SEC Proposes New Rules Under the Sarbanes-Oxley Act of 2002 Regarding Service by "Financial Experts"

Date: January 30, 2003

On October 22, 2002, for the second time in less than one week, the Securities and Exchange Commission (“SEC”) published for comment proposed new rules implementing the Sarbanes-Oxley Act of 2002 (the “Act”) . These latest proposed new rules implement Sections 404, 406 and 407 of the Act. The SEC also is proposing revisions to its recently adopted rules requiring a company's principal executive and financial officers to certify both the company's quarterly and annual reports and evaluations of disclosure procedures and controls (SEC Release No. 33-8138; 34-46701, available at The proposed new and revised rules are briefly summarized below.

“Financial Experts” Serving on Audit Committees: The proposed rules would require SEC reporting companies (including foreign issuers) to disclose in their annual reports:

  • the number and names of audit committee members whom the board of directors has determined to be a “financial expert” or, if none, an explanation why the audit committee has no financial experts
  • whether the financial expert(s) are “independent,” as that term is used in Section 10A(m)(3) of the Exchange Act, and if not, provide an explanation of why they are not

The term “financial expert” is defined more narrowly in the proposed rule than current stock exchange rules regarding the financial expertise of audit committee members. This is due in part to the inflexibility inherent in the Act, which directs the SEC to adopt a definition, but effectively limits its scope to a person who is a public accountant or auditor, or who has served as a senior financial officer of another company.

As proposed by the SEC, “financial expert” would mean a person who has, through education and experience as a public accountant or auditor or a principal financial officer, controller, or principal accounting officer of a reporting company, or experience in one or more positions involving similar functions, each of the following attributes:

  • an understanding of GAAP and financial statements
  • experience applying GAAP in accounting for estimates, accruals, and reserves that are generally comparable to accounting for those same items in the company's financial statements
  • experience preparing or auditing financial statements that present accounting issues generally comparable to those raised by the company's financial statements
  • experience with internal controls and procedures for financial reporting
  • an understanding of audit committee functions

The board of directors (or non-management board for foreign issuers with two-tier boards) would be responsible for determining whether members are a “financial expert.” The SEC release makes it clear that a member of the audit committee who is a “financial expert” will not be deemed an “expert” for purposes of Section 11 of the Securities Act of 1933 and will have “no higher degree of individual responsibility or obligation” than other members of the audit committee.

Code of Ethics: The proposed rules would require SEC reporting companies (including foreign issuers) to disclose in their annual reports:

  • whether they have adopted a code of ethics for their chief executive officer, chief financial officer, principal accounting officer, controller or persons performing similar functions
  • if the company has not adopted such a code, the reasons why it has not done so

Under the proposed rules, a “code of ethics” is defined as a codification of standards reasonably designed to deter wrongdoing and to promote all of the following:

  • honest and ethical conduct
  • avoidance of conflicts of interest
  • full, fair, accurate, timely and understandable disclosure in SEC reports and other public communications
  • compliance with governmental rules and regulations
  • prompt internal reporting of violations of the code to identified persons and accountability for adherence to the code

The SEC states in the release that it expects codes of ethics to vary and that each company must design compliance and disciplinary measures appropriate to its business. A copy of a company's code of ethics would be required to be filed as an exhibit to its annual report.

Finally, any change to, or waiver of, the code would be required to be disclosed in a Form 8-K or on the company's website within two business days. The proposal that companies could use their websites in lieu of a Form 8-K filing would be available only to companies which had disclosed in their most recent annual report that they intend to disclose such events on their website and listed the website address.

Foreign private issuers would make such disclosure as exhibits to their Forms 20-K or 40-K, or could do so earlier on Form 6-K or their website. The SEC intends to strongly encourage foreign private issuers to make these disclosures promptly.

Internal Controls and Procedures for Financial Reporting: The proposed rules would require SEC reporting companies (including foreign issuers) to include in their annual reports an “internal control report” containing each of:

  • a statement of management's responsibilities for establishing and maintaining adequate internal controls and procedures for financial reporting
  • conclusions about the effectiveness of the company's internal controls and procedures for financial reporting based on management's evaluation as of the end of the company's most recent fiscal year
  • a statement that the company's auditors have attested to, and reported on, management's evaluation (with the attestation being filed with the annual report)

There is no proposed form for the report, rather the exact content is to be tailored by each company.

In the release, the SEC clarifies the distinction between “internal controls” and “disclosure controls.” Internal controls are procedures designed to assure that transactions are properly authorized, recorded and reported and that assets are safeguarded against unauthorized or improper use. Disclosure controls are procedures designed to ensure that information required to be disclosed is obtained and reported timely. The SEC proposes that initially (pending action by the Public Company Accounting Oversight Board) the formal definition of “internal controls” be as in the Codification of Statements on Auditing Standards §319. AU §319 defines “internal controls” as “controls that pertain to the preparation of financial statements for external purposes that are fairly presented in conformity with GAAP.”

Rule Revisions: The SEC also proposes revising its recently adopted rules relating to certifications under Section 302 of the Act. The effect of the modification would be extend beyond the obligations imposed by the Act, which requires an annual review of internal controls, and impose a quarterly requirement. The current rules under Section 302 require the inclusion in quarterly and annual reports of:

  • a certification of the accuracy of the periodic report
  • a statement of management responsibility for, and an evaluation of, the adequacy of disclosure controls
  • a statement that any deficiencies in internal controls have been reported

The proposed revision would add a requirement that quarterly and annual reports include a statement of management responsibility for, and an evaluation of, the company's internal controls. The evaluations would be conducted as of the end of the period covered by the report.

* * * * * The release invites comments on the proposed rules within 30 days of publication in the Federal Register. The Act requires the SEC to issue final rules regarding the code of ethics and the disclosure of financial experts on the audit committee by January 26, 2003. There is no deadline for the rules regarding internal controls and procedures for financial reporting. As proposed, the rules regarding internal controls would, if adopted, include a transition period – applying only to annual reports for fiscal years ending on or after September 15, 2003.