- Public Company Accounting Oversight Board
The 2002 Act establishes the Public Company Accounting Oversight Board (the "PCAO Board") to:
- register and conduct inspections of public accounting firms that prepare audit reports for a company, the securities of which are registered under Section 12 of the Securities Exchange Act of 1934, as amended (the "1934 Act") or that is required to file reports under Section 15(d) of the 1934 Act or that has filed a registration statement under the Securities Act of 1933, as amended (the "1933 Act"), which has not yet become effective (a "public company");
- oversee the audits of public companies;
- establish auditing quality control, ethics, independence and other standards and rules relating to the preparation of audit reports for public companies;
- investigate, inspect, and enforce compliance relating to registered public accounting firms, associated persons, and the obligations and liabilities of accountants;
- set a budget and manage the operations of the PCAO Board; and
- conduct disciplinary proceedings and impose sanctions for violations of the 2002 Act.
- Establishment of the PCAO Board
- The PCAO Board will be a non-profit, private corporate entity and will not be an agency or establishment of the U.S. government.
- The PCAO Board will consist of five members.
- The PCAO Board may not include more than two certified public accountants. If one of the two PCAO Board members who are certified public accountants is the chairperson of the PCAO Board, such member may not have been a practicing CPA during the last five years.
- Each PCAO Board member must serve in a full-time capacity.
- Each PCAO Board member will serve for a five-year term (with a two-term limit).
- The PCAO Board will be staggered.
- Registration with the PCAO Board
- The 2002 Act requires registration with the PCAO Board by any public accounting firm that performs or participates in any audit report with respect to any public company.
- Registered public accounting firms must file annual reports with the PCAO Board.
- Applications and annual reports of registered public accounting firms will be available for public inspection.
- 180 days after the SEC deems the PCAO Board "operational," only registered public accounting firms may perform audits for public companies
- Auditing, Quality Control and Independence Standards and Rules
- The PCAO Board will adopt quality control and ethics standards to be used by registered public accounting firms in the preparation and issuance of audit reports.
- Each audit report of a public company must be signed by two partners, one of whom was involved in the audit and the other of whom concurs in the review and approval of the audit and must describe in the audit report the scope of the auditor's internal control structure.
- Registered public accounting firms must retain work papers for at least seven years.
- Inspections of Registered Public Accounting Firms
- The 2002 Act requires the PCAO Board to conduct inspections to assess compliance with the 2002 Act by each registered public accounting firm and associated persons of that firm.
- Such inspections will occur annually for registered public accounting firms regularly performing audits for more than 100 public companies and once every three years if the registered public accounting firm regularly performs audits for less than 100 public companies.
- Investigations and Disciplinary Proceedings
- The 2002 Act permits the PCAO Board to conduct investigations of any act or practice (or omission to act) by a registered public accounting firm or any associated person who violates the 2002 Act, including the securities laws relating to the preparation and issuance of audit reports and the obligations and liabilities of accountants with respect to them.
- The 2002 Act also permits the PCAO Board to impose disciplinary or remedial sanctions for violations of such act.
- Civil fines can be imposed up to $100,000 for a natural person and $2.0 million for all others and may be more if the PCAO Board finds intentional or repeated negligent conduct. In addition, the PCAO Board may suspend or revoke registration under the 2002 Act, or limit a registered public accounting firm's activities.
- The 2002 Act authorizes the PCAO Board to impose sanctions upon a registered accounting firm or its supervisory personnel for failure to supervise.
- Foreign Public Accounting Firms
The 2002 Act also applies to: (1) foreign public accounting firms that prepare or furnish an audit report or perform material services upon which a registered public accounting firm relies, in issuing its audit report or any opinion contained in the audit report with respect to any public company; and (2) audit workpapers prepared by the foreign public accounting firm.
- SEC Oversight of the PCAO Board
The 2002 Act grants the SEC general oversight of the PCAO Board and the power to review PCAO Board actions, including general modification and rescission of PCAO Board authority.
- Accounting Standards
The 2002 Act amends the 1933 Act to: authorize the SEC to recognize, as "generally accepted" for purposes of the securities laws, any accounting principles established by a standard setting body; direct the SEC to study and report to Congress on the adoption by the U.S. financial reporting system of a "principles-based" accounting system (as opposed to the current "rules-based" reporting system).
The 2002 Act provides for PCAO Board funding to cover the PCAO Board's budget by imposing annual assessments to be paid by public companies. In addition, registered public accounting firms will also pay registration and annual fees.
- Auditor Independence
- Non-Audit Services
The 2002 Act amends the 1934 Act, to prohibit a registered public accounting firm (and its associated persons) from performing specified non-audit services contemporaneously with an audit. These services are:
- bookkeeping or other services relating to accounting or financial records;
- financial information systems design and implementation;
- appraisal or valuation services, fairness opinions or contribution in-kind reports;
- actuarial services;
- internal audit outsourcing services;
- management functions or human resources;
- broker or dealer, investment adviser, or investment banking services;
- legal services and expert services unrelated to the audit; and
- any other service the PCAO Board determines is prohibited.
The 2002 Act requires preapproval by the audit committee of the public company for any non-audit services, other than those listed above. Any such approval must be disclosed in the public company's periodic reports filed with the SEC.
A de minimus exception is provided for non-audit services that do not exceed in the aggregate 5% of the total revenues paid by the public company to the auditor during the fiscal year, so long as such services are approved prior to the completion of the audit and such services were not recognized by the public company to be non-audit services at the time of the engagement.
- Audit Partner Rotation
The 2002 Act mandates:
- audit partner rotation on a five-year basis;
- each registered public accounting firm provide a report to the audit committee of the public company regarding accounting policies and practices utilized and the alternative treatment of financial information within GAAP discussed with management of the public company (as well as the ramifications of such treatment).
- Conflicts of Interest
The 2002 Act prohibits a registered public accounting firm from performing statutorily mandated audit services for a public company if the public company's senior management officials had been employed by such firm and participated in the audit of that public company during the one-year period preceding the audit initiation date.
- Study of Mandatory Rotation of Registered Public Accounting Firms
The 2002 Act requires the Comptroller General to conduct a study of the effect of requiring mandatory rotation of registered public accounting firms.
- Enhanced Corporate Governance Requirements
- Audit Committee Requirements
- The 2002 Act requires the SEC to adopt rules, no later than April 26, 2003, which direct the Exchanges and Nasdaq to prohibit the listing of any security of a public company that does not meet the following requirements:
- the audit committee of the public company's board of directors shall be directly responsible for the appointment, compensation and oversight of the work of the company's independent auditors (including the resolution of disagreements between management and the auditors related to financial reporting);
- the independent auditors report directly to the audit committee;
- each member of the audit committee is independent which means, subject to any exceptions that the SEC may provide for, that (i) no audit committee member shall accept consulting advisory or other compensatory fees from the public company; and (ii) no audit committee member shall be an affiliated person of the public company or any subsidiary;
- the audit committee shall establish procedures for the following: (i) the receipt, retention, and treatment of complaints received by the public company regarding accounting, internal accounting controls, or auditing matters; and (ii) the confidential, anonymous submission by employees of the company of concerns regarding questionable accounting or auditing matters;
- the audit committee has the authority to engage independent counsel and other advisors; and
- the public company shall provide funding as determined by the audit committee for payment to the independent auditors and other advisors employed by the audit committee.
- The SEC is required to adopt rules, no later than January 26, 2003, requiring each public company to disclose whether or not, and if not the reasons therefor, the audit committee does not have at least one member who is a "financial expert." In determining the definition of "financial expert", the SEC must take into consideration whether the applicable audit committee member through his or her education and experience as a public accountant, auditor, principal financial officer, controller or principal accounting officer or similar position has: (i) an understanding of GAAP and financial statements, (ii) experience in the preparation or auditing of financial statements of comparable public companies and the application of such principals in connection with the accounting for estimates, accruals, and reserves, (iii) experience with internal accounting controls, and (iv) an understanding of audit committee functions.
- Prohibition on Loans to Insiders
Effective July 30, 2002, the 2002 Act prohibits any public company from, directly or indirectly, extending or maintaining credit, arranging for the extension of credit, or renewing an extension of credit or a personal loan to any director or executive officer of a public company. Extensions of credit maintained as of July 30, 2002 are grandfathered under the 2002 Act; provided that, there is no material modification to any term or renewal on or after July 30, 2002. A limited exception to this prohibition exists for consumer credit and credit card loans made in the public company's ordinary course of business, loans by financial institutions subject to FDIC regulations related to insider lending, as well as margin loans by broker/dealers (other than loans to purchase the public company stock).
- CEO/CFO Certifications
- Section 302 Certification Requirements
The 2002 Act requires the SEC to adopt rules no later than August 29, 2002, which would require each of the principal executive officer ("CEO") and the principal financial officer ("CFO") of every public company to certify in each annual or quarterly report that:
- the officer has reviewed the report;
- based on the officer's knowledge, the report does not contain any untrue statement of a material act or omit to state a material fact necessary in order to make the statements made, in light of the circumstances under which such statements were made, not misleading; and
- based on such officer's knowledge, the financial information included in the report, fairly presents in all material respects the financial condition and results of operations of the company as of, and for, the periods presented in the report.
The certification must also state that the signing officers:
- are responsible for establishing and maintaining internal controls;
- designed such internal controls to ensure that material information relating to the public company and its consolidated subsidiaries is made known to such officers by others within those entities, particularly during the period in which the periodic reports are being prepared;
- evaluated the effectiveness of the public company's internal controls as of a date within 90 days prior to the report; and
- presented in the report their conclusions about the effectiveness of their internal controls based on their evaluation as of that date. The signing officers must also certify that they have:
- disclosed to the public company's independent auditors and audit committee
- all significant deficiencies in the design or operation of internal controls which could adversely affect the company's ability to record, process, summarize, and report financial data and have identified for its public company's auditors any material weaknesses in internal controls; and
- any fraud, whether or not material, that involves management or other employees who have a significant role in the public company's internal controls; and
- reported whether or not there were significant changes in internal controls or other factors that could significantly affect internal controls subsequent to the date of their evaluation, including any corrective actions taken with regard to significant deficiencies and material weaknesses.
- Independent Auditor Assessment
The 2002 Act requires independent auditing firms to attest to and report on the assessment made by the public company's management regarding the effectiveness of the public company's internal controls for financial reporting. Attestation rules will be adopted by the PCAO Board, described above at some future date.
- Section 906 Certification
In addition, effective July 30, 2002, Section 906 of the 2002 Act requires that the CEOs and CFOs of public companies must each provide a written statement to accompany any periodic report filed with the SEC on or after July 30, 2002, certifying that:
- the report fully complies with the requirements of Section 13(a) or 15(d) of the 1934 Act; and
- information contained in the report fairly presents, in all material respects, the financial condition and results of operations of the company.
For all practical purposes this means that the quarterly reports or other reports (i.e., certain Form 8-K's) which contain the public company's financial statements which are filed with the SEC on or after July 30, 2002 by public companies must be accompanied by the certification. This certification requirement applies to all public companies regardless of size and is in addition to the certification that the SEC has ordered 947 of the largest public companies to file by August 14, 2002.Any CEO or CFO who provides the Section 906 certification:
- knowing that the report does not meet those two standards can be fined up to $1.0 million, imprisoned for up to 10 years, or both; or
- willfully provides the certification knowing that the report does not meet those two standards can be fined up to $5 million, imprisoned for up to 20 years, or both.
- Considerations Related to Internal Controls
Given the extensive nature of the certifications required to be filed, consideration should be given to the following as the SEC is required to adopt rules related to this certification by August 29, 2002:
- establishment and maintenance of internal controls;
- review and evaluation of existing internal controls to determine whether material information is made known to management prior to filing periodic reports and appropriate adjustments made to such controls to achieve this goal (The certification requires this evaluation be performed within 90 days of filing.); and
- establishment of a method and/or procedures to disclose to the independent auditors and the audit committee significant deficiencies in controls and any fraud as well as changes in internal controls, including corrective actions taken.
- Enhanced Disclosure Requirements
- Financial Disclosure Requirements
- The 2002 Act amends Section 13 of the 1934 Act to require that each report that is filed with the SEC that contains financial statements be prepared in accordance with GAAP and reflect all material correcting adjustments that have been identified by the independent accountants in accordance with GAAP and related SEC rules;
- The 2002 Act requires the SEC to adopt rules no later than January 26, 2003, that require:
- each annual and quarterly report filed with the SEC include disclosure regarding all material off balance sheet transactions, arrangements, obligations (including contingent obligations), and other relationships of the company with unconsolidated entities or persons that may have a material, current or future effect on the public company's financial condition, changes in financial condition, results of operations, liquidity, capital expenditures, capital resources, or significant components of revenues or expenses;
- pro forma financial information included in any periodic or other report filed with the SEC or in any public disclosure, including press releases, be presented in a manner that: (1) does not contain an untrue statement of a material fact or omit to state a material fact necessary in order to make the pro forma financial information, in light of the circumstances under which it is presented, not misleading; and (2) reconciles the pro forma information with the financial condition and results of operations of the public company under generally accepted accounting principles.
- Section 16 Disclosure Requirements
- Shortened Time Period for Filing Section 16 Reports
Effective August 29, 2002, directors, officers and 10% beneficial owners of public companies are required to file Form 4s reports to reflect changes in their beneficial ownership, including changes resulting from a security based swap, no later than two business days following the day on which the transactions occurred. The SEC by rule may provide for exceptions to the two-day requirement. We currently anticipate that the SEC will adopt rules to permit deferred reporting of transactions that SEC rules currently permit to be reported on a deferred basis on Form 5; however, the SEC has not done so to date. This new accelerated filing requirement will necessitate public companies to require directors and officers to notify the public company and preclear purchases and sales of company securities prior to the execution of the transaction.
- Mandated Filing of Section 16 Reports via EDGAR
Effective July 30, 2003, Section 16 reports will be required to be filed via EDGAR and posted on the public company's web site not later than the end of the business day following the filing.
- Internal Control Report
The 2002 Act requires the SEC to adopt rules at an unspecified future date that would require public companies to disclose in their annual reports an internal control report which would: (i) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and (ii) contain an assessment, as of the end of the most recent fiscal year of the company, of the effectiveness of the internal control structure and procedures of the company for financial reporting.
- Disclosure of Adoption of and Changes in Code of Ethics
The 2002 Act requires the SEC to adopt rules no later than January 26, 2003 which would require public companies to disclose whether or not, and if not the reasons therefor, the public company has adopted a code of ethics for senior financial officers. Senior financial officers include the public company's principal financial officer, controller, or principal accounting officer or other persons performing similar functions. The SEC is required to amend its Form 8-K disclosure requirements to provide for the immediate disclosure in a Form 8-K as well as dissemination by electronic means of a public company's change or waiver of the financial officer's code of ethics.
- Real Time Disclosure
Each public company is required to disclose on a current basis and in plain English any additional information regarding material changes in such company's financial condition or operations, including any trend and qualitative information as the SEC may require by rules adopted at some unspecified future date.
- Enhanced SEC Review of Public Company Reports
The 2002 Act requires the SEC to review reports by "publicly traded" companies no less frequently than every three years, the scheduling of which shall take into consideration: (i) public companies that have issued material restatements of financial results; (ii) public companies that experience significant volatility in their stock price as compared to other companies; (iii) public companies with the largest market capitalization; (iv) emerging companies with disparities in price to earning ratios; (v) public companies whose operations significantly affect any material sector of the economy; and (vi) any other facts that the SEC may consider relevant.
- Attorney Rules of Professional Responsibility
The 2002 Act requires the SEC to adopt rules by January 26, 2003 which set forth minimum standards of professional conduct for attorneys who practice before the SEC which would include requiring the attorney to report evidence of material violations of securities law or breaches of fiduciary duty or similar violations by the public company or any of its agents: (i) to the company's CEO or chief legal officer; and (ii) to the audit committee (or similar independent committee) of the board of directors of the public company, or the board of directors if the chief legal officer or CEO does not appropriately respond to the evidence.
- Prohibition on Insider Trading During Benefit Plan Blackout Periods
The 2002 Act prohibits directors and executive officers from purchasing or selling any equity security of the company acquired in connection with his or her employment during any "blackout period." Subject to certain exceptions, a "blackout period" means any period of more than three consecutive business days in which the ability of 50% or more of the participants of the company's "individual account plans" to buy or sell equity securities of the company in such plans is temporarily suspended. The 2002 Act requires that effective January 26, 2003 companies provide notice of such blackout periods to directors and executive officers, as well as to the SEC. Profits realized on prohibited trades must be disgorged to the company, and shareholders may bring derivative suits to enforce this penalty.
Additional requirements of the 2002 Act including amendments to ERISA and other employee benefits related changes will be the subject of a separate Corporate Alert specifically detailing those requirements.
- Corporate and Criminal Fraud Accountability
The 2002 Act provides for a new act titled "Corporate and Criminal Fraud Accountability Act of 2002" (the "CCFA Act") which amends Federal criminal law to:
- prohibit any person from knowingly altering, destroying, mutilating, concealing, covering up, falsifying or making a false entry in any records with the intent to impede, obstruct or influence an investigation in a matter within the jurisdiction of any Federal agency or under any federal bankruptcy case.
- prohibit an auditor from knowingly or willfully failing to maintain for a five-year period all audit or review work papers pertaining to a public company. Although it is a crime not to maintain such work papers for at least five years, the 2002 Act requires auditors to maintain work papers for seven years.
- Bankruptcy Law Amendments
The CCFA Act amends the Federal Bankruptcy Code to make non-dischargeable in bankruptcy certain debts that result from a violation relating to Federal or state securities laws or common law fraud, deceit or manipulation in connection with the sale or purchase of securities. The amended section of the Bankruptcy Code applies only to individual debtors and not to corporations or partnerships.
Since the securities laws apply to securities of privately held companies, as well as publicly held companies, individuals violating the securities laws will be subject to this restriction irrespective of whether the securities are issued by a company that is registered under the 1934 Act. It should be noted that a violation of the securities laws can occur as a result of technical violations of registration provisions, broker dealer regulations, margin rules, etc., and the language does not appear to be confined to securities fraud rules, even though that is the title of the applicable section of the 2002 Act.
- Judicial Code Amendments
The CCFA Act amends the Federal judicial code to permit a private right of action for a securities-fraud claim to be brought not later than the earlier of: (i) five years after the violation; or (ii) two years after discovery of the facts constituting the violation.
- Sentencing Guideline Amendments
The CCFA Act directs the United States Sentencing Commission to review and amend Federal sentencing guidelines to ensure that the offense levels, existing enhancements, and/or offense characteristics are sufficient to deter and punish violations involving obstruction of justice, criminal fraud, fraud and other crimes taking into account the number of victims and otherwise are sufficient to deter and punish that activity.
- Prohibition Against Retaliation
The CCFA Act prohibits a public company from discharging or otherwise discriminating against an employee because of any lawful act done by the employee to:
- assist in an investigation by Federal regulators, Congress or supervisors regarding any conduct which the employee reasonably believes constitutes a violation of securities laws, SEC violations or securities fraud; or
- file or participate in a proceeding relating to fraud against shareholders. This provision became effective upon enactment of the CCFA.
- White Collar Criminal Penalty Enhancements
- Attempts and Conspiracies to Commit Criminal Fraud
The 2002 Act provides that attempts and conspiracies to commit violations of mail fraud statutes will be subject to the same penalties as would apply to the actual violation.
- Criminal Penalties for Mail and Wire Fraud
The 2002 Act increases the maximum prison sentence for mail and wire fraud from five years to 20 years.
- Increased Criminal Penalties for ERISA Violations
The 2002 Act increases criminal penalties for violation of reporting and disclosure requirements under ERISA . Fines or penalties against individuals may now be up to $100,000 or 10 years in prison. Fines against corporations may now be up to $500,000.
- Sentencing Guidelines
The 2002 Act directs the U.S. Sentencing Commission, no later than January 26, 2003, to review and, as appropriate, amend the Federal Sentencing Guidelines and related policy statements to implement the 2002 Act's criminal penalty provisions.
- Establishment of Fund for the Benefit of Victims of Securities Violations
The SEC was authorized to establish and administer a disgorgement fund for the benefit of victims of securities law violations. If the SEC obtains an order requiring disgorgement against any person, or an agreement related to disgorgement for violating the securities laws or regulations or a civil penalty the disgorgement or penalty shall become part of the disgorgement fund for the benefit of victims of the violation.
- Corporate Fraud/Accountability
- Alteration of Documents
The 2002 Act makes the knowing destruction, alteration, concealment or falsification with the intent to impede, obstruct or influence official investigations or proceedings punishable by fines and imprisonment of up to 20 years, or both.
- Improper Influence on Conduct of Audits
The 2002 Act makes it unlawful for any officer or director of a public company or any other person acting on their behalf to take any action to fraudulently influence, coerce, manipulate or mislead any independent auditor auditing the company's financial statements for the purpose of rendering the financial statements materially misleading. The SEC is required to adopt final rules for implementing this prohibition not later than April 26, 2003.
- Forfeiture of Certain Bonuses and Profits
If a public company is required to restate its financial statements due to material non-compliance with any financial reporting requirements imposed by the securities laws, as a result of misconduct, the 2002 Act requires that the CEO and CFO reimburse the public company for any bonus or other incentive based compensation received by that person during the 12 month period following the first public issuance or filing with the SEC (whichever first occurs) of the financial document embodying such financial reporting requirement and any profits realized form the sale of securities of the company during that 12 month period.
- Temporary Freezes of Payments to Officers, Directors and Other Employees
When it appears likely to the SEC, during the course of a lawful investigation, that a company is about to make extraordinary payments to officers, directors, other employees or agents, the SEC may petition a Federal court for a temporary order requiring that the payments be placed in escrow under court supervision in an interest-bearing account for 45 days. The temporary order may be issued only after notice and opportunity for a hearing, unless the court determines that notice and hearing would be impracticable and contrary to the public interest. The period of time for which funds may be held in escrow may be increased by up to 45 additional days (for a total of 90 days) on order of the court for good cause shown. However, if the company is charged with a securities law violation before the funds are released from escrow, the escrow will continue until the conclusion of any related legal proceedings, subject to court approval.
- Sentencing Commission Review
The 2002 Act requires the U.S. Sentencing Commission to review sentencing guidelines applicable to securities and accounting fraud and related offenses and consider promulgation of amendments by January 26, 2003 to provide an enhancement for officers and directors of publicly traded corporations who commit fraud and related offenses under detailed standards.
- Prohibitions on Securities Law Violators Serving as Officers and Directors
The 2002 Act authorizes the SEC to prohibit persons who are the subject of a cease and desist order under either the 1933 Act or the 1934 Act from serving as officers or directors of any public company if the person's conduct demonstrates unfitness to serve.
- Increased Penalties for 1934 Act Violations
The 2002 Act increased the maximum penalties for individuals who willfully violate any provision of the 1934 Act to $5 million from $1 million and imprisonment of up to 20 years from 10. The maximum penalty for corporate violations was increased to $25 million from $2.5 million.
- Retaliation Against Informants
Current criminal statutes impose criminal penalties on any person who kills or causes bodily injury to witnesses, victims, or informants in official proceedings. The 2002 Act now imposes penalties on any person, intending to retaliate, by taking any action harmful to any other person, including interference with the lawful employment or livelihood of the person, for providing to a law enforcement officer any truthful information relating to the SEC or possible commission of any Federal offense. Penalties for violations of these provisions of the 2002 Act include imprisonment of up to 10 years.
- Extension of Statute of Limitations
The 2002 Act extends the statute of limitations for a private right of action that "involves a claim of fraud, deceit, manipulation, or contrivance in contravention of a regulatory requirement concerning the securities laws, as defined in the 1934 Act to the earlier of two years after discovery of facts or five years after the occurrence of the alleged violation (versus the current one and three rule, respectively). The change applies to all actions that are commenced on or after July 30, 2002. Arguably, the effect of this provision is to extend the statute of limitations for prior acts of securities fraud so long as the suit has not been filed to date.
- Analyst Conflicts of Interest
The 2002 Act requires the SEC or upon the direction of the SEC, the Exchanges and NASDAQ, to adopt by July 30, 2003, rules designed to address conflicts of interest that arise when securities analysts "recommend" securities.
- Sense of the U.S. Senate Regarding Tax Returns
The 2002 Act states that it is the sense of the U.S. Senate that the Federal income tax return of a company, regardless of whether the company is a public company, should be signed by the CEO of such company.