I am a member of Wilson Sonsini Goodrich & Rosati, P.C., in Palo Alto, California (www.wsgr.com). Wilson Sonsini represents more technology companies than any law firm in the world. I counsel public companies on disclosure obligations and defend them, and their directors and officers, in shareholder lawsuits. My bio is available at www.borisfeldman.com. I submit these comments personally, not on behalf of any clients or my firm.
The Commission's proposed regulations, like the Blue Ribbon Committee report that preceded them, address a real and growing problem: corrupt accounting at public companies. The pressure to "do something," however, should not lead to well-intentioned reforms that ultimately do more harm than good.
The Commission historically has sought to remedy a variety of corporate abuses through greater disclosure. I am skeptical that this approach will succeed in curtailing accounting fraud. While certain steps could enhance audit committee effectiveness (see Section 3, infra), requiring additional public commentary about the committee's efforts probably will not.
1. The Certification Requirement
The principal defect in the proposed regulations, in my opinion, is proposed Section 228.306(a)(3). This section would require the following disclosure in the annual proxy statement: "(a) The audit committee must state whether: . . . (4) Based on the review and discussions referred to in paragraphs (a)(1) through (a)(3) of this Item [with management and with the outside auditors], anything has come to the attention of the members of the audit committee that caused the audit committee to believe that the audited financial statements included in the company's Annual Report on Form 10-KSB (17 CFR 249.310b) for the year then ended contain an untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which they were made, not misleading."
The proposed regulation is an improvement over the Blue Ribbon Committee's proposal, which would have required audit committee members to state in the annual report on Form 10-K that they believe that the company's financial statements are fairly presented in conformity with GAAP in all material respects.
Many in the business community expected that proposal to cause directors to shun service on audit committees for fear of potential litigation exposure. While the Commission's proposal dilutes the certification requirement somewhat (changing it from a positive statement to a negative), I believe that the requirement nonetheless could create a crisis in staffing audit committees with capable outside directors. The certification would undermine much of the protection afforded by the Supreme Court's decision in Central Bank of Denver, N.A. v. First Interstate Bank of Denver, N.A., 511 U.S. 164 (1994), and Congress' tightening of the pleading requirements in the Private Securities Litigation Reform Act of 1995.
In recent years, the litigation risk posed by serving as an outside director of a public company has diminished substantially. Central Bank eliminated aiding and abetting liability. As a result, plaintiffs in a private shareholder class action may sue an outside director only for primary liability in issuing materially false or misleading statements. Because outside directors rarely make the statements that form the basis of a typical shareholder lawsuit, they have been named as defendants less frequently and dismissed more regularly.
Congress further enhanced the protection for outside directors in enacting the Reform Act. Class plaintiffs could no longer sweep in outside directors in a pleading dragnet. Instead, Congress required much greater particularity in pleading the role of each defendant in the alleged fraud.
The proposed certification requirement would undermine that progress. In every class action alleging financial fraud, the plaintiff would routinely name the members of the audit committee as defendants - based principally on their certification in the proxy. Plaintiffs would cite that certification as a basis for primary liability, thus attempting to surmount the Central Bank hurdle. Plaintiffs would also use the certification to attempt to supply the requisite particularity under the Reform Act.
Moreover, derivative plaintiffs would rely heavily on the certification in bringing the tag-along derivative suits that now routinely accompany class actions asserting accounting fraud. Derivative plaintiffs would point to that certification as the basis for applying the dictum in In re Caremark Int'l, Inc. Derivative Litig., 698 A.2d 959 (Del. Ch. 1996).
In my opinion, the enhanced exposure to litigation will lead many qualified outside directors to eschew service on the audit committee. The incremental risk, for many, just won't be worth it. Thus, at the same time that the Exchanges - implementing other Blue Ribbon Committee recommendations on independence, financial literacy, and accounting experience - narrow the pool of directors permitted to serve on audit committees, the certification requirement may repel those who do satisfy the qualifications from serving. Indeed, the most experienced, qualified outside directors (such as venture capitalists) are likely to be least willing to incur the additional risk. Ironically, the totality of these "reforms" could lead to a crisis in staffing corporate audit committees, thereby undermining the overall objective of strengthening the audit committee as a bulwark against accounting shenanigans.
2. The Safe Harbor
The Blue Ribbon Committee itself recognized these potential dangers. It proposed that the Commission create a safe harbor for the audit committee certifications. The Commission has responded to that recommendation with Section 228.306(c) of the proposed regulations: "The information required by paragraphs (a) and (b) of this Item shall not be deemed to be `soliciting material,' or to be `filed' with the Commission or subject to Regulation 14A or 14C (17 CFR 240.14a-1 et seq. or 240.14c-1 et seq.), other than as provided in this Item, or to the liabilities of section 18 of the Exchange Act (15 U.S.C. 78r), except to the extent that the company specifically requests that the information be treated as soliciting material or specifically incorporates it by reference into a document filed under the Securities Act or the Exchange Act."
In my view, this provision is less like a safe harbor and more like sirens on the rocks. The provision does not address at all exposure to private class actions or derivative suits - the primary risk that an audit committee member will face as a result of the certification. If the Commission is serious about protecting outside directors from meritless claims - and in avoiding a stampede toward the exits - then it might consider adopting the following safe harbor instead:
"The information required by paragraphs (a) and (b) of this Item may not be cited, or form the basis directly or indirectly for liability, in any private action by shareholders, whether individual, class, or derivative in nature."
This language would create a meaningful safe harbor. Yet it would not inhibit the Commission from pursuing an action where it concluded that the directors' certification was fraudulent. I believe that the risk of an SEC enforcement proceeding would not have a chilling effect on honest directors attempting to discharge their duties, whereas the risk of a meritless private action would.
3. Other Initiatives
The Commission might consider two other measures to enhance audit committee effectiveness. First, the Commission should require public companies to file, confidentially, the schedule of passed adjustments prepared by the outside auditors. This document details items as to which the auditors disagree with the company's accounting treatment, but which do not in the aggregate prevent the auditors from issuing a "clean" audit opinion. These schedules sometimes reflect overly aggressive accounting decisions made by management. If the members of the audit committee know that the company must file the schedule with the Commission, I believe that most directors would require management to conform the accounting for the items in question to what the outside auditors believe is correct, or would at least subject the disagreement to close scrutiny. The filing should be made exempt from subpoena and from FOIA requests. By permitting confidential filing, the requirement would avoid confusing the market with respect to accounting issues as to which the company, after full consideration in light of the possibility of Commission review, continued to believe that its treatment was proper.
Second, the Commission should promote education of audit committee members as to how best to discharge their duties. In my experience, a substantial component in the failure of many audit committees to detect fraud is lack of training, not lack of desire. SEC staff members, securities litigators, forensic accountants - they know what to look for. Outside directors often do not. It is not enough for the Commission to order directors to detect fraud: it should help them learn how. Given their expertise in the area, the staff could devise training materials that would form a checklist for audit committee members: Which employees should they interview? What should they ask? Which documents should they review? Which metrics should they examine? Although it may sound naïve to advocate "more education" instead of "more disclosure," it is my belief that this could go a long way toward enhancing the real-world effectiveness of audit committees.
Thank you for considering my views.