12 directors & boards L ast year we graded the SEC’s performance in 2006, and came out with a harsh critique. This year, we are more optimistic, although it is a cautious optimism. We note two trends driving the SEC. The first is its continued move to clarify and simplify Sarbanes-Oxley — a law that continues to cause grief more than six years after tak- ing effect. Unfortunately, many of these reforms still do not go far enough, or the SEC’s attempted clarifications served to inject new ambiguity into an already complicated process. The second is the increasing attention paid to global issues. There are signs that the SEC is finally coming to terms with the increasingly globalized marketplace, and taking note of rising rival markets and their regulator counterparts. This made it a year of many proposed changes, many of them positive, most of them as-yet unfulfilled. 1. Aborted “Terror Tool” F In perhaps the most bizarre move of 2007, the SEC created (and quickly disassembled) a “terror tool” on its Web site that was supposed to provide information on which companies did business with or in the coun- tries on the State Department’s list of state spon- sors of terrorism. The tool listed the name of each country on the State Department’s terror watch list; each country name linked to a list of companies doing business with that country; each company name linked to the portion of the annual report discussing operations in that countr y. The Web tool, unveiled last June, came under almost imme- diate criticism from multiple sectors, uniting both business groups and humanitarian groups in their opposition to the SEC’s tactics. Corporations listing on American exchanges have been re- quired to disclose their ties to states on the terror watch list for years. The SEC’s tool was designed to eliminate the need to comb through numerous filings in order to learn which com- panies operate where. However, critics charged the SEC simply compiled a list of companies with the words “Sudan,” “Iran,” “North Korea,” “Syria” or “Cuba” in their annual reports. (The SEC, in the news release issued when it withdrew the Web site, denied that it had simply conducted a word search without regard for context.) The resulting tool, critics charged, was misleading to investors. For example, a company reporting that it had withdrawn from Cuba, a company that reported providing medical supplies to refugee camps in Sudan, and a company with oil contracts in Iran, would each be identi- fied as doing business with sanctioned countries, even though the level and nature of involvement is starkly different. Crit- ics were also concerned that some companies had withdrawn from the countries in question since their last annual report, leaving the information on the Web site outdated. On July 20, less than a month after unveiling the tool, the SEC pulled it from its Web site. Chairman Christopher Cox announced that the tool would be with- drawn until it could be reconfigured to address the concerns; but he noted that the use of data tags in annual reports — a technological initiative the SEC has been pushing for the last few years — might obviate the need for such a tool at all. In November 2007, the SEC revived the issue for commentary, asking whether the commission should “develop mecha- nisms to facilitate greater access to com- panies’ disclosures concerning their busi- ness activities” in or with countries on the State Department’s terror watch list. This unusual, and ultimately ill-fated, initiative is an instance of SEC over- reaching in 2007. The SEC seems to SEC Report Card 2007 The commission tackled proxy access, Sarbanes-Oxley refinements, terrorism ties, securities markets globalization, and other business and financial-reporting developments. How did it measure up? By Ralph Ferrara, Riva Khoshaba parker, and Joseph J. migas Ralph C. Ferrara (pictured) is managing partner of the Washington, D.C., office of Dewey & LeBoeuf LLP and for- mer general counsel of the Securities and Exchange Com- mission. Riva Khoshaba Parker and Joseph J. Migas are associates in the Washington office of Dewey & LeBoeuf (www.deweyleboeuf.com).Continued on page 55 REgulato Ry ovER sight ExEcutiv E c omp Ensation annual report 2008 55 confuse its role as a market regulator — one that involves es- tablishing rules, including required disclosures, and policing their compliance — with a more normative role that seeks to make qualitative judgments about (otherwise legal) activi- ties in an effort to “name and shame” companies. The SEC, as a market regulator, does not have a foreign policy agen- da and lacks the expertise needed to make qualitative judg- ments about a company’s foreign operations. It should leave this area of operations to those best equipped to deal with it — the State Department, OFAC, and the nongovernmental organizations whose mission is to make qualitative judgments about good and bad business practices. Investors concerned about this issue already have access to the information using the SEC’s Edgar tool to search disclosures already contained within company filings. The less-than-one-month duration of the tool indicates just how much an ill-conceived idea it was. An “F.” 2. New rules on reserves reporting forthcoming C The SEC has signaled that it may update its re- serves reporting requirements, at long last heeding objections from the extractives industries that its methodology was outdated, geared towards Texas- style oil fields (which differ in shape and composition from many fields around the world), and did not take into account the considerable technological advances that had taken place in drilling and extraction since the rules were formulated in 1978. The current methodology is widely considered to under- report a company’s reserves, and is more restrictive than pre- vailing rules worldwide. In a rare, and welcome, sign of humil- ity, the SEC has voted to issue a concept release for updating such rules, and seeks public comment on whether to allow companies to adopt a more flexible approach for estimating reserves, using different technologies, and possibly a differ- ent pricing model. The SEC also seeks comments on whether reserves estimates should be independently confirmed by a third party. Although no changes have yet been made, it is refreshing that the SEC has finally tuned in to what specialists have long complained about: that a reporting system in place 30 years ago is antiquated and inaccurate when it comes to giving inves- tors a true valuation of a company’s assets in an increasingly technology-driven and global industry. The move to reevalu- ate the reserves reporting process, after more than a decade of deafness, earns the SEC a “C” for effort; we will grade the final exam next year. 3. Moving from U.S. to international accounting standards A + Currently, the SEC requires that compa- nies repor t their financials according to the U.S. Generally Accepted Accounting Principles, or GAAP. Foreign companies are usually re- quired to follow International Financial Reporting Standards, or IFRS, in their home jurisdictions, and had to undertake a complicated and sometimes costly reconciliation with U.S. GAAP. In a move that recognizes the increasingly competitive global landscape for securities, Chairman Cox eliminated the reconciliation requirement for foreign companies trading in the U.S. This move will begin to rehabilitate the increasingly pervasive image that U.S. markets carry unwieldy regulatory burdens relative to other highly attractive markets, such as concerned about the diversity of shareholder interests. They are reluctant to give more leverage to aggressive, high-profile investors with short-term financial goals and questionable commitment to the business enterprise. At the same time, responsible, long-term investors rightfully demand a voice in decisions affecting the future of their investment. By defini- tion, an advisory vote is both non-binding and self-limiting. It offers a referendum on compensation, not a forum for ac- tivism or change of control. Advisory votes are not designed to encourage opportunistic short-term strategies, but to sup- port basic corporate governance standards that strengthen economic performance, reward appropriate risk-taking, increase director accountability, and protect the long-term interests of shareholders. 10. Aren’t shareholders expecting too much from compensa- tion disclosure and the advisory vote? Should the CD&A be retrospective or prospective, short-term or long-term, defen- sive or proactive? These questions are being asked by both companies and shareholders as they deal with the complex legal and technical requirements imposed by the SEC disclo- sure rules. While the attention of the SEC staff is focused pri- marily on issues of materiality in pay decisions for the report- ing year, shareholders are equally concerned about the ways in which compensation aligns with business strategy and drives long-term performance. Companies face the admittedly diffi- cult task of both complying with detailed rules and explaining how their decisions serve the long-term interests of owners. The hope is that the SEC and companies will find the right balance of disclosure and narrative that best enables share- holders to evaluate each company’s executive compensation program on the merits. ■ The author can be contacted at email@example.com. R Egulato Ry ovER sight SEC Report Card Continued from page 12 REgulato Ry ovER sight 56 directors & boards London and Hong Kong. The SEC also proposed allowing U.S. companies to choose whether to file under GAAP or IFRS. The move away from U.S. GAAP is significant in two re- spects: first, it recognizes a global rejection of GAAP; and sec- ond, by allowing U.S. companies to file using IFRS, the SEC would avoid giving foreign companies the advantage that the more flexible IFRS would allow. More importantly, it indicates that the SEC is moving towards a truly global accounting stan- dard — welcome news in the increasingly global marketplace. If it follows through on this effort, the SEC will have earned itself an “A+.” 4. Shift towards more global awareness A Allowing companies to choose between IFRS and GAAP is just one (albeit significant) initiative that indicates that the SEC is increasingly opening itself to a global paradigm. The SEC approved the merger of New York Stock Exchange parent NYSE Group Inc. and the Euro- pean exchange operator Euronext NV. The SEC has also floated the idea that it will consider allowing foreign brokers to service U.S. investors without requir- ing them to register in the U.S., provided their home jurisdiction’s regime is “sub- stantively comparable” to the SEC’s. The SEC also announced its plans to open an overseas office in London or Brussels, and potentially in Asia as well. All these increasingly global moves indicate an SEC that has embarked on a new era of cooperation with its counterparts in for- eign jurisdictions. But it also indicates an agency willing at last to recognize the legitimacy and effectiveness of foreign regulators and different (if “substan- tively comparable”) regulatory regimes. The move towards globalization indi- cates that cooperation among regulators is only likely to increase, and companies must continue to be mindful of the risks, as well as benefits, of operating in a global economy. The SEC’s embrace of globalization earns it another “A.” 5. Shareholder proxy access B Throughout 2007, one controversy plaguing the SEC was whether shareholders, in certain circum- stances, should be entitled to nominate candidates for director and have that nomination included in proxy materials. The issue was thrown in sharp relief when a federal court, disregarding the SEC’s historical practice of allowing the issuer to disregard the nominations, ruled that the issuer could only exclude shareholder nominations in lim- ited circumstances. The SEC decided it would clarify the rule, but the commission was split along party lines as to whether shareholders should be able to nominate their candidates. The two Democrats favored a rule that would allow shareholder nominees; the two Republicans (minus the third Republican, Chairman Cox) favored a rule that would allow issuers to dis- regard the nomination. It soon became apparent that Cox, famous for the consensus-driven leadership style that had led to unanimous commission decisions, was unlikely to bridge the gap between the two entrenched positions. With Cox as the swing vote, it seemed he would certainly have to abandon his conciliatory approach and choose sides. He did. He voted for both rules. It was not immediately clear how this bewildering approach would allow Cox to keep his promise of having a rule in place for the 2008 proxy season. The quandary was resolved with the serendipitous resignation of the two Democratic commissioners. In Febru- ary 2008, the Republican commission- ers passed the rule they had favored all along, allowing issuers to disregard shareholder nominees except in limited circumstances. Cox’s determination to clarify the law prior to the proxy sea- son, and his diplomatic handling of the commissioners’ disagreement, earns the SEC a “B.” 6. Reigning in enforcement settlements C In april 2007, Cox announced that the commission would re- quire SEC Enforcement Staff (“staff ”) to obtain authoriza- tion before commencing settlement negotiations involving a monetary pen- alty. Prior to this change, staff typically brought enforcement recommendations to the commission in two manners: it either proposed a settlement already reached with the defendant, supported by staff memorandum describing evi- dence and legal issues and recommend- ing authorization of settlement; or it recommended non-settlement, along with staff memorandum and the defendant’s Wells submission. The commission could accept, modify, or reject the staff ’s recommendation and com- municate its policy view (concerning the broader issues, not just the pending enforcement action) through its actions. The new policy articulated by the chairman appears to require the staff to seek authorization to negotiate corporate monetary penalties within a specified dollar range (and seek additional authority if necessary during the course of negotiations). It is not clear how much information commissioners will have concerning the pending enforcement matter in deciding whether to autho- rize negotiations. Nor is it clear whether the staff will provide commissioners with defendants’ Wells submissions to ensure they have a balanced view of the case. It is not even clear why SEC Chairman Christopher Cox: The commis- sion “should be careful to stave off any hasty rulemaking” say the authors. PHoTo: ASSoCIATED PRESS REgulato Ry ovER sight annual report 2008 57 the commission decided to abandon the existing process. One thing that is clear, however, is that the commission has decided — for reasons un- known — to curtail the discretion of the staff. On the one hand, some welcome the increased com- mission involvement; on the other hand, it creates a backlog in enforcement actions and slows down final resolution. This mixed bag earns a “C.” 7. Clarification of “materiality” in financial statements B + The federal securities regulato- ry scheme relies on disclosure of all material information, but reason- able people can disagree on whether certain information is “material.” The question of materiality is one that many issuers face when de- termining whether they should — or must — issue a restate- ment. The increasing number of restatements in recent years demonstrates that we are further from a clear understanding than we were in 1999, when the SEC issued Staff Accounting Bulletin 99 (“SAB 99”) on materiality. In 2007, the SEC began to study this issue, tasking the Advisory Committee for Im- provements to Financial Reporting with determining whether the increase in restatements was due to an overly-broad inter- pretation of materiality which encompassed information that investors would not consider important (and therefore should not lead to a restatement). If so, the committee was to suggest appropriate reforms to the definition of materiality. One improvement is already evident. While SAB 99 was a behind-closed-doors determination (by the staff, not the com- mission) of “materiality” with no public input, the advisory committee solicited public comment, the proper consider- ation of which will hopefully produce a more workable defi- nition that gets back to the basic principle of materiality that the Supreme Court had identified — such information that a reasonable investor is substantially likely to consider to have altered the total mix of information made available. In Febru- ary 2008, the advisory committee did recommend additional guidance, and noted the need to address materiality from an investors’ perspective. We are still waiting to see what becomes of this initiative. The commission certainly scores points for reexamining “materiality,” but for companies making daily de- cisions about what is or is not material, and whether to issue restatements, it would do well to move faster. “B+”. 8. Considering a professional judgments safe harbor A Consistent with its consideration of a move away from a detailed rules-based compliance stan- dards (such as currently required by GAAP) towards a principles-based approach to financial reporting, the Draft Report of the Advisory Committee for Improve- ments to Financial Reporting recommended that the SEC and the Public Company Acco u n t i n g O ve r s i g h t Board (PCAOB) create w h a t h a s b e en ter m e d colloquially a “profes- s i o n a l j u d g m e n t s a f e har bor.” The adv isor y com m i t te e’s prop o s a l l o o k s a t t h e n e e d t o d e f e r t o p ro f e s s i o n a l ju d g m e n t s i n t h e a c- counting arena, includ- i n g t h e ju d g m e n t o n “ t h e c h o i c e a n d a p- plication of account- ing principles, as well as the est imates and evaluation of evidence related to the application of an accounting principle.” In order to rely on the safe harbor framework, companies must be able to demonstrate “a disciplined process, including the identifica- tion of available alternatives, analysis of the relevant literature, review of the pertinent facts, and a well-reasoned explanation of the conclusions — all documented contemporaneously with the making of the accounting judgment.” This safe har- bor would smooth the transition from a rules-based approach — which employs a check-the-box approach to accounting — to the potentially more informative, if more regulatory risky, principles-based approach. An “A.” 9. Sarbanes-Oxley 404 reforms I: Clarification of internal controls auditing standards A - Sarbanes-Oxley Section 404 requires company management to assess and report on the effec- tiveness of the company’s internal controls over financial reporting. Companies’ independent au- ditors, in turn, are also required to attest to management’s disclosures regarding the effectiveness of those internal con- trols. Initially, the PCAOB adopted Auditing Standard No. 2 to govern Section 404 audits. In 2007, the PCAOB replaced AS2 with Auditing Standard No. 5 — An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements (“AS5”). Although, strictly speaking, the replacement of AS2 with AS5 was a PCAOB, and not an SEC, initiative, it is too significant to be overlooked in this article. AS5 clarified, and streamlined, the implementation of Sar- banes-Oxley’s requirement for auditing of internal controls. The new rule allows for the reemergence of independent audi- tors’ professional judgment; scales the audits to fit the circum- stances, rather than allowing for the one-size-fits-all approach; and focuses auditors on high-risk areas. Where AS2 was viewed as limiting independent auditors’ exercise of professional judgment by setting forth mandatory requirements for conducting the audit of internal control, AS5 REgulato Ry ovER sight 58 directors & boards permits the auditor to refocus its audit on the areas where, in the auditor’s judgment, there are the most significant risks. The SEC has indicated that it believes AS5 will promote a more meaningful dialogue among management, audit com- mittees, and independent auditors concerning matters of risk and materiality, as opposed to a “checklist” approach to Sec- tion 404 audits. A major criticism of AS2 was the lack of flexibility in its application to small or less complex companies. AS5 now pro- vides for “scalable” audits that take into consideration the size and complexity of the issuer. Significantly, AS5 as adopted also recognizes that even large companies may have areas that are less complex and suited, under appropriate circumstances, for application of “scaling concepts.” AS5 clarifies that the Section 404 audit’s focus is on the ef- fectiveness of a company’s internal control over financial re- porting, and clearly directs auditors to focus on areas present- ing the highest risk and those most likely to result in material misstatements. In a nonexhaustive list, the SEC identifies these areas as: (1) Controls over significant transactions, particularly those result- ing in late or unusual journal entries; (2) Controls over related-party transactions; (3) Controls over management estimates that could have a significant impact on financial statements; and (4) Controls that address pressures on management to inappropriately manage or falsify fi- nancial results. AS5 is a significant im- provement over AS2, although many will likely say that it has not gone far enough. The full impact of the change — and any limitations — will not be fully revealed until companies and auditors have a few years of experience operating under its guidance. Parallel to the PCAOB’s development of AS5, the SEC also issued guidance and rule amendments related to management’s evaluation of inter- nal control over financial reporting. The interpretive guidance is organized around two broad principles. First, that management must evaluate its controls to deter- mine whether there is a risk that a material misstatement of the financial statements would not be prevented or detected in a timely manner. The underlying objective of the interpre- tive guidance is to address this requirement in an efficient and cost-effective manner. Towards that end, the second principle is that management’s evaluation of evidence about the operation of its controls should be driven by an assessment of risk. Risk-based judg- ments must be made in order to align the nature and extent of management’s evaluation procedures with the areas of financial reporting that present the greatest risk of material misstatement. Because it recognized the need for clarification, and because it continues its efforts to ease the burden on companies large and small, the SEC earns an “A-”. 10. Sarbanes-Oxley reforms II: No more clarity on significant deficiency C Under Section 302 of Sarbanes-Oxley, manage- ment is required to certify that it has informed its audit committee and external auditors of all “signifi- cant deficiencies” in internal controls. On August 3, 2007, the SEC approved a new definition of “significant de- ficiency.” Effective September 2007, a “significant deficiency” is “A deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a ma- terial weakness, yet important enough to merit attention by those responsible for oversight of the registrant’s financial reporting.” This new definition is equivalent to the defini- tion of “significant deficiency” contained is AS5, approved by the commission on the same day. Notably — and deliberately — the new definition does not contain a probabil- ity nexus, meaning that it does not dis- tinguish between “significant deficien- cies” that are reasonably likely to occur, likely to occur, or hig hly unlikely to occur. Without this probability nexus, the new definition doesn’t achieve the clarity that the SEC was striving for. A “C” effort at best. Steering forward … and clear of overregulation The SEC has had another busy year w ith mixed — and better — results. L i ke 2 0 0 6 , mu ch o f 2 0 0 7 w a s s p e n t w restling w ith the behemoth that is Sarbanes-Oxley, a law passed in haste in response to an eco- nomic crisis that many felt was the result of regulators sleep- ing at the wheel. As the subprime mortgage crises continues to leech into the rest of the economy, there are new calls for increased oversight and heightened regulation — calls that are reminiscent of those that gave us Sarbanes-Oxley, a legacy which, fully six years after its implementation, we still have not quite come to terms with. Although we recognize that the SEC has limited influence over the laws that Congress passes, it should be careful to avoid the bandwagon cries for greater regulation and enforcement, and do its best to stave off any hasty legislation (or rulemaking) that will prove as unwieldy a legacy as Sarbanes-Oxley. ■ The authors can be contacted at firstname.lastname@example.org, email@example.com, and firstname.lastname@example.org. The subprime mortgage crisis is generating new calls for increased oversight — reminiscent of those that gave us Sarbanes-Oxley.