The Sarbanes-Oxley ‘Ax’

By Ron Marden and Randy Edwards

E-mail Story Print Story

The problem, to a certain degree, is that civil and criminal fines on corporations merely reduce the equity of innocent shareholders, and that a “legal fiction” such as a corporation cannot be put in jail. The sad truth is that unless managers see other managers in handcuffs with some possibility of doing prison time, they’re not likely to adjust their behaviors with respect to accounting. Harsh punishment and swift enforcement will make fraudsters think twice before committing their next crime. Indeed, until the ax falls on a few heads it may take some time before American workers and investors start feeling safe again.

The SEC’s Division of Enforcement

According to Donaldson, for the fiscal year through August 20, 2003, the SEC filed 543 enforcement actions, 147 of which involved financial fraud or reporting violations. During that period, the SEC sought to bar 144 offending corporate executives and directors from holding such positions with publicly traded companies. Furthermore, the SEC is holding accountable not just the companies that engage in fraud, but also the other participants. For example, actions have signified the SEC’s willingness to pursue directors that are reckless in their oversight of management. The SEC has also increasingly designed strategies that take advantage of the creative SOA provisions to return funds to investors that have suffered losses, rather than merely collect those funds for the government.

Looking at the SEC’s Division of Enforcement record for 2002, one finds an unprecedented 598 enforcement actions, an increase of 24% over 2001. These numbers are particularly impressive given that the year was preceded by the destruction of the SEC’s Northeast Regional Office in New York on September 11, 2001. The number of financial fraud and reporting cases was also up substantially, to 163 from 112 a year earlier (Baker and Rhodes 2002).

Given these impressive results, why are additional laws and stricter enforcement needed? Some opponents of the legislation suggest that the recent crackdowns on corporations and executives may actually discourage honest risk-taking. Managers may fear that the SEC will interpret an honest, albeit aggressive, interpretation of GAAP as unacceptable and try to make a public example of them.

But Donaldson has a different perspective: that SOA and other reforms will lead to an environment where honest business and honest risk-taking are encouraged and rewarded. What should be discouraged, and what the SEC is committed to stamping out, are activities that are misleadingly disguised as honest business—for example, business transactions with no substance that are designed to manage earnings or cash flow, or compensation packages that do not really reward superior performance but rather facilitate risk-free additional compensation. The short-term costs of compliance, particularly efforts to improve internal control and corporate governance over financial reporting, should be viewed as an investment. In the long term, the reforms realized from SOA will result in sounder corporate practices and more reliable financial reporting.

The Sarbanes-Oxley ‘Ax’

Several titles of the SOA strengthen the SEC’s ability to obtain meaningful remedies and expand its authority to return funds to harmed investors. Perhaps more important, SOA has added numerous new weapons and criminal sanctions to the SEC’s enforcement arsenal:

• The Corporate Responsibility Act (Title III)
• The Corporate and Criminal Fraud Accountability Act (Title VIII)
• The White-Collar Crime Penalty Enhancements Act of 2002 (Title IX)
• The Corporate Fraud Accountability Act of 2002 (Title XI).

The Corporate Responsibility Act (Title III)

In section 302, Corporate Responsibility for Financial Reports, the CEO and the CFO must prepare a statement to accompany the audit report to certify the “appropriateness of the financial statements and disclosures contained in the periodic report, and that those financial statements and disclosures fairly present, in all material respects, the operations and financial condition of the issuer.” A violation must be knowing and intentional to give rise to liability. Considering that the certification statement starts off with “to the best of my knowledge …,” however, it seems reasonable that any defendant would use the long-standing plausible deniability defense—the “don’t ask, don’t tell” argument.

Perhaps this is what Richard M. Scrushy, the former chairman and CEO of HealthSouth Corporation, thought when he said his top financial executives were the ones responsible for his health-care company’s $2.5 billion accounting fraud. Apparently, Scrushy signed off on fraudulent accounting figures because he “unknowingly” trusted the five CFOs who had served under him. Time will tell if the SEC’s response to his plausible deniability defense prevails in the courts.

On the other hand, is it realistic for the CEO of a multinational corporation to know every detail at every level of the business? Perhaps this is why some CEOs and CFOs have dozens of personnel sign an addendum to the certification, making just about anyone who had anything to do with financial reporting share in the responsibility. Given the severity of the penalties for violating this section of SOA (addressed below under Title IX), it seems reasonable that little has been heard about anyone who has certified a company’s financial statements knowing that they were misstated.

The enforcement of section 305, Officer and Director Bars and Penalties; Equitable Relief (Title III), has implications for corporate executives. If an issuer is required to prepare a restatement due to “material noncompliance” with financial reporting requirements, the CEO and the CFO must reimburse the issuer for any bonus or other incentive-based or equity-based compensation received during the 12 months following the issuance or filing of the noncompliant document and “any profits realized from the sale of securities of the issuer” during that period. In any action brought by the SEC for violation of the securities laws, federal courts are authorized to “grant any equitable relief that may be appropriate or necessary for the benefit of investors.”

Putting more pressure on executives when there are few legal precedents and a good deal of uncertainty may persuade them to be more forthright in their corporate reporting. According to John Bostelman, a lawyer at Sullivan & Cromwell who wrote The Sarbanes-Oxley Deskbook (the bible for securities lawyers), there are plenty of gray areas in the law. For example, he notes that the act’s criminal fraud provisions make a distinction between a CEO who “knowingly” signs off on inaccurate financial statements and one who does so “willfully and knowingly.” The first offense is punishable by up to 10 years in jail and $1 million in fines, while the second could land you 20 years and a $5 million fine. Where the line will be drawn between the two offenses remains to be seen. Bostelman states that a CEO or a CFO who gets incentive pay tied to company performance can be forced to return the cash if the company restates earnings “due to misconduct.” But the law doesn’t say what misconduct is, and has not been tested. Uncertainty like this may lead board members to leave for fear of liability.

Other interesting sections of Title III include section 304, Forfeiture of Certain Bonuses and Profits, and section 305, Officer and Director Bars and Penalties. The SEC may issue an order to prohibit, conditionally or unconditionally, permanently or temporarily, any person who has violated section 10(b) of the 1934 Securities and Exchange Act from acting as an officer or director of an issuer if the SEC has found that such person’s conduct “demonstrates unfitness” to serve as an officer or director of any such issuer. This section has been used in the case of Wesley Colwell, an Enron employee who has agreed to be barred from acting as an officer or director of a public company, and who will pay $300,000 in disgorgement (a well-established, equitable remedy designed to deprive defendants of ill-gotten gains) and prejudgment interest and a civil penalty of $200,000.

Section 308, the Fair Funds for Investors provision, may eventually provide the most benefit to investors. Before SOA, by law, all civil penalties were paid into the U.S. Treasury; however, the Commission has authority, in certain circumstances, to direct civil penalties to defrauded investors. From 2003 to 2002, the SEC used the Fair Funds provision to designate over $1 billion in penalties for distribution to defrauded investors. In the SEC’s case against WorldCom, Inc., the company has agreed to satisfy its civil penalty obligation by paying $500 million in cash and $250 million in stock to defrauded investors. Similar settlements were reached with Merrill Lynch ($80 million), JP Morgan Chase ($135 million), and Citigroup ($120 million).

Section 308 gives the SEC staff incentive to be aggressive in pursuing secondary parties and seeking larger penalties. Thanks to the Fair Funds provision, all of this amount can be made available to harmed investors.

The Corporate and Criminal Fraud Accountability Act (Title VIII)

Anyone who knowingly alters, destroys, mutilates, conceals, covers up, falsifies, or makes a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence the investigation or proper administration of any matter within the jurisdiction of any department or agency of the United States can be fined, imprisoned for up to 20 years, or both (section 802). This increase in penalty may be due in part to the accusations that Andersen employees destroyed a number of potentially relevant workpapers and related documents during the government investigation over the Enron audit.

Furthermore, an auditor is required to maintain all audit or review workpapers for five years from the end of the issuer’s fiscal period. Anyone who knowingly and willfully violates this requirement can be fined, imprisoned for not more than 10 years, or both. The SEC went one step further in requiring auditors to also retain for seven years other audit-related documents, including, but not limited to, memoranda and correspondence containing certain conclusions, opinions, analyses, or financial data.

Section 807 states that anyone who knowingly executes, or attempts to execute, a scheme or artifice to defraud any person in connection with a securities issue or attempts to obtain, by means of false or fraudulent pretenses, representations, promises, money, or property, in connection with the purchase or sale of any security, can be fined, or imprisoned up to 25 years, or both.

The White-Collar Crime Penalty Enhancements Act of 2002 (Title IX)

Section 906 concerns the failure of corporate officers to certify their financial reports (required under section 302, above). Anyone who certifies a statement knowing that the periodic report accompanying the statement does not comply with this section can be fined up to $1 million, imprisoned up to 10 years, or both. Furthermore, anyone who does so “willfully” shall be fined up to $5 million, imprisoned up to 20 years, or both.

The Corporate Fraud Accountability Act of 2002 (Title XI)

Section 1102 of Title XI has additional implications for auditors and corporate officials. Basically, anyone who corruptly alters, destroys, mutilates, or conceals a document with the intent to impair the object’s use in an official proceeding, or otherwise obstructs, influences, or impedes any official proceeding (or attempts to do so), can be fined, imprisoned up to 20 years, or both. The rule for fines and imprisonment under section 1106 jumped from $1 million and up to 10 years to $5 million and up to 20 years. Section 1105, while somewhat less severe, provides the SEC with the authority to prohibit any person who has violated section 10(b) or the rules or regulations from serving as an officer or director of a registered company.

New Issues

Will these amendments to the securities acts have any impact on corporate governance and auditor accountability? Will financial reporting become more transparent? No one knows for sure, but it has raised some issues.

For example, in one of the first legal challenges to SOA, two executives tried to sue the SEC. Henry Yuen, former chief executive of Gemstar-TV Guide International Inc., and Elsie Leung, the company’s former CFO, accused the SEC of illegally withholding more than $37 million in severance payments. The SEC’s authority to freeze the assets of executives derives from SOA Title XI, section 1103, which gives the agency the right to escrow assets of companies and executives under investigation. The plaintiffs’ lawyer, Stanley Arkin, of Arkin Kaplan, says the complaint addresses the “unlawful, arrogant and high-handed conduct” of the SEC toward Yuen and Leung of impounding the money and putting it into escrow, in violation of their constitutional due-process rights.

Writing in the New York Law Journal, Roberta Karmel, a former SEC commissioner, said that the SEC is engaging in extremely aggressive enforcement actions, behaving much like it did in the wake of the insider trading scandals of the late 1970s. She adds that the SEC has a lot more power because of SOA and the current political climate in which accused companies are presumed to be guilty.

According to SEC Commissioner Cynthia Glassman in Fortune, some small companies, including small banks, are avoiding public offerings or going private to avoid having to comply with SOA. And in a survey of readers of the journal Chief Executive, an overwhelming 82% of the CEOs polled believe it’s better to be private than public.

Perhaps the biggest unknown is whether SOA’s benefits will ultimately outweigh the significant compliance costs. The Johnsson Group, a Chicago consulting firm, estimates SOA will add $3 million to $8 million in annual compliance costs for Fortune 500 companies. Another study, by the law firm Foley & Lardner, indicated that medium-size public companies are paying an average of 90% more, or nearly $2.5 million a year, in compliance costs, compared with $1.3 million before SOA took effect. And according to the Financial Executives Institute (FEI), just complying with section 404 of the Act will cost an average of 62% more than previously anticipated, from a 109% rise in internal costs, a 42% jump in external costs, and a 40% increase in the fees charged by external auditors (PR Newswire, 2004). The difficulty with trying to weigh the costs with the benefits is that no one will really know for some time if the new law actually prevents fraud.

Sharpening the Ax

When corporate fraud occurs, enforcement can come from multiple sources, including the SEC, state and federal prosecutors, and class-action lawsuits by private plaintiffs. Up until now, the SEC has been able to bring civil suits against companies and individuals that commit fraud, and impose fines and bar individuals from serving as corporate officers or directors. But the SEC hasn’t had to put anyone behind bars, and that’s where SOA will have an impact. According to Stephen Cutler, director of SEC enforcement, one of SOA’s eventual successes may be that it has enhanced criminal sanctions and that enforcement is being aggressively pursued. Serving one year in prison if cooperating with an SEC investigation versus as many as 20 years if not places a great deal of pressure on potential defendants.

A sharpened enforcement ax should go a long way in today’s “it’s not how you play the game, it’s whether you win or lose” environment. Not every business should be nervous. Honest companies should fear neither SOA nor its enforcement. SOA’s approach of improving standards and taking stricter measures in their enforcement is the right thing to do and should ultimately reattract capital and investment. This will be accomplished only by making companies live up to the spirit of the law.

In other words, simply complying with the letter of law will no longer be enough. Corporate leaders must strive to do the right thing, in disclosure, in governance, and otherwise in their businesses, and instill this attitude in everyone working in their organization. If they don’t, more than just a few heads will be rolling off the chopping block.