Speech by SEC Commissioner:
SEC Implementation of Sarbanes-Oxley:
The New Corporate Governance


Commissioner Cynthia A. Glassman

U.S. Securities and Exchange Commission

National Economists Club
Washington, D.C.
April 7, 2003

Thank you. It is a great pleasure to be here today. I have been a member of the NEC for a number of years and am a past Board member. I have made many friends and helpful contacts through this terrific organization. As you may already know, I am the only economist on the Commission - a badge I wear proudly among so many lawyers! -- and, with 14 months on the job, I am the most senior commissioner. Before I begin my remarks, let me make the standard disclaimer: the views I express here today are my own and not those of the Commission or its staff.

I have chosen to speak today about the SEC's implementation of the Sarbanes-Oxley Act because that has been a key focus of our attention for the past six months. Sarbanes-Oxley was enacted last summer in response to financial frauds at Enron, WorldCom and other corporations and the realization that many of the "gatekeepers" responsible for preventing fraud had fallen down on the job. Congress recognized that dramatic steps were needed to right the system and restore investor confidence. Under the new legislation, Congress directed the Commission to adopt rules to increase the accountability of CEOs and CFOs, improve the quality of financial reporting and raise professional, legal and ethical standards for the gatekeepers of our financial system -- analysts, auditors, audit committees, boards and attorneys.

Sarbanes-Oxley gave the Commission 90-, 180- and 270-day deadlines to implement several key rulemakings and conduct several studies. By the end of the 90-day deadline, we adopted rules accelerating the filing of quarterly and annual reports for certain issuers, requiring CEOs to certify quarterly and annual reports, and speeding up the disclosure of personal securities trading by corporate insiders.

In January alone, we adopted nine new rules required by Sarbanes-Oxley and two additional rules in the investment management area. Thanks to our staff's hard work, we were able to adopt rules requiring heightened standards of auditor independence, the disclosure of off-balance sheet arrangements, and the inclusion of a reconciliation to generally accepted accounting principles -- for earnings releases and other financial information prepared on a pro forma basis. We also adopted rules requiring companies to disclose whether they have codes of ethics for executive officers, and whether they have designated an "audit committee financial expert" on their audit committees. We approved rule changes by the New York Stock Exchange and the NASD dealing with analyst conflicts. Finally, we adopted rules requiring securities lawyers to report evidence of fraudulent corporate conduct "up the ladder" to the chief legal or chief executive officer of the corporation or, if necessary, the board of directors. In the process of implementing Sarbanes-Oxley and other recent rules, the Commission received over 9,000 comment letters, each of which was read, carefully considered, and included in a comment summary that you can find on the Commission's website. The following statistics are unofficial, but I'm told our adopting releases for the 11 rules adopted in January totaled over 1,000 pages (double-spaced, 10-point font) (only lawyers could take over 1,000 pages to write 11 releases), and they contained over a quarter-million words. I'm also told - off the record -- that we reviewed over 113 different drafts, held over 2,700 man-hours worth of meetings, ate over 1,100 meals at our desks, and drank more than 4,800 cups of coffee!

We still have more work to do on Sarbanes-Oxley. We are well along in the process of selecting a chairman for the accounting oversight board and will soon approve its budget and rules. We also have to consider some new rules on analyst conflicts proposed by the New York Stock Exchange and the NASD. We completed an additional Sarbanes-Oxley item last week when we adopted a rule directing the exchanges and Nasdaq to prohibit the listing of the securities of any company that does not comply with heightened audit committee requirements.

While we obviously wanted to do everything possible to prevent future Enrons and WorldComs, it was important to maintain a balanced approach. We tried our best to ensure that our rules targeted the root causes of past problems without overreaching our objectives or creating negative unintended consequences. In analyzing the Commission's new rules, I looked to several factors. What are we really trying to accomplish with this rule? Will the rule be effective in achieving its purpose or is it merely cosmetic? Does it make practical sense? Does it serve the purpose for which it was intended? Does it meet the spirit and the letter of the law? Do the benefits outweigh the costs? Does the rule go too far or not far enough? And finally, will it raise unrealistic expectations or create unintended consequences?

What we - and Congress through the Sarbanes-Oxley Act - are trying to accomplish is to restore investor confidence in our companies and our markets. To do that, investors need to be able to trust the companies in which they invest. That requires that companies practice - and exhibit - good corporate behavior. In my view, there are three components to achieving good corporate behavior:

1) an effective corporate governance process;
2) punishment of bad behavior - by the company, by civil and criminal law enforcement and by the market; and
3) an ethical corporate culture.

We cannot legislate the third factor - an ethical corporate culture, so our efforts have been directed at the first two: rules to incent good procedures and behavior, and enforcement actions to disincent bad behavior. Taken as a whole, I believe that our new rules reflect a thoughtful and measured approach. They make clear that management and the board of directors have ultimate responsibility for a company's governance program, but that gatekeepers also play an important role.

Our difficult task has been, and continues to be, to ensure that we do not create an environment in which the markets cannot allocate resources efficiently. One way I have come to evaluate our proposals is through what I call the "Goldilocks" approach to regulation: If the media and critics of the Commission say we are too lenient, and the entities we regulate say we are too harsh, chances are we got it just right.

By any measure, we promulgated an ambitious regulatory agenda in the area of corporate governance, and it is becoming clear that some time is necessary for companies to absorb and implement the barrage of new regulations. This is not to imply that the Commission will shy away - even in the slightest - from our obligations under Sarbanes-Oxley or our mission of investor protection. However, we have to acknowledge that regulatory risk is part of running a business and that the uncertainty caused by perpetual rulemaking can have a chilling effect on legitimate business decisions, including the decision to commit capital. I think we need to take some time to monitor how the new rules operate in practice, to provide guidance and clarification where necessary, to get a better measure of costs and unintended consequences, particularly for small business, and to assess whether we are accomplishing what we intended.

I am encouraged by evidence that the market is driving reform. We read that companies are being more selective in choosing directors - and directors are also being more selective in choosing companies. We've heard that some director nominees now hire consultants to review the company and assess the rigor of its governance procedures, the quality of its reporting and its overall risk profile. In the current environment, companies have a strong incentive to adopt rigorous governance procedures because those that fail to do so will be unable to attract top quality directors and will pay a risk premium in terms of both director compensation and possibly officer and director liability insurance.

Now that most of the rules have been adopted, I come back to my initial questions.

Do our rules meet our objectives?

The objectives of the Sarbanes-Oxley rules seem clear: to restore investor confidence in our companies and our markets and to enhance investor protection by improving corporate governance and transparency. My impression is that our rules meet our objectives. Although we will never be able to eliminate fraud, the good corporate citizens - and that includes most companies - are taking our rules seriously. Equally important, the market seems to value companies that display good corporate governance and make clear disclosures.

Did we meet the spirit as well as the letter of the law?

Regarding the spirit, I believe we did. Regarding the letter, I also think we did. But on at least one point - our proposal that lawyers make "noisy withdrawals" -- there was much discussion of whether we had overstepped our mandate. We did approve a rule that requires lawyers - both in-house attorneys and outside counsel - to report securities law violations "up the ladder" to the chief legal officer or chief executive officer of the corporation. Where the CLO or CEO fails to respond appropriately, the attorney is required to report the evidence to the audit committee, another committee of independent directors or the full board.

The much more controversial part of our proposal was that, where the board of directors fails to respond appropriately, the attorney would have to withdraw from representation of the corporation and make a public filing with the SEC - a so-called "noisy withdrawal." Because of the strong opposition to the "noisy withdrawal" in the legal community, we split out that part of the rule and went back out for comment with an alternative proposal that the corporation - rather than the attorney -- disclose the attorney's withdrawal. Stay tuned.

Have we gone far enough?

In at least one instance, we have been criticized for not going far enough -- namely, in not prohibiting auditors from providing abusive tax shelters to their audit clients. To be perfectly frank, I would have supported such a provision if we could have defined it. But since neither Congress, the Treasury nor the IRS could define an abusive tax shelter, we didn't think we could, especially given the short deadlines we had to put out the rules. So we did the next best thing - we put the burden on the audit committee to scrutinize carefully any tax shelter services proposed by the auditor. I assume that no audit committee in its collective right mind would approve any tax service by its auditors that could be construed as abusive - and I hope that the audit firms won't offer them.

Do our rules go too far?

Clearly, our proposed rule on financial experts went too far. As originally proposed, it appeared that luminaries like Alan Greenspan and Warren Buffet would not have met our criteria, so we got more realistic in our final rule.

I have heard some grumbling about our certification requirements -- that CEOs are spending days with the auditors reviewing the accounting treatment of every aspect of the firm's operations. That is certainly not what I had in mind. If they are doing that, they are missing the forest for the trees. What CEOs should be focusing on are the critical assumptions and judgments that could have a material impact on the financials - revenue recognition, impairments and pension funding. These are judgments that CEOs and CFOs should have been making even before Sarbanes-Oxley, and they certainly are judgments they need to understand before they can certify that their financials present a true picture of the company.

Do our rules make sense? Are the benefits commensurate with the costs? Are there likely to be unintended consequences?

I think overall the rules do make sense - but I have begun to hear about some unintended consequences. For example, I have heard that to avoid our pension blackout rule, companies will be less likely to change plan administrators. I have also heard that firms are finding it more difficult to get independent directors - although if that's because the candidates are doing more due diligence and think the risk is too high in a particular company, then the market is working.

Finally, do our rules create unrealistic expectations?

This one worries me. As I said earlier, we cannot prevent all fraud nor legislate ethics. And, importantly, our requirements do not address - nor should they - bad business strategies. So companies will still perform badly and even fail for a variety of reasons not under our control. It is important that investors understand that - which is why I am such a strong proponent of investor education. The goal of all of our new rules is to restore investor confidence and trust in the markets. Yet the ultimate effectiveness of the new corporate governance rules will be determined by the "tone at the top." Adopting a code of ethics means little if the company's chief executive officer or its directors make clear, by conduct or otherwise, that the code's provisions do not apply to them. Designating a financial expert means little if the person designated, while technically qualified, does not possess the personal qualities required to do the job effectively by asking the tough questions and insisting on clear answers. More than any regulatory body, corporate officers and directors have it within their power to restore public trust. Trust depends not just upon putting new rules on the books, but more importantly, on whether there is a widespread consensus that those rules are accepted and will be implemented effectively and in good faith. Corporate officers and directors hold the ultimate power and responsibility for restoring public trust by conducting themselves in a manner that is worthy of the trust that is placed in them.

Thank you. I'd be happy to take questions.