TALKING POINTS / REGULATION
Stung by a barrage of complaints that its businesses are over-regulated, the US is considering amending the more controversial sections of Sarbanes-Oxley.
Sarbanes-Oxley—or SOX—places a personal responsibility on CEOs and CFOs to certify their companies’ financial reports. It also instituted new criminal penalties for false statements by CEOs and CFOs and the destroying or altering of company financial records, sending a strong message to companies that regulators would not stand for a repeat of Enron and WorldCom.
While the majority of the requirements in SOX have been implemented without too much of a fuss, there is one part, Section 404, that has elicited howls of protest from the corporate world since the day it was unveiled. The most controversial element of Sarbanes-Oxley, it requires outside auditors to evaluate the procedures companies have in place to ensure accurate financial reporting.
Steve Bartlett, president and CEO of the Financial Services Roundtable (FSR), which comprises representatives from 100 of the largest financial services companies in the United States, summed up the general disdain for the rule, stating, “Section 404 compliance costs remain high, and its certification requirements are diverting management time and talent from running the company.” The FSR has called for the revision of Section 404 and for the SEC to conduct a more comprehensive study of the costs associated with Section 404 compliance. In a November speech, US Treasury secretary Henry Paulson added further salt to the wound, drawing links between SOX and what he depicted as the declining fortunes of US capital markets, which he said “face significant challenges.”
Paulson is not alone in suggesting SOX is hurting US businesses. On November 30 the Committee on Capital Markets Regulation, an independent, bipartisan committee comprising 22 representatives from the investor, business, finance, law, accounting and academic communities, published 32 recommendations designed to boost the US’s international competitiveness in attracting equity capital. Although some natural erosion of the US’s “historically immense” market share of global equity listings was natural, the committee argued, it did not explain why only 5% of the value of global IPOs was raised in the US in 2005, compared to 50% in 2000.
The committee’s director, Hal Scott, has complained that the cost of auditing internal controls was unnecessarily high. According to some estimates, companies paid on average $4.36 million to comply with SOX in 2004. As a result, the committee recommended the SEC adopt a “more reasonable materiality” standard for internal controls and financial statements and called for the SEC and the Public Company Accounting Oversight Board (PCAOB) to adopt “more enhanced guidelines” for auditors’ roles and duties in testing for compliance with Section 404.
Battle Lines Are Drawn
The committee’s recommendations were no doubt music to the ears of companies that have borne the brunt of Section 404. The Securities Industry and Financial Markets Association (SIFMA) lauded its recommendations as “a constructive contribution.” Others, though, believe that any change to the controversial Sarbanes-Oxley legislation could render it ineffective. Former SEC commissioner Harvey Goldschmid was reported as saying that the group’s recommendations would diminish the authority of federal and state regulators to ensure companies acted in the best interests of shareholders and could result in a world where “almost anything goes.” He is certainly not alone. Former New York State attorney general and the state’s current governor-elect, Eliot Spitzer, has also spoken out against rolling back regulations, describing such moves as “counterproductive.”
Rowden: Section 404 can be more efficient for a standardized company
The PCAOB is revising its standards to ensure auditors focus on areas that pose a higher risk of fraud or material error, as well as clarifying the role auditors should play in assessing the effectiveness of firms’ internal controls. Jon Rowden, a SOX specialist at PricewaterhouseCoopers in the United Kingdom, says the SEC’s revision of Section 404 was the culmination of two roundtables the SEC held, one in May 2006 and one in 2005, seeking information from firms on their experiences with internal control reporting and auditing provisions under SOX.
John Forster, assistant treasurer at consultant BearingPoint, sums up the views of many in business: “I think the intention of SOX is good, but parts of it have been overdone,” he says. Forster says that the regulators should allow companies more time to put the necessary controls and procedures in place.
Rowden says that there will be an opportunity for companies to comment on the SEC’s proposed revisions to Section 404 before it is finalized. “All the focus is on Section 404, but almost everything else within SOX hasn’t really caused any implementation difficulties,” he asserts. “It is a question of how to maintain the benefits of Section 404 but reduce the costs associated with it.” Rowden says the cost of complying with Section 404 varies from company to company based on the degree to which a company operates a standard set of controls and procedures. “If a company is very standardized, Section 404 can be far more efficient than for companies that are less standardized.”
Forster of BearingPoint knows only too well the costs and long hours spent on SOX compliance. BearingPoint is in the process of integrating SOX workflows into software that it uses to run its business, but a project of this scale takes time to implement. “At the moment we’re spending the majority of our time on SOX compliance and audit issues,” he says. “We’ve got to capture all the processes and approvals needed for SOX and scan in all the documents required for each process. Some of the deadlines to get stuff in place are aggressive.”
Despite the complaints, Trevor Walker, a vice president at financial software provider Cartesis, says SOX has forced a number of companies to replace inefficient manual processes with automated solutions that consolidate financial reporting in one place with full audit trails and controls. “The more companies can do systematically, the less they will need to pay in terms of employing someone else to do it, so there are efficiencies and cost savings,” he says.
Yet while automation and enhanced workflow management can help offset some of the costs associated with SOX, many are still concerned about the impact of increased regulation in general on the competitiveness of US capital markets. Rowden comments: “The whole question of what it means to be in the US marketplace—that’s a broader question than just Section 404. It is something that is at the forefront of people’s minds as they think how they wish to raise capital.”
Collier: US regulators are ahead of Europeans on cost- benefit analysis
Garten strongly contests the view that the US’s capital markets are not globally competitive as a result of regulation. “If competitiveness were flagging, we would see diminished dynamism of US markets,” he asserts. “However, the Chicago Mercantile Exchange is merging with the Chicago Board of Trade to form an exchange twice the size of the NYSE. The separate self-regulatory bodies of the NYSE and Nasdaq are joining forces. Last month was the best in six years for US IPOs and mergers. The US financial scene is hardly a picture of complacency,” he says.
It is not just US businesses that are weighed down with the heavy hand of regulation. In Europe, for example, the European Commission’s Financial Services Action Plan, which aims to create a single market in financial services, has given rise to regulations such as the Markets in Financial Instruments Directive, which gives European firms a passport to sell investment services at a pan-European level. MiFID will force national stock exchanges to compete with one another for pan-European business and could even force some investment firms out of business, as the cost of compliance may be too high.
In what appears to be symptomatic of a wider industry backlash against over-regulation, the International Council of Securities Associations (ICSA) drafted 10 “principles for better regulation.” The guiding theme behind the principles is that before resorting to regulatory measures, the market should first establish whether there has been a significant market failure that is not “appropriately addressed by existing regulations and their enforcement and which is unlikely to be mitigated over a reasonable period of time by market forces.” The International Capital Market Association (ICMA) hopes ICSA’s principles will result in better regulation at the European level. “There should be scope for the industry to self-regulate or be consistent with the ICSA principles,” says Richard Britton, a consultant on international regulatory matters at the ICMA.
ICMA would like to see other European regulatory bodies adopt the UK Financial Service Authority’s (FSA) principles-based approach to regulation. As part of the regulatory due diligence process, both the SEC and the FSA are required to conduct cost/benefit analyses of impending regulations before they are implemented. “The SEC is way ahead of Europe in that sense,” says Nick Collier, ICMA’s head of regulatory policy, pointing out that most European countries do not have a statutory obligation to quantify the cost/benefit impact of regulation. “Attempting to quantify the costs and benefits forces policymakers to think about what they are doing in a structured and disciplined way,” says Britton.