The Sarbanes-Oxley Act of 2002

The Sarbanes-Oxley Act of 2002 has serious implications for Asian companies listed in the US. Here Clifford Chance examines the details of the new law.

In response to public outrage and shaken investor confidence stemming from recent corporate scandals within the United States, the US Congress enacted and on July 30, 2002 President George W. Bush signed, new legislation directed at curbing corporate misconduct. This law, entitled the Sarbanes-Oxley Act of 2002 imposes new disclosure requirements and implements a wide array of accounting and corporate governance reforms, many of which apply to non-US issuers.

In addition to its accounting and governance reforms and disclosure requirements, the Act substantially increases criminal penalties for securities fraud and for destroying documents in anticipation of, or otherwise obstructing, a government investigation.

Some of the Act's provisions applying to non-US companies took effect immediately or automatically within 30 days of enactment (ie August 29, 2002), while others will only go into effect when the SEC, securities exchanges and/or Nasdaq adopt implementing regulations.

Provisions having immediate effect:

Provisions of the Act having immediate effect and likely to impact SEC-registered non-US public companies include:

Certification of Quarterly and Annual Reports:

The Act requires the CEO and CFO of public companies to personally certify, in any quarterly or annual report filed with or submitted to the SEC, that:

  • the signing officer has reviewed the report
  • to the certifying officer's knowledge, the report does not contain an untrue statement of material fact or omit to state a material fact necessary to make the statements contained therein, in light of the circumstances in which they were made, not misleading;
  • to the certifying officer's knowledge, the financial statements and other financial information included in the report fairly present, in all material respects, the financial condition and results of the company;
  • the certifying officer is responsible for establishing and maintaining internal controls designed to ensure that material information regarding the company and its consolidated subsidiaries is made known to them and others within the company;
  • the certifying officer has evaluated the effectiveness of the company's internal controls within the 90 days prior to the date of the report and that the report includes his conclusions with respect to the effectiveness of such internal controls;
  • the certifying officer has disclosed to the company's auditors and audit committee all significant deficiencies with the company's internal controls and any fraud - whether or not material - involving management or other company employees who play a significant role in the company's internal control system;
  • the report discloses any changes that could significantly affect the company's internal controls since the date when such controls where last evaluated.

The penalty for a certifying officer who "knowingly" makes a false certification is a fine of up to US$1,000,000 and up to 10 years imprisonment, while a "wilful" violation can result in a fine of up to US$5,000,000 and a jail term of up to 20 years.

SEC Release No. 34-46300 makes it clear that the certification requirement applies to both SEC-registered US and non-US companies. [1] Non-US companies with fiscal years ending on December 31 will have already filed their annual reports on Form 20-F, however, most SEC registered non-US companies are also required to file Form 6-K reports containing interim results.

On August 27 the SEC approved rules, pertaining to CEO/CFO certification, that are of particular interest to non-US companies. These new rules make it clear that SEC-registered non-US companies must certify the information contained in their annual reports filed with the SEC. [2] However, Forms 6-K and 8-K are not covered under the rules, meaning that SEC-registered non-US companies that submit interim information to the SEC on Form 6-K will not have to provide CEO/CFO certification with respect to such information.

Officer and Director Loans

The Act prohibits US public companies and SEC-registered non-US public companies from extending or arranging, whether directly or through a subsidiary, loans to its officers and directors. [3] The Act includes a "grandfather clause" exempting loans that were in place at the time it was enacted but prohibits any material modification or renewal of such grandfathered loans.

"Whistleblower" Protection

The Act prohibits a public company from terminating, or otherwise taking adverse employment action, against any employee, contractor, subcontractor or agent, in retaliation for providing information to a supervisor or the US government regarding conduct reasonably believed to have violated US antifraud or securities laws.

An employee subject to such action may initiate a proceeding seeking reinstatement, lost pay and special damages including legal fees and costs. How this provision may be applied to non-US public companies is unclear. The jurisdictional issues raised with respect to employees of non-US companies located outside of the US are apparent. Consequently, I anticipate that the application of this provision to non-US public companies will be the subject of future clarification.

Forfeiture of bonus and share trading profits

In the event of an accounting restatement by a public company, resulting from material non-compliance with financial reporting requirements due to misconduct, the CEO and CFO of such company, including an SEC-registered non-US company, are required to reimburse their company for any incentive base compensation received, as well as all profits from the sale of the company's securities, during the 12-month period preceding such restatement.

The Act further empowers the SEC, in connection with an investigation into possible violations of US securities laws, to obtain an order freezing "extraordinary payments" - including compensation payments - to officers, directors and controlling.

Provisions awaiting implementing legislation:

Prohibitions of trading during "blackout" periods

The Act prohibits directors and officers from buying or selling any equity security in their own company during any pension fund "blackout" period relating to that security. A "blackout" period is any period of at least three days where at least half of the participants in a company sponsored pension plan are suspended from transactions in that security. Profits acquired in violation of this rule are recoverable by the company regardless of the intent of the officer of director in question and private actions to recover such profits may be brought by shareholders on behalf of the company.

This provision takes effect 180 days after its enactment. The SEC and US Department of Labor are directed to issue implementing regulations, including appropriate exemptions.

Independent audit committees

The Act directs the SEC to require US national stock exchanges and Nasdaq to prohibit the listing of any public company that does not have an audit committee comprised of independent and autonomous directors. The audit committee is responsible for the appointment, compensation and oversight of the company's auditors and is required to promulgate internal complaint procedures regarding accounting and auditing matters and to pre-approve most audit services. Furthermore, the audit committee must be empowered to engage its own legal and other advisors at company expense.

Members of a company's audit committee are prohibited from accepting any compensation from, or having any affiliation with, the company or any subsidiary of the company, except in their capacity as director. Public companies will be required to disclose in their periodic reports whether the company's audit committee includes at least one member who is a "financial expert"[4] and, in the absence of such an expert member, to disclose its reasons for failing to appoint one.

Section 2(a)(3) of the Act provides that, in the absence of an appointed audit committee, the entire board of directors will be deemed to be members of the audit committee and shall be required to comply with the independence requirements set forth above.

Historically, non-US companies have been exempt from many exchange and Nasdaq requirements regarding audit committees. No such exemption exists under the Act, however. Furthermore, the Act strictly and narrowly defines who can qualify as an "independent director", disqualifying anyone who receives any compensation from the company or is otherwise affiliated with the company or any of its subsidiaries.

Depending upon the interpretation applied to the term "affiliated" this provision could act to disqualify certain directors who might otherwise qualify as independent under the law of a company's jurisdiction of incorporation. As a result, many SEC-registered non-US companies may be required to significantly change the structure of their board of directors by bringing in true outsiders lacking any company affiliation.

New Disclosure Requirements

In addition to its provisions with respect of accounting and corporate governance, the Act imposes the following new disclosure requirements upon SEC-registered companies

"Real time disclosure"

The Act amends the Exchange Act to require public companies to publicly disclose certain information on an expedited basis. The nature of the information that a company must disclose, the deadlines for such disclosure and the extent to which any such disclosure requirement applies to SEC-registered non-US companies will be prescribed by future SEC rules.

Off balance sheet transactions

The Act requires the SEC to issue rules, within 180 days of its enactment, mandating the disclosure of "all material off-balance-sheet transactions as well as relationships of the issuer with unconsolidated entities or other persons that may have a material current or future effect on financial condition."

Pro-forma financial information

The Act directs the SEC to issue rules, within 180 days of its enactment, requiring that any presentation of pro-forma financial information - meaning material not prepared in compliance with US GAAP - in any public disclosure or report filed with the SEC must be reconciled with financial statements prepared in compliance with US GAAP.

Corporate codes of ethics

The Act directs the SEC is to issue rules requiring all SEC-reporting companies to disclose whether they have adopted a code of ethics applicable to their senior officers and to immediately disclose any change to or exemption from such code.

Internal control reports

The Act calls for the SEC to promulgate rules requiring SEC-reporting companies to include, within their annual reports, an "internal control report" setting forth management's responsibilities for establishing and maintaining appropriate internal controls and financial reporting procedures. The company's outside auditor will be required to attest to the accuracy of this report.

Rules Affecting Non-US Advisors to SEC-Registered Companies

In addition to the requirements imposed on SEC-registered non-US companies, the Act also imposes certain requirements upon non-US advisors providing legal and/or accounting services to such companies.

Attorneys appearing and practicing before the SEC

The Act requires that the SEC promulgate standards of professional conduct applicable to attorneys, including in-house counsel and lawyers not admitted in the US, appearing and practicing before the SEC.

Such attorneys shall be required to report to the company's CEO or chief legal counsel "evidence of a material violation of securities law or breach of fiduciary duty or similar violation." In the event that the CEO and/or chief legal counsel fail to respond "appropriately," the attorney is required to report his evidence either to a committee of the board comprised entirely of outside directors or to the entire board.

Auditors of public companies

The Act includes a number of provisions intended to ensure the independence of a public company's auditors. To this end, the Act prohibits auditors of SEC-registered companies - including non-US companies - from providing certain non-audit services to companies that they audit. The Act also requires the rotation of audit partners by prohibiting the lead audit partner or partner responsible for reviewing the audit from performing audit services for a company if such partner has previously done so for each of the past 5 years.

Finally the Act places restrictions upon the freedom of a registered company to employ its former auditors by prohibiting an accounting firm from providing audit services to a company if the CEO, CFO or other high ranking company insider has worked for the accounting firm within the preceding 12 months.

In addition, the Act establishes a self-regulatory oversight board to oversee accounting firms that audit public companies. The board is empowered to conduct periodic examinations and investigations of accounting firms and to initiate enforcement proceedings. Non-US accounting firms that audit SEC-registered non-US companies are expressly required to register with the board.

Exemptions for Non-US Companies

The effectiveness of much of the Act awaits the issuance, by the SEC, of implementing regulations. The SEC indicates that it intends to exempt SEC registered non-US companies from some of the Act's requirements. However, the SEC has not offered guidance, nor is there a consensus among practitioners and commentators, as to which provisions may be subject to such an exemption. As a result, the extent of the impact of the Act upon non-US companies remains unclear and will not become fully apparent for some months.

At least three things are presently clear, however. First, the requirement that the CEO and CFO certify their company's annual reports is applicable to SEC-registered non-US companies.

Second, in the absence of a future SEC rule specifically exempting them, SEC-registered non-US companies are subject to certain other provisions of the Act, such as the prohibition against director and officer loans and the requirement to establish an independent audit committee. Finally, although future SEC rules are likely to offer certain exemptions, non-US companies with shares traded in the US markets will certainly have to comply with a number of the Act's remaining provisions.

William A. McBride is a New York lawyer and a qualified Hong Kong solicitor in Clifford Chance's Asian litigation and dispute resolution practice group. He specialises in litigation/regulation, including US securities and corporate governance matters, and in international arbitration. He is based in Hong Kong and practices throughout Asia.

[1] SEC-registered non-US public companies include any non-US company having shares or depository receipts listed on a US securities exchange or quoted on Nasdaq.

[2] Specifically, the rules require that certification be included in annual reports filed with the SEC on Forms 10-K, 10-KSB, 20-F and 40F as well as in quarterly reports on Forms 10-Q and 10-QSB. Under the rules, non-US private issuers that furnish information to the SEC pursuant to Exchange Act Rule 12g3-2(b) will not be required to provide CEO/CFO certification.

[3] The Act permits an exception, drafted with banks and other financial institutions in mind, for consumer loans made in the ordinary course of business and of the same type and on the same terms made generally available to the public.

[4] The Act directs the SEC to define the term "financial expert" taking into account various enumerated factors.