The US Sarbanes–Oxley Act of 2002: Summary and … control provisions of Sarbanes– Oxley. For...

The US Sarbanes–Oxley Act of 2002:Summary and update for non-US issuers

Alexander F. Cohen* and D. Jamal QaimmaqamiReceived: 26th October, 2004

*Latham & Watkins, 99 Bishopsgate, London EC2M 3XF, UK; Tel: +44(0) 7710 1014;E-mail: [email protected]

Alexander F. Cohen is a partner in the Londonoffice of Latham & Watkins. Latham & Watkinsoperates as a limited liability partnership world-wide with affiliates in the UK and Italy, where thepractice is conducted through an affiliated multi-national partnership.

D. Jamal Qaimmaqami is an associate in theLondon office of Latham & Watkins.

ABSTRACT

KEYWORDS: US Sarbanes–Oxley Act of2002, audit committees, foreign privateissuers, internal control

This paper summarises the key aspects of the USSarbanes–Oxley Act of 2002 (‘the Act’), as itapplies to foreign private issuers. The authors focusfirst on internal control and lay out the requirementsof Section 404 of the Act as well as the PublicCompany Accounting Oversight Board’s AuditingStandard No. 2 (governing internal control audits).The paper also highlights the provisions of the Actcovering central topics such as chief executive and chieffinancial officer certification, non-GAAP financialmeasures, off-balance sheet and other MD&A dis-closure, standards relating to listed company auditcommittees, auditor independence rules, attorneyconduct and liability.

INTRODUCTIONOn 30th July, 2002, President Bush signedthe US Sarbanes–Oxley Act of 2002 (here-inafter ‘the Act’, ‘Sarbanes–Oxley’ or ‘theSarbanes–Oxley Act’) into law. Since that

time, the US Securities and ExchangeCommission (SEC) has issued a host of rulesunder the Act.

Many companies have found it difficultenough coping with the mass of newregulations and requirements that the Acthas spawned. But the largest challenge liesahead — namely, the implementation of theinternal control provisions of Sarbanes–Oxley. For foreign private issuers (a termthat covers most non-US issuers, other thangovernments), those provisions take fulleffect for fiscal years ending on or after 15thJuly, 2005.

This paper will summarise the internalcontrol rules that will take effect in 2005. Itwill also outline the other key portions ofSarbanes–Oxley relevant to foreign privateissuers, as they apply today.

BACKGROUND

Who is subject to Sarbanes–Oxley?The Sarbanes–Oxley Act applies to allissuers — including foreign private issuers— that:

+ have registered securities under the 1934Act;

+ are required to file reports under Section15(d) of the 1934 Act; or

+ have filed a registration statement underthe 1933 Act that has not yet becomeeffective.1

International Journal of Disclosure and Governance Volume 2 Number 1

International Journal ofDisclosure and Governance,Vol. 2, No. 1, 2005, pp. 81–106Henry Stewart Publications,1741–3591

Page 81

This means, for example, that any foreignprivate issuer that has listed its securities inthe United States, or issued securities to thepublic in the United States whether or notit is listed (such as in a registered exchangeoffer for high-yield bonds) is subject to theSarbanes–Oxley Act. A foreign privateissuer that has not sold securities to thepublic in the United States, or that isexempt from Exchange Act registration byvirtue of Exchange Act Rule 12g3-2(b) isnot subject to the requirements of theSarbanes–Oxley Act. Accordingly, when theauthors refer below to ‘issuers’ and ‘foreignprivate issuers’ they mean those companiesthat are subject to Sarbanes–Oxley.

Exceptions for the benefit of foreignprivate issuersThe Sarbanes–Oxley Act does not generallydistinguish between domestic US and for-eign private issuers. In its implementingrules, however, the SEC has made anumber of exceptions for the benefit offoreign private issuers. These include:

+ Internal control implementation date. Asnoted above, the internal control provi-sions of the Act do not take full effectfor foreign private issuers until fiscalyears ending on or after 15th July, 2005.By contrast, domestic US issuers that are‘accelerated filers’ must comply for fiscalyears ending on or after 15th November,2004.

+ Quarterly certifications. Unlike domesticUS issuers, foreign private issuers are notrequired to provide Section 302 or 906certification on a quarterly basis.

+ Non-GAAP financial measures. Foreignprivate issuers that are listed outside theUnited States are exempt in certain casesfrom the restrictions on the use ofnon-GAAP financial measures providedby Regulation G.

+ Audit committee independence. Foreign pri-vate issuers have certain exemptions from

the independence requirements appli-cable to audit committee members. Inaddition, foreign private issuers may havea statutory board of auditors or statutoryauditors established pursuant to homecountry law or listing requirements.

KEY PROVISIONS OF SARBANES–OXLEY AND RELATED SECRULEMAKING

Section 404: Internal control overfinancial reportingSection 404 of Sarbanes–Oxley directs theSEC to issue rules requiring an issuer’sannual report to contain an internal controlreport (1) stating management’s responsi-bility for establishing and maintaining anadequate internal control structure andprocedures for financial reporting and (2)containing an assessment, as of the end ofthe issuer’s most recent fiscal year, of theeffectiveness of the issuer’s internal controlstructure and procedures for financialreporting. In addition, Section 404 requiresan issuer’s independent auditor to attest to,and report on, management’s assessment, inaccordance with standards adopted by theUS Public Company Accounting OversightBoard (PCAOB). (Section 404 provides,however, that the attestation cannot be aseparate engagement of the auditor.)

The SEC has accordingly adopted newRules 13a-15 and 15d-15 under theExchange Act, and new Item 15 of Form20-F, and the PCAOB has adopted Audit-ing Standard No. 2.2

Rules 13a-15 and 15d-15 require a for-eign private issuer:

+ to maintain internal control over finan-cial reporting;3

+ to evaluate (with the participation of thechief executive officer (CEO) and chieffinancial officer (CFO)) the effectivenessof internal control as of the end of eachfiscal year;4 and

The US Sarbanes–Oxley Act of 2002: Summary and update for non-US issuers

Page 82

+ to evaluate (with the participation ofthe CEO and CFO) any change in itsinternal control that occurred during thefiscal year that has materially affected, oris reasonably likely to materially affect,the issuer’s internal control over financialreporting.5

A foreign private issuer must comply withthe above rules in connection with itsannual report on Form 20-F for the firstfiscal year ending on or after 15th July,2005.6

Definition of internal control overfinancial reportingFor the purposes of Rules 13a-15 and 15d-15, and Item 15 of Form 20-F (as well asthe Section 302 certification discussedbelow), ‘internal control over financialreporting’ is defined as a process designedby, or under the supervision of, the issuer’sCEO and CFO, and effected by the issuer’sboard of directors, management and otherpersonnel, to provide reasonable assuranceregarding the reliability of financial report-ing and the preparation of financial state-ments for external purposes in accordancewith generally accepted accounting princi-ples. The term includes those policies andprocedures that:

+ pertain to the maintenance of recordsthat in reasonable detail accurately andfairly reflect the transactions and dispo-sitions of the assets of the issuer;

+ provide reasonable assurance that trans-actions are recorded as necessary to per-mit preparation of financial statementsin accordance with generally acceptedaccounting principles, and that receiptsand expenditures of the issuer are beingmade only in accordance with authori-sations of management and directors ofthe issuer; and

+ provide reasonable assurance regardingprevention or timely detection of un-

authorised acquisition, use or dispositionof the issuer’s assets that could have amaterial effect on the financial state-ments.7

Management’s annual assessment of,and report on, internal control: Item 15of Form 20-FIn an issuer’s annual report on Form 20-F,management must provide a report on theissuer’s internal control over financial report-ing that contains, among other things:8

+ a statement of management’s responsi-bility for establishing and maintainingadequate internal control over financialreporting;

+ a statement identifying the frameworkused by management to evaluate theeffectiveness of the issuer’s internal con-trol over financial reporting;

+ management’s assessment of the effec-tiveness of the issuer’s internal controlover financial reporting as of the end ofthe most recent fiscal year, including astatement as to whether or not theissuer’s internal control over financialreporting is effective. The statementmust also include disclosure of anymaterial weakness in the issuer’s internalcontrol over financial reporting identifiedby management. Management is notpermitted to conclude that the issuer’sinternal control over financial reporting iseffective if there are one or more materialweaknesses in internal control;9 and

+ a statement that the independent auditorthat audited the financial statementsincluded in the annual report has issuedan attestation report on management’sassessment of the issuer’s internal controlover financial reporting (the independentauditor’s attestation report must also beprovided in the annual report).

In addition, a foreign private issuer mustalso include:

Cohen and Qaimmaqami

Page 83

+ an attestation report of the independentauditor on management’s assessment ofthe issuer’s internal control over financialreporting; and

+ disclosure of any change in its internalcontrol that occurred during the fiscalyear that has materially affected, or isreasonably likely to materially affect, theissuer’s internal control over financialreporting.10

With the exception of the disclosure ofchanges in internal control over financialreporting, which took effect as of 14thAugust, 2003, a foreign private issuer neednot comply with the above requirements ofItem 15 until its annual report on Form20-F for its first fiscal year ending on orafter 15th July, 2005.11

Framework for evaluationThe SEC has not required the use of aparticular framework. It has, however,specified that management’s evaluation mustbe based on a recognised control frameworkestablished by a body or group that hasfollowed due-process procedures, includinga broad distribution of the framework forpublic comment.12 The Committee ofSponsoring Organizations of the TreadwayCommission’s Internal Control — IntegratedFramework, the Canadian Institute of Char-tered Accountant’s The Guidance on AssessingControl, and the Institute of CharteredAccountants in England and Wales’ TurnbullReport are all approved frameworks.13

The framework must:14

+ be free from bias;+ permit reasonably consistent qualitative

and quantitative measures of an issuer’sinternal control;

+ be sufficiently complete so that thoserelevant factors that would alter a con-clusion about the effectiveness of anissuer’s internal controls are not omitted;and

+ be relevant to an evaluation of internalcontrol over financial reporting.

Auditor independence15

Although management may coordinate itsevaluation of internal controls with thatof its auditors, it cannot compromise theauditors’ independence. Auditors may assistmanagement in documenting internal con-trols, but management must be activelyinvolved in the documentation process. Inaddition, management cannot delegate itsresponsibilities to assess internal control tothe auditor.

Material weaknessesManagement may not determine that anissuer’s internal control over financialreporting is effective if it identifies one ormore material weakness in the issuer’s inter-nal control.16 The term ‘material weakness’for these purposes has the same meaningas under the auditing standards of thePCAOB.17

Method of evaluationThe SEC has not specified a method orprocedures to be followed in the evalu-ation.18 An issuer must, however, maintain‘evidential matter, including documenta-tion’ to provide reasonable support formanagement’s assessment of the issuer’sinternal control over financial reporting.19

The assessment must be based on proce-dures sufficient both to evaluate design andto test operating effectiveness.20 Controlsthat are subject to assessment include:21

+ controls over initiating, recording,processing and reconciling account bal-ances, classes of transactions and disclo-sure and related assertions included inthe financial statements;

+ controls related to the initiation andprocessing of non-routine and non-systematic transactions;


Page 84

+ controls related to the selection andapplication of appropriate accountingpolicies; and

+ controls related to the prevention,identification and detection of fraud.

The SEC has cautioned that inquiry alonegenerally will not provide an adequate basisfor management’s assessment.22

Changes in internal controlThere is no explicit requirement in therules under Section 404 to disclose thereasons for any changes in internal control(as opposed to the existence of thosechanges).23 The SEC has cautioned, how-ever, that an issuer must consider whetherthe antifraud provisions of the US federalsecurities laws would require that disclosure,together with other information about thecircumstances surrounding the change.24

Certain internal control issuesIn June 2004, the SEC issued answers tocertain frequently asked questions regardingmanagement’s report over internal control(the ‘2004 FAQ’).25 Under the 2004 FAQ:

+ Equity investees: An issuer must havecontrols over the recording of amountsrelated to its investment that arerecorded in its consolidated financialstatements, although it need not evaluatethe recording of transactions into theinvestee’s accounts.26

+ Material business combinations: If an issuerconsummates a material business combi-nation during a fiscal year and is unableto conduct an assessment of the acquiredbusiness’s internal control during theperiod between the consummation dateand the date of management’s assessment,it may omit an assessment of theacquired business’s internal control fornot more than one year from the dateof acquisition (and must make certaindisclosures about the acquired business

and the effect of the acquisition on theissuer’s internal control).27

+ Qualifications: Management may notqualify its conclusion about the effective-ness of an issuer’s internal control, andmay not conclude that internal control iseffective if a material weakness exists.Instead, management may state that con-trols are ineffective for specific reasons.28

+ Initial internal control report: Managementneed not disclose changes or improve-ments made in preparation for the firstinternal control report, although theSEC has cautioned that if the issuer wereto identify a material weakness it shouldconsider carefully whether that factshould be disclosed, as well as changesmade in response to the material weak-ness.29

+ Subsequent internal control reports: After anissuer’s first management report on inter-nal control, it is required to identify anddisclose material changes in internal con-trol in its annual report on Form 20-F.This would include discussing a materialchange (including an improvement) evenif it was not in response to an identi-fied significant deficiency or materialweakness.30

+ Compliance with law: Although generallegal compliance is not part of internalcontrol (as opposed to compliance withlaws relating to the preparation of finan-cial statements), an issuer must evaluatewhether it has adequate controls toensure that the effect of non-compliancewith law is recorded in the issuer’sfinancial statements. An evaluation ofcompliance with law is instead requiredas part of management’s evaluation ofdisclosure controls and procedures. Inparticular, management must evaluatewhether the issuer adequately monitorscompliance and has appropriate disclosurecontrols and procedures to ensure thatrequired disclosure of legal or regulatorymatters is provided.31


Page 85

+ Disclosure of significant deficiencies: Anissuer must identify and publicly discloseall material weaknesses. If managementidentifies a significant deficiency, it isnot obligated to disclose publicly theexistence or nature of the significantdeficiency. If, however, managementidentifies a significant deficiency that,when combined with other significantdeficiencies, is determined to be amaterial weakness, management mustdisclose the material weakness (and thesignificant deficiency to the extentneeded to understand the material weak-ness). In addition, if a material changeis made to either internal control ordisclosure controls and procedures inresponse to a significant deficiency, theissuer should disclose the change andconsider whether a discussion of thesignificant deficiency is needed.32

Internal control audits: AuditingStandard No. 233

Auditing Standard No. 2 sets out thePCAOB’s rules for internal control audits(the PCAOB chose to refer to an ‘audit’rather than an ‘attestation’).34 The PCAOBstated that the objective of the internalcontrol audit is to form an opinion as towhether management’s assessment of theeffectiveness of the issuer’s internal controlis fairly stated in all material respects.35 Theauditor’s conclusion will therefore relatedirectly to whether the auditor can agreewith management that internal control iseffective.36 In this connection, the auditorneeds to evaluate management’s assessmentprocess (to ensure that management has anappropriate basis for its conclusion) and totest the effectiveness of internal control.37

Significant deficiencies and materialweaknessesUnder Auditing Standard No. 2, bothmanagement and the auditor may identifydeficiencies in internal control.38 A control

deficiency exists ‘when the design or opera-tion of a control does not allow the com-pany’s management or employees, in thenormal course of performing their assignedfunctions, to prevent or detect misstate-ments on a timely basis’.39

Auditing Standard No. 2 provides that acontrol deficiency should be classified asa ‘significant deficiency’ if ‘by itself or in acombination with other control deficien-cies, it results in more than a remote likeli-hood of a misstatement of the company’sannual or interim financial statements that ismore than inconsequential will not be pre-vented or detected’.40 In addition, a ‘sig-nificant deficiency should be classified as amaterial weakness if, by itself or in combi-nation with other control deficiencies, itresults in more than a remote likelihood thata material misstatement in the company’sannual or interim financial statements willnot be prevented or detected’.41

Auditing Standard No. 2 mandates thatan auditor must communicate in writing tothe audit committee all significant deficien-cies and material weaknesses of which theauditor is aware.42 In addition, the auditormust communicate to management, in writ-ing, all control deficiencies of which theauditor is aware that have not previouslybeen communicated in writing to manage-ment and notify the audit committee ofsuch a communication.43

Identifying significant deficienciesAuditing Standard No. 2 identifies anumber of circumstances that ‘because oftheir likely significant negative effect oninternal control are significant deficienciesas well as strong indicators that a materialweakness exists’.44 These include:45

+ ineffective oversight by the audit com-mittee of the issuer’s external financialreporting and internal control. As part ofevaluating the control environment, anauditor must assess the effectiveness of


Page 86

the audit committee’s oversight and mustcommunicate to the board of directors ifit concludes that oversight is ineffective;

+ material misstatement in the financialstatements not initially identified by theissuer’s internal control. Failure to detectthe misstatement is ‘a strong indicatorthat the company’s internal control’ isineffective; and

+ significant deficiencies that have beencommunicated to management and theaudit committee, but that remain uncor-rected after reasonable periods of time.

Auditor’s reportUnder Auditing Standard No. 2, the audi-tor’s report includes two opinions: one onmanagement’s assessment of internal controland one on the effectiveness of internalcontrol.46

An auditor may express an unqualifiedopinion if it has identified no materialweaknesses.47 If the auditor cannot performall of the necessary procedures, the auditormay either qualify or disclaim an opinion.48

If an overall opinion cannot be expressed,Auditing Standard No. 2 requires theauditor to explain why.49

The auditor’s report may disclose onlymaterial weaknesses, although if an aggre-gation of significant deficiencies constituteda material weakness, then disclosure wouldbe required.50 Auditing Standard No. 2does not permit a qualified opinion on theeffectiveness of internal control in the eventof a material weakness; instead, the auditormust express an ‘adverse opinion’.51 Theauditor may express an unqualified opinionon management’s assessment (but not onthe effectiveness of internal control) so longas management properly identifies thematerial weakness and concludes that inter-nal control was not effective.52 If, however,the auditor and management disagree aboutthe existence of the material weakness,then the auditor would render an adverseopinion on management’s assessment.53

Disclosure controls and procedures:1934 Act Rules 13a-15 and 15d-15; Item15 of Form 20-F

DefinitionIn addition to internal control, the SEC’simplementing rules under the Act haveintroduced the concept of ‘disclosure con-trols and procedures’.54 For these purposes(as well as for the Section 302 certificationdiscussed below), disclosure controls andprocedures are controls and other proce-dures of an issuer that are designed toensure that information required to bedisclosed by the issuer in the reports that itfiles or submits under the Exchange Act is(1) timely recorded, processed, summarisedand reported and (2) accumulated and com-municated to the issuer’s management, toallow for timely decisions about disclosure.55

The SEC has stated that while there issubstantial overlap between the concepts ofdisclosure controls and procedures andinternal control over financial reporting,there are some elements of each term thatare not subsumed within the other.56 Inparticular, ‘disclosure controls and proce-dures will include those components ofinternal control over financial reporting thatprovide reasonable assurances that trans-actions are recorded as necessary to permitpreparation of financial statements in accord-ance with generally accepted accountingprinciples’.57 In contrast, disclosure controlsand procedures would not necessarily in-clude disposition or safeguarding of assets,which would remain components ofinternal control.58

RequirementsThe regime governing disclosure controlsand procedures is similar to that for internalcontrol. Accordingly:

+ as of the end of each fiscal year, theissuer’s management, with the participa-tion of the CEO and CFO, must make


Page 87

an evaluation of the effectiveness of theissuer’s disclosure controls and proce-dures;59 and

+ the issuer must disclose the conclusionsof its CEO and CFO regarding theeffectiveness of the disclosure controlsand procedures based on their review asof the end of the period to which thereport relates.60

There is, however, no required audit ofdisclosure controls and procedures.

Certification requirementsSarbanes–Oxley contains two overlappingcertifications that must be provided by anissuer’s CEO and CFO (or persons per-forming similar functions): the Section 302certification and the Section 906 certifica-tion. Section 302 amends the ExchangeAct, whereas Section 906 amends the USfederal criminal code.

Section 302Section 302(a) of the Sarbanes–Oxley Actdirects the SEC to adopt rules requiringCEO and CFO certification of each ‘annualor quarterly report’ filed by issuers. Inresponse, the SEC has adopted new 1934Act Rules 13a-14 and 15d-14 and the textof a certification for Form 20-F.61

Section 302 certification text: 1934 ActRules 13a-14, 15d-14; Form 20-FRules 13a-14 and 15d-14 require a foreignprivate issuer’s annual report on Form 20-F(but not its current reports on Form 6-K)62

to include separate certifications by theissuer’s CEO and CFO.63 The certificationsmust state that:64

+ the officer has reviewed the annualreport;

+ based on the officer’s knowledge, theannual report does not contain anyuntrue statement of a material fact oromit to state a material fact necessary to

make the statements made, in light of thecircumstances under which such state-ments were made, not misleading;

+ based on the officer’s knowledge, thefinancial statements, and other financialinformation included in the annualreport, fairly present in all materialrespects the financial condition, results ofoperations and cash flows of the issuer;

+ the CEO and CFO are responsible forestablishing and maintaining ‘disclosurecontrols and procedures’ [and ‘internalcontrol over financial reporting’]65 forthe issuer and have:

— designed such disclosure controls andprocedures, or caused such disclosurecontrols and procedures to bedesigned under their supervision, toensure that material informationrelating to the issuer, including itsconsolidated subsidiaries, is madeknown to them by others withinthose entities;

— [designed such internal control overfinancial reporting, or caused suchinternal control over financial re-porting to be designed under theirsupervision, to provide reasonableassurance regarding the reliability offinancial reporting and the prepa-ration of financial statements forexternal purposes in accordancewith generally accepted accountingprinciples;]66

— evaluated the effectiveness of theissuer’s disclosure controls and pre-sented in the annual report theirconclusions about the effectivenessof the disclosure controls and proce-dures, as of the end of the periodcovered by the report based on suchevaluation;67 and

— disclosed in the report any change inthe issuer’s internal control overfinancial reporting that occurred dur-ing the period covered by the report


8

that has materially affected, or isreasonably likely to materially affect,the issuer’s internal control overfinancial reporting; and

+ the CEO and CFO have disclosed,based on their most recent evaluation ofinternal control over financial reporting,to the issuer’s auditors and the auditcommittee:— all significant deficiencies and

material weaknesses in the design oroperation of internal control overfinancial reporting which are reason-ably likely to adversely affect theissuer’s ability to record, process,summarise and report financial infor-mation; and

— any fraud, whether or not material,that involves management or otheremployees who have a significantrole in the issuer’s internal controlover financial reporting.

The certifications must be included as anexhibit to the issuer’s annual report onForm 20-F.68 Except for the portions of thecertifications appearing above in squarebrackets (which do not come into effectuntil 15th July, 2005), the wording of thecertification may not be changed in anyrespect, even if the changes would appear tobe inconsequential.69

Violations of Section 302While Section 302 carries no criminalsanctions, false certifications are subject toSEC enforcement action for violating theExchange Act and also possibly to bothSEC and private litigation alleging viola-tions of the antifraud provisions of theExchange Act (eg Section 10(b) of theExchange Act and Exchange Act Rule10b-5). A false certification also may haveliability consequences under Sections 11 and12(a)(2) of the Securities Act if the accom-panying report is incorporated by referenceinto a registration statement (eg on FormF-3) or into a prospectus.

Section 906

Section 906 certification text; Exchange ActRules 13a-14(b) and 15d-14(b)Section 906 added new Section 1350 to theUS federal criminal code. Section 906requires that each ‘periodic report contain-ing financial statements’ filed by an issuermust ‘be accompanied by’ a certification bythe issuer’s CEO and CFO that:

+ the periodic report fully complies withthe requirements of Section 13(a) orSection 15(d) of the Exchange Act; and

+ the information contained in the per-iodic report fairly presents, in all materialrespects, the financial condition andresults of operations of the issuer.

Although Section 906 is self-implementing,the SEC has adopted 1934 Act Rules13a-14(b) and 15d-14(b) to require that theSection 906 certification (which may be ajoint certification of the CEO and CFO)must be provided, and must be furnished asan exhibit to the relevant periodic report.Because the Section 906 certification is notconsidered ‘filed’ as a technical matter, itwould not attract liability under Section 18of the Exchange Act or be incorporatedby reference into the issuer’s subsequentSecurities Act registration statements (unlessspecifically incorporated by the issuer).70 Aswith the Section 302 certification, Section906 certification is not required for currentreports on Form 6-K.71

Violations of Section 906Under Section 906, an officer who certifiesa statement ‘knowing that the periodicreport accompanying the statement’ doesnot meet the certification can be fined notmore than $1m or imprisoned for not morethan 10 years, or both. In contrast, anofficer who ‘willfully’ certifies his or herwritten statement while ‘knowing’ that theannual report does not ‘comport with all


Page 89

the requirements’ of Section 906 can befined not more than $5m or imprisoned fornot more than 20 years, or both. Thedistinction between ‘knowing’ and ‘willful’certification is not set out in the Sarbanes–Oxley Act, but in other contexts ‘willfully’normally requires a showing that the personhad specific knowledge of the law he orshe was violating, whereas ‘knowingly’ doesnot.72

Differences between Section 302 andSection 906 certificationsAlthough the text of the two required cer-tifications overlap, there are some importantdifferences between them. In contrast to theSection 302 certification, the text of theSection 906 certification does not explicitlyprovide for the officer to certify as to hisor her knowledge. The US Department ofJustice has confirmed, however, that anofficer may qualify a Section 906 certifica-tion to his or her knowledge because knowl-edge would, in any event, be a necessaryelement of criminal prosecution.73 Further-more, whereas the Section 302 certificationis required for any amendment to an annualreport on Form 20-F, the SEC has statedthat Form 20-F amendments do not requirea new Section 906 certification.74

Non-GAAP financial measuresSection 401(b) of the Sarbanes–Oxley Actrequires the SEC to issue rules limiting theuse of ‘pro forma’ financial information invarious ways. In response, the SEC hasadopted both a disclosure regulation, Regu-lation G, and rules applicable to disclosurein filings with the SEC under Item 10 ofRegulation S-K.75

Regulation GRegulation G applies whenever an issuer, ora person acting on its behalf, ‘publiclydiscloses material information’ that includesa non-GAAP financial measure.76 The term‘non-GAAP financial measure’ is broadly

defined as a numerical measure of financialperformance that excludes (or includes)amounts that are otherwise included (orexcluded) in the comparable measure cal-culated and presented in the financial state-ments under GAAP.77 For a foreign privateissuer, ‘GAAP’ means the local GAAPunder which the financial statements wereprepared, unless the measure in question isderived from US GAAP, in which caseGAAP means US GAAP for the purposes ofapplying the requirements of Regulation Gto the disclosure of the measure.78

The term non-GAAP financial measuredoes not include:79

+ operating or other financial measures andratios or statistical measures calculatedusing exclusively one or both of (1)financial measures calculated in accord-ance with GAAP and (2) operatingmeasures or other measures that are notnon-GAAP financial measures; or

+ financial measures required to be dis-closed by GAAP, SEC rules or applicableregulation.

Regulation G requires that disclosure of thissort be accompanied by the most directlycomparable financial measure calculated inaccordance with GAAP, and a reconcilia-tion of the differences between the two.80

In addition, Regulation G prohibits anissuer from making any non-GAAP finan-cial measure public if it contains a materialmisstatement or omits to include infor-mation needed to make the includedmeasure not misleading.81

A foreign private issuer is exempt fromRegulation G if: 82

+ its securities are listed or quoted outsidethe United States;

+ the non-GAAP financial measure beingused is not derived from or based on ameasure calculated and presented inaccordance with US GAAP; and


Page 90

+ the disclosure is made outside the UnitedStates.

Regulation S-K, Item 10(e)Distinct from Regulation G, the SEC hasadopted limitations on the use of non-GAAP financial measures in filings (whetherannual reports on Form 20-F, or registra-tion statements in connection with offeringsin the United States or US listings) asnew Item 10(e) of Regulation S–K. For thepurposes of Item 10(e), the term ‘non-GAAP financial measures’ has the samemeaning as under Regulation G.

Item 10(e) requires that whenever anissuer includes a non-GAAP financialmeasure in an SEC filing it must alsoinclude:83

+ a presentation, with equal or greaterprominence, of the most directly com-parable GAAP financial measure;

+ a reconciliation of the differencesbetween the non-GAAP financialmeasure and the most directly compar-able GAAP financial measure;

+ a statement as to why managementbelieves the non-GAAP financialmeasure provides useful information forinvestors; and

+ to the extent material, a statement of theadditional purposes for which manage-ment uses the non-GAAP financialmeasure.

Furthermore, Item 10(e) prohibits in SECfilings, among other things:84

+ non-GAAP measures of liquidity thatexclude items requiring cash settlement,other than EBIT and EBITDA;

+ the adjustment of non-GAAP measuresof performance to eliminate or smoothitems characterised as non-recurring,unusual or infrequent when the nature ofthe charge or gain is such that it isreasonably likely to recur within two

years or there was a similar charge orgain within the prior two years; and

+ the use of titles or descriptions fornon-GAAP financial measures that arethe same as, or confusingly similar to,titles or descriptions used for GAAPfinancial measures.

Item 10(e) contains an exemption fromthese prohibitions for a foreign privateissuer if the non-GAAP financial measurerelates to the local GAAP used in theissuer’s primary financial statements, isrequired or expressly permitted by thestandard-setter that establishes the localGAAP, and is included in the issuer’sannual report for its home jurisdiction.85

The SEC has cautioned that inclusion ofa non-GAAP financial measure may bemisleading unless accompanied by disclosureas to:86

+ the manner in which management usethe non-GAAP measure to conduct orevaluate its business;

+ the economic substance behind manage-ment’s decision to use such a measure;

+ the material limitations associated withthe use of the non-GAAP financialmeasure as compared to the use of themost directly comparable GAAP finan-cial measure;

+ the manner in which management com-pensates for these limitations when usingthe non-GAAP financial measure; and

+ the substantive reasons why managementbelieves the non-GAAP financialmeasure provides useful information toinvestors.

The SEC has also stated that ‘earnings’ asused in EBIT and EBITDA is intended tomean net income as presented in the state-ment of operations under GAAP, and thatmeasures that are calculated differentlyshould not be characterised as EBIT orEBITDA.87 To the extent that EBIT or


Page 91

EBITDA are presented as a performancemeasure, the term should be reconciled tonet income and not operating income.88

Off-balance sheet and other MD&AdisclosureSection 401(a) of the Sarbanes–Oxley Actrequires the SEC to implement rules requir-ing issuers to disclose material off-balancesheet transactions. The SEC’s rules gobeyond off-balance sheet transactions, how-ever, and also address certain topics coveredin its prior MD&A initiatives.89 The rulestake the form of amendments to Item 5 ofForm 20-F, and accordingly apply to allregistration statements filed by foreign pri-vate issuers (whether under the SecuritiesAct or Exchange Act), as well as annualreports.

Off-balance sheet arrangementsAn issuer must disclose, in a separatelycaptioned section of MD&A, off-balancesheet arrangements that either have, or arereasonably likely to have, a current orfuture material effect on the issuer’s finan-cial condition, results of operations, orliquidity.90 To the extent necessary tounderstand these arrangements, the disclo-sure must include:91

+ the nature and business purpose of theoff-balance sheet arrangements;

+ the importance to the issuer of theoff-balance sheet arrangements in respectof liquidity, capital resources, market risksupport, credit support or other benefits;

+ the amount of revenues, expenses andcash flows arising from these arrange-ments;

+ the nature and amounts of any interestsretained, securities issued or amountsincurred by the issuer under thesearrangements;

+ the nature and amounts of any otherobligations or liabilities (contingent orotherwise) arising from these arrange-

ments that are reasonably likely to be-come material and the triggering eventsthat could cause them to arise; and

+ any known events or trends that will, orare reasonably likely to, result in thetermination or reduction in availabilityto the issuer of these arrangements andthe course of action the issuer proposesto take in response.

An ‘off-balance sheet arrangement’ isdefined to include any transaction, agree-ment or contractual arrangement to whichan entity unconsolidated with the issuer is aparty and under which the issuer has certainobligations or interests.92 Because the defi-nition of ‘off-balance sheet arrangement’incorporates concepts from US GAAP, for-eign private issuers will need to refer to USGAAP for some of the disclosure items.93

However, the MD&A disclosure shouldfocus on the primary financial statements inthe document (while taking reconciliationto US GAAP into account).94

Table of contractual obligationsFor fiscal years ending on or after 15thDecember, 2003,95 an issuer must alsoinclude in its SEC filings a table of con-tractual obligations as at the end of the latestbalance sheet date, showing the items listedin Table 1.96

The term ‘purchase obligations’ means anenforceable agreement to purchase goods orservices that is binding on the issuer andthat specifies key commercial terms (such asquantity and price).97 With the exceptionof ‘purchase obligations’, the classificationsof categories shown in the table are definedby reference to US GAAP. An issuer thatprepares financial statements in accordancewith non-US GAAP, however, shouldinclude those items of contractual obligationin the table that are consistent with theclassifications used in the GAAP underwhich its primary financial statements areprepared.98


Page 92

Contingent liabilities and commitmentsAlthough it has issued proposed rules withrespect to disclosure requirements for con-tingent liabilities and commitments, theSEC has declined to adopt final rules. Inthe meantime, the SEC’s existing guidanceon the subject — which suggests a tabularformat of specified categories99 — is con-trolling.100

Standards relating to listed companyaudit committeesSection 301 of the Sarbanes–Oxley Act addsnew Section 10A(m) of the Exchange Act.Section 10A(m) charges the SEC withcreating rules to prohibit the listing of anysecurity in the United States of an issuerthat is not in compliance with certainsubstantive standards for audit committees.The SEC has adopted final rules underSection 301 as 1934 Act Rule 10A-3. Listedforeign private issuers must be in compliancewith Rule 10A-3 by 31st July, 2005.101

Under Rule 10A-3, audit committeemembers each have to be a member ofthe board of directors and otherwiseindependent.102 To be ‘independent’, anaudit committee member is barred fromaccepting any compensatory fees other thanin that member’s capacity as a member of

the board103 and may not be an ‘affiliatedperson’ of the issuer.104 The definition ofaffiliated person includes a person that,directly, or indirectly through one or moreintermediaries, controls, is controlled by, oris under common control with, the speci-fied person.105 There is, however, a safeharbour for certain non-executive officersand other persons that are 10 per cent orless shareholders of the issuer.106

Foreign private issuers are entitled tocertain exemptions from the independenceprong of Rule 10A-3. For example, theinclusion of a non-management employeerepresentative,107 a non-management affili-ated person with only observer status,108 ora non-management governmental represen-tative on the audit committee will notviolate the affiliated person prong of theindependence test.109 In addition, issuersinvolved in an IPO are entitled to certainexemptions during a transitional period fol-lowing their public offering.110

Rule 10A-3 also requires that:

+ the audit committee must be ‘directlyresponsible’ for the appointment, com-pensation, oversight and retention ofthe external auditors, who must reportdirectly to the audit committee;111

Table 1: Contractual obligations as at the end of the latest balance sheet date

Contractual obligations Payments due by period

TotalLess than

1 year 1–3 years 3–5 yearsMore than

5 years

Long-term debt obligationsCapital (finance) lease obligationsOperating lease obligationsPurchase obligationsOther long-term liabilities reflected on theissuer’s balance sheet under the GAAP ofthe primary financial statementsTotal


Page 93

+ the audit committee must establish pro-cedures for the receipt, retention andtreatment of complaints regardingaccounting, internal controls or auditingmatters, and for the confidential, anony-mous submission by employees of con-cerns regarding questionable accountingor auditing matters;112

+ the audit committee must have the auth-ority to engage independent counsel andother advisers as it deems necessary tocarry out its duties;113 and

+ the issuer must provide the audit com-mittee with appropriate funding forpayment of external auditors, advisersemployed by the audit committee andordinary administrative expenses of theaudit committee.114

These requirements are not intended toconflict with local legal or listing provisions(or requirements under the foreign privateissuer’s organisational documents), andinstead relate to the allocation of responsi-bility between the audit committee andthe issuer’s management.115 Accordingly,the audit committee may recommend ornominate the appointment or compensationof the external auditor to shareholders ifthese matters are within shareholder com-petence under local law,116 and it must begranted those responsibilities that the boardof directors can legally delegate.117

Rule 10A-3 contains a general exemp-tion for foreign private issuers that have astatutory board of auditors or statutoryauditors established pursuant to homecountry law or listing requirements, whichin turn meet various requirements.118

A foreign private issuer relying on Rule10A-3’s exemption from independence, orthe general exemption noted above, willneed to disclose in its annual report itsreliance on the exemptions and an assess-ment of whether this reliance will materi-ally adversely affect the audit committee’sability to act independently and to satisfy

any of the other requirements of Rule10A-3.119

Audit committee financial expertSection 407(a) of the Sarbanes–Oxley Actdirects the SEC to issue rules requiring anissuer to disclose in its periodic reportswhether its audit committee has at least one‘financial expert’, or if not, why not.

The SEC’s final rules implementing Sec-tion 407(a) use the term ‘audit committeefinancial expert’ instead of ‘financial expert’.The SEC has implemented these rules asnew Item 16A of Form 20-F.

Under Item 16A, a foreign private issuermust disclose in its annual report that theissuer’s board of directors has determinedwhether or not it has one audit committeefinancial expert serving on its audit com-mittee, or if not, why not.120 If the issuerhas a two-tier board of directors, the super-visory or non-management board wouldmake this determination.121 The issuermust also disclose the name of the auditcommittee financial expert (if any)122

and whether that person is ‘independent’from management.123 An issuer’s boardof directors must make an affirmative deter-mination as to whether or not it has atleast one audit committee financial expert,and may not simply fail to reach a con-clusion.124

In order to qualify as an audit committeefinancial expert, the audit committee mem-ber must have the following ‘attributes’:125

+ an understanding of GAAP;+ the ability to assess the general applica-

tion of GAAP in connection with theaccounting for estimates, accruals andreserves;

+ experience in preparing, auditing oranalysing financial statements similar tothose of the issuer, or actively super-vising others engaged in these activities;

+ an understanding of internal controls andprocedures for financial reporting; and


Page 94

+ an understanding of audit committeefunctions.

In addition, an audit committee financialexpert must have gained those attributesthrough:126

+ education and experience as a principalfinancial officer, principal accountingofficer, controller, public accountant orauditor, or experience in similar posi-tions;

+ experience actively supervising thesefunctions;

+ experience overseeing or assessing theperformance of companies or publicaccountants with respect to the prep-aration, auditing or evaluation of finan-cial statements; or

+ other relevant experience.

The term ‘GAAP’ as used in Item 16Arefers to the body of GAAP used by theissuer in its primary financial statements.127

Accordingly, the audit committee financialexpert of a foreign private issuer need onlybe versed in local GAAP, and not in USGAAP or in reconciliation to US GAAP(although that experience would, of course,be useful).128

Item 16A also contains a liability ‘safeharbor’ for the audit committee financialexpert, under which:

+ a person who is determined to be anaudit committee financial expert is notdeemed to be an ‘expert’ for any pur-pose, such as Section 11 of the SecuritiesAct; and129

+ the designation of a person as an auditcommittee financial expert does notimpose greater duties, obligations orliabilities on the person than on otheraudit committee and board members,and does not affect the duties, obligationsor liabilities of other audit committeeand board members.130

Auditor independenceTitle II of the Sarbanes–Oxley Act creates aseries of requirements relating to the workof external auditors, grouped under theheading ‘auditor independence’. Title IIestablishes new Sections 10A(g) to (l) of theExchange Act. The SEC has implementedTitle II by the adoption of amendments toS-X Rule 2-01, new S-X Rule 2-07, new1934 Act Rule 10A-2, and new Item 16Cof Form 20-F.

Rule 10A-2 provides generally that it isunlawful for an auditor not to be indepen-dent under certain provisions of S-X Rules2-01 and 2-07. S-X Rules 2-01 and 2-07,in turn, track — and in some cases expandupon — the requirements of Sections10A(g)-(l), and provide (among otherthings):

+ that an issuer may not employ a formerpartner, principal, shareholder or pro-fessional employee of an accounting firmin a financial reporting oversight role atthe issuer if the individual was a memberof the audit engagement team duringthe one-year period preceding the dateon which audit procedures commencedfor the fiscal period that included thedate of initial employment of the auditengagement team member by theissuer;131

+ limitations on the non-audit services thatan independent auditor may provide;132

+ that an audit partner must not act as thelead audit partner or concurring partnerfor more than five consecutive years,and must not provide certain other ser-vices for more than seven consecutiveyears;133

+ that the audit committee must pre-approve the engagement of the auditorto provide audit and non-audit servicesto the issuer or its subsidiaries, or providepolicies or procedures for pre-approvalof audit and non-audit services (subjectto certain de minimis exceptions);134


Page 95

+ that no audit partner may earn compen-sation based on the partner procuringengagements with the issuer to provideany services other than audit, review orattest services;135 and

+ that an auditor must report to the auditcommittee on (1) all critical accountingpolicies and practices to be used, (2) allalternative treatments of financial infor-mation within GAAP that have beendiscussed with the issuer’s management(as well as the implications of thosealternatives and the auditor’s preferredtreatment), and (3) all other materialwritten communications between theauditors and management.136

Under new Item 16C of Form 20-F, aforeign private issuer must disclose in itsannual report:

+ under the caption ‘audit fees’, aggregatefees billed by the auditor for each of thelast two fiscal years for audit services (andservices in connection with statutory andregulatory filings);137

+ under the caption ‘audit-related fees’,aggregate fees billed by the auditor foreach of the last two fiscal years forcertain services ‘reasonably related’ tothe audit and review of financial state-ments, as well as a description of theseservices;138

+ under the caption ‘tax fees’, aggregatefees billed by the auditor for each of thelast two fiscal years for tax services, aswell as a description of these services;139

+ under the caption ‘all other fees’, aggre-gate fees billed by the auditor for eachof the last two fiscal years for all otherproducts and services, as well as adescription of these services;140

+ the pre-approval policies and proceduresof its audit committee for audit andnon-audit services;141 and

+ if greater than 50 per cent, the percent-age of hours expended on the audit by

persons other than full-time permanentemployees of the auditor.142

Improper influence on the conductof auditsSection 303 of the Sarbanes–Oxley Actdirects the SEC to issue rules prohibitingany officer or director of an issuer fromtaking any action improperly to influencean auditor for the purpose of renderingthe issuer’s financial statements materiallymisleading.

The SEC has adopted 1934 Act Rules13b2-2(a)-(c), largely tracking the text ofSection 303. Among other things, the rulesprohibit an officer or director of an issuer,or any other person acting under the direc-tion of an officer or issuer, from taking anyaction to ‘coerce, manipulate, mislead orfraudulently influence’ an auditor engagedin the performance of an audit or review offinancial statements of the issuer that arerequired to be filed with the SEC if thatperson knew or should have known that hisor her actions, if successful, could result inrendering the issuer’s financial statementsmaterially misleading.143

The reach of the new rules is quitebroad. The phrase ‘persons acting under thedirection’ of an officer or director includesthe issuer’s employees (even if they are notunder the supervision or control of thatofficer or director), customers, vendors andeven attorneys or other outside adviserswho might be in a position to give out falseor misleading information to the auditor.144

In addition, the period during which anauditor can be said to be ‘engaged in theperformance of an audit’ has been given awide interpretation by the SEC. It accord-ingly could encompass not only the pro-fessional engagement period but any othertime the auditor is called upon to makedecisions or judgments regarding the issuer’sfinancial statements, including, in certainsituations, periods prior to and after theretention of the auditor.145


Page 96

Rule 13b2-2 also identifies certain typesof actions which could cause an issuer’sfinancial statements to be materially mis-leading, including improperly influencingan auditor:

+ to issue or reissue a report on an issuer’sfinancial statements that is not warrantedin the circumstances (due to materialviolations of generally accepted account-ing principles, generally accepted audit-ing standards, or other professional orregulatory standards);

+ not to perform audit, review or otherprocedures required by generallyaccepted auditing standards or other pro-fessional standards;

+ not to withdraw an issued report; or+ not to communicate matters to an

issuer’s audit committee.146

Auditor record retentionSection 802 of the Sarbanes–Oxley Act(which amends the US federal criminalcode) requires any accountant who con-ducts an audit of an issuer to maintain allaudit or review workpapers for a period offive years from the end of the fiscal periodin which the audit or review was con-cluded. Section 802 also requires the SECto issue rules relating to the retention ofrelevant records such as workpapers andother documents that form the basis ofthe review. In response, the SEC has addednew Rule 2-06 to Regulation S-X.

Rule 2-06 requires that, for a period ofseven years after an accountant concludes anaudit or review of an issuer’s financialstatements, the accountant must retainrecords relevant to the audit or review,including workpapers, which:147

+ are created, sent or received in connec-tion with the audit or review; and

+ contain conclusions, opinions, analyses orfinancial data related to the audit orreview.

‘Workpapers’ for these purposes meandocumentation of auditing or review pro-cedures applied, evidence obtained andconclusions reached by the accountant inthe audit or review engagement.148

Rule 2-06 also provides that memoranda,correspondence, communications and otherdocuments and records (including electronicrecords) must be retained whether theysupport the auditor’s final conclusionsabout the audit or review, or containinformation that is inconsistent with thoseconclusions.149

Material correcting adjustmentsSection 401(a) of the Sarbanes–Oxley Actadds new Section 13(i) to the ExchangeAct. Under Section 13(i), each financialreport containing financial statements that isprepared in accordance with (or reconciledto) US GAAP and filed with the SEC mustreflect all ‘material correcting adjustments’that have been identified by an issuer’sauditors.

The SEC has not provided guidance onthe question of whether Section 13(i)applies to interim financial statements sub-mitted on Form 6-K. The authors believethe better view of Section 13(i) is that itapplies only to a foreign private issuer’sannual report on Form 20-F, and not toany interim financial statements furnished tothe SEC under Form 6-K. Submissions onForm 6-K are not considered ‘filed’ as atechnical matter with the SEC, and are notrequired to be reconciled to US GAAP. Inaddition, the SEC has interpreted the Sec-tion 302 certification requirement — whichalso refers to reports filed with the SEC —as not applying to Form 6-K submis-sions.150 As a practical matter, however, anissuer would be likely to face concernsunder the antifraud provisions of the USfederal securities laws if it failed to reflecta material correcting adjustment in aninterim financial statement furnished onForm 6-K.


Page 97

Attorney conduct rulesSection 307 of the Sarbanes–Oxley Actrequires the SEC to issue rules setting forth‘minimum standards of professional conductfor attorneys appearing and practicingbefore the SEC in any way in the represen-tation of issuers’. Section 307 also directsthe SEC to implement rules requiring anattorney to report ‘evidence of a materialviolation of securities law or breach offiduciary duty or similar violation’ by anissuer or its agent to the issuer’s CEO orchief legal counsel, and to report the evi-dence to the audit committee, anotherindependent board committee, or the boardof directors as a whole, if the CEO or chieflegal counsel ‘does not appropriatelyrespond to the evidence’. The SEC adoptedfinal rules under Section 307 as new Part205 Standards of Professional Conductfor Attorneys Appearing and PracticingBefore the Commission in the Represen-tation of an Issuer (the ‘Attorney ConductRules’).151

The term ‘appearing and practicing’before the SEC is broader than it might firstappear. It potentially covers any lawyer whotransacts business with the SEC, representsan issuer in SEC proceedings, providesadvice on the US securities laws regardingany document that the attorney ‘has notice’will be provided to the SEC (including inthe context of preparing documents to befiled), or advises an issuer whether infor-mation must be included in or filed withany SEC document.152 The Attorney Con-duct Rules, however, contain an exemptionfor ‘non-appearing foreign attorneys’,153

which is defined as an attorney who (1) ishimself or herself admitted to practise law ina jurisdiction outside of the United Statesand does not hold himself or herself out aspractising US federal or state securities orother laws, and (2) either:

+ conducts activities that would constituteappearing and practising before the SEC

only incidentally to, and in the ordinarycourse of, the practice of law in ajurisdiction outside the United States; or

+ is appearing and practising before theSEC only in consultation with counsel,other than a non-appearing foreign attor-ney, admitted or licensed to practice ina state or other United States jurisdic-tion.154

If a covered attorney becomes aware ofevidence of a ‘material violation’ — whichis defined to include a material violation ofUS securities law or a breach of fiduciaryduty or a similar material violation of anyUS federal or state law155 — the AttorneyConduct Rules create a duty to report thematter to the issuer’s chief legal officer(CLO) or to both the CLO and theCEO.156 The CLO must then open aninquiry into the matter and take all reason-able steps to cause the issuer to adopt anappropriate response.157 Unless the attorneyreasonably believes that the CLO’s responsewas adequate, he or she must report thematter ‘up-the-ladder’ to the audit com-mittee, to another independent board com-mittee (if the issuer does not have an auditcommittee), or to the board of directors asa whole (if there is no independent boardcommittee).158

As an alternative to reporting to the CLOor CEO, the attorney may refer the matterto the issuer’s qualified legal compliancecommittee (QLCC), if one has been setup.159 A QLCC — which may also be theaudit committee — is any committee of theissuer that includes at least one member ofthe audit committee and two or morenon-employee members of the board ofdirectors, and that has been duly establishedby the board of directors with certainrequirements.160 If the attorney reports thematter to the QLCC, he or she has nofurther obligations under the AttorneyConduct Rules.161 In addition, the CLOmay refer a reported matter to the QLCC


Page 98

in lieu of conducting the required investi-gation, in which case the QLCC will beresponsible for responding.162

The SEC has also proposed, but not yetadopted, a ‘noisy withdrawal’ provision,under which a covered attorney would berequired to withdraw from representing anissuer under certain circumstances if there isnot an appropriate response to the up-the-ladder reporting.163 The 60-day commentperiod for the noisy withdrawal proposalhas expired; the proposal has been thesubject of extensive comment by USlawyers.

Code of ethicsSection 406 of the Sarbanes–Oxley Actdirects the SEC to issue rules requiringissuers to disclose whether they haveadopted a code of ethics for senior financialofficers, or if not, why not. The SEC hasaccordingly adopted new Item 16B of Form20-F.

Item 16B requires the issuer to disclosewhether it has adopted a code of ethics thatapplies to its principal executive officers,principal financial officers and principalaccounting officer or controller (or personsperforming similar functions), and if not, itmust explain why it has not done so.164

The term ‘code of ethics’ means writtenstandards that are reasonably designed todeter wrongdoing and to promote a speci-fied set of principles, such as honest andethical conduct and full, accurate and timelydisclosure.165 The code must be filed as anexhibit to the issuer’s annual report onForm 20-F or posted on the issuer’s web-site, or the issuer must undertake to provideto any person upon request, free of charge,a copy of the code.166 An issuer must reportany amendment to the code relating to itscovered executive officers, as well as thename of the person involved and the natureand date of any waivers (whether explicitor implicit) of the code for its coveredexecutive officers.167

Blackout trading restrictionsSection 306 of the Sarbanes–Oxley Actprohibits directors and executive officersfrom acquiring or transferring companyequity securities during pension fund‘blackout periods’. The SEC has adoptednew Regulation Blackout Trading Restric-tions (Regulation BTR) to implementSection 306.

For a foreign private issuer, a blackoutperiod generally means any period of morethan three consecutive business days duringwhich the ability to purchase or sell aninterest in the issuer’s equity securities heldin an ‘individual account plan’ (such as a401(k) plan)168 is temporarily suspendedwith respect to not less than 50 per cent ofparticipants or beneficiaries located in theUnited States and:

+ the number of participants and benefici-aries located in the United States subjectto the temporary suspension exceeds15 per cent of the total number ofemployees of the issuer and its consoli-dated subsidiaries; or

+ more than 50,000 participants or ben-eficiaries located in the United States aresubject to the temporary suspension.169

Regulation BTR prohibits, subject to cer-tain exceptions, any director or executiveofficer of an issuer from purchasing, sellingor otherwise transferring the issuer’s equitysecurities during any blackout period appli-cable to the securities, if the officer acquiresor previously had acquired the securitiesin connection with his or her service oremployment as a director or officer.170

Under Regulation BTR, in any case wherea director or officer is subject to a blackouttrading restriction under Section 306 ofSarbanes–Oxley, the issuer must, in atimely way notify each director or officerand the SEC of the blackout period andprovide certain additional information(including the reasons for the blackout


Page 99

period).171 The issuer must file any noticeof this type as an exhibit to its annual reporton Form 20-F.172

Subject to a two-year statute of limita-tions,173 profits realised by an insider inviolation of Section 306 (regardless of theinsider’s intention upon entering into thetransaction) will be recoverable by theissuer.174 In addition, if the issuer fails toinstitute an action to recover such profitswithin 60 days after being requested to doso by a shareholder, the shareholder canthen initiate the action to recover on behalfof the issuer.175

Loans to executivesSection 402(a) of the Sarbanes–Oxley Actadds new Section 13(k) to the ExchangeAct. Under Section 13(k), it is illegal for anissuer to ‘extend or maintain credit, toarrange for the extension of credit, or torenew an extension of credit, in the formof a personal loan to or for any director orexecutive officer (or equivalent thereof)’ ofthat issuer.176 Section 13(k) covers bothdirect extensions and indirect extensions ofcredit, including through subsidiaries.177

Section 13(k) contains certain exemp-tions, including:

+ any loan existing on 30th July, 2003,unless its terms are materially modifiedor the loan is renewed;178

+ consumer credit and extensions of creditunder a charge card;179 and

+ certain bank loans.180

The broad sweep of Section 13(k), coupledwith the absence of SEC guidance, hasraised a number of thorny questions forissuers. In response, a group of 25 law firms(including Latham & Watkins) has issued apaper attempting to interpret Section 13(k)(the ‘Interpretive Paper’).181 The Interpre-tive Paper contends that the followingshould generally be regarded as permissibleunder Section 13(k):

+ cash advances to reimburse travel andsimilar expenses while performingexecutive duties;182

+ personal usage of a company credit cardand company car, and relocationexpenses required to be reimbursed;183

+ ‘stay’ and ‘retention’ bonuses subject torepayment if an employee terminatesemployment before a designated date;184

+ indemnification advances for litiga-tion;185

+ tax indemnity payments to overseas-based executive officers;186

+ loans by a parent or shareholder, that isa foreign private issuer but not subject toSarbanes–Oxley, to the executive officerof a wholly-owned subsidiary that issubject to Sarbanes–Oxley, if the subsidi-ary has not ‘arranged’ the loan and theloan is made by reason of service to theparent, not the subsidiary;187 and

+ most ‘cashless’ option exercises.188

Forfeiture of bonusesSection 304 of the Sarbanes–Oxley Actprovides that if an issuer is required to‘prepare an accounting restatement due tothe material noncompliance of the issuer, asa result of misconduct’ with any financialreporting requirements under the securitieslaws, the CEO and CFO must reimbursethe issuer for:

+ all bonuses or other incentive-based orequity-based compensation receivedfrom the issuer during the 12-monthperiod following the first public issuanceor filing with the SEC (whichever isfirst) of the financial document embody-ing the financial reporting requirement;and

+ any profits received from the sale of theissuer’s securities during that 12-monthperiod.

It remains unclear whether, among otherthings, the definition of ‘misconduct’


Page 100

applies to mistakes as opposed to knowingor reckless conduct.189 In the case of for-eign private issuers, it is also not certainhow Section 304 will work if the requiredrepayment is in conflict with the CEO’sor CFO’s rights under local employmentlaws.190

Liability issuesThe Sarbanes–Oxley Act has a wide-ranging impact on liability under the USfederal securities laws. It creates new USfederal criminal offences relating to securi-ties, substantially increases the penalties forexisting offences and increases the SEC’senforcement powers in various ways.191

Among other things, the Sarbanes–OxleyAct:

+ adds a new section to the US federalcriminal code outlawing the alteration,destruction or concealment of records toimpede a US federal investigation;192

+ amends existing law to provide for finesand imprisonment of up to 20 years forcorruptly altering, destroying or con-cealing documents with the intent ofobstructing an official proceeding;193

+ amends existing law to provide for finesand imprisonment of up to 10 years foranyone who knowingly takes any actionto retaliate against a person for providinginformation to US federal law enforce-ment officials relating to violations orpotential violations of US federal law;194

+ creates a new securities fraud crime (withpenalties of up to 25 years’ imprisonmentplus fines) of knowingly executing ascheme or artifice to defraud any personin connection with any security of anissuer or to obtain, by means of false orfraudulent representations, any money inconnection with the purchase or sale ofa security;195

+ increases the maximum individual pen-alty for violations of the Exchange Actfrom $1m and 10 years’ imprisonment to

$5m and 20 years’ imprisonment, andraises the maximum corporate fine from$2.5m to $25m;196

+ gives the SEC the ability, after noticeand a hearing, to force an issuer subjectto an SEC investigation to put ‘extra-ordinary payments’ to directors, officers,partners, controlling persons, agents oremployees into temporary escrow;197

+ gives the SEC the administrative auth-ority to impose a ban on a person fromacting as a director or an officer of anissuer (the so-called ‘officer and directorbar’);198 previously, the SEC could onlyimpose the officer and director bar bymeans of a court order;199

+ lowers the standard for judicial imposi-tion of the officer and director bar to‘unfitness’ to serve as an officer anddirector, from ‘substantial unfitness’;200

+ prohibits an issuer from retaliating against‘whistleblowing’ employees who provideinformation or assist an investigationregarding violations of US federal secu-rities law, SEC regulations or US federallaw on shareholder fraud; and201

+ amends the US federal bankruptcy lawsto prohibit the discharge in bankruptcyof debts resulting from judgments, settle-ments or court orders in cases involvingsecurities fraud.202

CONCLUSIONWeather forecasting is notoriously difficult.While there is no question that internalcontrol is a storm on the horizon, it is notyet clear just how severe that storm willprove to be. For most companies, theauthors believe it will be an inconvenienttropical depression. But for an unlucky orunprepared few, internal control has thepotential to be a full-scale hurricane.

� Latham & Watkins 2005

REFERENCES

1 Sarbanes–Oxley Act, Section 2(a)(7).


Page 101

2 Public Company Accounting OversightBoard, An Audit of Internal Control overFinancial Reporting Performed in Conjunctionwith an Audit of Financial Statements,PCAOB Release No. 2004-001, PCAOBRulemaking Docket Matter No. 008,[2003-2004 Transfer Binder] Fed. Sec. L.Rep. (CCH) para. 87,151 at 89,327 (9thMarch, 2004) [hereinafter Auditing StandardNo. 2 Release].

3 1934 Act, Rules 13a-15(a); 15d-15(a).4 1934 Act, Rules 13a-15(c); 15d-15(c).5 1934 Act, Rules 13a-15(d); 15d-15(d).6 Management’s Reports on Internal Control

over Financial Reporting and Certification ofDisclosure in Exchange Act Periodic Reports,Securities Act Release No. 8238,Exchange Act Release No. 47986, Invest-ment Company Act Release No. 26068[2003 Transfer Binder] Fed. Sec. L. Rep.(CCH) para. 86,923, at 87,676, 87,697(5th June, 2003) [hereinafter Management’sReports on Internal Control Adopting Release],as amended by Management’s Report onInternal Control over Financial Reporting andCertification of Disclosure in Exchange ActReports, Securities Act Release No. 8392,Exchange Act Release No. 49313, Invest-ment Company Act Release No. 26357[2003-2004 Transfer Binder] Fed. Sec. L.Rep. (CCH) para. 87,144, at 189,123(24th February, 2004) [hereinafter Manage-ment’s Report on Internal Control AdoptingRelease — 2004].

7 1934 Act, Rules 13a-15(f); 15d-15(f).8 Form 20-F, Item 15(b).9 Even if the evaluation framework used by

a foreign private issuer does not require astatement as to the effectiveness of theissuer’s system of internal control overfinancial reporting, the issuer must never-theless state affirmatively whether suchcontrols are effective. Management’s Reportson Internal Control Adopting Release, para.86,923, at 87,685 n.68.

10 Form 20-F, Items 15(c), (d).11 Management’s Report on Internal Control

Adopting Release — 2004, para. 87,144, at89,123. See also Management’s Reports onInternal Control Adopting Release, para.86,923, at 87,698 regarding the effective

date for the disclosure of certain changesin internal control over financial reporting.

12 Management’s Reports on Internal ControlAdopting Release, para. 86,923, at 87,685.

13 Ibid. para. 86,923, at 87,685 and n. 67.14 Ibid. para. 86,923, at 87,685.15 Ibid. para. 86,923, at 87,685–87,686.16 Form 20-F, Item 15(b)(3).17 Management’s Reports on Internal Control

Adopting Release, para. 86,923, at 87,686.18 Ibid.19 Form 20-F, Instruction 1 to Item 15. The

SEC has stated that it believes it is import-ant for the internal control report tobe located near the auditor’s attestationreport, and that it expects issuers will placethe report and attestation near MD&Adisclosure or immediately preceding thefinancial statements. Management’s Reportson Internal Control Adopting Release, para.86,923, at 87,687.

20 Management’s Reports on Internal ControlAdopting Release, para. 86,923, at 87,687.

21 Ibid.22 Ibid.23 Ibid. para. 86,923, at 87,691.24 Ibid.25 Office of the Chief Accountant, Division

of Corporation Finance, Management’sReport on Internal Control over FinancialReporting and Disclosure in Exchange ActPeriodic Reports: Frequently Asked Questions(22nd June, 2004) (http://www.sec.gov/info/accountants/controlfaq0604.htm).

26 Ibid. Question 2.27 Ibid. Question 3.28 Ibid. Question 5.29 Ibid. Question 9.30 Ibid.31 Ibid. Question 10.32 Ibid. Question 11.33 Auditing Standard No. 2 Release, para.

87,151, at 89,329.34 The PCAOB believed that ‘attestation’

was ‘insufficient to describe the process ofassessing management’s report on internalcontrols’. Ibid.

35 Ibid.36 Ibid.37 Ibid.38 Ibid. para. 87,151, at 89, 334.


Page 102

39 Ibid.40 Ibid.41 Ibid.42 Ibid.43 Ibid.44 Ibid.45 Ibid. para. 87,151, at 89,334–89,335.46 Ibid. para. 87,151, at 89,336.47 Ibid. para. 87,151, at 89,335.48 Ibid.49 Ibid. para. 87,151, at 89,336.50 Ibid.51 Ibid.52 Ibid.53 Ibid.54 1934 Act, Rules 13a-15(a), 15d-15(a).55 1934 Act, Rules 13a-15(e), 15d-15(e).56 Management’s Reports on Internal Control

Adopting Release, para. 86,923, at 87,689.57 Ibid.58 Ibid.59 1934 Act, Rules 13a-15(b), 15d-15(b).60 Form 20-F, Item 15(a).61 Certification of Disclosure in Companies’

Quarterly and Annual Reports, Securities ActRelease No. 8124, Exchange Act ReleaseNo. 46427, Investment Company ActRelease No. 25722 [2002 Transfer Binder]Fed. Sec. L. Rep. (CCH) para. 86,720, at86,132, 86,152 (28th August, 2002) [here-inafter Certification Adopting Release].

62 The SEC has stated that current reportssuch as those on Forms 6-K and 8-K, asopposed to periodic reports (ie quarterlyand annual reports), are not covered bySection 302’s certification requirements.Certification Adopting Release, para. 86,720,at 86,130. Foreign private issuers arenevertheless required to design and main-tain disclosure controls and procedures toensure full and timely disclosure in currentreports. Ibid.

63 1934 Act, Rules 13a-14(a), 15d-14(a).64 Form 20-F, Instructions as to Exhibits,

Instruction 12.65 This portion of the Section 302 certifica-

tion does not take effect until the annualreport on Form 20-F for the first fiscalyear ending on or after 15th July, 2005.Management’s Reports on Internal ControlAdopting Release, para. 86,923, at 87,697

and 87,701, as amended by Management’sReport on Internal Control Adopting Release— 2004, para. 87,144, at 89,123.

66 Similarly, this portion of the Section 302certification does not take effect until 15thJuly, 2005. Management’s Reports on InternalControl Adopting Release, para. 86,923, at87,697 and 87,701, as amended by Man-agement’s Report on Internal Control AdoptingRelease — 2004, para. 87,144, at 89,123.

67 Note, however, that no specific date forthe evaluation is specified. Management’sReports on Internal Control Adopting Release,para. 86,923, at 87,701.

68 1934 Act, Rules 13a-14(a), 15d-14(a) andForm 20-F, Instructions as to Exhibits,Instruction 12.

69 Certification Adopting Release, para. 86,720,at 86,132. However, ‘a company’s certify-ing officers may temporarily modify thecontent of their Section 302 certificationto eliminate certain references to internalcontrol over financial reporting until thecompliance date’. Management’s Reportson Internal Control Adopting Release, para.86,923, at 87,701.

70 Management’s Reports on Internal ControlAdopting Release, para. 86,923, at 87,699.Not ‘filing’ will also limit enforcement ofthe certificate to criminal proceedingsrather than civil litigation. John J. Huberand Julie K. Hoffman, The Sarbanes–OxleyAct of 2002 and SEC Rulemaking, para.II.B.1.c, at 20 (2nd April, 2004) (http://www.lw.com/upload/docs/doc84.pdf)[hereinafter Huber Outline].

71 Additional Form 8-K Disclosure Requirementsand Acceleration of Filing Date, SecuritiesAct Release No. 8400, Exchange ActRelease No. 49424 [2003-2004 TransferBinder] Fed. Sec. L. Rep. (CCH) para.87,158, at 89,493 n.146 (16th March,2004).

72 Huber Outline, para. II.B.3.b(1), at 23.73 Ibid. para. II.B.2.b(3), at 21.74 Management’s Reports on Internal Control

Adopting Release, para. 86,923, at 87,699.75 Conditions for Use of Non-GAAP Financial

Measures, Securities Act Release No. 8176,Exchange Act Release No. 47226, Finan-cial Reporting Release No. 65 [2002-2003


Page 103

Transfer Binder] Fed. Sec. L. Rep. (CCH)para. 86,816, at 86,830 (22nd January,2003); see also Latham & Watkins ClientAlert No. 257, SEC Adopts Rules forDisclosure of EBITDA and Other ‘Non-GAAP Financial Measures’ (http://www.lw.com/resource/publications/_pdf/pub578.pdf).

76 Regulation G, Rule 100(a).77 Ibid. Rule 101(a)(1). The term does not

cover operating measures. Ibid. Rule101(a)(2).

78 Ibid. Rule 101(b). In addition, if theforeign private issuer prepares its primaryfinancial statements under US GAAP,‘GAAP’ would mean US GAAP. Ibid.

79 Ibid. Rule 101(a).80 Ibid.81 Ibid. Rule 100(b).82 Ibid. Rule 100(c).83 Regulation S-K, Item 10(e)(1)(i).84 Ibid. Item 10(e)(1)(ii).85 Ibid. Item 10, Note to Paragraph (e).86 SEC Office of the Chief Accountant,

Division of Corporation Finance, Fre-quently Asked Questions Regarding the Use ofNon-GAAP Financial Measures, Question 8(13th June, 2003) (http://www.sec.gov/divisions/corpfin/faqs/nongapfaq.htm).

87 Ibid. Question 14.88 Ibid. Question 15.89 See Disclosure in Management’s Discussion

and Analysis about Off-Balance SheetArrangements and Aggregate Contractual Obli-gations, Securities Act Release No. 8182,Exchange Act Release No. 47264,Financial Reporting Release No. 67,International Series Release No. 1266[2002-2003 Transfer Binder] Fed. Sec. L.Rep. (CCH) para. 86,821, at 86,969 (27thJanuary, 2003) [hereinafter Off-BalanceSheet Adopting Release].

90 Form 20-F, Item 5.E.1.91 Ibid. Items 5.E.1.(a)-(d).92 Ibid. Item 5.E.2.93 Off-Balance Sheet Adopting Release, para.

86,821, at 86,973 and 86,977.94 Ibid. para. 86,821, at 86,984.95 Ibid.96 Form 20-F, Item 5.F.1.97 Ibid. Item 5.F.2.

98 Off-Balance Sheet Adopting Release, para.86,821, at 86,982 n.73.

99 Commission Statement about Management’sDiscussion and Analysis of Financial Conditionand Results of Operations, Securities ActRelease No. 8056, Exchange Act ReleaseNo. 45321, Financial Reporting ReleaseNo. 61 [2001-2002 Transfer Binder] Fed.Sec. L. Rep. (CCH) para. 86,617, at85,152 (22nd January, 2002).

100 Off-Balance Sheet Adopting Release, para.86,821, at 86,974.

101 1934 Act, Rule 10A-3(a)(5)(i)(A); see alsoStandards Relating to Listed Company AuditCommittees, Securities Act Release No.8220, Exchange Act Release No. 47654,Investment Company Act Release No.26001 [2003 Transfer Binder] Fed. Sec. L.Rep. (CCH) para. 86,902, at 87,402 (9thApril, 2003) [hereinafter Listed CompanyAudit Committee Adopting Release].

102 1934 Act, Rule 10A-3(b)(1)(i).103 1934 Act, Rule 10A-3(b)(1)(ii)(A).104 1934 Act, Rule 10A-3(b)(1)(ii)(B).105 1934 Act, Rule 10A-3(e)(1)(i).106 1934 Act, Rule 10A-3(e)(1)(ii)(A).107 1934 Act, Rule 10A-3(b)(1)(iv)(C).108 1934 Act, Rule 10A-3(b)(1)(iv)(D).109 1934 Act, Rule 10A-3(b)(1)(iv)(E).110 1934 Act, Rule 10A-3(b)(1)(iv)(A).111 1934 Act, Rule 10A-3(b)(2).112 1934 Act, Rule 10A-3(b)(3).113 1934 Act, Rule 10A-3(b)(4).114 1934 Act, Rule 10A-3(b)(5).115 Instruction 1 to 1934 Act, Rule 10A-3.116 Ibid.117 Instruction 2 to 1934 Act, Rule 10A-3.118 1934 Act, Rule 10A-3(c)(3).119 1934 Act, Rule 10A-3(d) and Form 20-F,

Item 16.D.120 Form 20-F, Items 16A(a)(1) and (3).121 Ibid. Instruction 3 to Item 16A.122 Ibid. Item 16A(a)(2).123 Ibid.; see also Listed Company Audit Com-

mittee Adopting Release, para. 86,902, at87,433.

124 Disclosure Required by Sections 406 and 407of the Sarbanes–Oxley Act of 2002, Securi-ties Act Release No. 8177, Exchange ActRelease No. 47234 [2002-2003 TransferBinder] Fed. Sec. L. Rep. (CCH) para.


Page 104

86,818, at 86,885 (as corrected, 24thJanuary, 2003 and 31st March, 2003)[hereinafter Sections 406 and 407 AdoptingRelease].

125 Form 20-F, Item 16A(b).126 Ibid. Item 16A(c).127 Ibid. Instruction 3 to Item 16A.128 Sections 406 and 407 Adopting Release, para.

86,818, at 86,883.129 Form 20-F, Item 16A(d)(1).130 Ibid. Items 16A(d)(2)-(3).131 S-X Rule 2-01(c)(2)(iii)(B); see also 1934

Act, Section 10A(l) (auditor may not auditan issuer whose CEO, controller, CFO orchief accounting officer was employed bythe auditor and participated in the auditduring the one-year period preceding thedate of the initiation of the audit inquestion). Generally speaking, personsother than the lead or concurring partnerwho provided ten or fewer hours of audit,review or attest services during the rel-evant period are not considered to bemembers of the audit engagement team.S-X Rule 2-01(c)(2)(iii)(B)(2).

132 S-X Rule 2-01(c)(4); see also 1934 Act,Section 10A(g) (substantially identical limi-tations).

133 S-X Rule 2-01(c)(6); see also 1934 Act,Section 10A(j) (unlawful to act as auditorif lead (or coordinating) audit partner(having primary responsibility for theaudit) or audit partner responsible forreviewing the audit has performed auditservices for the issuer in each of the priorfive fiscal years of the issuer).

134 S-X Rule 2-01(c)(7); see also 1934 Act,Sections 10A(h)-(i) (all audit and permittednon-audit services must be pre-approvedby the audit committee (subject to certainde minimis exceptions)). The SEC hasstated that an issuer’s audit committeemust follow three requirements in its useof pre-approval through policies and pro-cedures. First, the policies and proceduresmust be detailed as to the particular serviceto be provided. Secondly, the audit com-mittee must be informed about each ser-vice. Thirdly, the policies and procedurescannot result in the delegation of the auditcommittee’s authority to management.

Accordingly, monetary limits cannot bethe only basis for the pre-approval policiesand procedures. SEC Office of the ChiefAccountant, Application of the January 2003Rules on Auditor Independence: FrequentlyAsked Questions, Question 22 (http://www.sec.gov/info/accountants/ocafaqaudind08703.htm). Note that underAuditing Standard No. 2 of the PCAOB,an issuer’s audit committee cannot pre-approve internal control services as a cat-egory, but must instead approve eachservice.

135 S-X Rule 2-01(c)(8).136 S-X Rule 2-07(a); see also 1934 Act

Section 10A(k) (substantially identicalrequirements).

137 Form 20-F, Item 16C(a).138 Ibid. Item 16C(b).139 Ibid. Item 16C(c).140 Ibid. Item 16C(d).141 Ibid. Item 16C(e).142 Ibid. Item 16C(f).143 1934 Act, Rule 13b2-2(b)(1).144 Improper Influence on Conduct of Audits,

Exchange Act Release No. 47890, Invest-ment Company Act Release No. 26050,Financial Reporting Release No. 71 [2003Transfer Binder] Fed. Sec. L. Rep. (CCH)para. 86,921, at 87,656 (20th May, 2003).

145 Ibid.146 1934 Act, Rule 13b2-2(b)(2).147 S-X Rule 2-06(a). The SEC required a

seven-year period rather than the five-yearperiod mandated in Section 802, because,among other things, Section 103 of theSarbanes–Oxley Act directs the PCAOBto require auditors to retain audit work-papers and other materials that support theaudit for seven years. Retention of RecordsRelevant to Audits and Reviews, SecuritiesAct Release No. 8180, Exchange ActRelease No. 47241, Investment CompanyAct Release No. 25911, Financial Report-ing Release No. 66 [2002-2003 TransferBinder] Fed. Sec. L. Rep. (CCH) para.86,819, at 86,917 (24th January, 2003).

148 S-X Rule 2-06(b).149 S-X Rule 2-06(c).150 See Certification Adopting Release, para.

86,720, at 86,130.


Page 105

151 Implementation of Standards of ProfessionalConduct for Attorneys, Securities Act ReleaseNo. 8185, Exchange Act Release No.47276, Investment Company Act ReleaseNo. 25919 [2002-2003 Transfer Binder]Fed. Sec. L. Rep. (CCH) para. 86,823, at87,069 (29th January, 2003) [hereinafterAttorney Conduct Adopting Release].

152 Part 205.2(a)(1).153 Part 205.2(a)(2)(ii).154 Part 205.2(j).155 Part 205.2(i).156 Part 205.3(b)(1).157 Part 205.3(b)(2).158 Part 205.3(b)(3).159 Part 205.3(c)(1).160 Part 205.2(k).161 Part 205.3(c)(1).162 Part 205.3(c)(2).163 Attorney Conduct Adopting Release, para.

86,823, at 87,069.164 Form 20-F, Item 16B(a).165 Ibid. Item 16B(b).166 Ibid. Item 16B(c).167 Ibid. Items 16B(d) and (e).168 The term ‘individual account plan’ is

defined in Regulation BTR, Rule 100( j).169 Ibid. Rule 100(b)(2).170 Ibid. Rule 101(a).171 Ibid. Rule 104.172 Form 20-F, Instructions as to Exhibits,

Instruction 10. Although the issuer neednot submit the notice under Form 6-K, ifit does so it is not separately required toinclude the notice as an exhibit to itsannual report on Form 20-F. Ibid.

173 Regulation BTR, Rule 103(b).174 Ibid. Rule 103(a).175 Ibid. Rule 103(b).176 1934 Act, Section 13(k)(1).177 Ibid.178 Ibid.179 1934 Act, Section 13(k)(2).180 1934 Act, Section 13(k)(3).181 Sarbanes–Oxley Act: Interpretive Issues under

Section 402 — Prohibition of Certain Insider

Loans (15th October, 2002) (http://www.lw.com/upload/docs/doc29.pdf).

182 Ibid. at 3–4.183 Ibid. at 4.184 Ibid.185 Ibid. at 4–5.186 Ibid. at 6.187 Ibid.188 Ibid. at 8–11.189 See Huber Outline, para. V.C.1.a, at 95.190 Ibid. para. V.C.2, at 97.191 Ibid. para. X.A, at 172.192 Sarbanes–Oxley Act, Section 802(a) (add-

ing new Section 1519 of 18 U.S.C.);Huber Outline, para. X.A.1.a(1), at 172.

193 Sarbanes–Oxley Act, Section 1102(amending 18 U.S.C. Section 1512); HuberOutline, para. X.A.1.b, at 175.

194 Sarbanes–Oxley Act, Section 1107(amending 18 U.S.C. Section 1513); HuberOutline, para. X.A.2.a, at 175.

195 Sarbanes–Oxley Act, Section 807 (addingnew Section 1348 to 18 U.S.C.); HuberOutline, para. X.A.3, at 175.

196 Sarbanes–Oxley Act, Section 1106(amending 1934 Act Section 32(a)); HuberOutline, para. X.A.4.a(7), at 177.

197 Sarbanes–Oxley Act, Section 1103(amending 1934 Act Section 21C(c));Huber Outline, para. X.B.1, at 177.

198 Sarbanes–Oxley Act, Section 1105(amending 1934 Act Section 21C and1933 Act Section 8A); Huber Outline, para.X.B.2, at 178.

199 Huber Outline, para. X.B.2.a, at 178.200 Sarbanes–Oxley Act, Section 305 (amend-

ing 1934 Act Section 21(d)(2) and 1933Act Section 20(e)); Huber Outline, para.X.B.2.c, at 178.

201 Sarbanes–Oxley Act Section 806 (addingnew Section 1514A to 18 U.S.C.); HuberOutline, para. X.C.2.a, at 179–180.

202 Sarbanes–Oxley Act Section 803 (addingnew Section 523(a) to 11 U.S.C.); HuberOutline, para. X.C.3.a, at 180.


Page 106

The US Sarbanes–Oxley Act of 2002: Summary and … control provisions of Sarbanes– Oxley. For...

Documents

Transcript of The US Sarbanes–Oxley Act of 2002: Summary and … control provisions of Sarbanes– Oxley. For...