A Practical Guide to the Sarbanes-Oxley Act of 2002

Client Advisory

July 1, 2003

On July 30, 2002, President Bush signed into law the Sarbanes-Oxley Act (“the New Law”) which amends certain provisions of the Securities Exchange Act of 1934 (“the  Exchange Act”).  Many of the provisions of the New Law were designed to deter a repetition of the kind of corporate behavior exposed and criticized in the Powers Report, which investigated the board of directors of Enron Corporation.  The New Law brings sweeping changes to the regulation of public company accounting practices and standards and imposes new responsibilities on executives, board members, audit committees, auditors and lawyers.  The New Law’s broad provisions and the rules promulgated by the Securities and Exchange Commission (the “SEC”) pursuant to it, generally apply to all public companies, big or small, domestic or foreign, that have registered under the Exchange Act or have a pending registration statement under the Securities Act of 1933.

The key provisions of the New Law focus on strengthening corporate disclosures, bolstering corporate governance, ensuring auditor independence and toughening sanctions for wrongdoing.  Our report will summarize these and some of the other key provisions of the New Law and its rules.

It should be remembered that for listed companies, there is the additional overlay of the New York Stock Exchange and Nasdaq Stock Market rules whose proposed corporate governance standards regarding certain matters, such as independence of directors will, when effective, be even stricter than those of the New Law and the SEC rules.

CEO and CFO Section 302 Certification of Company Reports

Because of the loose reporting systems at Enron which resulted in many significant transactions either not making it into the periodic reports at all or not making it in a timely fashion and because of the lax internal controls over financial reporting which resulted in the wasting of company assets, the New Law places much focus on procedures designed to prevent negligent or fraudulent financial reports.

These procedures fall into two broad categories with a certain amount of overlap.

Disclosure Controls And Procedures are meant to ensure, as far as possible, that all the information required by law to be included in the periodic reports filed with the SEC is made available to those responsible for preparing them in a complete and timely fashion.

Internal Control Over Financial Reporting is meant to ensure the integrity of the financial statements and guard the assets of the company.  At the bookkeeping level, these procedures are designed to enforce the proper recording of income and expenditure so that revenues are deposited into the company’s bank account and unauthorized expenditures do not leave the company’s bank account.  At the executive level, these procedures are designed to prevent manipulation of revenues and expenses, such as illegal transfers from expense accounts to capital accounts, in which management may to tempted to engage in order to hit the end of the period “whispered numbers”.

Because the delegation of the responsibility for the establishment and the maintenance of these controls and procedures to subordinates often resulted in them not being taken seriously by senior management, the New Law provides that members of senior management must now personally sign attestations certifying that the procedures are in place and in working order.

Accordingly, since August 29, 2002, U.S. and non-U.S. public companies have been subject to the Disclosure Controls and Procedures and the internal accounting controls certification civil requirements of Section 302 of the New Law.  The Section 302 certification provision requires a public company’s CFO and CEO, or persons fulfilling similar functions, to certify in an exhibit to the company’s annual and quarterly reports that:

  • he or she has reviewed the report and, based on his or her knowledge, the report is not misleading, within the meaning of Rule 10b-5 (“Rule 10b-5”) under the Exchange Act (Employment of Manipulative and Deceptive Devices) and the financial information in each of the company’s annual and quarterly reports “fairly present[s] in all material respects the financial condition and results of operations of the [company] as of, and for the periods presented in the report;”
  • he or she is responsible for establishing and maintaining disclosure controls and procedures that ensure, as far as possible, that all information required by law to be contained in periodic reports is made available to those responsible for preparing them in a complete and timely fashion;
  • he or she is responsible for establishing and maintaining procedures for internal control over financial reporting to ensure the integrity of the financial statements and protect the assets of the company;
  • he or she has evaluated and reported on the effectiveness of the company’s disclosure controls and procedures as of the end of the period covered by the periodic report ;
  • he or she has disclosed in the periodic report any change in the company’s internal control over financial reporting during the most recent fiscal quarter that has materially affected, or is reasonably likely to materially affect, the company’s internal control over financial reporting;
  • he or she has disclosed to the outside auditors and audit committee all significant deficiencies and material weaknesses in the internal control over financial reporting which are reasonably likely to adversely affect the company’s ability to record, process, summarize and report financial information and any fraud (whether or not material) involving management or other employees with a significant role in the company’s internal control.

In addition companies will also have to include in their annual report an attestation report by the company’s outside accountants on management’s assessment of the effectiveness of the company’s Internal Control Over Financial Reporting. 

Compliance Dates for Section 302 and for Controls and Procedures.

Whereas the certification and reporting requirements relating to the company’s Disclosure Controls And Procedures are already in effect, most of  the certification and reporting requirements as they relate to the Internal Control Over Financial Reporting will come into effect for most companies, including non-U.S. public companies, on the date that they file their first annual report for fiscal years ending on or after April 15, 2005.

The Section 906 Criminal Certification.

Separately, under Section 906, the New Law requires, effective July 30, 2002, that CEOs and CFOs certify in an exhibit to the report that financial information included their company’s annual and quarterly reports “fairly presents, in all material respects, the financial condition and results of operations of the [company].”  Section 906 also requires CEOs or CFOs to certify that periodic reports, which contain financial statements, fully comply with the requirements of Sections 13(a) or 15(d) of the Exchange Act.  These separate certifications carry significant criminal penalties.  Knowingly making false certifications could lead to a fine of up to $1 million and imprisonment of up to 10 years, while making willful violations could lead to a fine of up to $5 million and imprisonment of up to 20 years.

Forfeiture of Executive Compensation and Trading Profits

Section 304 of the New Law provides that if a company is required to restate financial statements to fix past financial misstatements, the CEO and CFO must each reimburse the company for any bonus or equity-based compensation they received during the twelve months after the financial statements which had to be restated were filed with the SEC and to disgorge any profits realized from the sale of company stock during that period. Most likely, such CEOs and CFOs will be unable to collect reimbursement for this disgorgement under the company’s charter and bylaws or under any D&O insurance policies.  This provision has been in effect since July 30, 2002.

Disclosure of Trading Activity by Insiders

The New Law (§403), effective as of August 29, 2002, requires company insiders, such as executive officers, directors, or beneficial owners of more than 10% of outstanding shares of a public company to report their purchases or sales of the company’s securities before the end of the second business day following the execution date of such trades.

In addition, as of June 30, 2003, such reports must be filed electronically and reflected on the company’s website.

Insiders of non-U.S. public companies are not required to file reports of their transactions in the company stock and accordingly this provision of the New Law does not apply to them.

Insiders and Blackout Periods

The New Law (§306), effective January 26, 2003, provides that officers and directors will be prevented from buying or selling stock not only in the blackout periods imposed by the company for Rule 10b-5 purposes, but also in the blackout periods imposed upon the company’s employees under employee benefit plans.  Any profit from such sales during the employee blackout period may be recovered by the company.

These executives are not banned from trading their securities in the employee blackout period if such blackout is specifically designated in the employee plan and disclosed to employees before becoming members of the plan.  Neither are executives banned from trading in any employee blackout period imposed in connection with joining or exiting a plan.

Conflict of Interest Provisions

The New Law (§402) prohibits U.S and non-U.S. public companies, but not U.S. banks, from extending credit, or arranging for the extension of credit in the form of a personal loan to or for a director or an executive officer of the company.  Existing loans may stay in place, but they may not be modified or renewed. Certain limited classes of loans are excepted if they are made in the ordinary course of the company’s consumer credit business and made on the same terms as generally available to the public.  This prohibition appears to affect several types of employee compensation arrangements that were common practice in the U.S. that involve extensions of credit, such as lending employees the exercise price to exercise options.

In the absence of SEC guidance, several questions have arisen regarding what loans are permitted and what are not.  A consensus of 25 law firms have expressed their views in writing that certain activities would be permissible under §402. In expressing this consensus, the law firms have pointed out that in their view, the transaction, in order to be prohibited, must take the form of a loan rather than a mere extension of credit and that the loan will not be considered a personal loan if the primary purpose of the loan is to advance the business of the company.  Similarly, these law firms are of the view that where an extension of credit is made in the ordinary course of business primarily for company purposes, but involves a limited ancillary personal credit, it should not be prohibited under the Act.

Off-Balance Sheet Transactions

The financial statements of Enron were opaque regarding the impact of its unconsolidated, special purpose entities on the financial condition of the company.  Massive debt kept off the books of Enron and loaded on to the books of unconsolidated, special purpose entities, finally sunk Enron when they had to be retransferred to Enron following the enforced dissolution of the special purpose entities.  Accordingly, the New Law (§401) and the related SEC rules require U.S. and non-U.S. public companies, to disclose in registration statements, annual reports and proxy statements all material off-balance sheet transactions, obligations, contingencies and other relationships of the company with unconsolidated entities or other persons that may have a material current or future effect on its financial statements.  Companies must now show what the effect to the bottom line will be if and when circumstances arise that compel the debt on the books of the unconsolidated, special purpose entity to be consolidated with the debt of the company.

Compliance Dates for the Off-Balance Sheet Transaction Rules.

All public companies, both U.S and non-U.S. must comply with the off-balance sheet transaction rules in registration statements, annual reports and proxy statements for fiscal years ending on or after June 15, 2003.

Use of Non-GAAP Financial Statements - Regulation G

Prior to the New Law, a practice had developed whereby companies would present financial information in press releases not in accordance with Generally Accepted Accounting Principles (“GAAP”).  For example, companies would present earnings before interest, depreciation and amortization ( “EBITDA”) which is not a financial measure recognized by GAAP without also presenting what earnings would be after deducting such items from earnings.  This practice led to conflicting financial results and confusion for investors.  Accordingly, the New Law (§401) and the related new Regulation G provide that whenever a company discloses material, financial information that includes a non-GAAP financial measure, the company must make a presentation of the most directly comparable financial measure calculated in accordance with GAAP and a reconciliation of the non-GAAP financial measure to the GAAP financial measure.  In the EBITDA example, this would require a company that has presented earnings before deducting interest, depreciation and amortization to show a chart comparing this number with earnings after deducting interest, depreciation and amortization and to show the bottom line difference between the two presentations.

Subject to certain limited exceptions, Regulation G applies equally to U.S. and non-U.S. public companies.

Compliance Date for the Rules Regarding the Use of Non-GAAP Financial Statements

The effective date for the SEC’s final rules regarding non-GAAP financial measures for both U.S. and non-U.S. public companies is March 28, 2003.

The Responsibilities of Audit Committees

Whether or not one volunteers to be an audit committee member, it is clear that both U.S. and non-U.S. public companies are obliged to have one.  If the company does not select one, the New Law will deem the entire board to be the audit committee with all this entails.

One of the primary functions of the audit committee is to enhance the independence of the outside accounting firm in the audit function.  Leaving management the power to hire, compensate, supervise and fire the outside accountant risks making them too subservient to management who may be more preoccupied with short-term profitability goals than with the integrity of the audit process. 

Accordingly, the New Law (§ 301) requires that the audit committee be responsible for the appointment, compensation and oversight of the company’s independent accountant.

In addition, the New Law provides that the audit committee must consist solely of independent directors must have established procedures for handling employee complaints regarding accounting and auditing matters and must have the power to engage independent counsel and other advisors.  The company must disclose the names of members of the audit committee in the annual reports.

Included in these new audit committee functions is the requirement that the audit committee resolve accounting disagreements between management and the outside accountants.  The outside accountants must report directly to the audit committee which must ask about any differences of opinion they may have had with management over the contents of the financial statements.  In the event of a difference of opinion between management and the outside accountants as to how the financial statements should be presented, the audit committee must become familiar with the issues and approve the final outcome on the merits.

Independence of Audit Committee Members.

The investment community will be suspicious of any audit committee which is not independent of management.

In order to be deemed independent under the New Law, audit committee members may accept no compensation other than for  their audit committee services and  must not be affiliated with the corporation. Accordingly, audit committee members cannot accept any consulting, advisory or other compensatory fees from the company, except in exchange for their service as independent board members or members of the audit committee.  This means that an audit committee member who is a partner in a law firm, accounting firm, consulting firm, investment bank or similar entity, that receives fees for rendering professional advice to the company, would not be deemed independent.  This does not mean that an audit committee member should not be fairly compensated for his or her services on the audit committee or that he or she may never own stock in the company. It is recognized that the burden of responsibility and the commitment of time involved in acting as an audit committee member today should be adequately compensated, otherwise there may really be nobody ready to do the job.

An audit committee member will not be deemed unaffiliated to the company if he or she controls, or is controlled by, or is under common control with the company.  Control means the possession of the power to direct the management and policies of a company.  A person who is not an executive officer or 10% shareholder of any class of voting equity securities of the company would not be deemed to control the company.

The SEC rules created some exceptions from the independence requirements of audit committee members relating to companies coming to market for the first time, audit committees members who have certain overlapping board relationships, and certain countries like Germany whose laws require non-management employees to serve on the audit committee of non-U.S. public companies.  Companies relying on any of these exemptions must disclose such reliance in their public filings and make an assessment whether and the extent to which such reliance might compromise the independence of their audit committee.

Compliance dates for the Audit Committee Responsibility Rules

U.S. public companies, must be in compliance with the audit committee rules by the date of their first annual shareholder meeting after January 15, 2004 and in any event, no later than October 31, 2004. Non-U.S. public companies must comply by July 31, 2005.

Conflict between the New Law’s Audit Committee Requirements and Non-U.S. laws.

The SEC rules note that the audit committee’s responsibility for oversight, appointment and supervision of the independent accountant may conflict with certain foreign laws governing a non-U.S. public company.  For example, some foreign laws require shareholder approval or full board approval for the appointment or removal of outside accountants or may require that an independent accountant be removed by court order.  The SEC Rules address these situations by providing that shareholder, full board or court approval for the appointment or removal of the independent accountants pursuant to foreign law will not be in violation of the New Law provided that the audit committee is given certain advisory powers which must be taken in to account when  appointing or removing independent accountants. 

Independence of Outside Public Accountants.

Prohibited Non-Audit Services and Permissible Non-Audit Services.

As part of the drive to make the outside accounting firm that conducts the audit process more independent, the New Law and the related SEC rules require the audit committee make sure that the outside accountant does not provide prohibited non-audit services, after May 6, 2003 (or May 6, 2004 for prohibited non-audit services commenced prior to May 6, 2003).  There is a list of prohibited non-audit services that may not be provided by an outside accountant to his or her audit client.  Common to all the prohibited non-audit services on the list is the concern that they would result in the outside accountant auditing his or her own work, performing management functions for the company, or acting as an advocate on behalf of the company.  Examples of such prohibited non-audit services include internal audit services, financial information system designs and legal or stock brokerage services.  All other non-audit services, including tax services, other than the limited list of prohibited non-audit services, are permitted, provided however, that the audit committee pre-approves them.

Auditor Rotation Requirements.

The audit committee must ensure that significant members of the audit engagement team are rotated on a periodic basis.  The lead and reviewing partners must take a five-year time-out period from the audit engagement with the client after each five years of service and audit partners with a lesser involvement in the audit engagement must be rotated after seven years on the audit engagement for a two-year time-out period.

The auditor rotation requirements which apply to U.S. and non-U.S companies alike will apply to the lead audit partner for the first fiscal year ending after May 6, 2003 and to the reviewing partner as of the end of the second fiscal year after May 6, 2003.

Auditor Cooling Off Periods.

Alleged accounting improprieties at Enron managed to slip by the supervision of the outside auditors.  This has been attributed to the cozy relationships that existed between audit engagement partners at Enron’s outside accountants and recently hired in-house Enron accountants that used to work for Enron’s outside accountants.  The fact that in-house auditors of Enron had so recently been employed by the outside accountants led to a situation akin to outside auditors reviewing their own work. 

Accordingly, to prevent an occurrence of this type of conduct, commencing May 6, 2003, the Audit Committee must ensure that the company observes a one-year cooling off period before employing a former employee of the outside accounting firm.  The cooling off requirement applies to the lead partner, the reviewing partner and to all other members of the audit engagement team. 

Restrictions on Audit Partner Compensation

There has been considerable concern that the auditors’ independence might be compromised due to the financial interests they may have in the sale of non-audit services to the audit client.  Some auditors may be reluctant to take a position on the financial statements contrary to management because they fear they will lose the compensation paid to them by their firm for the sale of non-audit services to the audit client.  The concern is reminiscent of allegations that analysts cannot render impartial advice regarding companies whose investment banking business they rely upon for their year-end bonus. 

Accordingly, commencing May 6, 2003, the New Law requires the audit committee to ensure that at no time during the audit engagement period will any audit partner derive compensation based on the audit partner’s procuring engagements with the audit client to provide any services other than audit, review or attest services.  

Disclosure of Audit Committee Financial Expert

It would appear that making the audit committee the arbiter of differences of opinions on accounting matters between management and the outside accountants requires that somebody on the audit committee should have the accounting savvy and sophistication to grapple with the issues.

Accordingly, the New Law, (§407) and the SEC’s related rules require U.S. public companies to disclose in its annual reports on Forms 10-K, 10-KSB and non-U.S. public companies to disclose in their annual reports on Forms 20-F or 40-F whether or not the board of directors has designated one member of the audit committee to be a financial expert and if not, why not.  If a company discloses that it has an audit committee financial expert, it must also disclose the expert’s name.  A company may, but is not required to disclose more than one audit committee financial expert serving on its audit committee.  Companies must disclose whether the audit committee financial expert is independent of management.

In order to qualify as an “audit committee financial expert,” the person must have an understanding of GAAP and financial statements; the ability to assess the general application of GAAP in connection with the accounting for estimates, accruals and reserves; experience with financial statements of equivalent complexity to the company; an understanding of internal controls and procedures for financial reporting; and an understanding of audit committee functions.

The financial expert has no higher degree of legal liability compared to other audit committee members or members of the board.

Compliance dates for Audit Committee Financial Expert Requirements

U.S. and non-U.S. public companies must comply with the audit committee financial expert disclosure requirements in their annual reports for fiscal years ending on or after July 15, 2003.  Non-U.S. public companies will not be required to comply with the audit committee financial expert independence disclosure requirement until July 31, 2005.

Enhanced Periodic SEC Review

Even the SEC did not escape blame for the Enron fallout.  In the view of Congress, had the SEC been more regular in reviewing periodic filings, financial disasters may have been averted.

Accordingly, the New Law (§408) calls for a regular SEC review of periodic filings at least once every three years.  Companies which are most likely to be first reviewed will be, among others, those who have issued material restatements, that have suffered material volatility in the price of their stock, companies with large market capitalization, or emerging companies.

Rapid Disclosures of Financial Changes

The New Law (§409) and the related SEC rules require that companies filing reports with the SEC must furnish to the SEC a current report on Form 8-K within five business days of any public announcement disclosing martial non-public information regarding an issuer’s historical results of operations or financial condition for a prior fiscal period.  The company will not have to furnish such a current report if the non-public information is disclosed orally, in an open broadcast that is complementary to and initially occurs within 48 hours after, a related written release or announcement that triggers the disclosure requirements and is posted on the company’s website.  These rapid disclosure rules apply to U.S. public companies as of March 28, 2003. Non-U.S. public companies are generally not subject to these requirements.

Rules of Professional Conduct for Lawyers

The fallout from Enron did not spare the lawyers.  Congress wanted to know why lawyers representing Enron, both in-house and outside, did not sound the alarm when actions which should have made them concerned about potential violations of laws were brought to their attention.  The result has been the federalization of the legal profession which up to now, was regulated by state bar rules.  In response to the lawyers’ apparent inaction over alleged illegal behavior at Enron and other companies, the SEC has adopted an “up the ladder” reporting requirement and has proposed a very controversial “noisy withdrawal” requirement.

The “up the ladder” rules require an attorney to report “evidence of  a material violation” by an issuer to the issuer’s chief legal officer (“CLO”) and CEO.  The issuer’s CLO must inquire into the evidence of the misconduct and unless he or she believes that no misconduct has occurred, is ongoing or is about to occur, he or she must take reasonable steps to cause the issuer to adopt an appropriate response to the attorney’s report. Unless the reporting attorney reasonably believes that the CLO or CEO has provided an appropriate and timely response to his or her report, the reporting attorney must report the misconduct “up the ladder” to the audit committee or another appropriate committee of the issuer’s board of directors consisting solely of independent directors or to the whole board of directors.

The term “evidence of a material violation” which triggers the attorney’s “up the ladder” reporting obligation means that a material violation must be more than a mere possibility, but it need not be more likely than not.

An “appropriate response” means either that (i) the CLO or CEO has satisfied the reporting attorney that in fact no misconduct has occurred, is ongoing or is about to occur, (ii) the misconduct has been corrected, disciplinary actions within the issuer have been taken and preventive measures have been put in place or (iii)  independent directors of the issuer have instructed an attorney to investigate the reported evidence of misconduct and the issuer has either implemented the remedies recommended by such attorney or has been advised by such attorney that a colorable defense can be asserted on behalf of the issuer in any proceeding related to the reported evidence of misconduct.

The “up the ladder” reporting rules do not apply to attorneys who: (1) are admitted to practice law in a jurisdiction outside the U.S.; (2) do not hold themselves out as practicing, or giving legal advice regarding U.S. law; and (3) conduct activities that would constitute giving legal advice in SEC matters only (i) incidentally to a foreign law practice, or (ii) in consultation with U.S. counsel.  An attorney who satisfies all the above three conditions is referred to by the rules as a “Non-Appearing Foreign Attorney” and is exempt from the “up the ladder” reporting rule application.

To the extent an attorney is not deemed to be a Non-Appearing Foreign Attorney and is therefore subject to the “up the ladder” reporting rules, he or she will not be required to comply with the provisions of the rules to the extent such compliance is prohibited by applicable foreign laws, provided, however, that he or she complies with the rules to the maximum extent allowed by such foreign law.

The proposed “noisy withdrawal” provision.

Under the SEC’s  proposed noisy withdrawal provision, the attorney who reported “up the ladder” to the issuer’s board and did not receive an appropriate timely response, would be required, under certain circumstances and permitted under other circumstances, to notify the SEC, provided he or she strictly adheres to the following steps:

  • the attorney must explain to the persons within the issuer to whom he or she reported the violation why the response is not appropriate or timely; and
  • if the reporting attorney believes that the violation is ongoing or about to occur, (as opposed to a violation that has occurred and is not ongoing) and is likely to cause substantial injury to the issuer or investors, the reporting attorney must:
(a) immediately withdraw from representing the issuer;

(b) indicate that the withdrawal is for “professional considerations;”

(c) notify the SEC in writing within one business day of the withdrawal that he or she has withdrawn for professional considerations; and

(d) immediately disaffirm to the SEC anything that the reporting attorney has been instrumental in submitting to the SEC that is materially misleading.

The proposed alternative “noisy withdrawal provisions”.

The SEC’s proposed noisy withdrawal proposals drew a great deal of criticism from the bar principally because they appeared to violate the hallowed preserve of attorney-client privilege and confidence which has traditionally formed the safe harbor in which clients can freely communicate with their attorneys without having to worry that their confidences will be turned over to the government. 

In response to such criticism, the SEC has proposed alternative noisy withdrawal provisions. Under these proposed alternative provisions, the retained attorney who has reported “up the ladder” to the issuer’s board and did not receive an appropriate timely response and who reasonably concludes that there is substantial evidence of misconduct either ongoing or about to occur which is likely to cause substantial injury to the issuer or investors, must withdraw from representing the issuer and notify the issuer in writing that the withdrawal is out of professional considerations.  Two business days after receiving such notification, the issuer must report such notice of withdrawal and the circumstances surrounding it to the SEC on a current report on Form 8-K or in the case of a non-U.S public company, on a Form 20-F or Form 40-F.  In the event that the issuer does not so report to the SEC, the withdrawing attorney may, but is not obligated, to inform the SEC of the withdrawal.  The proposed alternative noisy withdrawal provision resembles a similar provision that has been on the books for a long time in the event of the resignation of the issuer’s independent accountant.

The proposed alternative noisy withdrawal provisions do not oblige a withdrawing attorney to notify the commission or to disaffirm documents filed with the SEC.  Neither do the proposed alternative noisy withdrawal provisions require a retained attorney to withdraw or an employed attorney to cease participation or assistance in a matter if he or she would be prohibited from doing so by a court or other administrative order.

The SEC believes that by placing the responsibility of reporting out on the issuer, the alternative proposal alleviates the client-attorney privilege concerns.

Compliance Dates for the “Up the Ladder” Reporting Requirements.

Attorneys who are deemed to be “appearing and practicing before the SEC, including non-U.S. attorneys, to the extent that they are not deemed to be “Non-Appearing Foreign Attorneys,” must comply with the “up the ladder” reporting rules commencing August 5, 2003.

Code of Ethics for Senior Financial Officers

It is difficult and often perilous, from a career point of view, for subordinates to resist illegal directives or to report illegal conduct to the appropriate corporate authorities if legal compliance is sneered at from the top.  Much of the alleged self dealing between the executives at Enron and the special purpose entities might have been avoided if management had put in place and enforced a strong code of ethics.

Accordingly, the New Law and the related SEC rules require reporting companies to disclose whether or not they have adopted a written code of ethics for management and employers.  A company which has not adopted such a code of ethics must explain why it has not done so.

Under the related SEC rules, a company may file a copy of its code of ethics as an exhibit to its annual report (on Forms 10-K, 10-KSB, 20-F or 40-F).  Alternatively, a company may choose to post the text of the code on its website, provided that the company also discloses its intention to provide disclosure in this manner in its annual report.  Finally, a company may provide an undertaking in its annual report to provide a copy of its code of ethics to any person without charge upon request.

In addition, the New Law (§406(b)) directs the SEC to require a company to make immediate disclosure on Form 8-K or via internet dissemination of any change to, or waiver from, the company’s code of ethics for its senior financial officers. 

A non-U.S. public company is required to provide the new code of ethics disclosure in its annual report.  A non-U.S. public company would be required to disclose any changes or waivers to or of its Code of Ethics that occurred during the past fiscal year in its annual report.

Compliance Dates for the Code of Ethics Disclosure Requirements

Companies must comply with the code of ethics disclosure requirements in their annual reports for fiscal years ending on or after July 15, 2003.  In addition, companies must comply with the requirements regarding disclosure of amendments to, and waivers from, their ethics codes on or after the date on which they file their first annual report in which disclosure of the code of ethics is required.

Prohibiting Improper Influence on the Conduct of Audits

Pursuant to the New Law (§303), the SEC rules make it unlawful for any director or officer, or any person acting under their direction, to coerce, manipulate, mislead or fraudulently influence an accountant engaged in an audit to render the financial statements materially misleading. 

The SEC has clarified that persons acting “under the direction” of an officer or director who could potentially be liable under the rule could include customers, vendors, or creditors of the company, who, under the direction of an officer or director of the company, provide misleading information to the company’s auditor or who enter into side agreements with management that enable the company to mislead the accountant.  Others who might be covered include partners or employees at accounting firms as well as attorneys, securities professionals or other advisors if they are instructed by officers or directors, for example, to pressure an auditor to limit the scope of the audit, to issue a report on the company’s financial statements that is not warranted in the circumstances of the case, not to withdraw an issued report or not to communicate matters to the company’s audit committee.

Compliance Dates for the Rules Prohibiting Improper Influence on the Conduct of Audits

The rules prohibiting improper influence on the conduct of audits apply to both U.S. and non-U.S. public companies or other persons acting under their direction, effective as of June 27, 2003.

Public Accounting Oversight Board

As required by the New Law (§101), on October 25, 2002, the SEC appointed a five-member Public Company Accounting Oversight Board (the “Board”) to oversee the auditing of public companies.  The Board’s mandate is to register, inspect and discipline public accounting firms and establish and enforce auditing, quality control and independence standards, all subject to broad SEC oversight. 

In order to issue audit reports on U.S. or non-U.S. public companies, U.S public accounting firms must  register with the Board by October 23, 2003 and non-U.S. accounting firms by April 19, 2004.

The Board published its final rules in early May 2003.  The rules, which require the registration of audit firms rather than individual accountants, will not be in force until approved by the SEC.  The proposed rules require the Board to render its decision on an application within 45 days after the date of its receipt unless further information is required from the applicant in which case the 45 days will run again.  The Board plans to be ready to receive applications in August 2003 and it is recommended that firms apply early to meet the relevant deadlines for registration.

Applications for registration are to be submitted over the internet and will become public unless confidentiality is requested.  A registration fee will need to be paid.

Registration with the Board will be expressly required for non-U.S. accounting firms if those firms audit non-U.S. public companies.  Specifically, the New Law (§106) provides that if a non-U.S. accounting firm issues an opinion or otherwise performs material services upon which a U.S. public accounting firm relies in issuing all or part of an audit report or opinion contained in an audit report, that foreign accounting firm will be deemed to have consented to (i) produce its audit work papers to the Board or the SEC in connection with any investigation by the Board or the SEC with respect to that audit report and (ii) to be subject to the jurisdiction of the U.S. courts for purposes of enforcement of any request for the production of work papers.

The Board and the SEC may exempt any foreign public accounting firm, as is necessary or appropriate in the public interest or for the protection of investors.

Criminal Penalties

Effective July 30, 2003, the New Law significantly expands criminal penalties for violations of securities and related laws.  It toughens the penalties for document destruction and tampering, by strengthening both existing federal criminal statutes, creating new criminal offenses and recommending changes in the federal sentencing guidelines. The New Law (§903) strengthens the existing penalties for mail and wire fraud – the traditional vehicles used to prosecute securities fraud – from five years imprisonment to 20 years imprisonment.

The New Law (§807) creates a new federal criminal violation, effective immediately, called “Securities Fraud,” under which liability arises for those who (i) knowingly execute or attempt to execute a scheme or artifice to defraud any person in connection with a registered security; or (ii) obtain money or property by false pretenses in connection with the purchase or sale of a registered security.  Violations of this statute will be punishable by fine and imprisonment of up to 25 years.

In direct response to the Enron-Arthur Andersen scandal, the New Law (§802) also creates a new document destruction crime and requires accountants to save their audit or review work papers for five years.  This section is also effective immediately.

Furthermore, the New Law requires the United States Sentencing Commission to review and amend the Federal Sentencing Guidelines to implement its criminal sanctions provisions.

Statute of Limitations for Securities Fraud

Under the New Law (§804), the statute of limitations in private lawsuits for securities fraud is extended from three years to five years after the fraud occurred and from one year to two years from the time the fraud is discovered.

Non-Discharge in Bankruptcy of Fraudulently Incurred Debts

The New Law (§803) bars a debtor from obtaining a discharge in bankruptcy proceedings for debts incurred in violation of any federal or state securities law or regulation.

Whistleblower Protection

For public company employees or agents who “blow the whistle” on conduct that they reasonably believe violates federal securities or antifraud laws, the New Law (§806) contains provisions to immediately protect those employees from termination or other retaliation by their employers.


The Sarbanes-Oxley Act is the most comprehensive scheme of revised corporate governance in the history of American business.  Yet, apart from the stiffening of criminal sanctions and the tightening of compliance procedures, there is nothing really new that Sarbanes-Oxley has added to the way a corporation should have always been run.  Its provisions may, however, be news to those few that have run corporations as if corporate governance rules did not exist.

Questions regarding Sarbanes-Oxley may be directed to Raphael S. Grunfeld (, Robert A. McTamaney ( Steven J. Glusband ( of our New York Office (212-732-3200).

Carter Ledyard & Milburn LLP uses Client Advisories to inform clients and other interested parties of noteworthy issues, decisions and legislation which may affect them or their businesses. A Client Advisory does not constitute legal advice or an opinion. This document was not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. © 2020 Carter Ledyard & Milburn LLP.
© Copyright 2003

Related practice areas:

© Copyright 2020 Carter Ledyard & Milburn LLP