David S Rosenthal and Martin Nussbaum

The SEC adopted final rules implementing Section 302 of the Sarbanes-Oxley Act of 2002 (the "Act"), which became effective August 29, 2002.1 The new Rules 13a-14 and 15d-14 under the Securities Exchange Act of 1934, as amended (the "Exchange Act"), require an issuer’s CEO and CFO to make specified certifications in each annual and quarterly report filed with the SEC under Section 13(a) or Section 15(d) of the Exchange Act.2

Immediate action will likely be required to enable CEOs and CFOs to make the requisite certification on their next periodic report regarding the existence and adequacy of "Disclosure Controls and Procedures". Other notable features of the certification relate to the requirement that the CEO and CFO certify (i) as to the quality and effectiveness of the company’s internal controls for financial reporting purposes and (ii) the "fair presentation" of the financial information in the report.

The new Exchange Act rules apply to all issuers that file reports under Section 13(a) or 15(d) of the Exchange Act, including foreign private issuers, banks and savings associations, issuers of asset-backed securities, small business issuers and registered investment companies.

The certification must be included in annual reports on Forms 10-K, 10-KSB, 20-F and 40-F, quarterly reports on Forms 10-Q and 10-QSB and amendments to any of the foregoing reports, to follow immediately after the signatures in the reports, and in the exact form prescribed by the SEC. For ease of reference, the form of the certification is attached as an exhibit to this Update.

These key portions of the certification are discussed below:

Disclosure Controls and Procedures

Although many, if not most, issuers currently maintain disclosure procedures on an informal basis, "disclosure controls and procedures" are a new concept intended by the SEC to encompass controls and procedures addressing the quality and timeliness of disclosure. They are, in short, the programs through which a reporting company would take the appropriate steps on an ongoing basis to assure that all necessary information is included in its SEC filings. These differ from, and are broader than, "internal controls", which relate more narrowly to financial reporting and control of a company’s assets.

With respect to disclosure controls and procedures, in each public report, CEOs and CFOs of all issuers must certify that they:

  • are responsible for establishing and maintaining disclosure controls;
  • have designed such controls and procedures as to ensure that material information relating to the company and its subsidiaries is made known to the certifying persons;
  • have evaluated the effectiveness of the issuer’s disclosure controls within 90 days prior to the filing of the report;
  • have presented in the report to which the certification is a part their conclusions about the effectiveness of the disclosure controls and procedures;

Thus, the certification in effect requires that issuers not only establish disclosure controls, but also that they frequently evaluate the effectiveness of those controls.

Practical Recommendations

The SEC has not mandated a specific form of disclosure controls and procedures, presumably, in recognition of the fact that the wide differences in the structures and businesses of different issuers will require different disclosure control procedures to be effective. Although it is our understanding that the staff of the SEC is working on an interpretative release expected to provide further guidance on disclosure controls and procedures, pending the issuance of that guidance, we recommend the following:

Issuers should engage in a regular program of education in which the people who participate in the disclosure process are periodically informed, presumably by counsel, of the issuer’s reporting obligations and the rules governing public disclosure. Consider preparation of written disclosure guidelines to facilitate the process of preparing disclosure.

  • Issuers should form a Disclosure Committee with the clearly enunciated purpose of:

- Assuring that matters which may require disclosure are articulated and considered; and 

- Considering, with the advice of counsel, whether the disclosure of matters brought to the Disclosure Committee’s attention is necessary to comply with law and to enable the investing public to clearly understand the issuer’s business and financial condition.

  • The composition of a Disclosure Committee will vary greatly from issuer to issuer; but, at a minimum, it should be composed of inside counsel (and/or advised by outside counsel) and the other persons who are principally responsible for the preparation of the issuer’s disclosure documents. 

- If they are not members of the Committee, the principal executive, operating and financial officers of the issuer and its business units should meet with the Disclosure Committee to confirm that they have reviewed the issuer’s proposed filings and that those filings accurately describe the portion of the issuer’s business that is their responsibility. The CEO and CFO should also be encouraged to bring to the Disclosure Committee’s attention issues which have not been specifically disclosed so that the Disclosure Committee has the opportunity to evaluate disclosure decisions; and

- If they are not members of the Disclosure Committee, the CEO and CFO should meet with the Disclosure Committee or its chair prior to the filing of covered disclosure documents for the purpose of ascertaining the appropriateness of the issuer’s disclosures, evaluating the disclosure decisions made by the Disclosure Committee, and assessing the effectiveness of the Disclosure Committee’s functioning.

  • The Disclosure Committee should meet prior to the filing of each periodic report and as otherwise necessary from time to time to evaluate the necessity of making material disclosures. Consider adopting a preparation timeline, with detailed responsibilities, for each report. Procedures should be in place to comply with the "real time" reporting of events that will be required upon implementation of the SEC’s proposed Form 8-K rules, which significantly increase the number of events required to be reported and shorten the period within which a Form 8-K must be filed.
  • The Disclosure Committee or its chair should meet regularly with the Audit Committee of the Board of Directors to discuss the financial implications of disclosure matters and to promote consistency between the financial statement and textual disclosures.
  • Minutes and other appropriate documentation with respect to the Disclosure Committee’s deliberations should be prepared and retained.

Internal Controls and Procedures

Subsumed in an issuer’s obligations with respect to disclosure controls and procedures are the obligations of an issuer to maintain proper internal controls3 and of the CEO and CFO to certify as to the issuer’s internal controls. Specifically, the CEO and CFO are required to certify that:

  • They have made disclosures to the issuer's auditors and the audit committee of the board of directors about any deficiencies in internal controls that could adversely affect the company’s ability to process and report financial information, any material weakness in internal controls and any fraud involving management or others involved in the company’s internal controls; and
  • They have included information in the issuer's quarterly and annual reports about their evaluation and whether there have been significant changes in the issuer's internal controls or in other factors that could significantly affect internal controls subsequent to the evaluation.

The certifying officers must make this certification as to internal controls quarterly, based on their evaluation of the issuer’s disclosure controls and procedures.

Virtually every issuer maintains internal financial controls procedures that are intended to assure that transactions are accurately recorded and reflected in the issuer’s financial statements and that the issuer’s assets are safeguarded. Observations with respect to the adequacy of these procedures are now typically made by the issuer’s outside and internal auditors, and these observations are typically now reported to the Audit Committee of the Board of Directors and senior management. In order to comply with the new certification it will be necessary for the CEO, in addition to the CFO, to be more directly involved with the ongoing reviews of internal financial controls.

Fair Presentation Standard

The portion of the certification stating that the financial statements and other financial information "fairly present" in all material respects the financial condition, results of operations and cash flows of the issuer relates to material accuracy and completeness of the information contained in the reports, and is, according to the SEC, a standard that is broader than that required under generally accepted accounting principles. It encompasses the selection of appropriate accounting policies, proper application of appropriate accounting policies, disclosure of financial information that is informative and reasonably reflects the underlying transactions and events, and any additional disclosure necessary to provide investors with a materially accurate and complete picture of the issuer’s financial situation.

Additional Practical Recommendations

We recommend the implementation of the following additional procedures in order to assist the CEO and CFO to make certification required pursuant to Exchange Act Rules 13a-14 and 15d-14:

  • The CEO and CFO should review the report carefully.
  • The CEO and CFO should review accounting issues with internal and external auditors. They should focus on critical accounting estimates and policies. The CEO and CFO should confirm that neither the internal nor external auditors are aware of any material mistakes or omissions in their reports.
  • The issuer should obtain sub-certifications of management which are designed for the areas of responsibilities of the persons making the sub-certification;
  • The CEO and CFO should make appropriate inquiries into the quality and timeliness of the issuer’s internal controls, reviewing any issues that are raised regarding weaknesses in the reporting systems and how to address them; and
  • Counsel should perform a review of the periodic reports to confirm that they comply with the technical requirements of the securities laws.

Footnotes

1 The SEC final rule regarding certification of disclosure in companies’ quarterly and annual reports is available at: http://www.sec.gov/rules/final/33-8124.htm
2 This certification rule is in addition to the certification required pursuant to Section 906 of the Act, which was required by all issuers upon enactment of the Act
3 The SEC has not expressly indicated that "disclosure controls" subsume "internal controls". The Commission indicated that because it did not wish to expand the concept of "internal controls" it adopted the new concept of "disclosure controls," implying that there is a difference between the two. However, Section 302 of the Act requires the Commission to adopt rules requiring, among other things, officers to certify that "internal controls" have been reviewed within the last 90 days. Since the rules actually adopted by the SEC require the statement with respect to "disclosure controls," to harmonize the rules and the Act requires that the concept of "disclosure controls" include the more narrowly defined "internal control" procedures.

This Corporate Update merely summarizes the law or rules discussed and should not be relied upon as legal advice. For further information about the new CEO/CFO certifications or additional guidance regarding disclosure controls and procedures or other corporate compliance matters, please contact the authors. ©2002 Swidler Berlin Shereff Friedman, LLP www.swidlaw.com

FORM OF CERTIFICATION*

I, [identify the certifying individual], certify that:

1. I have reviewed this quarterly report on Form [10-Q/10-QSB/10-K/10-KSB/20-F/40-F] of [identify registrant];

2. Based on my knowledge, this quarterly report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this [quarterly/annual] report;

3. Based on my knowledge, the financial statements, and other financial information included in this quarterly report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this quarterly report;

4. The registrant's other certifying officers and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a-14 and 15d-14) for the registrant and we have:

(a) designed such disclosure controls and procedures to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this quarterly report is being prepared;

(b) evaluated the effectiveness of the registrant's disclosure controls and procedures as of a date within 90 days prior to the filing date of this quarterly report (the "Evaluation Date"); and

(c) presented in this quarterly report our conclusions about the effectiveness of the disclosure controls and procedures based on our evaluation as of the Evaluation Date;

5. The registrant's other certifying officers and I have disclosed, based on our most recent evaluation, to the registrant's auditors and the audit committee of registrant's board of directors (or persons performing the equivalent function);

(a) all significant deficiencies in the design or operation of internal controls which could adversely affect the registrant's ability to record, process, summarize and report financial data and have identified for the registrant's auditors any material weaknesses in internal controls; and

(b) any fraud, whether or not material, that involves management or other employees who have a significant role in the registrant's internal controls; and

6. The registrant's other certifying officers and I have indicated in this quarterly report whether or not there were significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of our most recent evaluation, including any corrective actions with regard to significant deficiencies and material weaknesses.

Date: ___________________________________
[Signature]
[Title]

*Provide a separate certification for each principal executive officer and principal financial officer of the registrant. See Rules 13a-14 and 15d-14.