Article: The Sarbanes-Oxley Act: Possible impacts on privately held companies

The Sarbanes-Oxley Act of 2002 was in many respects a response to high-profile corporate scandals, but the Act contains corporate governance and accounting regulation concepts that had been proposed even before these scandals became public. Although in most respects, the Act is directly applicable only to publicly held companies, many Sarbanes-Oxley concepts may eventually be brought to bear on privately held companies through state regulation, changes in delivery of accounting and auditing services, adaptation of bank lending covenants, insurance requirements, and court decisions in state law fiduciary duty litigation.

Sarbanes-Oxley became law in 2002.¹ Some provisions apply to all companies that have reporting obligations under the federal securities laws and some only to companies with securities admitted to trading on national exchanges or Nasdaq.² The Act seeks to improve investor confidence by tightening government regulation of the accounting, reporting, and corporate governance practices of public companies. Many of the Act’s provisions require the SEC to adopt implementing rules, and many rules have been adopted since the Act became law.

The Act is significant not only because of its scope, but also because of the material shift it signifies in the balance of federal and state regulation of corporations. Historically, substantive regulation of corporate procedure and governance has been primarily the province of state regulation, while the federal securities laws have regulated disclosure.³ Sarbanes-Oxley demonstrates Congress’ intent to move into the field of corporate governance regulation, at least for certain corporations.

Most provisions of the Sarbanes-Oxley Act apply only to publicly held reporting companies. However, some of its terms reach beyond publicly held companies. Further, the requirements of the Act and related rules may develop into normative standards for corporate ‘‘best practices’’ and/or requirements imposed on privately held companies by lenders, insurers, contracting parties subject to the Act, and others. The impact on privately held companies is likely to be uneven, with larger privately held companies more extensively affected than small, closely held entities. Some of the means by which Sarbanes-Oxley provisions might be applied to privately held companies, and substantive areas in which those rules may be applied, are discussed below.

Through what authority or means might Sarbanes-Oxley concepts be applied to privately held companies? Among the possibilities are the following:

Certain provisions of Sarbanes-Oxley are directly applicable to privately held companies. Among these are Section 1107 providing criminal penalties for retaliation related to an employee’s whistleblowing activities; Section 802, which makes it a criminal violation to alter, destroy, mutilate, conceal, or make a false entry in a record, document, or tangible object with the intent to impede, obstruct, or influence any investigation or bankruptcy matter; and Section 904, which increases the potential criminal monetary penalties and the potential prison sentences for ERISA violations. In late 2002, the Internal Revenue Service asked for comments on the possibility of amending IRS Form 990 to require tax-exempt organizations to make certain corporate governance disclosures, although no proposed regulations have yet been promulgated.⁴

Section 209 of the Sarbanes-Oxley Act asks appropriate state regulatory authorities, in their regulation of non-registered public accounting firms, to make an independent determination of the proper standards applicable, particularly taking into consideration the size and nature of the business of the accounting firms they supervise and the size and nature of the business of the clients of those firms.

Numerous states have begun to implement or consider state-level regulation of corporations and the accounting industry based on Sarbanes-Oxley precedents, with mixed results.⁵ These regulations or proposals address issues such as consulting services provided by accountants to their audit clients, falsifying financial statements, prohibiting ‘‘revolving door’’ employment between accountants and their audit clients, and requiring certification of financial statements or reports filed with the state. Other areas where Sarbanes-style regulations could be imposed by state regulation include banking regulations requiring lenders to impose certain standards on borrowers and employment laws instituting whistleblowing provisions and penalties.

Companies that anticipate going public in the future or that may be acquired by publicly held companies must concern themselves with Sarbanes-Oxley compliance. The Act applies to companies that have filed registration statements under the Securities Act of 1933 even before those registration statements become effective. In addition, privately held companies that do not meet certain Sarbanes-Oxley standards become less attractive targets for acquisition by publicly held companies. For instance, they may not have the disclosure controls and procedures or the internal controls needed to facilitate post-closing certification of financial statements or auditor attestation of those systems.

Privately held companies doing business with public companies subject to the Act or with governmental entities may have certain Sarbanes-based provisions imposed as a matter of contract. Governmental entities may insist on provisions regarding independence of directors and auditors, financial ethics, procedures for handling complaints, and financial reporting controls. Governments could prohibit state pension or retirement funds, or state incubator or venture funds, from investing in companies that do not meet certain Sarbanes-style requirements.⁶ Publicly held companies subject to Sarbanes-Oxley may require some of these controls in key contract relationships with private companies. Private venture capital firms may insist on imposing Sarbanes-type requirements on companies in which they invest. These might include, among other things, inclusion of independent directors, audit committee functions, accountant independence issues, executive compensation restrictions, and codes of ethics.

Even if not required by state banking regulators, financial institutions may begin to revise loan agreement covenants to require compliance with corporate governance standards modeled on Sarbanes-Oxley provisions. It has long been common in commercial loan agreements to have covenants that, for instance, prohibit related party transactions, restrict increases in executive compensation, or require certification of financial statements. Strengthening and expanding these covenants on the basis of Sarbanes-Oxley may give lenders greater tools to monitor covenant compliance and detect problems.

Insurers may require Sarbanes-type initiatives as conditions to coverage. This could involve various types of insurance. Bonding and surety companies, for example, may require accounting and disclosure control procedures and financial statement certifications. Insurers for public bond issues may also impose more stringent accounting and financial control measures.

Directors’ and officers’ liability insurers may impose requirements patterned on Sarbanes provisions regarding director independence, related party transaction approval, committee structure, ethics codes, procedures for handling complaints, and whistleblowing. Recent corporate governance scandals and the increased demands of Sarbanes-Oxley have caused significant increases in do premiums as well as more tightly drawn exclusions. Privately held companies maintaining such insurance will feel these effects.

Labor unions have been some of the strongest critics of corporate governance shortcomings exposed by recent scandals, charging that they enriched management at the expense of the rank and file workforce. Private companies with collective bargaining units may find that corporate governance standards become part of the bargaining process as contracts are renewed. Among areas likely to be addressed are conflicts of interest and related party transactions, executive compensation and performance related pay, codes of ethics, improved financial reporting systems, controls and procedures for handling complaints, and protections for whistleblowers.

Accounting Profession Regulation

Aside from state-imposed regulations, most accounting professional organizations are also considering self-imposed rules that incorporate Sarbanes-Oxley concepts, particularly as they relate to auditor independence. In addition, Sarbanes-Oxley will continue to spur accounting firms to consider reorganizing their business models to separate traditional consulting activities from auditing functions to comply with the auditor independence rules. These changes may result in privately held companies being unable to obtain certain services from their historical auditors even when not prohibited. Voluntarily adopted standards on rotation of auditing partners, prevention of employment with audit clients and the like may affect private companies as well as public companies.

Sarbanes-Oxley imposes obligations on attorneys to report evidence of violations of federal securities laws and breaches of fiduciary duty to the corporation’s chief legal officer and, if the response is inadequate, ‘‘up the ladder’’ in the corporate hierarchy. Still pending are proposed provisions that would require attorneys to engage in so-called ‘‘noisy withdrawals’’ if clients failed to take sufficient action regarding a reported violation. State bar associations are studying these rules and considering whether to adopt similar rules for attorneys as part of their professional codes of ethics, although some state bar associations have challenged the SEC’s authority to regulate attorney conduct in this manner.⁷ Attorneys and their privately held clients should expect that some of these concepts will filter into professional responsibility rules.

The nonprofit sector has suffered accounting and financial statement scandals of its own, and both the IRS and the New York attorney general have focused specifically on nonprofit organizations as needing improved financial oversight and corporate governance procedures.⁸ Given the historical governmental roles in overseeing nonprofit organizations,⁹ this scrutiny will likely continue and spread. Nonprofits engaged in tax-exempt bond financing may also find Sarbanes-type governance and accounting provisions imposed on them by auditors, underwriters, insurers, and credit enhancers as a condition to the financing.

While Sarbanes-Oxley imposes much more comprehensive substantive federal regulation of corporate governance matters than had previously existed, standards of fiduciary duty discharge and breach of duty continue to be governed by state corporate law. Although Sarbanes-Oxley does not create private rights of action, the standards and requirements it imposes may become models for shaping of fiduciary law principles under state laws. As case law develops, the practices required under Sarbanes may be held up as normative standards even for companies not directly subject to the Act, and failure to observe those standards may be cited by plaintiffs as evidence of breach of duty. Directors of private companies that adopt these standards but fail to observe them may also find such failures cited as breaches of duty.

Possible Sarbanes principles that may be cited as establishing fiduciary standards include those that:

The Act contains two separate whistleblower-related provisions. Section 1107 provides criminal penalties for retaliation against any person who provides to a law enforcement officer any truthful information relating to the commission or possible commission of any federal offense. It is not limited to public companies, nor is it limited to violations related to the Act, financial or accounting issues, or even to matters related to the federal securities laws. These provisions apply to all privately held companies and should be communicated to human resources managers or others who supervise employees.

Section 806 of Sarbanes-Oxley protects employees of publicly traded companies who lawfully disclose information about fraudulent activities within their company. This could become a model for parallel state regulation, especially since many states, including Michigan,¹⁰ already have whistleblower protection statutes.

Most commercial loan agreements require some sort of compliance certification from borrowers on a periodic basis relating to financial statements and compliance with financial covenants. Insurance policies for various types of insurance also require submission of certified financial statements as part of the applications process. Lenders, insurers, and others may attempt to apply more stringent certification standards, such as those imposed by Sections 302 and 906 of Sarbanes-Oxley, to privately held companies. Many privately held companies lack the control procedures to be able to make these certifications.

Financing agreements often contain specific limitations or prohibitions on related-party transactions and on contingent liabilities such as guaranties or surety relationships. To further the goal of transparency in financial disclosures, private parties such as lenders and insurers may decide to require disclosure of all such transactions along the lines of Section 401 of Sarbanes-Oxley. This is also an area where regulation of nonprofits may require additional disclosure and where organized labor may bargain for disclosure due to concerns over the effect of such unrecorded contingent liabilities on the financial strength of employers.

Sarbanes-Oxley emphasizes the importance of independence in the auditing process. The Act imposes specific prohibitions and requirements on auditors of public companies, including forbidding them from providing certain non-audit services to those clients and requiring them to report on certain matters to audit committees.

Self-regulatory organizations within the accounting profession are likely to try to pre-empt additional regulation of the profession from the outside by imposing rules of their own applicable to private and public companies. New rules may restrict or regulate the scope of services that accountants can provide to audit clients, the relationship that auditors maintain with client management and independent directors, retention periods for audit workpapers and related documents, required disclosures that must be made to clients, strengthened review and reporting on control systems, and mandatory rotation of audit review partners. These self-imposed rules may limit interactions that private companies have with their auditors.

The Sarbanes-Oxley Act, the new rules of the NYSE and Nasdaq, and other rule-making initiatives and private studies and reports have focused on the importance of director independence in corporate governance matters. These include requirements or recommendations that members of the Audit, Compensation, and Nominating Committees be independent; that the full board consist of at least a majority of independent directors; that the position of board chair be separated from the chief executive position, and that the chair be independent; that the independent directors meet periodically in executive session without the inside directors; and that boards appoint a ‘‘lead independent director.’’

The dynamics of boards of privately held companies differ from those of publicly held companies. Boards of privately held companies normally are not expected to have the same extensive committee structure as public boards, and the availability of truly independent directors willing to serve on private company boards is considerably less than for public companies.

Nevertheless, lenders, insurers, government contracting entities, venture capital investors, and auditors may all insist on some modicum of independence on private boards. Areas of particular scrutiny are likely to be approval of related party transactions, management of the audit relationship and certification of financial statements, approval of executive compensation, and establishment of complaint procedures. For larger privately held companies, establishment of committee structures to govern key functions such as audit and executive compensation may also be required.

Section 802 of Sarbanes-Oxley creates criminal penalties for altering or destroying documents in an attempt to impede or influence a federal investigation or bankruptcy proceeding. These restrictions apply to all persons whether or not affiliated with a publicly held company. Parallel state legislation has been introduced in some states.¹¹ In response to these developments, all companies, including those that are privately held, should implement policies dealing with document retention and responses to investigations or litigation.

Sarbanes-Oxley provisions linking executive compensation to company performance could find their way into private company regulation through state laws, loan covenants, public contract provisions, and insurance requirements or exclusions. Among these could be prohibitions on loans to insiders, requirements to adopt ethics policies for financial executives, and requiring forfeiture of incentive compensation in the event that financial statement misstatements or omissions are discovered.

The Supreme Court in 1991 created a uniform limitations period for securities law fraud actions under Section 10(b) and Rule 10b-5 of the Securities Exchange Act of 1934. It required actions to be brought within one year after discovery of the claim and in any event no later than three years after the acts forming the basis of the claim.¹² Section 804 of Sarbanes-Oxley creates an express limitations period for private actions that expands the period to two years after discovery and five years after the fraud.

This period will affect privately held as well as publicly held companies. Section 10(b) and Rule 10b-5 apply to private offerings of securities by privately held companies, repurchases by such companies of their own securities from existing holders, transactions by private companies in the securities of other companies, or any other transaction involving the purchase or sale of a security.

The full impact and ramifications of the Sarbanes-Oxley Act, even on the publicly held companies directly regulated by it, has yet to be determined. It is clear, however, that the Act has imposed significant additional obligations and costs on those companies. The direct and indirect effect that the Act and its principles will have on privately held companies may be felt slowly and unevenly. Privately held companies should nevertheless anticipate that Sarbanes-Oxley will influence the legal and commercial environment in which they operate in the coming years.

2. The New York Stock Exchange and the Nasdaq Stock Market have adopted extensive new rules that apply many Sarbanes-Oxley corporate governance principles and in some instances go beyond those requirements. See http://www.sec.gov/rules/sro/34-48745.htm. The American Stock Exchange had proposed similar rule revisions. See
http://www.amex.com/atamex/news/enh_corp_governance2.pdf.

3. Indeed, some previous attempts by the SEC to impose substantive regulation through rulemaking have been struck down by courts as exceeding the Commission’s statutory authority See The Business Roundtable v SEC, 905 F2d 406 (DC Cir 1990).

7. See, for instance, the letter of the Corporations Committee of the Business Law Section of the State Bar of California to SEC General Counsel Giovanni Prezioso dated August 13, 2003. A copy can be found at http://dwalliance.com/sbar/SEC.PDF.

9. For instance, the Michigan attorney general may require that the dissolution of a nonprofit corporation organized for charitable purposes, and the disposition of the corporation’s assets, be accomplished by a proceeding in circuit court. See MCL 450.251.