SEC Proposes Rules to Implement Sarbanes-Oxley's Audit Committee Independence Requirements

01.18.2003

Updates

Last week, the SEC released proposed rules to implement the audit committee independence and whistleblower provisions of Section 301 of the Sarbanes-Oxley Act of 2002. Sarbanes-Oxley (Sec. 301) requires the SEC to adopt final rules by April 26, 2003, directing all national securities exchanges and national securities associations (SROs), including NYSE and Nasdaq, to prohibit the listing of any security of an issuer that is not in compliance with the audit committee requirements set out in Section 301. The proposed rules cover:

Independence requirements for audit committee members;
Audit committee authority over the audit process;
Audit committee authority to engage outside advisors; and
Whistleblower procedures for accounting and auditing matters.

Unlike this week's SEC action, these will not be effective until closer to April 26; the SEC is accepting public comment on the proposed rules through February 18, 2003.

Timing of the Proposed Rules: One-Year Phase-In

The proposed rules apply to domestic and foreign companies of all sizes, including small business issuers, traded on a national securities exchange or Nasdaq, and to closed-end and exchange-traded open-end investment companies. The proposed rules do not apply to companies whose securities are quoted on the OTC Bulletin Board or in the Pink Sheets or Yellow Sheets, or to asset-backed issuers and exchange-traded unit investment trusts. The provisions applicable to investment companies differ from those applicable to non-investment companies and are not discussed in this Update.

Under the proposed rules, within 60 days after the SEC's final Section 301 rules are published in the Federal Register, NYSE, Nasdaq and other SROs will be required to submit to the SEC for approval new listing standards that conform to the final Section 301 rules. The SEC's proposed rules provide that the SROs' new listing standards must be operative no later than one year after the SEC's final Section 301 rules are published.

Independence Requirements for Audit Committee Members: The Two Sarbanes Criteria

The SEC's proposed rules expand on the two basic criteria for audit committee member independence set out in Section 301 of Sarbanes-Oxley.

No Compensation Other Than for Board Service

Under the proposed rules, audit committee members would be barred from accepting any direct or indirect consulting, advisory or other compensatory fee from the company or an affiliate of the company, other than in the member's capacity as a member of the board of directors and any board committee.

Indirect payments include:

Payments to spouses, minor children or stepchildren or children or stepchildren sharing a home with the member, and
Payments to an entity (1) in which an audit committee member is a partner, member or principal or holds a similar position and (2) which provides accounting, consulting, legal, investment banking, financial or other advisory services or any similar services to the company.

No Affiliated Persons: SEC Adopts Standard of "Common Control" and 10% "Safe Harbor"

The second criterion of the independence requirements would preclude any "affiliate" or "affiliated person" of the company or any subsidiary of the company from serving as a member of the company's audit committee.

Who is an "affiliate" or "affiliated person"?

The SEC proposes to define "affiliate" and "affiliated person" in a manner that our readers will find familiar: it is derived from other "affiliate" definitions under the federal securities laws, such as Exchange Act Rule 12b-2 and Securities Act Rule 144:

A person that directly, or indirectly through one or more intermediaries, controls or is controlled by, or is under common control with, the person specified.

The proposed rules clarify that if a member of the company's board is also a director, executive officer, partner, member, principal or designee of an affiliate, that director would be deemed to be an "affiliated person" who is not eligible to serve on the company's audit committee.

What does control mean?

"Control" is defined as "the possession, direct or indirect, of the power to direct or cause the direction of the management and policies of a person, whether through the ownership of voting securities, by contract, or otherwise." Consistent with the interpretation of the terms "affiliate" and "affiliated person" in other contexts, the SEC confirms that whether a person controls a company requires a factual determination based on the consideration of all relevant facts and circumstances, but it also provides a new safe harbor.

The 10% solution: A new safe harbor

Recognizing the difficulty in determining whether someone controls a company, the SEC proposes a new safe harbor under which a person is deemed not to control the company if the person:

Does not beneficially own more than 10% of any class of equity securities of the company,
Is not an executive officer of the company, and
Is not a director of the company.

The SEC emphasizes that a person who falls outside the safe harbor is not necessarily deemed an "affiliated person" and can still rely on a facts and circumstances analysis if the person believes that he or she does not control the company. (The SEC's proposed safe harbor creates some mild definitional confusion, because when read on its own the third prong of the safe harbor literally suggests that no director would qualify for the safe harbor. However, recognizing that the proposed independence standard provides that an audit committee member cannot be an affiliated person "other than in his or her capacity as a member of [the company's board of directors or committee of the board]," it becomes clear this is not the intent of the third prong of the proposed safe harbor. We expect the SEC will clarify this in the final rule.)

Exceptions to Independence Requirements

Section 301 of Sarbanes-Oxley authorizes the SEC to adopt exceptions to the audit committee independence requirements. The proposed rules create the following exceptions:

New public companies (90-day grace period). One member of a company's audit committee may be exempt from the independence requirements for 90 days from the effective date of the company's initial registration statement.
Majority-owned subsidiaries. The SEC proposes an exception from the "affiliated person" requirement for an audit committee member who sits on the board of directors of both a parent and a direct or indirect consolidated majority-owned subsidiary of the parent. So long as the committee member meets all other independence requirements for both the parent and the subsidiary, status as a director of one company will not render the person not independent (as an "affiliated person") as an audit committee member of the other company.
Foreign issuers. Although the SEC's proposed rules apply to foreign companies, the SEC recognizes that some of the proposed requirements may conflict with related requirements in the home jurisdictions of some foreign issuers. The SEC provides limited exceptions to the independence requirements and other provisions of the proposed rules to accommodate these conflicts.

No exception for "exceptional and limited circumstances"

The current listing standards of several SROs, including NYSE, Nasdaq and Amex, contain "exceptional and limited circumstances" exceptions to their audit committee independence requirements. Many companies rely on these exceptions, usually on a temporary basis, to put directors on their audit committees who do not meet the SROs' definition of independence for audit committee purposes. The SEC notes in its proposal that it has not proposed a similar exception. This means that, unless the SEC is persuaded otherwise before it adopts its final rules, the "exceptional and limited circumstances" exception will no longer be available to companies with respect to the Section 301 rules. However, if an SRO imposes more stringent independence requirements than those mandated by the Section 301 rules, the SRO could provide an "exceptional and limited circumstances" exception to those additional requirements. For example, the rules proposed by Nasdaq last fall include an "exceptional and limited circumstances" exception for an audit committee member who does not satisfy the general Nasdaq independence standards for directors, but does satisfy the additional audit committee independence requirements mandated by Sarbanes-Oxley.

No case-by-case waivers

The SEC noted in its proposing release that it does not currently intend to entertain exceptions or waivers for particular relationships on a case-by-case basis, although the proposed rules and Sarbanes-Oxley grant the SEC authority to do so.

Disclosure of reliance on exceptions and identification of audit committee

A company that relies on one of the independence exceptions enumerated above (new public companies, majority-owned subsidiaries and foreign issuers) will be required to disclose that fact in the company's annual report on Form 10-K and proxy statement. The disclosure must include an assessment of whether, and if so, how, reliance on the exception would materially adversely affect the ability of the company's audit committee to act independently and to satisfy the other requirements set out in the proposed rules. The 10-K disclosure may be incorporated by reference from a company's proxy statement.

The proposed rules also require disclosure of the members of the audit committee to be included or incorporated by reference in the company's annual report on Form 10-K.

Support for Additional Listing Standards Regarding Audit Committees

The SEC expresses support in the proposed rules for the more detailed proposals from some SROs, such as Nasdaq and NYSE, designed to ensure appropriate levels of independence and authority for audit committees. The current Nasdaq and NYSE proposals are available for review on their respective Web sites: www.nasdaq.com. Perkins Coie will be publishing Updates discussing the Nasdaq and NYSE proposals as they mature.

Audit Committee Authority Over the Audit Process

The Section 301 proposed rules implement the requirement in Section 301 of Sarbanes-Oxley that a listed company's audit committee be directly responsible for oversight of the audit process. The proposed rules provide that:

Audit committees must be directly responsible for the appointment, compensation, retention and oversight of the work of the independent auditor engaged (including resolution of disagreements between management and the auditor regarding financial reporting) for the purpose of preparing or issuing an audit report or related work or performing other audit, review or attest services for the company, and
The independent auditor must report directly to the audit committee.

The SEC clarifies that these oversight responsibilities include the authority:

To terminate the independent auditor (which the SEC infers from the explicit authority in Sarbanes-Oxley to retain the independent auditor), and
To approve all audit engagement fees and terms and all significant non-audit engagements of the independent auditor (this follows the not-yet-effective requirement in Section 202 of Sarbanes-Oxley that the audit committee pre-approve audit and non-audit services).

Adequate funding must be provided

To further the effectiveness of audit committees in discharging these responsibilities, the proposed rules would require companies to provide for appropriate funding, as determined by their audit committees, for compensation of their outside auditors.

Recommendation or nomination of auditor to shareholders

The SEC points out, and proposes an instruction to its rules, that if a company recommends or nominates an auditor to its shareholders (either voluntarily or as required by the laws of its jurisdiction), the company's audit committee is responsible for making the recommendation or nomination for approval or ratification.

Authority to Engage Advisors

The proposed rules require a company's audit committee to have the authority to engage outside advisors, including counsel, as it determines necessary to carry out its duties. The SEC suggests, for example, that the "advice of outside advisors may be necessary to identify potential conflicts of interest and assess the company's disclosure and other compliance obligations with an independent and critical eye."

Adequate funding must be provided

The proposed rules also require a company to provide for appropriate funding, as determined by the audit committee, to compensate any advisors engaged by the audit committee.

Whistleblower Procedures for Accounting and Auditing Matters

The proposed rules require audit committees to establish formal procedures for receiving complaints that could facilitate disclosure, encourage proper individual conduct or alert the audit committee to possible problems before they have serious consequences. Under the proposed rules, a company's audit committee has responsibility to establish procedures for:

The receipt, retention and treatment of complaints received by the company regarding accounting, internal accounting controls or auditing matters, and
The confidential, anonymous submissions by employees of the company of concerns regarding questionable accounting or auditing matters.

The proposed rules do not mandate specific procedures that must be established, reflecting the SEC's intention to provide companies the flexibility to develop and utilize procedures appropriate for their circumstances.

Exemptions for Multiple Listings by Issuers and Their Controlled Subsidiaries

The proposed rules apply to any listed security, regardless of type, including debt and derivative securities. However, the SEC has proposed exemptions to the proposed rules for issuers and their controlled subsidiaries with multiple listed securities:

Controlled subsidiaries with only non-equity listed securities. Listings of non-equity securities by a direct or indirect majority-owned subsidiary of a parent company are exempt, so long as the parent is subject to the proposed requirements. This may exempt, for example, special purpose financing entities or subsidiaries that are part of a holding company structure in which all the equity securities (other than non-convertible, non-participating preferred securities) are listed by the holding company parent.
Companies with securities listed with multiple SROs. Companies that have securities listed with multiple SROs are only required to comply with the requirements of the SRO on which the company's common equity is listed.

Compliance and an Opportunity to Cure Defects

To ensure compliance with the standards on an ongoing basis, the proposed rules direct the SROs to require a listed company to notify the applicable SRO promptly after an executive officer of the company becomes aware of any material noncompliance by the company with the proposed requirements. The SEC suggests that existing continued listing or maintenance standards and delisting procedures of the SROs suffice as procedures for a company to have an opportunity to cure any defects, as is mandated by Sarbanes-Oxley. However, the SEC expects the SROs to provide definite procedures and time periods for compliance with the proposed requirements to the extent that they do not already do so.

Text of Proposed Rules

This Update is intended only as a summary of the SEC's proposed rules. You can find the full text of the proposed rules at www.sec.gov/rules/proposed/34-47137.htm. You can find discussion of other recent laws and regulations of interest to public companies on our website.