More Sarbanes-Oxley Anniversary Thoughts
The day my OpEd in the Financial Times was published, July 30, there were many other stories in other publications marking the occasion of Sarbanes-Oxley’s tenth anniversary. Most of them focused on the lack of prosecutions of CEOs and CFOs for false financial statement certification crimes.
I liked Michael Rapoport’s in the Wall Street Journal a lot because he’s knowledgeable and takes a good tack in describing what should have happened.
As the Sarbanes-Oxley Act turns 10 years old, the law’s biggest hammer—the threat of jail time for corporate executives who knowingly certify inaccurate financial reports—is going largely unused.
After the financial crisis, the certification rules seemed like a strong weapon against executives suspected of misleading investors. But prosecutors haven’t brought any criminal cases for false certification related to the crisis. Regulators have brought only a handful of crisis-related civil allegations in that area.
Rapoport quotes a statistic with no attribution that also showed up in a Reuters account. It must have come directly from the SEC. It’s not publicly available anywhere on the SEC web site and I had not seen it before. It can’t be verified without a tedious accounting of all documents on the SEC site and then another difficult separation of charges brought versus actual settlements or resolutions that still include a Section 302 or 906 component. That doesn’t always happen.
The SEC says it has brought civil false-certification charges against more than 200 parties, including executives at companies involved in the crisis like Fannie Mae, Freddie Mac and Countrywide. (Countrywide is now part of Bank of America Corp.) But the SEC hasn’t used false certification against executives from any of the major banks suspected of misleading the public about their finances during the crisis.
Alison Frankel’s pretty good piece at Thomson-Reuters focuses on the criminal side of Section 302 and 906 certifications and says that happens not hardly at all.
The Justice Department doesn’t directly track Sarbanes-Oxley prosecutions, so there may be another case here or there. Even four or five SOX criminal cases in 10 years, though, makes them as rare as a blue moon.
She mentions civil charges – depending on whether there’s scienter it can go either way – but says only, “the Securities and Exchange Commission has brought dozens of civil cases alleging false certification under Sarbanes-Oxley, including civil SOX charges in an FCPA case the SEC filed in March.”
Unfortunately, Frankel’s colleagues over on the Reuters “Analysis” side of the house repeat the SEC’s “more than 200 cases” claim again with no attribution. The “Analysis” piece also repeats Frankel’s contention, backed in her case by several corporate defense lawyer sources, that sub-certifications or “waterfall” certification insulates the C-suite from claims of criminal responsibility for false certification. Basically, if several underlings tell the CFO and CEO the numbers are good, disclosures are good, controls are good, then how can they, high level, insulated executives, know better? Certainly C-level executives never change or adjust numbers after they flow up.
That contention is disingenuous or just plain naïve.
While only a handful of people have faced criminal charges over false statement certification, the Securities and Exchange Commission has invoked that part of Sarbanes-Oxley to bring more than 200 civil cases.One reason for the small number of criminal cases is that corporations have taken steps to insulate C-suite officers from culpability. Another reason is that prosecutors often choose to pursue tried-and-tested charges such as fraud when seeking to bring corporate wrongdoers to justice.
Morgenson doesn’t mention the impact of the Dodd-Frank law on clawbacks in her piece. Her point is: The bark of Sarbanes-Oxley’s clawback provision has been much worse than its bite.
But the Sarbanes-Oxley enforcement numbers are much worse than Morgenson cites. Morgenson supports her argument by citing unattributed statistics. She also incorrectly interprets the Sarbanes-Oxley Section 304 law. As a result, Morgenson credits three cases by name as Sarbanes-Oxley 304 enforcement that are not. She also neglects to mention a key one that is.
It appears Morgenson may have based her numbers on a review of the SEC initial complaints that included a Section 304 allegation, amongst many other allegations, when they started their enforcement journey. If Morgenson took the SEC’s word for what constituted a case and what did not, it’s not surprising that the regulator might have padded grim numbers with cases that are still pending or that, in the end, didn’t meet the strict Section 304 requirements.
That approach overstates the SEC’s efforts and certainly misstates their enforcement effectiveness.
Lawyer Dan Hull over at What About Clients? blog is kind enough to highlight my FT OpEd and add his two cents:
So see McKenna’s op-ed in the Financial Times this morning: “Ten Years After Sarbox, Time for an Audit of the Auditors“. McKenna offers three (3) big reasons Sarbanes-Oxley has been a bust on achieving objectivity in corporate audits. One reason she gives–this is my favorite since I have been seeing this over the last 10 years on an alarming if often comedic scale in the larger accounting firms in one form or another almost every day since the passage of SOX–is that:
audit companies still encourage partners to sell additional services to audit clients. Roger Dunbar, a former E&Y vice-chairman who is now the chairman of Silicon Valley Bank, told a recent forum on auditor rotation: “There’s an increase in scope creep, of wanting to provide these ancillary services to audit clients. I am personally worried. It’s a risk.”
Remember [McKenna goes on], Arthur Andersen had a disproportionate focus on the huge fees it earnt from consulting to Enron compared to the audit.
Sarbox was supposed to eliminate this conflict.
Except for Deloitte, audit companies went back to being primarily auditors after the 2002 act was passed. That trend has now reversed. Deloitte held on to its consulting arm and it has grown ever since. The remaining three Big Four companies rebuilt consulting businesses they sold or squelched.
I was also asked to write an OpEd in late July, The Auditing Blame Game, for Accountancy magazine in the UK. The focus of the piece is the decision by regulators there not to charge Ernst & Young with anything over the Lehman collapse. Although not directly timed to the Sarbanes-Oxley anniversary, the piece – which came out in print on July 25 – touched on several related topics. Here’s a short excerpt. (Full PDF here. )
HOW CLEAN IS CLEAN?
UK regulators criticise auditors for providing ‘clean’ audit opinions at banks that breached client asset segregation rules, submitting required reports on asset segregation late, and making basic errors such as submitting reports without partner signatures. A finding against E&Y for customer segregation rules negligence at Lehman Brothers may come with a hefty fine.
The FRC ordered PwC to pay a record fine of £1.4m in the JP Morgan Securities case.
Bob Diamond, the former Barclays CEO, implied during testimony before the Treasury Select Committee on 4 July that all the banks practised the Libor rate submissions’ subterfuge during the crisis, but it was more conservatively practised by Barclays than others, and was executed at the behest of senior government officials to ensure stability. ‘For God and country’ is the rationale for the bank’s willingness to be ‘dirty-clean, rather than clean-clean’, when submitting fudged Libor figures to the British Banking Association.
Similarly, auditors’ testimony before the House of Lords in December 2010 claimed no ‘going concern’ warnings were issued for insolvent banks during the financial crisis because the integrity of the UK financial system was more important than informing taxpayers they would soon be responsible for bailing out the banks. As long as no auditor went ‘out of the pack’ and told the truth about insolvencies, panic would not ensue.
To read more about Sarbanes-Oxley, and whether I think Dodd-Frank will help bring justice to those hurt by the crisis, you can go back to my piece from almost a year ago for Boston Review, Accounting Failure: What Sarbanes-Oxley Teaches Us About Dodd-Frank.
Broc Romanek and PCAOB Chairman Jim Doty joined PwC’s Kayla Gillan and lawyer Michael Peregrine in the New York Times Room for Debate on July 24, the anniversary of the law’s actual passage versus signing, to discuss Sarbanes-Oxley.
Broc Romanek: For my money, I continue to believe that the Public Company Accounting Oversight Board’s birth was the most significant part of Sarbanes-Oxley even though its reporting structure, controlled by the S.E.C., prevents it from being as effective perhaps as it could. The auditing profession is now more fully regulated rather than relying on self-regulation – always a dicey proposition.
Regulated? Yes. Chastened? Not at all.
Postscript:
You may be wondering why I didn’t mention the OpEd in the New York Times by Steven Rattner, “Regulate, Don’t Split Up, the Big Banks.” Well, it came out in August 1, not the anniversary of Sarbanes-Oxley and it is technically a response to Sandy Weill’s Squawk Box bombshell not a Sarbanes-Oxley memory. But, I mention it here because it is another example of how major media can require that something ludicrous and completely untrue has to be discussed just because they are ridiculous enough to print it.
The best takedown of Rattner’s column – he’s the former car Czar – comes from Matt Taibbi at Rolling Stone, who says:
Rattner’s piece, entitled, “Regulate, Don’t Split Up, the Big Banks,” admitted that Weill’s comments “shook the New York-Washington axis.”
“It was as if John D. Rockefeller had proposed the breakup of Standard Oil,” Rattner wrote.
But he went on to say that Weill’s musings were “an ill-advised distraction.” The reasons he gave for believing this are astounding. And what’s astounding is not just that he has these opinions, but that his “reasons” got past the Times editors, who should have blanched at publishing such gross inaccuracies.
Here is the crux of Rattner’s argument:
A bit of recent history: none of the institutions that toppled like dominoes in 2008 — the investment banks Bear Stearns and Lehman Brothers, the mortgage-finance giants Fannie Mae and Freddie Mac, the insurance company American International Group — were commercial banks.
So the bank merger frenzy that Mr. Weill set off in the late 1990s was not the proximate cause of the financial crisis.
There are so many things wrong with this passage, it’s hard to know where to start. But let’s take the most obvious problem: He’s lying!
Not just some, but many of the institutions that “toppled like dominoes” in 2008 were giant commercial banks of the TBTF type. Does Rattner remember Washington Mutual, which was only the sixth-largest commercial bank in America when it collapsed in 2008? How about Wachovia, the fourth-largest?
More to the point, does he not remember all of the other commercial banks that required massive federal bailouts to avoid “toppling like dominoes” that year?
Weill’s entire argument, remember, isthat these big banks should be broken up so that the taxpayer doesn’t have to rescue them. And Weill should know, because his Frankensteinian creation, Citigroup, required a $45 billion federal bailout and hundreds of billions more in federal guarantees.
Actually the total outlay for Citigroup was $476 billion in cash and guarantees – they were the biggest single bailout recipient, if you’re counting, with another classic post-Glass-Steagall creation, Bank of America, bringing up the rear with $336 billion in cash and guarantees.
Rattner also forgets that Deloitte client GM was his bailout along with Chrysler and GMAC.
I tweeted:
I share your frustrations. I’ve given up on thinking that there will be some appropriate justice for people/companies that nearly took down our financial system.
There are too many conflicts of interest present to expect anything else. The audit profession is a joke. Does anyone seriously think the PCAOB will be able to force through needed reforms?
Thanks for the mention, Francine. Honored. And, well done, once again.
We do not need one more law, one more think tank, one more Congressional committee or Congressional
investigation. Sarbanes-Oxley is 10 years old and it is a DEAD DUCK. Why ??? The Executive branch of government
is Constitutionally charged with the responsibility of law enforcement and Eric Holder is the single worst Atty General
in the history of the USA. He refuses to enforce SarbOx.
Francine – Like you and other people commenting, there are several things that continuously frustrate and infuriate me about the lack of enforcement of SOX and the virtually non-existent prosecutions since the initial batch of criminal charges against C-suite execs in the frenzy after Enron, Worldcomm, Healthsouth, et al.
One of my frustrations is the lack of financial consequences for C-Suite executives certifying financial statements that were fraudulent or had significant errors. The point you and several other analysts/journalist made about the efforts by C-suite execs to create reporting systems and controls that enable them to insulate themselves from accountability for errors & frauds looks to be on target. Another part of the lack of consequences is that key clawback provisions of SOX are based largely on the issuance of restated financial statements. Restatements that would have triggered clawbacks seem to not be occurring, even when the previous years’ financial statements contained significant errors or have been shown to have been fraudulent. From seeing the way that the Big 4 firms appear to have facilitated some of the questionable financial transactions and valuations of the TBTF financial institutions, it also appears that they have been complicit in allowing clients to treat past errors and incorrect financial statements as falling under reporting rules that allow the correction to be reported as a current year adjustment. If allowed as a current year adjustment, even if the impact is significant and was the direct result of executives’ actions or policies, there is no restatement of prior financials and no clawback of prior bonuses and other incentive comp. The apparent lack of any significant challenge by the Big 4 firms to the practice of current correction of past errors and frauds is consistent with your view that those at the top of Big 4 firms are more concerned about keeping a client and generating increased fees from additional services than they are in meeting their responsibilities to investors. The SOX change resulting in the auditors “appearing” to be retained by the Audit Committee of the Board does not seem to have had any real impact on improving auditor independence and being at all skeptical and challenging client management’s positions on accounting & reporting rules.
A second issue for me relates to the question that always come up whenever a fraud or significant loss from excessive risk taking or poor management decisions is reported – “Where were the auditors?” Well, it appears that the auditors may have been in bed with the executives or at least were in the bedroom fluffing the pillows and turning down the sheets for their client execs. Since it doesn’t appear to be possible to rely on the independence of external auditors, better questions may be “Where was the Board?” or “Where were the investors?” With few exceptions, C-suite execs have not been held accountable by Boards and investors for anything that caused or resulted from the 2007-08 financial crisis. The few exec job losses in the US and UK seem to have been the result of bankruptcy, buy-out/merger between companies, or political pressure due to public opinion connected with a high profile government bailout (politicians and regulators trying to placate voters by actually doing something, even though it was only minimal action for appearances sake). A case in point is the JP Morgan Chase trading loss this Spring that has been reported as resulting from a change in risk management practices, approved at the highest levels of the company, which turned out to be seriously flawed and then improperly managed after implementation. The head of the risk management unit was thrown under the bus to appease regulators and investors. But Jamie Dimon (who has been reported as knowing about and agreeing to the change in risk management) and other C-suite execs escaped serious consequences in spite of JP Morgan Chase losing about 25% of its market value in the last 3-4 months. So far, investors have lost more than $35 billion in market value just on the initially reported $2 to $3 billion loss. Yet investors, regulators, and politicians still treat Mr. Dimon as a financial industry management God whose only problem is that JP Morgan Chase is too big for any one person to manage, even though that is the job he willing fills and a responsibility he is extremely well compensated for taking on. The press has moved on to other financial frauds and losses, so few are following Chase to see how big the actual loss will eventually be. My question is – How much money do investors have to lose before they demand that the Board of Directors take action to hold the execs accountable or they replace current Directors with someone who will? When frauds and losses from significant errors are finally reported and become public knowledge, investors have to take action and hold execs accountable. Investors have every right to ask “Where were the auditors and why didn’t they let us know about the problems sooner?”, but they also have the responsibility to take steps to protect themselves.
@Richard_A
Thanks for your thoughtful and detailed comment.
This is key:
“Another part of the lack of consequences is that key clawback provisions of SOX are based largely on the issuance of restated financial statements. Restatements that would have triggered clawbacks seem to not be occurring, even when the previous years’ financial statements contained significant errors or have been shown to have been fraudulent. From seeing the way that the Big 4 firms appear to have facilitated some of the questionable financial transactions and valuations of the TBTF financial institutions, it also appears that they have been complicit in allowing clients to treat past errors and incorrect financial statements as falling under reporting rules that allow the correction to be reported as a current year adjustment. If allowed as a current year adjustment, even if the impact is significant and was the direct result of executives’ actions or policies, there is no restatement of prior financials and no clawback of prior bonuses and other incentive comp. The apparent lack of any significant challenge by the Big 4 firms to the practice of current correction of past errors and frauds is consistent with your view that those at the top of Big 4 firms are more concerned about keeping a client and generating increased fees from additional services than they are in meeting their responsibilities to investors.”
Thanks for bringing it up.
fm
Sarbanes Oxley is always important for listed firms.
The Dodd Frank Act did not replace Sarbanes Oxley, it amended it and it simply made SOX more important.
And now, we have the new Auditing Standard No 16 from the PCAOB.
The Public Company Accounting Oversight Board (PCAOB) has announced that the Securities and Exchange Commission (SEC) approved Auditing Standard No. 16, Communications with Audit Committees, and amendments to other PCAOB standards.
The new standard and related amendments are effective for public company audits of fiscal periods beginning on or after December 15, 2012.
To download the presentation (150 slides, no cost, no registration needed) you may visit:
http://www.sarbanes-oxley-association.com/Distance_Learning_and_Certification_Auditing_Standard_16.htm