Federal Reserve Bank of Atlanta

Patrick K. barron
First vice president

1000 Peachtree Street, NE
Atlanta, GA 30309-4470
404-498-8503
fax 404-498-8073
patrick.k.barron@atl.frb.org

November 27, 2002

Jonathan G. Katz, Secretary,
U.S. Securities and Exchange Commission,
450 Fifth Street, NW.,
Washington, DC 20549-0609.

RE: S7-40-02

Dear Mr. Katz:

The Securities and Exchange Commission (SEC) has requested comments on proposed rules to implement Sections 404, 406, and 407 of the Sarbanes-Oxley Act of 2002. These sections relate to the definitions and disclosure of audit committee financial expertise, corporate codes of ethics, and internal controls. The Federal Reserve Bank of Atlanta (the Bank) offers suggestions related to each of these areas. The attached document is the Federal Reserve Bank of Atlanta's response to the SEC request for comment on the S7-40-02.

The Bank commends the SEC's efforts to renew investor confidence in corporate reporting and financial markets. We hope these comments will be helpful to the SEC in its efforts.

Sincerely,

(via e-mail)

Patrick K. Barron

Enclosure

The following comments are in response to the SEC's request for comments on proposed rules to implement provisions of the Sarbanes-Oxley Act pertaining to:

  • Section 407 (1) requiring a company to disclose whether its audit committee includes at least one member who is a financial expert; and (2) defining the term "financial expert";

  • Section 406 requiring a company to disclose whether it has adopted a code of ethics for the company's senior financial officers, and if not, the reasons, therefore, as well as any changes to, or waiver of any provision of, that code of ethics; and

  • Section 404 requiring a company's management to present an internal control report in the company's annual report containing: (1) a statement of responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and (2) an assessment, as of the end of the company's most recent fiscal year, of the effectiveness of the company's internal control structure and procedures for financial reporting along with audit company attestation of the assessment.

Proposed Disclosure About Financial Experts Serving on a Company's Audit Committee

Request for Comment on Proposed Disclosure Requirements

  • Would investors benefit from disclosure of the number of the financial experts serving on the company's audit committee? Or would it suffice to require disclosure only of whether at least one financial expert serves on the audit committee?

      We believe investors would benefit from knowing the number of financial experts serving on the audit committee, just as they benefit currently from knowing committee composition.

  • Do investors need to know the names of the financial experts on the audit committee? Would disclosure of the names discourage people from serving as financial experts on an audit committee?

      Any proposal to disclose the names of financial experts on the audit committee must be carefully balanced against the potential adverse effects of disclosure. Although knowing which audit committee member is the financial expert could help investors evaluate the committee's skills, disclosing names is likely to deter qualified persons from accepting the designation or serving on audit committees. In addition, disclosure of names is likely to expose the designated experts to additional liability, as listing certain audit committee members as experts invites pursuing those members by name in lawsuits. On the balance, we believe disclosing the names and qualifications of committee members, as is the current practice, is adequate, without identifying the financial expert.

  • Should the Commission specifically address the issue of the degree of individual responsibility, obligation or liability under state or federal law of a person designated as a financial expert as a result of the designation? If the Commission should address this issue, how should it do so?

      Without protection from additional fiduciary and legal responsibilities and obligations, boards may find it difficult to recruit and retain financial experts to the audit committee. Uncertainty about the degree of individual responsibility, obligation, or liability will exacerbate this problem. The Commission should clearly disclose the extent to which the designated financial expert is exposed to additional responsibility, obligation, or liability. We believe the standard for the financial expert should be no higher than that set by the fiduciary duty of a board member to the shareholders.

  • Should we use a term other than ``financial expert''? For example, would the term ``audit committee financial expert'' be a more appropriate title?

      If the SEC adopts the proposed definition for financial expert, the term "accountant" should be used since that is what the Commission has defined a financial expert to be. If the SEC adopts a definition that includes a wider variety of professions or backgrounds, the term "financial expert" would be appropriate.

  • Is there other relevant information about the financial expert or experts that a company should have to disclose? For example, should we expand the disclosure required under Item 401(e) of Regulations S-K and S-B, as it relates to directors that the company has determined to be financial experts? If so, how?

      We believe the proposed disclosures are adequate, with the following exceptions:

      • The disclosures should include whether the financial expert is independent of corporate management.

      • If the person who is serving as financial expert stops serving as a financial expert or is replaced by another person, the company should disclose the change.

  • Should we require disclosure of whether the financial experts are independent, as proposed? If so, should we define ``independent'' in the same manner as the term is used in section 10A(m)(3) of the Exchange Act?

      Yes. Whether or not the financial expert is independent will help investors determine how much reliance to place on the expert.

  • Should we incorporate an independence requirement into the definition of ``financial expert'' so that any designated financial expert must be independent to qualify under the definition?

      Yes. We believe the entire audit committee should be independent, including the financial expert. Research has shown that companies with independent audit committees are less likely to restate earnings due to financial fraud. Furthermore, the post-FDICIA experience of the banking industry with independent audit committees has been positive.

Request for Comment on Proposed Definition of "Financial Expert"

  • Should we modify the proposed definition of ``financial expert'' in any way? If so, how?

      The proposed definition is of an accountant, not a financial expert. As apparent from Enron, a distinguished accountant as audit committee chair is not adequate to ensure the committee performs its functions.

      While we do not deny that an accountant could bring financial expertise to the audit committee, we do not believe accounting experience is a necessary qualification for either having financial expertise or providing strong oversight as a member of the audit committee. We further believe that if experience in preparing or auditing financial statements is necessary, it is not necessary for it to have been obtained at a publicly reporting company.

      In our opinion, the exchange self-regulatory organizations (SROs) and the Federal Deposit Insurance Corporation Improvement Act ("FDICIA") have created useful and workable definitions of financial expertise that should be acceptable for the purposes of Sarbanes-Oxley. For example, FDICIA regulations, found at 12 CFR 363, provide that financial management expertise requires significant executive, professional, educational, or regulatory experience in financial, auditing, accounting, or banking matters as determined by the board of directors. Significant experience as an officer or member of the board of directors or audit committee of a financial services company would satisfy these criteria. Similarly, the SRO's rules provide that a person who is or has been a chief executive officer, chief financial officer or other senior corporate officer with financial oversight responsibilities satisfies this criterion.

      Drawing on these reasonable requirements, we recommend that "financial expertise" be defined as significant executive, professional, educational, or regulatory experience in financial, auditing, accounting, or banking matters, such as would be expected of (1) a chief executive officer, chief financial officer, or other senior corporate officer or corporate director with financial oversight responsibilities, or (2) an experienced member of an audit committee.

  • Should we require a financial expert to have direct experience preparing or auditing financial statements of reporting companies? Should experience reviewing or analyzing such financial statements suffice? If so, why?

      The job of the audit committee is not to audit the company, or to prepare the company's financial statements. The role of the audit committee is oversight. It is not clear, therefore, that experience in preparing or auditing financial statements of reporting companies is a necessary requirement for audit committee success. For these reasons, we believe that a person's experience reviewing or analyzing financial statements is sufficient. As noted above, we believe the proposed definition of financial expert places excessive reliance on accounting skills, and not enough reliance on independence, engagement or involvement in their duties, and integrity.

  • Should a financial expert have to possess all of the ``attributes'' listed in the proposed definition? Should we broaden the scope of individuals who may qualify as such an expert?

      Any, not all, of the attributes are necessary for financial expertise. We believe that only three of the five attributes are necessary to perform audit committee duties:

      • An understanding of generally accepted accounting principles and financial statements;

      • Experience with internal controls and procedures for financial reporting; and

      • An understanding of audit committee functions.

      Limiting the requirements in this fashion will permit more qualified board members to serve as financial experts. This would ease registrants' search for experts and bring more diversity of experience to the audit committee.

  • Do the five attributes adequately describe the qualities that a financial expert should have? Should we add any attributes?

      Again, we believe the attributes should require independence and promote active participation and director engagement.

Request for Comment on Determination by the Board of Who Is a "Financial Expert"

  • Will investors find this information useful? Is there more useful information on how financial experts are determined?

      As discussed above, there are privacy, recruitment, retention, and liability issues related to the disclosure of the names of the financial experts by the board. We believe the Commission must carefully balance these issues with investors' desire for more information about board and audit committee expertise. We encourage the Commission to clearly disclose the extent to which the designated financial expert is exposed to additional responsibility, obligation, or liability. If, as we suggest, the responsibilities for the financial expert should be no higher than the fiduciary duty of a board member to the shareholders, then we have no objection to the disclosure of the names of the financial experts on the audit committee. Otherwise, we suggest disclosing the number of financial experts and a listing of audit committee members.

  • Should our rules require the company to disclose the persons who are responsible for making the financial expert determination on behalf of the company? Is the board of directors the appropriate body to make such determination?

      We believe the entire board (or the independent directors) is the appropriate body to make such a determination. The entire board bears the fiduciary responsibility to investors, and so is ultimately responsible for the selection of a financial expert. Alternately, limiting the designation to the independent members of the board would increase perceived independence of the designation process from corporate management.

Request for Comment on a Bright-Line Test

  • Should we create a bright-line test for the definition of ``financial expert'? If so, what should the test be?

      No, a bright-line test would limit the ability of corporate boards to assess their particular needs for expertise and the ability of audit committee members to supply those needs.

Request for Comment on the Proposed Location of the Disclosure

  • Should we also require the proposed financial expert disclosure to appear in the company's proxy or information statement? Is this information relevant to a security holder's decision to vote for a particular director or to elect, approve or ratify the choice of an independent public accountant?

      We believe the financial expert disclosures should appear in the proxy statement. The depth and breadth of expertise available to the company is relevant to a security holder's decision to vote for a director and to elect, approve, or ratify the choice of independent public accountant.

  • Should we require the company to also disclose this information in its quarterly reports?

      No. We believe the annual reports and proxy statements provide frequent enough disclosure to meet investor needs.

  • Should we also require such disclosure in registration statements filed under the Securities Act?

      Yes. We believe the presence or absence of a financial expert on the audit committee may be relevant to a potential investor's decision to purchase a security.

  • Should the company have to disclose specifically the arrival or departure of a financial expert promptly after the occurrence of the event? If so, should we modify our Form 8-K proposed item regarding the arrival and departure of a director to also require a company to disclose whether the departing director was, or arriving director will be, a financial expert serving on the company's audit committee? Should a company make appropriate disclosures if: a financial expert leaves the audit committee, but remains on the board of directors; or an existing director joins the audit committee as a financial expert? Should a company only have to file a Form 8- K if it previously disclosed in its annual report that it had a financial expert and now has none?

      Companies should use form 8-K to report promptly any decline in the number of financial experts serving on the audit committee, since the number of experts serving on the audit committee could influence an investor's decision to buy, sell, or hold a security.

  • A company currently may not have an audit committee member who qualifies as a financial expert under the proposed definition but may intend to seek one. In such a case, the proposed rules would require a company to disclose that it does not have a financial expert on its audit committee. However, the company could explain that it is searching for a qualified individual to serve on its audit committee. Should we provide companies with a transition period to find such person? If so, what would be an appropriate transition period?

      Since the Sarbanes-Oxley Act only requires disclosing whether a company has a financial expert on the audit committee, not actually having such an expert, we do not believe a transition period is necessary.

Request for Comment on Financial Experts of Registered Investment Companies

  • Should the definition of ``financial expert'' be modified for investment companies? Are the factors that are relevant in determining whether someone is a ``financial expert'' different for investment companies?

      For an investment company, it may be more useful if the designated financial expert has investment or investment management expertise.

  • What definition of ``independence'' should the disclosure requirements apply with respect to financial experts?

      The proposed definition of independence is adequate to ensure independence from corporate management.

Proposed Codes of Ethics Disclosure

Request for Comment on Description of the Proposed Code of Ethics Disclosure Requirements

  • Should the rules address whether a company has a code of ethics that applies to its principal executive officer, as proposed, or should the rules track the language of section 406 of the Sarbanes-Oxley Act and require a company only to disclose whether it has a code of ethics that applies to its senior financial officers?

      We believe it is a best practice for companies to have a code of ethics that applies to all executive officers. However, the Act covers only senior financial officers. The Commission must decide whether to interpret the Act strictly, or to broaden its coverage to provide greater investor protection.

  • Should we expand the definition of ``code of ethics,'' as proposed, or should the definition adhere to the language in section 406(c) of the Sarbanes-Oxley Act? Are there other ethical principles that should be included in the definition?

      The language of the Act is adequate.

  • Should the rules cover a broader group of officers? If so, which group of officers should they cover? Should the general counsel be covered? Should all executive officers be covered?

      We believe it is a best practice for companies to have a code of ethics that applies to all executive officers and the general counsel. Further, we encourage companies to have codes of ethics or conduct that apply to all employees.

  • Should the proposed rules require a company to disclose whether it has a code of ethics that applies to its directors? Do most companies have a code of ethics that applies to the board of directors? Does the same code of ethics generally apply to the company's executive officers and its directors?

      Since the duties and obligations of directors and officers are different, separate codes of ethics would be appropriate if directors' codes of ethics are to be required or disclosed. A director's code of ethics should emphasize their fiduciary duties to the shareholders.

  • Should we require the company to disclose the date of adoption of its code of ethics and the date of the most recent update or the company's frequency of review of the code?

      Yes. How long a code of ethics has been in place and how frequently a company reviews its code may indicate the extent to which past activities have been ethical and the seriousness with which a company views its ethics code. We believe this knowledge would help investors assess potential risks from past and present activities.

  • Should the company have to file the code of ethics as an exhibit to its annual report as proposed? If not, should we also require the company to describe the principal topics that the code addresses?

      Yes, the code of ethics should be included as an exhibit to the annual report, along with the date of adoption and most recent update. As mentioned above, knowing the content of the ethics code, the length of time it has been in place, and the frequency with which it is updated may help investors assess the potential risks of unethical corporate activity.

  • Should we require disclosure regarding the existence of a code of ethics in our other reports and registration statements, including our Securities Act and Exchange Act registration statements?

      Registration statements and proxy statements also would be appropriate places for disclosure.

Request for Comment on Companies Subject to the Proposed Code of Ethics Disclosure Requirements and Location of the Disclosure

  • Should we require a company to also provide the proposed code of ethics disclosure in its quarterly reports? Should such disclosure be made in a company's proxy and information statements? Should it be disclosed in Securities Act registration statements?

      Annual disclosure should be adequate. The annual report, registration statements, or proxy statements would be appropriate places for disclosure, although it should not be necessary to disclose the code of ethics in all three locations.

  • Should the requirement apply to foreign private issuers, as proposed? If not, why?

      The disclosures should apply to all registered companies.

Request for Comment on Proposed Form 8-K or Internet Disclosure Regarding Changes to, or Waivers From, the Code of Ethics

  • Is a ``waiver'' a sufficiently distinct and formal event that the obligation to disclose will not present any difficulties of interpretation? Should we modify the requirement to ensure that ``de facto, post hoc'' waivers of codes' granted or acceded to after the occurrence of the ``violation'' are reported?

      Yes. Disclosure is meaningless if all waivers are not included.

  • Should companies that use the Internet for these disclosures also be required to have technology that allows investors to be notified by e-mail when new information is posted to the website?

      Yes. Allowing website posting without investor notification minimizes the effectiveness of requiring disclosure.

  • Should we require the filing of a Form 8-K regardless of whether a company provides the proposed disclosure on its website? Do investors need access to this information for longer than 12 months? How can we permit Internet disclosure and maintain a lasting public record of the information?

      Filing Form 8-K should be required to allow investors to access information about multiple companies in a consistent manner and to maintain lasting public record.

  • Should we specify where and how this disclosure should appear on a company's website if the company opts for the website method of dissemination?

      Consistent location of the disclosures would make it easier to locate them.

  • Should we require a company choosing to disclose information about ethics code changes or waivers through its Internet website to provide advance notice in the company's annual report of its intent to satisfy the disclosure requirements in this manner, as proposed?

      Yes, although Forms 8-K should still be required regardless.

  • Should we require all Exchange Act reporting companies to disclose their website addresses? If so, should we specify the location of this disclosure? For example, should it have to appear on the front cover of all periodic and current reports, along with the company's street address? Should a company have to disclose its website address in, or on the front cover of, all of its Exchange reports? Proxy and information statements? Exchange Act registration statements? Securities Act registration statements?

      Any company using their website to disclose required filings should be required to disclose their web addresses along with their street addresses.

Request for Comment on Proposed Form 8-K or Internet Disclosure Regarding Changes to, or Waivers From, the Code of Ethics by Foreign Private Issuers

  • Should we require foreign private issuers to file disclosure about ethics code changes and waivers within two days under cover of Form 6-K? Should we otherwise require a foreign private issuer to promptly disclose ethics code changes and waivers?

      To prevent competitive advantages and promote investor knowledge, foreign private issuers should also be required to disclose ethics codes changes and waivers within two days.

Request for Comment on Proposed Form 8-K or Internet Disclosure Regarding Changes to, or Waivers From, the Code of Ethics by Registered Investment Companies

  • Is the proposed definition of a code of ethics appropriate? Are there any modifications that should be made to this definition in the case of investment companies?

      Yes. We believe the principles of ethical behavior are adequately covered by the proposed definition.

  • Do the code of ethics disclosure requirements cover the appropriate individuals at those entities? Should any of these individuals be removed, or should other individuals be added?

      As with operating companies, best practices indicate codes of conduct should cover all executive officers, at a minimum.

  • Should we require registered investment companies, like domestic operating companies, to use Form 8-K to disclose amendments to, or waivers of, a code of ethics within two business days? Or is our proposed approach of requiring periodic reporting of this information on Form N-CSR or Form N-SAR appropriate? Should we propose a separate form for prompt reporting of this information? If we require periodic reporting of amendments and waivers on Forms N-CSR and N-SAR, is the proposed alternative option for disclosure of amendments and waivers on the investment company's Internet website within two business days necessary or appropriate?

      Registered investment companies should use Form 8-K and be held to the same standard of disclosure as operating companies. If periodic reporting is permitted, the proposed alternative option for disclosure of amendments and waivers on the investment company's Internet website within two business days is appropriate.

  • For what period of time should we require an investment company to retain information about amendments to, or waivers from, codes of ethics, if it elects to post this information on its website? Should the retention period be not less than six years from the end of the fiscal year in which the amendment or waiver occurred, which would be consistent with the standard retention period for investment company records, or should it be some other period?

      A consistent retention period is desirable, so we agree that the retention period should be not less than six years from the end of the fiscal year in which the amendment or waiver occurred.

Management's Internal Controls and Procedures for Financial Reporting

Request for Comment on Management's Internal Control Report

  • Should we propose a definition of internal controls and procedures for financial reporting? If so, is the proposed definition appropriate? Should we define the term using AICPA's Codification of Statements on Auditing Standards Section 319 definition? If not, are there any other definitions we should use?

      The appropriate definition of internal controls and procedures flows from the Committee of Sponsoring Organizations of the Treadway Commission (COSO) definition. To the extent SAS 78 and AU section 319 reflect the results of the COSO study, the proposed definition is appropriate. However, the proposed definition does not focus adequately on transaction authorization and safeguarding assets against improper use.

  • Should we propose specific disclosure criteria and standards for the management report? If so, what disclosure criteria and standards should we consider?

      The disclosure standards and criteria reflected in the Commission's 1988 proposal would be a good basis for developing new standards.

Request for Comment on Attestation to, and Report on, Management's Internal Control Report by the Company's Auditor

  • If we adopt the proposed amendments before the Public Company Accounting Oversight Board (PCAOB) is operational, should we delay effectiveness of the rules until such time as attestation engagements standards are issued or adopted by the PCAOB?

      No, the attestations should be done by the certified public accountant until such time as attestation engagement standards are issued or adopted by the PCAOB.

  • Should the company have to file the attestation report as part of the annual report? If so, should the report have to appear in a particular part of the annual report? Where?

      Yes, along with the management report on internal controls.

Request for Comment on Attestation to, and Report on, Management's Internal Control Report by the Company's Auditor

  • Should we propose changes to Exchange Act Rules 13a-14, 13a-15, 15d-14 and 15d-15 to require periodic evaluations of both the company's disclosure controls and procedures and its internal controls and procedures for financial reporting?

      Financial statements are meaningless without adequate internal controls. It is appropriate, therefore, to require periodic evaluations of internal controls and financial reporting procedures.

Request for Comment on Appropriate Transition Period

  • What transition period do companies and registered public accounting firms need to prepare to perform these undertakings? Is the compliance date we propose adequate? If not, what date should we adopt?

      An effective date of September 15, 2003, will allow adequate time for the adoption of PCAOB attestation standards and corporate adaptation to the new requirements.

General Request for Comments

To reiterate, we strongly believe the proposed definition of financial expert would inappropriately exclude many qualified potential directors from serving on audit committees. If the proposed strict definition of financial expert is adopted, and the exchange SROs adopt their proposed definitions of independence, it may be nearly impossible for companies to find adequate financial expertise to serve on audit committees. Small companies, in particular, would be burdened by this requirement. Recent history has shown that the presence of financial expertise on the audit committee is not a bar to corporate accounting scandals. Further, it appears the standards set by FDICIA and the SROs are adequate, reasonable, and more achievable. We propose, therefore, an alternate definition of "financial expert," as follows: having significant executive, professional, educational, or regulatory experience in financial, auditing, accounting, or banking matters, such as would be expected of a chief executive officer, chief financial officer, other senior corporate officer or corporate director with financial oversight responsibilities, or an experienced audit committee member.

Second, for investor ease of access and use, and in the interest of creating a public record, we believe all required disclosures under the rules implementing the Sarbanes-Oxley Act should be filed on the appropriate form with the SEC, although companies should be encouraged to maintain such disclosures on their corporate websites as well.

Finally, we believe duplicative reporting requirements are unnecessarily burdensome to reporting companies. We further believe the internal controls report requirements of Sarbanes-Oxley are adequately satisfied by the internal controls reporting requirements of FDICIA. Registered companies that are complying with 12 CFR 363.2 should not have to complete further attestations or reports on internal controls. In addition, it would be appropriate to develop a single certification to satisfy the requirements of Sections 302 and 906 of Sarbanes-Oxley.