FEATURED ARTICLE | FEBRUARY 2, 2004
Sarbanes-Oxley (SOX), Belts and Suspenders: The Regulatory Aftermath of the Corporate Accounting Scandals
The Sarbanes-Oxley Act of 2002 tries to reduce corporate malfeasance. But in practice, how does regulation of this kind affect behavior in the boardroom and the CEO's office? We asked Richard Mahoney, the former Chairman and CEO of Monsanto and currently the chair of the Governance Committee of a Fortune 500 company to give his impressions from the trenches of how the law has affected corporate life.
The full text of Sarbanes-Oxley can be found at Findlaw's website under Industry Centers/Corporate Governance.
The market drop had another result, potentially more damaging. A dozen or more companies, the most prominent of which was Enron, were alleged to be "cooking the books"—inflating earnings in an attempt to keep stock prices up in a rapidly declining market. Other complaints against various companies included alleged self-dealing insider schemes and lavish personal use of shareowner assets.
In the wake of these well-publicized scandals caused by a failure of corporate governance, Congress passed the "Sarbanes-Oxley Act of 2002"—"SOX" for short—named after Senator Paul Sarbanes (D-Maryland) and Congressman Paul Oxley (R-Ohio). Following that passage, the Securities and Exchange Commission (SEC) began the process of drafting specific rules for corporations as required by the new law. Also that year, the New York Stock Exchange (NYSE) and NASDAQ developed listing standards—new and tougher requirements that must be met by companies listed on those exchanges.
While the number of companies caught up in the widespread investigations is only a small fraction of the approximately 3,000 NYSE companies and perhaps 9,000 public traded companies, it was enough to, deservedly, warrant congressional scrutiny and the tightening of listing provisions of the stock exchanges.
These measures hope to "legislate morality"—or, at the very least, punish immorality.
In most cases, laws and rules that rushed into effect in the heat of scandal or notoriety are poorly crafted—drawn more with intent to punish alleged offenders than to cure a problem. Think of Love Canal and the "Valley of the Drums" with the resulting Superfund—(having served for year on the National Superfund Commission, an attempt to fix it, I can say with confidence it was among the worst single pieces of legislation ever enacted.) Other examples abound in environment, workplace, antitrust and many other areas where the exposure of egregious actions by a few caused "lock the barn after the horse is out" laws and regulations for the many.
SOX, in view of that heritage, is not too badly drawn. While very expensive to implement, it will likely produce some improvement in governance. In the case of the NYSE rules, these were circulated in advance for comment and some unproductive elements were revised in that process. These Exchange rules are more qualitative—"do it this way rather than that"—while the SOX rules are more heavily into "compliance scorekeeping."
In aggregate, the rules of SOX and the Exchanges cover more than 100 major provisions, many with several subsets, so compliance is no trivial exercise. As chairman of the Governance Committee of a major corporation, I spent hours and hours trying to understand the many pages of rules, though that time commitment has now tapered off as the implementation phase has begun. But the corporate staff has spent many multiples of the time I did and their work continues as a major time commitment. In addition, our outside law firm is invaluable in helping to interpret the rules—but also very expensive. In all, corporate America will spend many billions of dollars carrying out these rules. One can only hope that shareowner value will rise in some reasonable proportion.
In a short space it is impossible to cover all—or even a large portion—of the provisions. What follows is a summary of what, in my experience, are the major ones. Time and future litigation, of course, may change the priorities and certain companies will have a very different list depending on their circumstances and interpretation.
1. The CEO signs off on the major financial reports, certifying that he/she has personally reviewed their preparation and approves the statements (SOX, NYSE). While CEO "certification" of financials has always been required (along with civil or criminal penalties for malfeasance) the specificity of SOX and the spotlight on the requirement is causing a major commitment of time and money to make these certifications. It will be very difficult for a CEO to plead ignorance as a defense. It may prove to be a good deterrent, but it comes at a very steep compliance cost because of the many redundant reviews needed.
2. Requirements for regular executive sessions of the Board (NYSE)—only independent directors present. Like CEO certification of the finances in 1. above, many companies had already been doing this—often in the CEO performance review and of course, on those occasions where the CEO needed replacing. Some boards have now decided to hold these sessions at each meeting and the practice has generated some positive results as the members get used to talking freely without a crisis or a tight agenda.
3. Composition and functioning—primarily of Audit and Compensation Committees but also Governance and other committees (SOX, NYSE). Very tough rules defining true independence and operating methods. In a variety of ways, it tries to ensure that the Nominating Committee (or other similarly named committee) will really take the lead in fact, rather than just in concept, in seeking new directors—an attempt to restrict the CEO as the principal seeker of new directors, a common past practice.
4. SOX and NYSE have special provisions for the Audit Committee; a major provision is that at least one director must be designated as a qualified financial expert—with "qualified expert" precisely and narrowly defined. While this may seem reasonable and easily complied with, few want to be so designated, even though a "safe harbor" provision for that person is included—at this time a great source of confusion and conflicting interpretations. For example, some CEOs, but not necessarily all, can qualify—but not too many are volunteering. Ideally, for the persons involved, several members of the committee would qualify and thus somewhat deflect the spotlight from one to several. Many companies are raising the fees for directors—especially Audit Committee members—reflecting the additional time commitments and the added pressure from the rules.
5. Various corporate codes of conduct are prescribed along with various charter requirements for committees. This kind of approach has seldom worked in the past (it's easy to write, easy to violate) but it does call attention to the subjects at their issuance—and they provide "gotcha" standards if violated.
6. Tight rules for outside auditors. They are now retained by and report directly to the Audit Committee. Many lucrative consulting assignments formerly permitted are now curtailed. SOX requires rotating the lead reviewing auditor (the person, not the firm) at least every five years.
To get the flavor of the incredible level of detail required by the law, take a quick look at these Frequently Asked Questions about Sarbanes Oxley Compliance posted at the SEC's web site.
7. Shareowner approval of all compensation plans involving the issuance of stock (NYSE).
8. Any number of requirements call for website posting of procedures and practices as well as "whistleblower" provisions and protections. Called by some the "webmaster full employment act."
9. A very important proposal by the SEC is now circulating for comments. It would allow, under certain limited circumstances, direct nominations of directors by shareowners. At present, shareowners can only "suggest" nominees and even then, weakly. This is potentially a large issue with plenty of room for mischief if poorly drafted and interpreted.
10. SOX has pages and pages of very specific prohibitions and "must do" items. It is virtually a catalogue of all the offenses found in the highly publicized cases—and many, many more items added in the drafting. For example, it tightens the requirements for reporting stock sales by senior executives, prohibits loans to top officers and a number of other prohibitions of practices found in the highly publicized cases. Because the list is so extensive, if rigidly enforced in minute detail, 100% compliance will be a real challenge. Likely it will be modified over time for clarity and compliance, but in the meantime, it's a minefield.
Fred McChesney has argued that state legislation was sufficient deterrent to punish Enron and others. His take on the political economy of corporate scandals is here.
Does prescriptive legislation work? History says "not often," especially if it has pages and pages of rules, sub-rules and yet tinier rules written in what is called in the trade "flyspeck bold" print. Confusion often sets in when one tries to follow the roadmap of too many things like Para 7A.(1)(f)(3) (as amended)(See legislative record for interpretation.)
However the practices that brought about these new rules were so egregious that something had to be done. Many elements of these rules will prove to the right "thing" and some will be only a bureaucratic exercise. Time will be the judge of the ratio.