• Research & Data
• Education
• Consumer Credit & Payments
• Bank Resources
• Community Development

• Newsroom
• Careers
• Publications

Saturday, May 25, 2013

[ – ] Text Size [ + ]  |  Print Page

Home > Bank Resources > Bank Resources Publications > SRC Insights > 2003 > Second Quarter

SRC Insights: Second Quarter 2003

The Sarbanes-Oxley Act of 2002: The Task of Restoring Public Confidence

by Jennifer M. McCune, Examiner and Jacqueline P. Fenton, Assistant Examiner

The constant reporting in news headlines of corporate scandals and failures, and the subsequent revelations regarding a lack of transparency in accounting practices and loose standards of auditor independence, have left the average person wary of investing in public companies. From this chaos has come the most sweeping corporate governance law since 1934—The Sarbanes-Oxley Act of 2002 (the Act). The Act, which is designed to restore confidence in financial presentations, disclosures, and oversight of public companies, was signed into law by President George W. Bush on July 30, 2002. How will this law restore confidence in corporate America, and what does it mean for banking organizations? To answer these questions, this article will address the Act's foremost points.

The Public Company Accounting Oversight Board
Because of the numerous charges of conflicting interests among public companies and their external accountants, the Act established the Public Company Accounting Oversight Board (PCAOB). Although the PCAOB is an independent not-for-profit organization, it is subject to SEC oversight. The four members and the chair will be appointed by the SEC, in consultation with the Secretary of Treasury and the Chairman of the Federal Reserve System. On April 15, 2003, the SEC announced that it had selected William J. McDonough, current President of the Federal Reserve Bank of New York, as its nominee to chair the PCAOB.

The PCAOB is designed to protect the interests of investors in the preparation of accurate and independent external audit reports. As such, it will establish auditing, quality control, ethics, independence, and other standards; register, regulate, oversee, and discipline accounting firms that audit public companies; and enforce compliance with the Act. As a result, accounting firms that prepare audit reports for public companies must register with the PCAOB.

Independence and Corporate Responsibility
In restoring public confidence, one must first look to those who are most accountable for the oversight of a corporation—the board of directors. As such, the Act requires that a majority of a corporation's directors be independent; however, the Act has no requirement that the chairperson be a non-executive of the company. It is important to understand that the Act has not changed the fiduciary responsibilities or other fundamental tenets of corporate law applicable to boards of directors. Likewise, the Act did not weaken the structures that insulate directors from personal liability for non-negligent corporate actions, since without those structures competent people might be discouraged from serving as directors. Instead, the Act imposes greater independence and oversight responsibilities on corporate directors.

Generally, an independent director should have no material relationship with the company (whether directly or as a partner, shareholder, or officer of any organization that has a relationship with the company), and the basis for determining a relationship to be immaterial must be discussed in the corporation's proxy statement. The SEC's final rule 33-8183 provides detailed guidance on the SEC's expanded definitions of independence and lack thereof.¹

To further improve corporate responsibility, the Act requires that each public company have an audit committee composed of independent directors of the company. In order to improve the effectiveness of a company's audit committee, each member of the audit committee must be "financially literate," and at least one member must be an "audit committee financial expert." For many banking organizations, these concepts may not be new since the FDIC has required that audit committee members of banking organizations be independent of management and not "large customers" of the institution. In addition, the FDIC has required that at least two members of the audit committee of large institutions have "banking or financial management expertise."

On January 23, 2003, the SEC released its final rule on "audit committee financial experts" and codes of ethics applicable to the company's principal officers.² The SEC determined that the term "audit committee financial expert" better described the desired characteristics of the member of the audit committee filling that role than did the originally proposed term "financial expert." As defined in the final rule, an "audit committee financial expert" is someone who has:

• an understanding of generally accepted accounting principles and financial statements;
• the ability to assess the general application of such principles in connection with the accounting for estimates, accruals, and reserves;
• experience in preparing, auditing, or analyzing financial statements for generally comparable companies or experience actively supervising one or more persons engaged in such activities;
• an understanding of internal controls and procedures for financial reporting; and
• an understanding of audit committee functions.

The final rules contain guidance to assist companies in determining whether an audit committee member meets the above requirements. In addition, the final rules require that the board of directors disclose annually whether it has at least one audit committee financial expert serving on its audit committee. If there is an audit committee financial expert, his or her name must be disclosed. If there is no audit committee financial expert, the board of directors must explain why.

To further prevent harm to a company from insider misconduct, the Act requires the audit committee to establish a reporting procedure for receiving anonymous employee complaints regarding misconduct. In addition, the Act provides for greater protection for employees who fear retaliation for reporting evidence of fraud.

Other requirements under the Act designed to promote greater independence and corporate responsibility among directors and senior officers include the following.

• Adopting a code of ethics for senior financial officers.
• Requiring senior officers to reimburse the company for any bonuses received if, as a result of that officer's misconduct, the company is required to restate its financial statements due to material noncompliance.
• Restricting trading by directors and executive officers during blackout periods for employees holding company stock in company benefit plans.
• Banning personal loans from public companies to their executive officers and directors that are not made in the ordinary course of business. (Banking organizations will continue to be governed by Regulation O.)

Independence Within the Accounting Profession
The Act also establishes new ground rules for external auditors of public companies, and prohibits an external auditor from providing a number of non-audit services to the public companies it audits. Again, the focus is on maintaining the auditor's independence from the entity that it is auditing. A list of prohibited services appears in Exhibit 1. Of note, the SEC has backed away from restricting auditors from providing tax services.

Although the PCAOB is authorized to adopt rules restricting other types of consulting service, to date it has not done so. However, the audit committee must approve in advance an external auditor providing such non-audit services, and the arrangements must be disclosed in the company's SEC filings.

To further ensure independence from its clients, every five fiscal years an audit firm must rotate both its lead audit partner and the audit partner responsible for reviewing the audit. While there is no requirement that the audit firm be rotated, the NYSE recommends that each audit committee consider whether, in the interest of assuring continuing auditor independence, there should be regular rotation of the audit firm.

Accountability and Disclosure
To enhance transparency and restore investor confidence in financial statements, the Act also places strong emphasis on accountability and disclosure. Section 302 of the Act requires a company's chief executive officer (CEO) and chief financial officer (CFO) to certify the accuracy of financial statements. Among other issues, this certification must indicate that the statements were (i) reviewed by the CEO and CFO, (ii) fairly state the financial condition of the company, and (iii) contain no material misstatements or omissions. The CEO and CFO are also required to certify that an internal control system has been designed, documented, and evaluated for effectiveness, and that any weaknesses have been reported to the audit committee. They must also certify that any fraud—material or immaterial—that involves management or employees who have a significant role in internal controls has been reported to the company's auditors and the audit committee of the board of directors.

Ignorance is not an acceptable defense for violation of these requirements, and certifying officers who violate this section of the Act will face criminal prosecution with punishment of up to 20 years in prison and/or a fine of $5 million.

In addition to financial statement certification, the Act requires the disclosure of numerous items. Disclosure should level the playing field for all investors and better protect employees, pension holders, and investors from management fraud. The list in Exhibit 2 is not all-inclusive, but represents an overview of some of the new areas of disclosure required by the Act.

The required disclosures about off-balance sheet arrangements and aggregate contractual obligations in Exhibit 2 must be made in a separately captioned subsection of the Management's Discussion and Analysis. Disclosures about SPEs should include the nature and business purpose of the arrangement; the financial impact of the arrangement; and any known events, demands, commitments, trends, or uncertainties related to the SPEs.³ To enhance transparency and level the playing field between inside investors and the general public, insider transactions must be disclosed within 2 business days, not within 40 days as previously required. In addition, all financial statements filed with the SEC must reflect all material correcting adjustments identified by a registered public accounting firm in accordance with generally accepted accounting principles and SEC rules and regulations.

Accelerated and new disclosure requirements are not limited to company directors and senior officers, but also apply to securities analysts and attorneys. To address the widespread lack of faith in securities analysts and their research reports, the Act included tougher guidelines for stock research analysts to better ensure honest and unbiased evaluations. Analysts are required to disclose conflicts of interest that may cloud their judgement as well as compensation arrangements based on winning business for their employers.

In addition, attorneys appearing and practicing before the SEC are required to report evidence of a material violation of the securities laws or a breach of fiduciary responsibility to the company's CEO or general counsel. Outside attorneys must take appropriate action when they discover evidence of wrongdoing and can no longer use attorney-client privilege when the best interest of the public may be compromised.

Interagency Regulatory Guidance
The most anticipated regulatory guidance related to the Act within the banking community was released on March 17, 2003 in the Interagency Policy Statement on the Internal Audit Function and Its Outsourcing.⁴ This policy statement emphasizes that each FDIC-insured depository institution with total assets of $500 million or more is required to have an annual audit performed by an independent public accountant and that these institutions must meet the auditor independence requirements under the Act. Therefore, the financial institution must ensure that its external accounting firm remains independent and is not performing any prohibited non-audit services.

Institutions not subject to these laws are encouraged to follow the Act's prohibition regarding internal audit outsourcing. The policy statement does provide guidance for small public companies with less complex operations and limited staff, which, in certain circumstances, can use the same accounting firm to perform both an external audit and some or all of the institution's internal audit activities. When a small non-public institution decides to hire the same firm to perform internal and external audit work, the audit committee and the external auditor should pay particular attention to preserving the independence of both the internal and external audit functions.

Conclusion
As with all effectively developed and implemented corporate policies, the first step in assuring compliance with the Act is to establish a culture of sound business practices and ethics. A company's board of directors and senior management should set the tone regarding the expectations and quality of financial reporting. In doing so, institutions should ensure the independence of the board of directors and internal and external auditors and the adequacy of financial statement disclosures.

Restoring the public's confidence
begins with a return to
corporate integrity.

If you have questions on the application of The Sarbanes-Oxley Act or the Interagency Policy Statement on the Internal Audit Function and Its Outsourcing to your institution, please contact your primary banking regulator. If you are supervised by the Federal Reserve Bank of Philadelphia, please contact your institution's central point of contact or assigned manager at the Reserve Bank. Alternatively, you can contact Jennifer M. McCune at (215) 574-7214 or Jacqueline P. Fenton at (215) 574-6234.

New Supervisory Guidance on Corporate Governance: SR 03-8 and FIL 17-2003

On May 5, 2003, the Federal Reserve Board, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision (the agencies) issued a Statement on Application of Recent Corporate Governance Initiatives to Non-Public Banking Organizations. In general, the agencies do not expect to apply the board composition, director independence, audit committee, auditor independence and other corporate governance requirements of The Sarbanes-Oxley Act of 2002 to non-public organizations that are not otherwise subject to them. Rather, the Statement encourages non-public banking organizations to review their policies and procedures relating to corporate governance and auditing to ensure that they are consistent with applicable law, regulations, and supervisory guidance and are appropriate in light of the institution's size, operations, and resources. The Statement is available in the Board's SR Letter 03-8 of the same name.

On March 5, 2003, the FDIC issued guidance addressing the interrelationships between The Sarbanes-Oxley Act and Part 363 of the FDIC's regulations, which applies to all insured depository institutions with $500 million or more in assets. This guidance is available in the FDIC's Financial Institution Letter 17-2003 Corporate Governance, Audits, and Reporting Requirements .

• ¹ The SEC's January 28, 2003 release 33-8183, Strengthening the Commission's Requirements Regarding Auditor Independence , and subsequent correcting release 33-8183a.
• ² The SEC's January 23, 2003 release 33-8177, Disclosure Required by Sections 406 and 407 of the Sarbanes-Oxley Act of 2002 , and subsequent correcting release 33-8177a.
• ³ The SEC's January 27, 2003 release 33-8182, Disclosure in Management's Discussion and Analysis about Off-Balance Sheet Arrangements and Aggregate Contractual Obligations .
• ⁴ The Interagency Policy Statement on the Internal Audit Function and Its Outsourcing is available as an attachment to SR 03-5, Amended Interagency Guidance on the Internal Audit Function and its Outsourcing .

The views expressed in this article are those of the author and are not necessarily those of this Reserve Bank or the Federal Reserve System.