board responsibilities, and individuals with relevant business or financial expertise are increasingly sought out for board positions. Moreover, an independent regulatory structure for auditors has the potential to improve audit and auditor standards.
At the same time, our experience under the new rules has given us a clearer picture of some of the unintended consequences of the rules. Of all the Sarbanes-Oxley provisions, U.S. issuers have been most vocal in their criticisms of Section 404, which requires company management to assess and publicly report on the effectiveness of the company's internal controls. The PCAOB's Audit Standard No. 2 imposes the additional requirement that auditors not only publicly attest to management's assessment, but also provide a separate opinion on the effectiveness of the internal controls. While the purpose of Section 404 -- to help make sure that company financial statements are reliable and materially accurate -- is laudable, there has been widespread criticism of the undue burdens and costs of implementation.
The Commission held a public roundtable in April of this year to obtain feedback on the first year of Section 404 implementation.1 The discussion at the roundtable among investors, officers and directors of public companies, both large and small, and auditors left little doubt that the assessment of internal controls has effectively shifted from management to the auditors. What was intended to be a top-down, risk-based management exercise has become a bottom-up, non-risk-based process with an apparent focus on controls for controls' sake.
After the roundtable, the Commission and the PCAOB issued statements intended to get the 404 compliance process back on track.2 The statements urged management and auditors to bring reasoned judgment and a risk-based approach to the process. A prescriptive, one size fits all approach is not only not required, but it is not effective. I was hopeful that the joint SEC-PCAOB message would re-focus U.S. companies and their auditors on a more appropriate approach to 404 in the second year of compliance, but that remains to be seen. I'm still hearing stories of auditors identifying over 40,000 key controls and, while significant reductions in auditors' fees were projected at the time of the roundtable, recent anecdotal reports suggest that such fee reductions have not yet materialized.
We have twice extended the Section 404 compliance date for larger foreign issuers to the current date of fiscal years ending on or after July 15, 2006. In addition, we have extended the compliance date for smaller issues, both foreign and domestic (those with less than a $75 million worldwide public float), by an additional year to July 15, 2007. Given the difficulties that many U.S. issuers have experienced in complying with Section 404, and the significant expenditure of resources required, it was clear that non-U.S. issuers would need additional time to comply with the internal controls requirements. Moreover, since many EU companies were for the first time in 2005 preparing consolidated financial statements in accordance with International Financial Reporting Standards ("IFRS"), we did not want to impose significant internal controls requirements at the same time.
An additional consideration with respect to delay on 404 for smaller issuers is that we are expecting recommendations for possible modifications to 404 implementation from the Commission's Advisory Committee on Smaller Public Companies.3 Smaller companies, domestic and foreign, face a greater challenge in implementing the internal control requirements. With fewer employees and resources, less formal and documented controls and procedures and, in many instances, a skeletal internal audit function, smaller companies face additional hurdles in complying with 404. Recognizing these problems, and taking into account the proposed internal control framework for smaller companies recently issued for comment by the Committee of Sponsoring Organizations of the Treadway Commission and the anticipated recommendations from our Advisory Committee, it seemed sensible to delay the 404 compliance date for smaller companies. Smaller companies can benefit from 404, and we want them to continue to improve their preparedness. The Commission saw no need, however, to have them work towards compliance with requirements that may change.
To sum up, I believe in the purpose of Section 404 to establish and maintain effective internal controls that enable reliable financial statements. I remain concerned, however, about the unintended, and unnecessary, costs associated with Section 404. If we do not see a meaningful refocus and a downward trend in implementation costs, I believe that the Commission and the PCAOB should consider ways of making the 404 process more effective and less burdensome, including possibly revisiting the requirements of PCAOB's Audit Standard No. 2. Moreover, I expect to be receptive to recommendations for modification of the 404 process for smaller issuers, domestic and foreign.
No speech to an international audience would be complete without a reference to the goal of international convergence of accounting standards. Since October 2002, the Financial Accounting Standards Board, the standard setter for U.S. GAAP, and the International Accounting Standards Board, the standard setter for IFRS, have been engaged in a project to converge U.S. GAAP and IFRS. I support the goals of this project, and was pleased to see a first draft of a joint standard on business combinations published in June.4 Although there will undoubtedly be transition issues, having one standard will be more efficient for issuers and more useful for investors.
Reconciliation is the other critical issue on the international front. As you well know, the Commission requires companies that use IFRS to reconcile their financial statements to U.S. GAAP in their filings with us. Don Nicolaisen, the Commission's former Chief Accountant, proposed a "roadmap" to achieving the acceptance of IFRS in the U.S. without reconciliation. Under the roadmap, consistent interpretation, application and enforcement of IFRS around the world is a prerequisite to the Commission's consideration of eliminating the reconciliation requirement. Our staff has already begun a survey, but because IFRS is being implemented in many countries for the first time this year, the analysis is in its infancy. The staff will continue, however, to pursue the roadmap towards the elimination of the reconciliation requirement as quickly as possible.
Finally, I'd like to give you an update on some other Commission initiatives. First, deregistration. Some foreign issuers have indicated that they may forgo registering with, or seek to de-register from, the SEC rather than undertake the compliance burdens associated with Sarbanes-Oxley, primarily internal controls burdens, and cope with the highly litigious environment in the United States. Our rules generally require issuers to continue to meet their reporting requirements so long as they have more than 300 U.S. resident shareholders. Among the criticisms of the current regulatory regime is that the 300 holder requirement, adopted in 1968 when there was much less cross-border investment activity, is not a threshold that is reflective of today's global investing environment. Some have suggested that a standard based on the percentage of ownership in the United States, or public float in the United States, or trading volume in the United States, would be more appropriate, together with procedures that would protect U.S. shareholders following deregistration.
At the urging of the foreign issuer community, our staff has taken a fresh look at the deregistration process and plans to make a recommendation to the Commission in the next few weeks. I believe the criticisms are valid, and am hopeful that the staff will address them adequately in its upcoming recommendation.
Another issue I would like to mention is the status of SEC action on credit rating agencies. Originally used in connection with the SEC's net capital rule, the term "NRSRO" (the acronym for a nationally recognized statistical rating organization) has spread into other Commission rules as well as the rules and regulations of many other governmental agencies, domestic and foreign. Ratings of NRSROs have been used as a proxy for determinations of liquidity and creditworthiness. Over the years, the Commission's staff has granted requests from credit rating agencies for NRSRO status based on an analysis of whether the agency has "national recognition" and meets certain other criteria. Beyond the designation of NRSRO status, however, which is staff action, as opposed to Commission action, the Commission's authority to conduct substantive regulation of NRSROs is limited by the absence of express legislative authority.
Earlier this year, the Commission proposed a definition of the term "NRSRO" intended to make the NRSRO designation process more transparent. At the same time, the NRSROs continue to develop a voluntary framework, largely consistent, I understand, with the IOSCO Code of Conduct, under which they would consent to a limited form of SEC oversight. There has also been some Congressional interest in regulating credit rating agencies. Draft legislation was introduced this summer that would give the Commission authority to regulate credit rating agencies, but there have been no further developments on the bill. While I cannot predict how events may unfold, I can assure you that issues relating to the oversight of credit rating agencies are of critical importance to the Commission, and I know that they are equally important in the EU.
To conclude, to combat fraud in public companies, the SEC has imposed heightened corporate governance, disclosure and audit standards and taken tough enforcement action when companies have failed to adhere to these standards. The vast majority of public companies operate their businesses in conformity with high ethical standards. They follow the rules not only because they are concerned about the reputational risk of an enforcement action, but because it is just good business practice. However, the corporate scandals at home and abroad have focused companies' and investors' attention on corporate conduct as never before, and increased pressure on regulators to prevent future fraud.
In the post-Enron world, a key international concept is cooperation. The IOSCO Multilateral Memorandum of Understanding adopted in 2002 has increased the exchange of information and investigative and enforcement assistance among its many signatories, and the US-EU Dialogue provides a forum for discussions on regulatory issues. As we cross borders, we encounter different cultures, histories, legal regimes, regulatory philosophies and economies. As a U.S. regulator, I believe strongly that we must be committed to finding the best way to resolve cross-border issues, not necessarily the "U.S. way." I think we all realize -- the Commission and our counterparts around the world - that cooperation through information-sharing and continued dialogue is the best way to combat fraud and achieve efficient global markets.
Thank you very much, and I would be happy to take your questions.