New investor protection legislation requires non-US companies with securities registered in the US to act immediately, says Sandra G Blundetto.

The Sarbanes-Oxley Act of 2002 signed by the President of the US at the end of July 2002 has major, immediate ramifications for certain foreign companies. The Act contains a number of sweeping reforms affecting directors' and officers' liability, public company disclosures, audit committees and auditors, and is intended to address inadequacies in laws that were revealed by the recent spate of corporate bankruptcies and to bolster public confidence in corporate governance. It applies to all companies that are required to file periodic reports with the Securities and Exchange Commission (SEC). While many provisions of the Act were effective immediately, others will become effective soon, either on a specific date or when the SEC or accounting oversight board adopt rules which they must do by prescribed deadlines.

Many of the new requirements apply to non-US companies that have securities listed on the New York Stock Exchange, NASDAQ or other US exchanges, and to other non-US companies that previously registered debt or equity offerings in the US. In addition to the statutory requirements, many companies which are not specifically covered by the Act may, nevertheless, decide to comply voluntarily with the Act to inspire investor confidence.

Two new CEO/CFO certification requirements
The Act requires CEOs and CFOs of companies whose securities are registered in the US to provide on an ongoing basis two separate certifications with respect to periodic reports filed with the SEC. The first new certification requirement (the `Criminal Certification' contained in Section 906 of the Act) became effective immediately upon enactment of the Act and imposes criminal penalties. The second new certification requirement (the `Civil Certification' created by Section 302 of the Act) is subject to civil enforcement by the SEC and became effective at the end of 2002, upon rulemaking by the SEC.

The two new certification requirements under the Act are separate and apart from, and are required in addition to, the certification requirement set out in the SEC order issued on 27 June 2002 which required CEOs and CFOs of 947 large public companies to file a one-time certification with the SEC regarding the accuracy of their companies' SEC filings.

The `Criminal Certification' requires that each periodic report (not just annual or quarterly reports) containing financial statements filed with the SEC is accompanied by a written statement by the CEO and CFO certifying that the report:

  • fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange Act of 1934; and

  • fairly presents, in all material respects, the financial condition and results of the operations of the issuer.
  • A person who `knowingly' signs an untrue certificate is subject to a fine of up to $1m or imprisonment of up to ten years, or both. A person who `willfully' (that is, with an intent to violate the law) certifies a false periodic report is subject to a fine of up to $5m or imprisonment of up to 20 years, or both. The officer may not limit his liability, for example by certifying `to the best of my knowledge' the report complies. The officer may be held criminally liable, however, only if he or she signed the certification knowing that the report did not comply.

    While some non-US companies are taking the position that the Criminal Certification requirements do not apply to interim financial statement reports on Form 6-K because they are `made' and not deemed `filed' for liability purposes under Section 18 of the Exchange Act, it is important to note that the certification requirements set forth in Section 906 of the Act apply to each periodic report containing financial statements filed by an issuer with the SEC pursuant to Section 13(a) (including Form 6-K) or 15(d) of the Securities Exchange Act of 1934. Many non-US companies are filing financial statements on Form 6-K with the Criminal Certification until clarification is made.

    The Civil Certification provisions would, subject to SEC rulemaking, require the CEO and CFO to certify in each annual and quarterly report filed with the SEC that, among other things:

  • the signing officer has reviewed the report;

  • based on his or her knowledge, the report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements not misleading; and

  • based on his or her knowledge, the financial statements and other financial information in the report fairly present, in all material respects, the financial condition and results of operations of the issuer for the periods presented in the report.
  • The CEO and CFO must also certify that, among other things, they are responsible for establishing and maintaining internal controls, have designed those controls to ensure that material information is made known to them by others within the company, have evaluated the effectiveness of the internal controls within the last 90 days, and have disclosed to the company's auditors and its audit committee all significant deficiencies, significant changes and any material weaknesses in the internal controls and any fraud committed by any individual with a significant role in the internal controls, process. If, as a result of misconduct, a company is required to restate its financials due to material non-compliance with financial reporting requirements, the Act requires the CEO and the CFO of the company to forfeit:

  • any bonus or other incentive-based or equity-based compensation they received during the 12 months following the publication of the financial statements that must be restated; and

  • any profits realised from the sale of securities of the company during that 12-month period. Subject to certain exceptions, the Act makes it unlawful for any director or executive officer of an issuer of any equity security (other than an exempted security) to purchase, sell or otherwise acquire or transfer any equity security of the issuer (other than an exempted security) during `any pension fund blackout period'. This provision would prohibit directors and officers from trading in the issuer's securities while employees of the issuer are prohibited from trading in the issuer's securities in their 401(k) accounts. This is in response to the situation that allegedly occurred in Enron, where several directors and officers sold Enron stock while the price was dropping and employees were prohibited from selling because of a company imposed blackout period.
  • In addition, the Act prohibits loans by a company to directors or officers (except for certain loans issued in the ordinary course of a company's business and except for existing loans provided they are not materially modified or renewed).

    As from 29 August 2002, the Act now requires directors, executive officers and 10% beneficial owners (Section 16 `insiders') of a public company to file their Form 4 reports of transactions in the company's securities before the end of the second business day following the day the transaction has been executed (or at such other time as the SEC shall establish by rule if the SEC determines that the two-day rule is not feasible). Previously, such reporting was required by the tenth day of the month following the month in which the transaction took place. Section 16 does not apply to foreign private issuers and the Act does not make any changes in this regard.

    The Act prohibits any officer or director of an issuer, or any other person acting under their direction, from taking any "action to fraudulently influence, coerce, manipulate or mislead" any independent public or certified accountant engaged in the performance of an audit of the financial statements of such company, for the purpose of rendering such financial statements materially misleading. The SEC must issue its final rules to implement these restrictions no later than 26 April 2003, and is given exclusive civil authority to enforce those rules.

    Under current law, before the SEC can bar an individual who has violated provisions of the securities laws from serving as an officer or director of a company, the SEC must prove that the conduct of the officer or director who committed the violation demonstrated `substantial unfitness' to serve in the capacity of officer or director. The Act strikes the word `substantial' and empowers the SEC to prohibit any person who violates US federal securities laws, rules or regulations from acting as an officer or director of any public company.

    Audit requirements
    The Act requires that the SEC no later than 26 April 2003 directs the national securities exchanges and national securities associations to prohibit listing of any security of an issuer that does not comply with certain audit committee requirements of the Act. The audit committee of an issuer shall be directly responsible for the appointment, compensation and oversight of the work of the registered public accounting firm of the issuer, including the resolution of any disagreements between management and the auditor regarding financial reporting.

    The Act requires that each member of the audit committee be a member of the board of directors and be `independent'. To be considered independent, the audit committee member may not, other than in the member's capacity as a member of the audit committee, the board of directors or any other board committee:

  • accept any consulting, advisory or other compensatory fee from the issuer; or

  • be an affiliated person of the issuer or any subsidiary of the issuer.
  • The audit committee is required to establish procedures for the receipt, retention and treatment of complaints regarding accounting, internal accounting controls or auditing matters, as well as the confidential, anonymous submission by employees of the issuer of concerns regarding questionable accounting or auditing matters. The audit committee shall have the authority to engage independent counsel and other advisers as it determines necessary to carry out its duties. The issuer is responsible for providing appropriate funding (as determined by the audit committee) for payment of compensation to auditors and to any advisers employed by the audit committee.

    The Act provides that a five-member Public Company Accounting Oversight Board (the `Board') is to be created to establish auditing, quality control, ethics, independence and other standards relating to the preparation of audit reports. The Board will be overseen by the SEC and will have broad investigative and enforcement powers to oversee the accounting industry and discipline auditors. The Board will promulgate rules relating to workpaper retention, testing by auditors of companies' internal control systems and second audit partner review, and will perform other duties or functions to promote high professional standards with respect to auditors and audit reports. The Board also will establish procedures to register all accounting firms that audit public companies.

    Under the Act, an accounting firm may not conduct an audit of a public company unless the accounting firm is registered with the Board. Both the registration application and annual reports will be available for public inspection, subject to applicable laws relating to confidentiality and excluding information reasonably identified by the accounting firm as proprietary.

    Foreign public accounting firms that prepare or furnish audit reports with respect to any issuer are required to register with the Board and are subject to the Act in the same manner as any US public accounting firm. Unlike US accounting firms, however, registration itself does not provide a basis for subjecting a foreign accounting firm to the jurisdiction of US state or federal courts except in controversies between such firms and the Board.

    In certain instances, the Board and the SEC may claim the right to review the audit workpapers of a foreign public accounting firm not registered under the Act. If a registered public accounting firm relies on an opinion or material services provided by a foreign public accounting firm, then that foreign public accounting firm will be deemed to have consented to:

  • produce its audit workpapers for the Board or the SEC in connection with any investigation with respect to that audit; and

  • be subject to the jurisdiction of the US courts for purposes of enforcing any request to produce such workpapers.
  • In addition, if a registered public accounting firm relies upon an opinion provided by a foreign public accounting firm with regard to an audit, the registered public accounting firm will be deemed to have:

  • consented to supplying the audit workpapers of the foreign public accounting firm if requested to do so by the Board or the SEC; and

  • secured the permission of the foreign firm to produce its workpapers as a condition of the registered firm's reliance on the opinion of the foreign accounting firm.
  • The SEC or the Board (subject to SEC approval) may exempt any foreign public accounting firm, or any class of such firms, from any provision of the Act as the SEC or Board determines necessary or appropriate in the public interest or for the protection of investors.

    All auditing services (including comfort letters and statutory audits) must be pre-approved by the audit committee. The Act prohibits registered public accounting firms from offering nine types of non-audit services to companies that they also audit, including actuarial services, legal services and expert services unrelated to the audit, appraisal or valuation services, fairness opinions or contribution-in-kind reports, and any other service that the Board determines is not permissible. Any other non-audit services to be performed by a registered public accounting firm, including tax services, must be pre-approved by the company's audit committee (and disclosed to investors in the company's periodic public filings).

    The Act also requires registered public accounting firms to change the audit and review partners for an issuer every five years. In addition, a registered public accounting firm cannot perform audit services if the CEO, CFO, controller, chief accounting officer or any person in an equivalent position was employed by the auditor and participated in any capacity in the audit during the one-year period preceding the date of initiation of the audit.

    The Act also requires registered public accounting firms to timely report to the audit committee of an issuer:

  • all critical accounting policies and practices to be used;

  • all alternative treatments of financial information within GAAP that have been discussed with management of the issuer, ramifications of the use of such alternative disclosures and treatments, and the treatment preferred by the auditor; and

  • other material written communications between the auditor and management of the issuer.
  • Rapid disclosure of additional material information
    The Act requires companies to disclose in plain English as quickly as possible ("on a rapid and current basis") material changes in their financial condition and other significant company news. Disclosures may include trend and qualitative information and graphic presentations, as the SEC determines by rule.

    By January 2003, the SEC will issue rules requiring quarterly and annual financial reports filed with the SEC to disclose all material off-balance sheet transactions, arrangements, obligations (including contingent obligations), and other relationships of the issuer with unconsolidated entities or other persons that may have a material current or future effect on the issuer's financial condition, results of operations, liquidity, capital expenditures, capital resources or significant components of revenues or expenses. The Act also calls for a study to improve the transparency of reporting of off-balance sheet items.

    The Act protects employees of public companies against retaliatory discharge or other adverse action for providing information to supervisors, the US government or Congress regarding conduct that the employee reasonably believes violates US securities or antifraud laws. The Act allows corporate whistleblowers to file lawsuits seeking compensatory damages if their employer retaliates against them, and makes it easier for whistleblowers to prove their cases in court. It is unclear how this protection will work for foreign companies, particularly if the employee is located outside the US.

    The Act provides that a person who has outstanding judgments against him for securities law violations or common law fraud, deceit or manipulation in connection with the purchase or sale of any security may not discharge such obligation in a bankruptcy proceeding.

    Other provisions of the Act include:

  • the SEC will review public filings no less frequently than once every three years. Prior to the Act, no similar requirement existed;

  • the Act lengthens the time that investors have to file lawsuits against corporations for securities fraud to five years from the date of the questionable conduct, or two years from the discovery of the conduct, whichever is earliest; and

  • the Act creates new offenses for breach of US securities laws and corporate fraud including those for destroying or falsifying records with the intent to impede or influence any governmental investigation. The penalties for white-collar offenses also have been increased.
  • The CEO and CFO of each company subject to the Act must take action now to ensure that appropriate steps are in place to comply with the Act's requirements. Other companies may also wish to put in place procedures needed to comply with the Act, because most companies likely will face market pressure to comply voluntarily with Act.

    Whether and to what extent companies comply with the Act also may affect their ability to procure directors' and officers' liability insurance, as well as the cost and terms of such coverage.

  • Sandra G Blundetto is a partner in the New York office of the international law firm Baker & McKenzie.