Chapter 1

Mulling Over Sarbanes-Oxley Regulation

In This Chapter

Summarizing 70 years of securities law

Figuring out which companies must comply with SOX

Complying with enhanced reporting requirements under SOX

The Sarbanes-Oxley Act (SOX), which passed in 2002, is the most far-reaching attempt to protect investors since Franklin Delano Roosevelt's Securities Act of 1933 following the Great Depression. Like the New Deal securities laws of the 1930s, SOX comes on the heels of high-profile scandals at large corporations that caused significant harm to investors. It signals a new era in the relationship among business, government, and the investing public.

SOX is a broad piece of legislation that the Securities and Exchange Commission (SEC) is in charge of administering. It administers this legislation by passing specific rules for companies, audit firms, and stock exchanges to follow. The SEC has issued many comprehensive rules that provide much of the guidance that companies need. These rules help to clearly spell out the requirements of SOX.

This chapter covers the rules and gives you an overview of securities law and the important historical context of SOX. Understanding the objectives of securities law and how SOX serves those objectives can help you better understand your company's current reporting obligations and can help you prepare for future legislative trends.

SOX isn't a stand-alone piece of legislation; it's only a part of the complex tapestry of federal securities regulations and statutes that Congress has woven over the last seven decades.

Pre-SOX Securities Laws

To develop a sound SOX strategy for your company, you need to be aware of the securities laws that define the legal context of SOX and that are altered by its provisions. SOX amends many of the securities laws discussed in this section.

In the 1930s, the idea of laws to protect the investing public took hold among a hardworking generation that had seen the devastation of a stock market crash. Just prior to his 1932 reelection bid, President Franklin Delano Roosevelt assigned a former Federal Trade Commissioner, Huston Thompson, the task of drafting a securities law proposal to woo a depression-dazed electorate on the campaign trail.

Huston and the committee that convened to review his draft were faced with an early dilemma: Should the role of government be to protect the public from poor investments or simply to make sure that the public had enough information to evaluate investments on their own? In the end, the draft legislation opted for the disclosure approach, which is still used today.

The laws that ultimately emerged from Huston's draft are the Securities Act of 1933 (also known as the 1933 Act) and the Securities Exchange Act of 1934 (also known as the 1934 Act). Decades after their drafting, these two statutes remain the backbone of the federal securities regulation system. The objective of these laws goes beyond simply ensuring that companies fill out the right forms; the disclosures required are designed to provide all the information necessary for an investor to determine the true value of an investment that's offered to the public.

SOX is an attempt to modernize existing securities laws to ensure that they continue to meet the statutes’ objective in the 21st century. The premise of federal securities law, then and now, is that government plays an important role in protecting the investing public from financial misrepresentation.

The Securities Act of 1933: Arming investors with information

The Securities Act of 1933 is sometimes referred to as the “truth in securities” law, because it requires that investors receive adequate and thorough financial information about significant aspects of securities being offered for public sale. It expressly prohibits deceit, misrepresentation, and other fraud in the sale of securities. The 1933 Act contains a detailed registration process that companies must comply with before they can offer securities to the public. The burden and expense of completing the forms is the responsibility of the registering company, which is referred to as the issuer.

The SEC examines all registration documents for compliance with the 1933 Act. If the SEC determines that information is missing or inaccurate, the issuer may be denied registration and may lose its right to sell its securities in the United States. (Section 5(a) of the 1933 Act provides that it's “unlawful” to offer to sell a security to the public unless a registration statement is in effect.)

Companies undergoing the registration process are required to provide information about:

• The company's properties and business
• The types of securities to be offered for sale, such as stocks, bonds, and partnership interests
• Background on the management of the company

The registration statement must also include financial statements certified by independent accountants. (The requirements for audited financial statements are discussed more fully in several chapters in Book IX.)

In order to comply with disclosure requirements, companies generally distribute a document called a prospectus to potential investors. The content of the prospectus is governed by the 1933 Act, which provides that “a prospectus shall contain the information contained in the registration statement.” This instruction is somewhat misleading because companies usually create these documents in reverse — drafting a prospectus prior to preparing a registration statement and then including a copy of the prospectus in the registration statement filing.

The Securities Exchange Act of 1934: Establishing the SEC

Although the 1933 Act set ambitious goals and standards for disclosure (see the preceding section), it was silent on the practical aspect of enforcement. To plug this hole, Congress passed the Securities Exchange Act of 1934, which established the Securities and Exchange Commission (SEC) to implement the 1933 Act.

Overview of the 1934 Act

The 1934 Act established the ground rules under which the purchasers of securities may resell and trade shares by:

• Requiring sellers of securities to register as broker dealers
• Creating regulated securities exchanges
• Defining the duties of companies whose securities are traded among investors

In effect, the 1934 Act requires a company to make certain information available to the public so that company's shareholders may resell their stock to members of the general public.

Many of the securities sold in the United States are private placement offerings (as explained in the next section), which aren't subject to registration under the 1933 Act but are subject to the civil liability and anti-fraud provisions of the 1934 Act.

Keeping offerings private under Regulation D

The term private placement refers to the offer and sale of any security by a brokerage firm to certain investors but not to the general public.

Private offerings are “exempt from registration under the 1933 Act, subject to specific exemptions contained in Sections 3(b) 4(2) of the 1933 Act as interpreted by SEC Regulation D.” However, private placements may still be subject to portions of the 1934 Act and to state securities laws requiring registration as well as to certain provisions of SOX.

Regulation D Sections 504–506 establish three types of exemptions from the registration requirements of the 1933 Act:

• Rule 504 applies to transactions in which no more than $1 million of securities are sold in any consecutive 12-month period. Rule 504 doesn't limit the number of investors. These types of offerings remain subject to federal anti-fraud provisions and civil liability provisions of the 1934 Act if they raise more than $1 million.
• Rule 505 applies to transactions in which not more than $5 million of securities are sold in any consecutive 12-month period. Sales of the security can't be made to more than 35 “non-accredited” investors but can be made to an unlimited number of accredited investors (defined just after this list). An issuer under this section can't use any general solicitation advertising to sell its securities.
• Rule 506 has no dollar limitation of the offering. An exemption under this section is available for offerings sold to not more than 35 non-accredited purchasers and an unlimited number of accredited investors. Rule 506 requires an issuer to make a subjective determination that at the time the shares are sold, each non-accredited purchaser meets a certain sophistication standard.

For purposes of Regulation D, an accredited investor is defined in Rule 501(a) as someone who has the following characteristics:

• Is a director, executive officer, or general partner of the issuer
• Has a net worth either individually or jointly with his or her spouse that equals or exceeds $1 million
• Has income that exceeds $200,000 per year (or $300,000, jointly with spouse) for each of the two most recent years and reasonably expects an income that exceeds $200,000 in the current year

Powers given to the SEC

Under the 1934 Act, the SEC has the power to register, regulate, and oversee brokerage firms, transfer agents, and clearing agencies as well as the nation's securities stock exchanges.

Periodic reporting requirements under the 1934 Act require full disclosure of facts subsequent to filing that are material or significant enough to affect investors’ decision-making processes. The 1934 Act also identifies and prohibits certain types of conduct in the markets, such as insider trading and market manipulation, and provides the SEC with disciplinary powers over regulated entities and persons associated with them.

The SEC's rulemaking authority for SOX

The 1934 Act gives the SEC the authority to supplement securities laws by making its own rules for carrying them out. The SEC passes its own regulations, which have the same force, effect, and authority as laws passed by Congress.

Accordingly, the SEC is in charge of making rules to implement the broad statutory provisions of the Sarbanes-Oxley Act. In fact, SOX specifically requires that the SEC make rules in 19 different areas!

Periodic reporting under the 1934 Act

The Securities Exchange Act of 1934 directs the SEC to require periodic reporting of information by companies with publicly traded securities. These companies must submit 10-K Annual Reports, 10-Q Quarterly Reports, and Form 8-K for significant events. These reports are made available to the public through the SEC's EDGAR database located at www.sec.gov. (For details about the 10-K, 10-Q, and 8-K, see “The Post-SOX Paper Trail” later in this chapter.)

Additionally, the 1934 Act imposes special reporting requirements on companies in the following contexts:

• Proxy solicitations: The SEC uses a procedure called proxy to allow geographically distant shareholders to participate in elections without attending meetings. Naturally, persons seeking control, including insiders hoping to retain control, solicit those proxies for their candidates. Companies must file materials with the SEC in advance of any such solicitations.
• Tender offers: The 1934 Act requires disclosure of important information by anyone seeking to acquire more than 5 percent of a company's securities by direct purchase, also known as a tender offer.
• Exchanges and associations: The 1934 Act requires that exchanges, brokers and dealers, transfer agents, and clearing agencies report to the SEC.

The 1933 Act covers offers and sales by issuers (companies whose securities are offered), while the 1934 Act defines what information those companies must make available to permit their shareholders to trade company shares after purchasing them.

Insider trading provisions

Section 16 of the Securities Exchange Act of 1934 establishes that it's illegal for management, directors, and other people having “inside” knowledge about a company to use that information themselves or to pass it on to others so that they can use it improperly to gain a financial benefit for themselves. Every member of the public should have an equal advantage when it comes to investing in public companies.

SOX Section 403(a) strengthens Section 16 of the 1934 Act by requiring company insiders to disclose to the SEC information about their stock transactions within two business days of when they occur. These disclosures are made on an 8-K filing, explained in the “The Post-Sox Paper Trail” section later in the chapter.

Trading securities while in possession of information that's not available to the public is illegal if that information is material to the value of the investment.

Other securities laws

As part of an overall regulatory environment to protect investors, the Sarbanes-Oxley Act impacts disclosures required under the following laws:

• The Trust Indenture Act of 1939: This act contains requirements on debt securities, such as bonds, debentures, and notes that are offered for public sale. (Debentures are a type of debt instrument. The term “debenture” refers to the disclosure document provided to investors.) Most of the SOX provisions amending the 1934 Act apply to securities governed under this provision.
• Investment Company Act of 1940: This 1940s act regulates mutual funds and companies that invest in other companies and whose own securities are offered to the investing public. SOX's accounting disclosure and management certification requirements specifically apply to investment companies defined in this act.
• Investment Advisers Act of 1940: This act requires that firms or sole practitioners who have at least $25 million in assets and advise others about securities investments register with the SEC. (Instead of selling a security as a broker, the advisor recommends the purchase of the security.) Also, SOX provides criminal provisions that apply directly to investment advisors.

The Scope of SOX: Securities and Issuers

To understand which parts of SOX apply to your company, you need to understand what type of investments are considered securities and which types of issuers are subject to or exempt from SOX.

For example, Section 807 creates a new securities fraud provision that appears in the criminal code. This provision makes it a crime “to defraud any person in connection with a security” or to obtain “by means of false or fraudulent pretenses, representations or promises, any money or property in connection with the sale or purchase of any security.” In order to determine whether you've broken the law under Section 807 and can be sent to jail, you need to know whether the transaction you've conducted involves a security. If it doesn't, you may still be sued in a civil action for fraud but won't serve time in a federal penitentiary under this provision.

Determining what a security is

SOX makes reference to the Securities Act of 1933 and the Securities Exchange Act of 1934 for purposes of defining what is and is not a security. Both acts contain similar definitions. The 1933 Act uses the following language:

[T]he term “security” means any note, stock, treasury stock, bond, debenture, security, future, evidence of indebtedness, certificate of interest or participation in any profit-sharing agreement . . ., pre-organization certificate or subscription, transferable share, investment contract, voting trust certificate, certificate of deposit for a security . . . or warrant or right to subscribe to or purchase, any of the foregoing.

There has long been confusion about the term investment contract as it's used in the definition of a security along with all the other terms. The use of this particular phrase has really extended the scope of transactions that the statute covers. Those words don't have any real meaning in a commercial context, so the courts have had to interpret them in deciding when an agreement between two or more parties constitutes an investment contract that's subject to the registration and reporting requirements of federal securities law.

A famous Supreme Court case in the 1940s, SEC v. WJ Howey Co., made it clear that federal securities law covers a broad scope of commercial transactions. In this case, the court held that companies that offered sections of orange groves for sale along with contracts to harvest the oranges and distribute the profits were indeed selling investment contracts subject to federal securities law and had to register such contracts with the SEC.

In the Howey case, the Supreme Court stated that the test to determine whether the securities laws apply in a given transaction is “whether the scheme involves an investment of money in a common enterprise with profits to come solely from the efforts of others.” Although this is a pretty broad definition, not all investments are considered securities under SOX. For example, courts have also held that transactions such as purchasing a share in a cooperative housing project or participating in a pension plan funded solely by employers (with no employee contribution) aren't securities.

Under the Howey case, the key questions to ask in determining whether a particular transaction may be a security subject to SOX include the following:

• Is there an investment of money?
• Is this a common enterprise?
• Is there expectation of profits?
• Do profits come solely from the investments of others?

Defining an issuer

SOX provides that issuers of all stock in all publicly traded corporations of all sizes must meet its requirements — that's a lot of issuers. Issuer is the term used to refer to companies that sell securities to the public and that either are required to register with the SEC or meet the requirements for an exemption from registration.

Your company is required to register its securities if it's going to be traded on a securities exchange or if the company meets certain criteria with respect to the number of shareholders and the amount of assets held.

Section 207(a) of SOX identifies the types of issuers that are subject to SOX, including:

• Companies whose securities trade on a securities exchange: Companies that offer stock to the public through the New York Stock Exchange (NYSE) or other stock exchange must register securities under Section 12(b) of the Securities Exchange Act of 1934. (For more about stock exchanges, see the next section, “Figuring out how stock exchanges work.”)
• Companies with more than 500 investors and $10 million in assets: SOX requires issuers with more than $10 million in assets to register securities that are held by at least 500 persons, regardless of whether the securities are traded on a securities exchange. These companies are required to register under Section 12(g) of the 1934 Act.
• Companies with more than 300 investors: Some companies aren't required to file under 12(g) of the 1934 Act because they have fewer than 500 shareholders. However, if these companies have more than 300 securities holders (and therefore don't qualify for a specific registration exemption), they must file under Section 15(d) of the 1934 Act. This category of issuers often includes companies that have privately held stock but offer debt instruments (such as bonds) to the public. Offering debt instruments pushes them over the 300-investor mark.
• Voluntary filers: Even though they're not legally required to do so, some companies decide to file reports with the SEC anyway. They do this for a variety of reasons. For example, to trade stocks on NASDAQ (a different type of exchange than a traditional stock exchange), a company must file SEC disclosures even if it isn't otherwise required to do so.
• Companies with registrations pending: A company conducting an initial public offering of equity or debt securities must file a registration statement on one of the public offering forms, one of the S-series forms, or one of the SB-series forms. Then the company must file three 10-Qs and one 10-K in the first year (even if it hasn't filed under the 1934 Act). Upon filing these statements, these companies become subject to many provisions of SOX.

When interpreting the requirements of SOX, it's important to look at each particular statutory provision for definitions and criteria identifying to whom that particular statute applies. Some sections of SOX apply to management, and others apply to auditors or benefit plan administrators.

Figuring out how stock exchanges work

After a company decides to go public, it has some important decisions to make about how to market its shares to the public: Should it register to sell the shares on a stock exchange? If so, which exchange?

In 1792, 24 men signed an agreement to sell securities among themselves, thus creating the New York Stock Exchange (NYSE). Today, the United States has several competing exchanges. The NYSE is home to some of America's best-known corporations, including General Electric, Exxon, Wal-Mart, America Online, IBM, and Lucent Technologies. NASDAQ is a competing stock exchange on which the stock of some equally impressive companies is traded, including Microsoft, Cisco Systems, and Intel. Other exchanges available to companies include the NASDAQ SmallCap Market and the American Stock Exchange (AMEX).

Companies don't directly sell shares on an exchange; rather, they're permitted to list shares on an exchange, selling them through licensed professionals.

Each stock exchange has its own listing requirements, which may include the following:

• Levels of pretax income
• Market value and share
• Net assets
• Number of shareholders
• Share price

In general, requirements for listing on the NASDAQ are less restrictive than those for the NYSE, which is why many newer high-tech companies elect to list with the NASDAQ.

For example, the NYSE requires companies to have either $2.5 million before federal and state income taxes for the most recent year and $2 million pretax for each of the preceding two years or an aggregate of $6.5 million pretax for the three most recent fiscal years. All three of those years must be profitable. In contrast, the NASDAQ requires only $1 million in pretax income in two of the last three fiscal years. It also offers some alternative standards to pretax income that are easier for emerging companies to meet; these standards are based on factors including assets, revenues, operating history, and market value. As for the NASDAQ SmallCap Market and the AMEX, both have low threshold requirements for listing with them.

When a company elects to list on an exchange, it must register the class of securities under the Securities Exchange Act of 1934, agreeing to make public information available and follow the other requirements of the 1934 Act. In addition to complying with federal securities law, the company may also have to comply with state securities laws, known as blue sky laws, in at least one state in which it operates.

Unveiling the SOX surprise

Some companies that aren't required to register with the SEC have been surprised to learn that parts of the Sarbanes-Oxley Act apply to them. The fact that a company is exempt from registering with the SEC doesn't mean it's exempt from complying with SOX.

The end of some old exemptions

Historically, the 1933 Act and the SEC have held the authority to exempt certain types of small companies and securities and offerings from SEC registration in order to help them acquire capital more easily by lowering the cost of offering securities to the public.

Exemptions are based on the type of security (for example, a bank is regulated by the Banking Commission, so bank stock is exempt) or on the type of transaction (for example, sales of less than $1 million are exempt from federal registration under Rule 504 of Regulation D, promulgated under the 1933 Act). Most states exempt offers and sales to only a limited number of investors (for example, 25 persons in a single offering in Wisconsin). In 1996, Congress passed the National Securities Markets Improvements Act, which requires states to impose a uniform exemption under Rule 506 of Regulation D, which all states must obey. (For more about Regulation D, see “Keeping offerings private under Regulation D” earlier in this chapter.)

Prior to SOX, these exemptions and waivers left a regulatory gap in the securities field and meant that many companies the public was investing in didn't have to go through the registration process and were subject to little other government oversight. Some shaky companies were exempted from tough scrutiny to the detriment of the investing public. The types of offerings exempt from regulatory oversight included:

• Private offerings to a limited number of persons or institutions
• Offerings of limited size
• Intrastate offerings (offerings made only within one state)
• Securities offerings of municipal, state, and federal governments

SOX doesn't have any direct effect on registration exemptions. The vast majority of small offerings are exempt from registration.

According to 30-year veteran securities attorney, Richard Kranitz, “Even the most carefully planned and highly funded start-ups involve great risk, but also potential reward. They also are the source of around 60 percent of all new jobs in the United States and most of its economic growth. They need to be able to issue securities to raise capital to survive, to grow, and to prosper.”

Even small companies must comply

The Sarbanes-Oxley Act doesn't contain small-company exemptions like a lot of other federal laws do. SOX is intended to protect investors regardless of the size of the public company in which they're investing. However, Congress and the SEC have both realized how much more burdensome compliance can be on small, publicly traded companies (particularly when it comes to Section 404). So, to help small companies without leaving investors unprotected, the SEC created rules that refer to companies that have less than $75 million in publicly solicited investment and debt as “non-accelerated” filers. The SEC also gave small companies more time to comply (but only after rejecting pressures and pleas to exempt small companies altogether).

Under the latest extension, non-accelerated filers (including foreign private issuers that are non-accelerated filers) must include in their financial statements a management report that attests to the company's internal control over financial reporting.

Some universal SOX provisions

Congress has made clear that it intends for some provisions of SOX to apply to all companies that sell their securities, regardless of whether these companies are required to register with the SEC.

These catch-all provisions are

• Section 1107, the employee and whistle-blower protections
• Sections 802 and 1102, the recordkeeping requirements
• Sections 807 and 902, the criminal provisions requiring jail time for securities fraud and conspiracy

Although many provisions of SOX technically apply only to publicly traded companies, securities law experts expect that courts and legislatures will apply the standards of the statute in a variety of litigation contexts and legal actions brought by investors.

The Post-SOX Paper Trail

Registration with the SEC is a milestone for companies going public, but it's only the beginning of the reporting relationship. After a company is registered as an issuer of securities, it's subject to annual and periodic reporting requirements that extend over the life of the company. SOX dramatically changes the content, depth, and frequency of the reports — the 10-K, 10-Q, and 8-K — that must be filed with the SEC.

SOX shortens the deadlines for filing annual and quarterly reports for a certain class of large public companies referred to as accelerated filers. These shortened deadlines require that reports be filed within 60 days rather than 90 days after the close of the reporting period.

Form 10-K

Form 10-K is an annual report that companies must provide to their investors and make publicly available on the SEC database. Many companies seize this opportunity and make their annual reports glossy marketing tools that tout the growth and accomplishments of the company over the past year. They know their 10-Ks will be reviewed by existing and prospective investors as well as securities rating companies.

SOX-mandated enhancements to 10-K annual reports include:

• An internal control report that states that management is responsible for the internal control structure and procedures for financial reporting and that it assesses the effectiveness of the internal controls for the previous fiscal year
• A requirement that all financial reports filed with the SEC reflect corrections and adjustments made to the financial statements by the company's auditors
• Disclosure of all material off–balance sheet transactions and relationships that may have a material effect on the financial status of an issue
• Disclosures of changes in securities ownership by management, directors, and principal stockholders, and information on whether these companies have adopted a code of ethics

Form 10-Q

Form 10-Q is a quarterly supplement to the annual 10-K report; it contains updates to the annual disclosures. 10-Q reports provide a more current view of financial performance than annual reports, and analysts often compare the actual data contained within the 10-Q to prior projections that may have been released by overly optimistic corporate management.

Form 8-K

Form 8-K is a short and simple form that a company must file when certain types of events occur, such as the ceasing of a commercial activity or the departure of company officers or directors. The list of events that trigger the filing of an 8-K has grown over the years, particularly as a result of SOX. The content of Form 8-K is limited to a few salient facts about the triggering event.