Risk & Compliance

Two Weeks in January

The SEC put much of the Sarbanes-Oxley Act into effect by passing a slew of new rules. Here's what was proposed and what was disposed.
Tim ReasonMarch 1, 2003

Resigning his post as Securities and Exchange Commission chairman on November 5 did nothing to keep Harvey Pitt from being the center of controversy. First, of course, he didn’t leave. Then, two months later, the lame-duck chairman presided over what he described as “the busiest two weeks of rule-making in this agency’s history.” That was the last two weeks in January, during which the SEC wrapped up its six-month race to comply with the Sarbanes-Oxley Act of 2002 by voting on a stack of new — and often controversial — rules (see “Marching Orders” at the end of this article).

Reviews, predictably, have been mixed. Lawmakers have hailed the rules as the capstone on the most groundbreaking corporate reform since the 1934 Securities Act, and praised the SEC staff for its marathon effort. Investor advocates, by contrast, panned the results, claiming that in almost every case, the SEC softened the rules under pressure from special interests — particularly the accounting and legal professions. Some even claim Pitt — who was still waiting to relinquish his chair to incoming commissioner William Donaldson as CFO went to press — held on to his abdicated chairmanship as long as he did to gut the rules in favor of his accounting-industry cronies.

“It’s becoming more and more clear to investors that the Administration kept Pitt in place to get done what the special interests wanted, which was to minimize Sarbanes-Oxley as much as possible,” says former SEC chief accountant Lynn Turner, now an accounting professor at Colorado State University.

In fact, the resulting rules are as mixed as the public reaction. Initially many of the proposals by the SEC staff went further — often much further — than what Congress called for, causing near panic among the accounting and legal professions in particular. Then, after receiving floods of comment letters, the SEC backed off or softened some of its most aggressive stances in the final rules, angering investor advocates.

In the end, it’s safe to say that no one came away unscathed. For public companies, the new rules include a requirement to reveal off-balance-sheet arrangements, strictures on the use of pro forma numbers, trading restrictions during employee blackout periods, and a description of the financial expert, if any, on the audit committee. Mutual funds must now disclose how they vote their proxies. For the accounting industry, the rules contain a slew of auditor-independence and record-retention directives that reflect the disgrace still hanging over the profession in the wake of Enron. And, finally, the commissioners passed rules for attorneys — accompanied by stiff warnings about the moral of the accounting profession’s sorry tale — requiring them to report wrongdoing up the corporate ladder.

To be sure, some rules passed unceremoniously. Those requiring disclosures of off-balance-sheet arrangements in management’s discussion and analysis and a table listing contractual obligations (read: guarantees that could cause a sudden massive drop in liquidity) passed unanimously, in part because the Financial Accounting Standards Board had already addressed special-purpose entities and guarantees after Enron. Likewise, the rules requiring reconciliation of pro forma numbers with generally accepted accounting principles were simply a reprise of guidance that the SEC delivered shortly after Pitt took office. But the controversies surrounding the auditor-independence and attorney-conduct rules promise not to end as implementation begins.

Auditor Independence

The SEC proposed, for example, disclosure requirements for audit fees that were never mentioned in the legislation. A victory for corporate reformers? Hardly, says Barbara Roper, director of investor protection at the Consumer Federation of America, in Pueblo, Colorado, who claims the new definitions of audit and “audit-related” fees actually muddy the distinction that the SEC’s existing rules drew between audit and nonaudit fees. “It was the SEC’s own doing that it was criticized,” says Turner. “The SEC totally ignored comment letters from investors and consumers who stated that this change was a rollback of preexisting rules.”

Roper is even more upset, however, about the rule that allows a company’s audit committee to preapprove, in its written policies, certain nonaudit services. “This is where the SEC did its most serious damage,” she says, arguing that Congress adamantly resisted this preapproval authority when it wrote rules requiring audit committees to individually examine any nonaudit service before allowing the accounting firm to perform it. “The SEC simply undermined that without offering any justification,” she says.

Despite such criticisms, the final rules also contain wins for folks like Roper. Auditors are now completely banned from providing financial-system implementation and internal audits, as well as seven other types of services. That’s “one thing the SEC deserves credit for,” she says, since it could have interpreted the legislation to codify its existing rules, which had a number of exceptions.

Moreover, the SEC added a “cooling-off” period to the auditor rotation requirements. This gave teeth to what Roper considered otherwise a “largely meaningless portion of the legislation” by adding that after the five-year limit on audit work for a particular company, there was a five-year period before auditors could return. However, the SEC’s initial proposal would have applied that to the entire audit team. The final rule applies it only to the lead and concurring partners, with a seven-years-on, two-years-off requirement for lesser members of the audit team. Roper, of course, would have preferred to see mandatory rotation of audit firms–something the SEC did not suggest.

Attorney Conduct

One controversial rule the commission did suggest — the “noisy withdrawal” proposal, which would have required attorneys who are unable to stop an ongoing fraud to resign and inform the SEC — was tabled for further review.

In the commission’s opinion, Sarbanes-Oxley’s “reporting up” requirement (which, with some modifications, the SEC did pass) — obligating lawyers to report corporate misconduct “up the ladder” to the audit committee or the board if management wouldn’t correct the problem — did not go far enough. But the overwhelming objection to the added “reporting out” proposal, noted in almost all of the 171 comment letters received by the SEC, was that it violated attorney-client confidentiality.

That concern was shared by CFOs. “It did seem to me to be troubling to erode attorney-client privilege,” notes CFO Harlan Plumley of Burlington, Massachusetts-based Lightbridge Inc., who says the SEC’s apparent retreat “struck me as a good thing.” Adds CFO Stephen Giusto of Costa Mesa, California-based Resources Connection Inc., “I would say lawyers and investment bankers have traditionally gotten off a lot easier than the accountants have, and certainly they share in the blame for some of these screw-ups. But you are going down a very slippery slope if you start to chip away at the attorney-client privilege.”

Not everyone felt that privilege should be so inviolate, however. “Is there any reason to treat lawyers differently from the auditors and accountants when fraud is involved?” asked commissioner Harvey Goldschmid during the SEC’s open meeting on January 23. “To me, the absolute emphasis [of the legal profession] on confidentiality is incomprehensibly out of balance.”

Perhaps in part to avoid such criticism, many lawyers had noted that the proposed rules would also conflict with or preempt state laws: 9 states and the District of Columbia prohibit attorneys from revealing confidential client information, even to prevent the client from committing fraud (37 other states allow such an action, and 4 require it). “The primary problem is the SEC is trying to propose a uniform federal rule on an area that is currently the purview of the states,” says attorney Fred Baumann of Denver-based Rothgerber, Johnson & Lyons LLP. “The issue here is whether Congress gave the SEC permission to do this.”

However, the SEC staff and Pitt himself dismissed both the state preemption question and criticism of their go-slow approach during the open meeting. “There has been some suggestion that by not adopting what we put out, the commission is cutting back on protections for investors. I find these suggestions to be offensive and in any event completely wrong,” said Pitt during the meeting. “I reject the suggestion of some that we didn’t have authority to do everything we proposed, but more significantly, because the issue is one that is significant, it makes sense to have more time to consider it. That is not a withdrawal. That to me is the essence of responsible government.”

The noisy withdrawal requirement is probably now a dead letter, although the SEC will likely revisit it late this month. In its place, however, is an alternative, apparently devised and favored by Pitt, that still requires attorneys to resign, but shifts the responsibility for informing the SEC to the company, which would have to report the resignation in an 8K report, much as it now must do when it changes auditors. That alternative seemed to have wide support, at least among the commissioners. “I frankly think this is one of those rare compromises that essentially solves all [the concerns] of the various interests,” said commissioner Roel C. Campos.

Mutual Fund Disclosure

The broad wording of the Sarbanes-Oxley Act meant that section 302 — requiring CEO and CFO certification — as well as other sections covering disclosures regarding financial experts and codes of ethics, applied not only to public companies but also to managed investment companies, such as mutual funds. The SEC voted on rules that specifically applied these requirements to mutual funds. It also included a rule of its own, not mentioned in the act, requiring mutual funds and other managed investment companies to disclose how they vote their proxies. This was an issue that Pitt had championed from his first day on the job, and it won him rare praise from both his critics and corporate-governance hawks, for whom proxy-voting disclosure has long been a cause célèbre.

“In thinking about these recommendations,” Pitt noted in his opening remarks at the January 23 meeting, “I start from the fundamental and unassailable proposition that mutual fund securities are held for the benefit of individuals who own mutual fund shares.” Yet this was also the only vote that was not unanimous among the commissioners. Paul S. Atkins voted nay, dismissing 7,000 of the 8,000 comment letters received as form letters and noting that funds often have to “beg and plead” just to get fund-holders to return proxy statements. “We are subjecting funds to significant costs and additional burdens,” he warned, “at a time when fund-holders are concerned with only one thing: returns.”

Throughout the two weeks, the chairman’s last stand was classic Pitt: the new rules had something in them to upset just about everyone. But while few would dispute Pitt’s record of political clumsiness, the adversarial relationship that has developed between investors and corporate management runs deeper than the legacy of one SEC official. The question now is whether corporations, accountants, lawyers, and mutual funds will have time to digest these rules and regain investor trust through their actions, or whether these rules will be the source of more violations that undermine that trust.

Tim Reason a senior writer at CFO.

Marching Orders

How the SEC chose to implement the Sarbanes-Oxley Act.
Sources: CFO; Securities and Exchange Commission

  Final rules Notable Changes or Issues
Public Companies MD&A must detail off-balance-sheet deals. SEC revised its initial definition of “off-balance-sheet” to target unconsolidated off-balance-sheet entities.
Pro forma numbers must be reconciled to GAAP. To track compliance, earnings releases must be filed as 8K.
Directors and executives may not trade stock during pension-plan blackouts.  
Must disclose if audit committee has financial expert and if not, why not. SEC expanded definition of “financial expert” to ensure non-CPAs can qualify.
Must disclose whether there is code of ethics for CEO, CFO, controller, and others. If so, code must be publicly available; if not, must explain why.  
Attorneys Must report material violations “up the ladder.” “Noisy withdrawal” rule vote delayed 60 days. Proposed alternative: companies must report attorney resignation.
Auditors Work papers and other records, including differences of professional opinion, must be retained for seven years. SEC chose longer of two retention periods mentioned in the act, but language about retention of all documents that “cast doubt” was removed from final rule.
Nine services banned: bookkeeping, financial-system work, appraisals, actuarial work, internal audit, management or HR work, investment-adviser work, legal services, and other advocacy-related services. SEC banned services outright, rather than codifying its own existing rules, which included exceptions.
Allowed nonaudit services must be approved by audit committee. SEC rule allows audit committee to preapprove certain services in written policies.
Fees paid to auditors for services must be disclosed in annual report. This rule devised by SEC, not Sarbanes-Oxley, but critics say new definitions of audit-related services weaken existing SEC auditor-independence rules.
Lead and concurring audit partners must rotate out after five years and remain out for five years. Others on team may have seven years on, two years off. SEC’s addition of a cooling-off period gives rotation more bite, although initial rule required entire team to rotate. Smaller firms (less than five clients and 10 partners) are exempt, but subject to PCAOB review every three years.
Audit-team members must take a year off before going to work for former clients. Auditors lose independent status if this ban is violated. Critics say one year is too short to be effective.
Investment Management Firms (mutual funds) and advisers Fund CEOs and CFOs must certify shareholder reports and disclose whether they have code of ethics and financial expert on audit committee. The SEC concluded that periodic statements of mutual funds are subject to the same certification and disclosure rules as companies.
Funds must file proxy-voting record with SEC and disclose proxy-voting policies and procedures. Both may be made available on the Web or on request. Required by the SEC, not the act, but passed during the marathon rule-making session. To lessen compliance costs, the SEC did not require regular mailings.