Confidential Communication Services, LLC

January 29, 2003

The Honorable Jonathan G. Katz, Secretary
U.S. Securities and Exchange Commission
450 Fifth Street, NW
Washington, D.C. 20549-0609

Dear Mr. Katz:

Re: Comments by Confidential Communications Services, LLC
on Proposed Exchange Act Rule 10A-3 (b) (3)
Regarding Complaint Handling (File No. S7-02-03)

This letter is Confidential Communications Services, LLC's (CCS') response to the Commission's request for comments with respect to proposed Exchange Act Rule 10A-3 (EAR 10A-3); and more specifically proposed Part 240.10A-3 (b) (3) Complaints. We thank the Commissioners for this opportunity to add our voice to their deliberations on this matter.

The writers are the officers of CCS, a company that was previously in business to offer confidential complaint handling services specifically in compliance with Sarbanes-Oxley Section 301(4), the portion of the Sarbanes-Oxley Act that generated the need for proposed Part 240.10A-3 (b) (3) Complaints in the first place. Although (and in some respects because) Confidential Communications Services, LLC is no longer in the complaint handling services business, we believe that we are able to add a focused but balanced perspective concerning the multiple needs of Listed Issuers' Audit Committees, Listed Issuers employees and the ever-multiplying universe of complaint-handling outsourcing providers.

SEC Silence is Not Helpful

With respect to the proposed EAR 10A-3 (b) (3) regarding Complaints, we note that, with the exception of substituting "must" for "shall" and modifying the word "issuer" with "listed", it adds - literally - not one word to the single sentence Congress passed as the original Sarbanes-Oxley Act, Section 301(4). Readers of the proposed language are left with the distinct impression that the Commission prefers not to provide even the minimally needed guidance to Listed Issuers, despite the enormous amount of attention given to the events that precipitated its inclusion in the Sarbanes-Oxley Act in the first place.

In setting the rules to implement Section 301 of Sarbanes-Oxley, the SEC has, in our view, two key responsibilities: (1) to provide specific guidance sufficient to implement the mandates set forth by Congress in the Sarbanes-Oxley Act, and (2) to improve the efficiency of the United States' capital markets by generally strengthening the effectiveness of corporate governance among the Listed Issuers on the U.S. Exchanges and Associations. With respect to the Complaints portion of the proposed Rule EAR 10A-3, neither of these responsibilities appears to have been fulfilled. The result is that Issuers are left to their own judgment, with no guidance from the SEC, to determine what does or does not constitute compliance with the Complaint Handling mandate of Sarbanes-Oxley Section 301(4).

Business organizations and commentators, ranging from The Conference Board, to the American Bar Association's Task Force on Corporate Responsibility, to The Economist, to the NYSE and NASD, have all endorsed the concept of safeguarded employee reporting to the Board of Directors as a key mechanism to help forestall abuses of the scale and magnitude such as we have experienced over the past two years. And though the approaches suggested by each organization vary somewhat in their sentiments and specifics, there is a clear general consensus for implementing such mechanisms. And Congress has mandated such mechanisms in Sarbanes-Oxley Section 301(4). Why then did the SEC chose to provide no guidance for implementing such mechanisms beyond the original single sentence comprising Section 301(4)?

When one considers the rather stiff economic, civil and criminal penalties that can result from noncompliance and/or acts (possibly even unintended acts) that might be interpreted as retribution, this lack of guidance from the SEC can only, and most kindly, be viewed as a well-meant, unintended, but serious deficiency in the proposed EAR 10A-3 (b) (3).

On behalf of the approximately 7,250 affected Listed Issuers, we respectfully suggest that the SEC revisit proposed EAR 10A-3 (b) (3) with the purpose of providing at least some minimally assistive guidance for Listed Issuers.

Even Performance Standards Need Definition

In the commentary accompanying proposed EAR 10A-3, the SEC generally drew a clear and appropriate distinction between "performance standards" on the one hand and "procedural standards" or "design standards" on the other. This approach is particularly helpful to smaller organizations that may not have the economic wherewithal to implement overly prescriptive procedures to comply with any area of the law. And as long as the Rule's performance standards (outcomes) are met, then we agree that it is best to leave it to the creativity of individual companies to determine how best to meet those performance standards.

However, while fully acknowledging the important distinction between these differing types of standards, even the staunchest non-interventionist must similarly acknowledge that there is an enormous gap between "performance standards" and "no standards at all".

One can debate the likely efficacy of any proposed performance standard. That is, at least in part, the purpose of a Comments process. But to argue that no standards constitute the best performance that can be accomplished is essentially to argue that the SEC need not exist at all; at least with respect to the matter of Complaint Handling. Presuming that such was not the intention of the Commission, we will address the most obvious areas where we believe that some/any definition of performance standard outcomes will be of assistance to Listed Issuers, complaint handling outsourcing providers and the investing Public alike.

The SEC is in a unique position to add significantly to the financial security of the Listed Issuer community, their employee base and ultimately the Shareholding community by providing more definitive guidance in the area of Complaint Handling. And it can do so merely by clarifying its performance standards. It is not necessary to be prescriptive to the degree of procedural or design standards. Instead it is only necessary to provide the obvious next level of specific guidance as to what outcome constitutes conformance with (a) the "anonymous" performance standard, (b) the definitional standard of "complaints" and "concerns", and (c) the proper "receipt, retention and treatment" of "complaints".

For the reader's guidance, we have organized the balance of our comments into the following sections:

  • Anonymity: Definition and Implementation

  • Complaints vs. Concerns (Communications) and Retention Periods

  • Costs, Benefits and Safe Harbor

  • Whistleblowers: a Valuable, if Disdained, Part of Internal Controls

  • An Impetus Toward Transparency

  • Response to Specific Questions

  • In Conclusion

Anonymity: Definition and Implementation

Issue Review: Anonymity Defined

We begin with the "anonymous" requirement of proposed EAR 10A-3 (b) (3). As the proposed standard stands, the only "performance standard" is the single sentence of Section 301(4) of the Sarbanes-Oxley Act itself:

"COMPLAINTS - Each audit committee shall establish procedures for -

    (A) the receipt, retention and treatment of complaints received by the issuer regarding accounting, internal accounting controls, or auditing matters; and

    (B) the confidential, anonymous submission by employees of the issuer of concerns regarding questionable accounting or auditing matters."

Thus we must turn to the dictionary for further guidance. There we are left with the basic definition of "anonymous" as "not named or identified" (Merriam-Webster Dictionary).

How then should Listed Issuers implement "anonymous"? Will it mean that no one in the company can know who filed the complaint? Or will it mean that only a few, trusted individuals in the company may know who filed the complaint? And should that group be limited to Independent Directors, or the Audit Committee and/or its Chairman, or might it include senior management employees such as the General Counsel or the CEO?

If the standard is held to "no one in the Company", then how should such a performance standard be met? Is it acceptable to attempt anonymity within the confines of the company itself or should external Complaint Channels be engaged? And in either case, what should be the Channels' specific outcome standards of anonymity and nondisclosure?

If the standard is set as "only a few, trusted individuals in the company", then who should those trusted individuals be? And what should be the performance standard that will apply to those trusted individuals' actions to determine if anonymity is being maintained or violated?

CCS Position: Anonymity Defined

This is a crucial definitional matter. Based on the higher profile cases of the past two years, it would appear that Congress more likely than not intended "anonymous" to mean that no one in the company, including the Board Members and the Audit Committee, should know the identity of the complainant(s). This lack of a source upon which to focus the attention of an investigation will free the Audit Committee to concentrate on the substance of the complaint/allegation. Accordingly, we propose that the standard for anonymity be defined as providing complaint channels such that no one in the Issuer organization can become aware of the identity of the complainant solely by virtue of the complainant's use of the channel; nor solely by virtue of any identifying content in the complaint text received by the Audit Committee (e.g., gender, position, location, etc.).

Issue Review: Anonymity Implemented

Regarding implementation of truly anonymous complaint channels, there may exist mechanisms to file fully anonymous complaints that can be administered from within the company; but such an approach usually carries the risk of "leakage", and the attendant exposure to litigation and penalties that could result. This is a matter of some potential import to all Listed Issuers, especially in light of the litigious actions of the Securities Plaintiff's Bar over the past few years.

CCS Position: Anonymity Implemented

The simple reality is that true anonymity is best ensured, enforced and protected via the use of external complaint channels, procedurally or contractually protected from any company inquiries as to the identity of the complainant(s). The use of external channels can be accomplished in at least two ways. One way is for the Audit Committee to set up and administer its own complaint channels function, independent of other in-house communication channels. The other way is to engage the services of an outsourcing agency for such complaint channels.

Both approaches to external complaint channels are capable of providing the necessary protection to employees while simultaneously supporting the Audit Committee in meeting its obligations under Sarbanes-Oxley 301(4) and EAR 10A-3. The Audit Committee administered approach is probably most effective for larger Issuers whereas smaller Issuers might be better served by using an outsourcing service. These services are not costly. Small Issuers can avail themselves of such a service for an annual cost that is about the same as the cost of one out-of-town Director's travel expenses for a single Audit Committee meeting.

We do not recommend that the SEC mandate the use of outsourcers or any other particular form of procedural compliance. As long as the outcome-based definition of the performance standard is clear, we agree with the proposition that the Listed Issuers themselves should determine how best to meet the standards.

Complaints vs. Concerns (Communications) and Retention Periods

Issue Review

The Sarbanes-Oxley Act mandates that each Audit Committee establish procedures for (a) "complaint" handling, and (b) submission by employees of "concerns". A question logically arises as to whether all employee "concerns" rise to the level of "complaints" and therefore must follow established procedures regarding their "receipt, retention and treatment". Or can the Audit Committee simply establish procedures for anonymously submitting employee "concerns", but then choose not to act on those "concerns" on the premise that they do not qualify as "complaints"?

A related question arises with respect to dealing with non-employee "complaints". If the anonymous channels for employee submission of concerns are functioning properly, then it will be difficult, if not impossible, to independently determine whether a "concern" received through an anonymous channel might actually have originated with a non-employee and therefore be covered by the "complaint" procedures. Is the Audit Committee then free to presume that all "concerns" received via the anonymous channels originated with employees and thus do not rise to the same level of "receipt, retention and treatment" as do "complaints"?

Finally, there is the issue of who constitutes an "employee" for purposes of the proposed EAR 10A-3 (b) (3). Does it cover all employees of the Issuer worldwide, whether domiciled in the United States or elsewhere? And does it include full or part-time independent contractors and/or their employees? After all, many financially sensitive functions ranging from accounting to internal auditing to manufacturing to sales representation to inventory warehousing and management are outsourced by major public companies. And business history is full of financial finagling that makes use of business partners for its execution.

CCS Position

In the interest of simplicity, standardization and clarity, therefore, we propose that any communication regarding "accounting, internal accounting controls or auditing matters" that reaches the Audit Committee, whether from the mandated anonymous employee channels or from other direct or indirect channels - and regardless of known, presumed, or unknown source - be treated as though it is a "complaint" under the EAR 10A-3 (b) (3). This will then require that in all cases the Audit Committee follow its prescribed procedures for "The receipt, retention and treatment of complaints received..." if the subject matter meets the test.

We also propose that all employees, including part-time, full-time and contract employees, be covered by the "anonymous channels" portion of the EAR 10A-3 (b) (3). A member of any of these groups may find themselves in possession of information that would be of interest to the Audit Committee as part of its oversight duties and so should be able to access anonymous channels to submit such information to the Audit Committee as "concerns" without incurring personal risk.

Finally, we propose that "treatment" include both the investigative actions and the disposition of the "complaint"; and that all records concerning such "treatment" of "complaints" be retained for seven (7) years from the date of closure of the "disposition" as defined by the Audit Committee's procedures. This recommendation of seven (7) years is to conform with the Commission's direction to independent auditing firms in its recently issued Final Rule: Retention of Records Relevant to Audits and Reviews. And we further recommend that the records to be retained should include hard copies of all correspondence and e-mails, including the hard copy original "complaint" as received by the Audit Committee (but not necessarily the electronic originals if so submitted).

While our proposed approach may seem a bit onerous at first glance, it has the virtue of treating all covered communications and parties within the company exactly the same. This frees the Audit Committee to concentrate on standardizing its procedures for dealing with any communications that meet the subject matter test and relieves the Audit Committee (and Corporate Counsel) from endlessly deliberating on each communication individually to decide into which category it may fall and what to treatment it must be subjected. After an initial period of gaining familiarity with its new procedures, it seems logical that the Audit Committee's processes will become somewhat standardized and will be executed in an effective manner with a minimum of unnecessary work.

Cost, Benefits and Safe Harbor

Issue Review

There is wide agreement that taking employee "whistleblowers" seriously could have forestalled (if not wholly prevented) some of the larger financial debacles we have just witnessed (see Time Magazine's "Persons of the Year" dated December 30, 2002, Business Week's "Year of the Whistleblower" dated December 16, 2002, and The Conference Board's Commission on Public Trust and Private Enterprise's Findings and Recommendations regarding Audit and Accounting dated January 9, 2003). Additionally, there is the perception among senior executives worldwide that "Cultural and managerial hostility to whistleblowing on dubious practices" is - by a margin of 51% to 34% over the next leading cause - the leading "barrier to the implementation of proper corporate governance policies within companies" (Economist Intelligence Unit online survey, July 2002). Accordingly, it seems almost negligent not to address this matter more fully at precisely the time, and with precisely the tools, that Congress clearly intended: the SEC's Rulemaking authority.

Yes, there are costs to a more definitive performance standard, but they are truly infinitesimal compared to the risks that are implied by not addressing the matter more fully. For if the SEC does not speak more clearly on this matter, then it is certain that the Plaintiff's Bar will do so as they locate, and perhaps even encourage, employees who are willing to file Complaints and then seek the first opportunity to allege "retribution" when some employment matter or another does not subsequently go their way. The resulting litigation will be at least as nettlesome as dealing with the matters the employee alleges via truly anonymous complaint channels and follow up by the Audit Committee. And providing such mechanisms may well help the company in defending itself from specious allegations down the road.

CCS Position

In order to minimize at least the most specious litigation that might flow from Section 301(4), it would actually be helpful for the SEC to be somewhat more prescriptive and therein to provide Listed Issuers with a Safe Harbor based on their the use of external complaint handling channels, at least with respect to compliance with Sarbanes-Oxley Section 301(4). This will not protect companies that proactively seek complainants' identities via other channels. Nor will it shield companies from the liability and responsibility that accompanies intentional acts of retribution. But it may help companies avoid situations in which they are alleged to have committed acts of retribution when in fact they have fully complied with SEC Safe Harbor requirements and undertook no attempts to identify anonymous Complainants whose identities, if known at all, were known only to an independent external office or agent that took appropriate actions to safeguard that identity.

Whistleblowers: a Valuable, if Disdained, Part of Internal Controls

Issue Review

The need for such additional guidance under EAR 10A-3 (b) (3) is manifest in the outcomes seen by those "whistleblowers" who have already come to light. Not only did their Boards fail to exercise the kind of due diligence necessary to prevent, or at least rectify, massive economic dislocations affecting tens of thousands of employees and shareholders, the individual whistleblowers themselves have almost uniformly been ruined to a greater or lesser degree.

In the case of Ms. Christine Casey at Mattel, for example, neither the NYSE nor the SEC has been particularly helpful in defending her whistleblowing actions, nor protecting her from the obvious retribution that flowed from her efforts to take a complaint to the Board of Directors. (See for a more complete recounting of the story.)

And per the Conference Board's Commission on Public Trust and Private Enterprise, in its January 9, 2003 "Findings and Recommendations" regarding Audit and Accounting, it cited a study by Rothschild and Miethe, published in the February, 1999 issue of Work and Occupations that "of 300 whistle-blowers interviewed, 69% said they had lost their jobs or were forced to retire as a result." Yet, in that same report, The Conference Board's Commission posits, "Corporations should work to support responsible behavior and build environments in which employees take the initiative to address misconduct rather waiting until after the damage is done." This prescription comes from a Commission composed almost exclusively of senior corporate executives, senior business professionals, and senior governmental officials; and co-chaired by the Treasury Secretary nominee. This is not a radical group.

Opponents of the anonymous Complaint handling provisions typically argue that such provisions will encourage employees, for a wide variety of inappropriate reasons, to allege misbehavior where none exists; and with the result being a blizzard of unmerited matters that the Audit Committee will have to pursue.

The motivations of a Complainant employee may range from altruistic to vengeful to pecuniary. But that is not the issue. The issue is whether the employee is reporting a matter that is appropriate for the Audit Committee to investigate and resolve. If so, they have done the company a service. And if not, then the company is no more poorly served than in any number of other wasted resource expenditures, including off-target marketing campaigns, cancelled new product initiatives and misconceived mergers. Additionally, the mere effort by the Audit Committee sends a clear message that they are "on the job", thus warning away potential inappropriate behavior before it ever gets started.

CCS Position

"Whistleblowing" is an unfortunate appellation associated with the refereeing function in sporting events. But in reality, notwithstanding the events of the past two years, financial accounting and reporting should not be viewed as a sporting event. The filing of an employee "concern" should be viewed for what it is: the logical first enforcement step that makes effective any Listed Issuer's Code of Ethics.

It is both unfortunate, and a measure of our collective conflicted views in this area, that anonymous reporting channels are necessary at all among our publicly-listed companies. Most managements are sufficiently trustworthy to correct faulty practices on their own. But they are also human and often are unable to contain the impulse to keep their problems as private as possible by "shooting the messenger".

Despite the best intentions of most managements, recent events clearly demonstrate that "the high road" does not work in many cases. The result has been large-scale business failures and the need to subject everyone else to more stringent enforcement mechanisms. Nevertheless, the point of anonymous reporting channels should not be to encourage employees to "rat" on their fellows or their management, but rather to provide incentive for everyone to behave themselves in the first place. That is the challenge to the Audit Committee as the overseer of the anonymous reporting channels.

The Audit Committee needs the extended "eyes and ears" of the employee community in order to help make its accounting oversight effective and well focused. So while the varied motives of "whistleblowers" may sometimes be suspect, the end result is that they can provide valuable information to Audit Committees. And in that sense the emphasis from the Audit Committee should be on anonymous channels as part of the Listed Issuer's system of Internal Accounting Controls rather than on the identity or motives of the whistleblowers themselves.

CCS suggests that the anonymous channels should in fact be regarded and treated by the Audit Committee, the auditing firms community and the SEC as part of any Listed Issuer's system of Internal Accounting Controls and dealt with accordingly. This should include inclusion of anonymous channels in the Audit procedures when deemed appropriate by the Listed Issuer's Audit Committee and auditing firm.

An Impetus Toward Transparency

Issue Review

Now let us turn to a potential for positive impact that is carried within the content of Sarbanes-Oxley Section 301(4), but has gone almost universally unnoticed. That positive impact has to do with the enhancement of financial reporting transparency.

Simply put, the more that a company scrutinizes its practices through the vehicle of Employee/Audit Committee collaboration, the more likely that it will gravitate toward practices that are so obviously appropriate and straightforward in their execution, that over time there becomes less and less territory for allegations of inappropriate behavior on any scale that is necessary for the Audit Committee to expend significant resources pursuing.

In other words, to use an analogy, in those neighborhoods where there is a significant police presence, crime - and the opportunity for crime - will likely drop. In time there will be less need for a significant presence because the local culture and circumstances will make crime much less likely to be perpetrated in the first place. Yes, the cost of the police department is a little higher in better neighborhoods. But the outcome is most often thought to be well worth it by most residents, even if it does cramp their style once in a while when they are speeding or throw a loud party.

A corollary benefit to this individual Issuer process of higher policing and an improved corporate accounting culture is likely to be greater financial reporting transparency across the entire corporate community. Just as communities that have a culture of good individual civic behavior tend to be the best places to live, a community of companies that have cultures of highly transparent self-policing practices is likely to result in a much more efficient market than one where the community culture is to look for advantage in applying the GAAP reporting rules rather than encouraging proper behavior at the lowest element of the company, the individual employee.

CCS Position

With the performance standard of transparency in mind, we respond to the Commission's query concerning the disclosure of procedures with a definitive "yes". We believe that the Commission should mandate disclosure of the basic procedures that an Issuer's Audit Committee uses to comply with EAR 10A-3 (b) (3), whether those procedures are in-sourced or outsourced. This disclosure should be made annually in both the Issuer's 10-K filing and in any separate publicly issued Annual Report document as part of the Note to the Financial Statements covering the "Summary of Significant Accounting Policies".

The purpose of using GAAP in the filings of Listed Issuers is to organize, summarize, standardize and report the financial results of Issuers in a manner that enhances the investing public's comprehension of the true financial position and results of the Issuer, both as an standalone entity and when compared to other Issuers. As a matter of principle it should not be possible to gain competitive advantage through a company's choice of accounting principles nor its execution of its accounting practices. And although the crises of the past two years would seem to belie that principle, clearly the purpose of Sarbanes-Oxley is to restore that principle as much as possible. The mechanisms we have suggested will contribute significantly to that restoration.

With the benefits of that improvement in mind, we would also propose that the complaint handling portion of EAR 10A-3 is capable of being implemented in relatively short order because it is not dependent on the annual cycle of Director nominations for its execution. Therefore we propose that EAR 10A-3 (b) (3) become operative six (6) months after publication of the final Rules in the federal Register rather than one (1) year after publication.

Response to Specific Questions

The SEC asked a series of specific questions with regard to EAR 10A-3 (b) (3). Following is Confidential Communication Services' responses to those questions.

  • Do most listed issuers have procedures for the receipt, retention and treatment of complaints or for the confidential, anonymous submission by employees of concerns regarding questionable accounting or auditing matters?

We are not aware of any definitive study or publication encompassing data sufficient to answer this question. However, based on our business experience, we believe that many, but not most, companies have written policies specifying how employees should handle ethical concerns that they may have in any arena including financial practices. These written policies usually specify procedures for submitting those concerns to management. However, in most cases these procedures do not provide for full anonymity even though they may profess to provide "confidentiality".

  • If so, how do these procedures work?

In most cases these procedures specify that an employee report his/her concerns either to their direct supervisor or to a company Human Resources representative. Treatment beyond that initial reporting is seldom well defined.

  • Are they effective in their purpose?

Generally these procedures are moderately effective in their purpose of calling matters to the attention of someone within the management ranks of the company. However, these procedures are generally wholly ineffective at stopping or limiting practices that have been initiated or are condoned by management.

  • Should the proposed rule require a company to disclose the procedures that have been established or any changes to those procedures?

  • If so, where and how often should the disclosure appear and what should it look like?

Yes, the procedures currently in force should be disclosed once per year in the company's Annual Report and 10-K filing as part of the "Summary of Significant Accounting Policies" footnote.

  • Should specified procedures be prescribed or encouraged?

Specific procedures should not be prescribed, but prescribed outcomes (performance standards) should be specified with respect to definition of "anonymity", definition of "complaints", definition of "employees", definition of "treatment" and provision of a compliance Safe Harbor. Please see the foregoing Sections of this letter entitled: "Anonymity", "Complaints vs. Concerns (Communications) and Retention Periods" and "Costs, Benefits and Safe Harbor".

Additionally, the entire anonymous reporting channels mechanism within a Listed Issuer, however implemented, should be considered as part of the overall system of Internal Accounting Controls of the Listed issuer and treated as such by the Audit Committee, the Listed Issuer's audit firm and the SEC.

  • For example, should we specify how long complaints must be retained?

Yes. We recommend that records be kept for seven (7) years from the date a complaint is "closed" or "disposed of".

  • Should we specify who could or could not be designated by the Audit Committee for the receipt and treatment of complaints?

Yes, but only within the context of defining "anonymity" as noted above.

  • Is the proposed date for when the SRO rules must be operative appropriate for companies that must comply with the new standards?

Yes, with the exception of EAR 10A-3 (b) (3) which we believe should go into effect sooner than the remainder of EAR 10A-3.

  • If not, what date would be appropriate and what factors should we consider in setting any such date?

We believe that the complaint handling portion of EAR 10A-3 is capable of being implemented in relatively short order because it is not dependent on the annual cycle of Director nominations for its execution. Therefore we propose that EAR 10A-3 (b) (3) become operative six (6) months after publication of the final Rules in the federal Register rather than one (1) year after publication.

In Conclusion

The complaint handling provisions to be embodied in EAR 10A-3 (b) (3) may appear to be a very small matter in comparison to the more immediately vexing matters of Director independence, split CEO and Chairmanship proposals, generally increased Audit Committee responsibilities (and potential liabilities), increased disclosure, attestation and reporting requirements; and numerous other dimensions of Sarbanes-Oxley, specifically, and increased corporate governance generally. But the single thread running through all of the crises that have led us to this moment is that somebody inside of the company knew what was going on well before any of these crises reached the epic proportions we have seen. If one or more of those "somebodies" had had access to the truly anonymous complaint handling channels that Congress has mandated, and if the Audit Committee had treated those complaints with the diligence that they are now mandated to accord such Complaints, it is entirely possible that some, if not most, of the crises might have been averted.

Yes, accurate reporting would have resulted in far lower share prices in the open market than actually occurred. But on the other hand, those companies might well still be solvent, albeit at a much diminished market capitalization from their high point during the run-up. Perhaps one or two CEO's would have lost their job for nonperformance, rather making tens or hundreds of millions of dollars while most of their employees lost their jobs. But that is not too high a price to pay for accurate and transparent reporting.

If the entire point of GAAP, GAAS and Disclosure Rules is to standardize and make more clear a company's financial performance and position, then the SEC needs to encourage and enlist all interested parties - including employees - in the application and enforcement of these Practices, Standards and Rules. The end goal should be true transparency, thus forcing the competitive struggle back into business strategy, financial management and operational execution; and away from the more arcane machinations of accounting engineering.

* * * * *

Over time the market will sort out the most appropriate mechanisms and procedures to address the ills that have befallen the corporate community over the past few years. A combination of litigation, D&O insurance requirements, peer pressure and the judgment of the market as manifested in share prices and access to capital will force all but the most miscreant companies into better standards of behavior.

But while the market works its inexorable long-run discipline on the majority community of well-behaved companies, Sarbanes-Oxley and the SEC have a role to play in bringing necessary short-term reform to the corporate environment of the United States today and thus setting the directional stage for the long run market processes. Specifying what will constitute "performance" in terms of anonymous channels and complaint-handling procedures under Sarbanes-Oxley Section 301(4) is part of that role. We ask that the SEC not abdicate that role as entirely as seems to be implied by a proposed EAR 10A-3 (b) (3) that has not one meaningful word of guidance to add to the single sentence contained in the original law.

The disconnect between sentiment (for more effective employee access to the Audit Committee) and reality (corporate environments that at the least discourage, and too often punish, such actions) could not be more clear. It's in the hands of the SEC to provide leadership in this area because, while many other organizations agree with the need, and most people agree that it's the right thing to do, only the SEC is in a position to enforce what everyone else seems to say should be done.

The business community is waiting to see if the SEC will exercise it leadership. To do anything less than provide positive guidance will be to abdicate the Commission's responsibilities and will signal a clear sidestep of the Congressional mandate in this area. But by providing such leadership and guidance, the Commission will be able to mold the direction and magnitude of this next logical step toward improved corporate governance in a positive, forthright and beneficially effective way.

Respectfully Submitted,

Thomas J. Duvall, Chairman and CEO (858) 759-9772
Howard L. Niden, President and COO (773) 324-7746

Confidential Communication Services, LLC
Chicago, IL | San Diego, CA