Can the SEC Exempt Small Companies From Sarbanes-Oxley 404?

Bill Sjostrom —  17 January 2006

White Sox HatLast month the SEC Advisory Committee on Smaller Public Companies adopted the following three recommendations concerning oft-maligned Sarbanes-Oxley Section 404:

1. Exempt Microcap companies from S404, subject to certain conditions

2. Exempt Smaller Public Companies from the external audit requirement of S404, subject to certain conditions.

3. The subcommittee strongly endorses recommendation #2. However, if the Commission believes that public policy requires some level of auditor reporting on Smaller Company controls, preventing the adoption of recommendation #2, then as an alternative, we recommend the SEC changes its rule for the implementation of the external audit requirement of S404 to a cost-effective standard (ASX) providing for an external audit of the design and implementation of internal controls.

These recommendations were put forth by the Internal Controls Subcommittee. Click here for the power point slides used by the subcommittee to present its recommendations. Note that I assume the recommendations were adopted as presented in the slides, but I have been unable to verify this point.

Microcap companies are those with market capitalizations in the lower 1% of all U.S. public companies (below approximately $100-125 million) and last fiscal year revenues no greater than $125 million. Smaller Public Companies (which includes Microcap companies) are those with market capitalization in the lower 6% of all U.S. public companies (below approximately $700-750 million) and last fiscal year revenues no greater than $250 million. Approximately 50% of all U.S. public companies fall under the definition of Microcap companies, and approximately 80% fall under the definition of Smaller Public Companies.

The committee based the above recommendations on the following conclusions:

1. Microcap and Smaller Public Companies proportionately represent a significantly smaller risk to the capital markets than large public companies.

2. The costs of S404 compliance have been much higher than anticipated

3. There are fundamental differences between larger and smaller companies

4. The cost and amount of resources necessarily devoted to S404 compliance is not proportional for Microcap and Smaller Public Companies

5. Based on our consultation with COSO, clear guidance does not exist for Microcap and Smaller Public Company managers on how to develop and support proper S404 assertion

6. Investors recognize that smaller companies carry greater investment risk

7. In smaller companies, the risk of management override is significant; internal controls over financial reporting are not as effective as other techniques to detect and prevent fraud by senior executives

8. There are multiple ways to help and ensure good internal controls at smaller public companies

9. Disproportionate compliance burden will likely have a negative effect on the competitiveness and capital formation ability by smaller companies, thus hurting the U.S. economy

Smaller companies have limited resources which are being allocated to internal processes for S404 compliance, and, as these processes are not relied on for financial reporting, this unnecessary effort results in diminished shareholder value.

Conclusion 9. is obviously the clincher and embodies most of the others. I have run across most of these conclusion before in one form or another. Conclusion 6., however, is new for me, and I find it somewhat curious, at least standing alone. Are they saying investors know small company stocks are more risky and therefore should be comfortable with less safeguards? This seems to contradict the reasons for the SEC’s enactment of various regulations (see below).

Of course, the key conclusion missing here is that the costs of S404 outweigh the benefits. The obvious reason for the omission is that it is difficult, if not impossible, to quantify the benefits of S404. As an aside, at the recent AALS section on securities law, a former SEC chief economist stated that the SEC does little cost benefit analysis (he characterized it as “back of the envelope”).

The slides linked to above provide varying degrees of support for each of the nine conclusions. They also include some additional recommendations.

I’m all for exempting smaller companies from S404. But I would be surprised if the SEC does so for two reasons.

1. It’s not clear to me that they have the legal authority to do so. S404 provides:

The Commission shall prescribe rules requiring each annual report required by section 78m(a) or 78o(d) of this title to contain an internal control report, which shall–
(1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and
(2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.

(b) Internal control evaluation and reporting

With respect to the internal control assessment required by subsection (a) of this section, each registered public accounting firm that prepares or issues the audit report for the issuer shall attest to, and report on, the assessment made by the management of the issuer. An attestation made under this subsection shall be made in accordance with standards for attestation engagements issued or adopted by the Board. Any such attestation shall not be the subject of a separate engagement.

I don’t see any exemptive authority conferred to the SEC under the above language. The next section of SOX (S405) does specifically exempt investment companies from compliance with S404, but it says nothing about small companies and again does not confer any exemptive authority on the SEC.

The easy fix would be for Congress to amend SOX to give the SEC the necessary authority. As I noted in this post, however, Rep. Oxley indicated in an October ’05 speech that Congress is unlikely to intervene.

2. Exempting small companies would be inconsistent with SEC practice and policy. The SEC has consistently subjected small companies to greater regulation based in or whole or in part on the fact that smaller companies carry greater investment risk. See for example enactment of the penny stock rules, exclusion of securities traded on the Nasdaq Capital market (f/k/a Nasdaq Small Cap market) and from the definition of covered securities and for S-3 resale registration eligibility, and tightening of Rules 504 and 701, to name a few examples. While the SEC has made special provisions for small companies in some areas (see for example adoption of Regulation S-B in 1992 which established slightly less onerous disclosure requirements for “small business issuers�), I’m not aware of it adopting a blanket exemption for small companies for something on the scale of S404.

I think recommendation 3. indicates that the subcommittee has anticipated these problems. My guess is that the SEC will adopt less onerous S404 rules applicable to small companies, similar to what it did with the adoption of Regulation S-B. I hope I’m wrong, and the SEC concludes it has the legal authority to adopt recommendations 1. and 2. (would anyone challenge the conclusion?), and that breaking with past practice and policy is warranted because we’ve never before seen anything as costly as S404.

Trackbacks and Pingbacks:

  1. TRUTH ON THE MARKET » Update on the SEC’s Authority to Exempt Small Issuers from Section 404 Compliance - April 21, 2006

    […] The momentum seems to be building among legal academics that the SEC may lack the authority to exempt small companies from SOX 404 compliance.  As many may recall, Bill previously analyzed this issue in the inagural post of this blog and concluded that the SEC most likely did not have the requisite statutory authority (he provided a follow-up analysis here).  Larry Ribstein shares this sentiment.  Apparently, they are not alone.   […]

  2. TRUTH ON THE MARKET » Can the SEC Exempt Small Companies from Sarbanes-Oxley 404? (Part 2) - February 27, 2006

    […] Back on the first day of TOTM’s existence, I raised the question of whether the SEC has the authority to exempt small companies from SOX 404 compliance as proposed by the SEC Advisory Committee on Smaller Public Companies (see here). I stated that “[i]t’s not clear to me that [the SEC has] the legal authority to do so.â€? The committee addresses the authority issue in footnote 96 on page 44 of its latest draft report (HT: Bainbridge) and asserts that the SEC does have the authority. Specifically, it points to Section 3(a) of SOX which gives the SEC broad authority to promulgate “such rules and regulations as may be necessary or appropriate in the public interest or for protection of investors, and in furtherance of this Act.â€? I’m certainly no expert on statutory interpretation, but I have a hard time accepting that this language empowers the SEC to adopt rules that essentially negate SOX provisions. When Congress has intended to grant the SEC exemptive authority in the securities area, it has done so expressly (see, e.g., Securities Act Section 28 and Exchange Act Section 36). Regardless, how exactly would exempting small companies from SOX 404 be in furtherance of SOX? […]

  3. TRUTH ON THE MARKET » The Ban on General Solicitation and Advertising - January 25, 2006

    […] I blogged last week about the recommendations concerning Sarbanes-Oxley 404 adopted by the SEC Advisory Committee on Smaller Public Companies at a meeting on 12/14/05 (see here).  The transcript of the meeting is now available on the SEC’s website (click here).  Today I want to talk about a different recommendation adopted by the committee that has not received much if any attention but is arguably more important for small companies (at least small emerging companies) than the proposed S404 exemption.  I’m referring to the recommendation to “[a]dopt a new private offering exemption that does not prohibit general solicitation and advertising for transactions with certain purchasers.â€?  This is something I’ve argued for in the past (see my article, Relaxing the Ban:  It’s Time to Allow General Solicitation and Advertising in Exempt Offerings).  Basically, studies have indicated that there is a funding gap for emerging companies seeking start-up and early-stage private equity.  The funding gap persists notwithstanding large inflows into venture capital funds because as funds have gotten bigger they have by necessity shifted to later-stage and larger deals (see here).  Angel investors could fill this gap but the ban on general solicitation/advertising greatly impedes this.  Hence, my proposal to “relax the ban.â€? […]

  4. Ideoblog - January 17, 2006

    Amending SOX 404 for small companies…

    Bill Sjostrom has an inaugural post up on TOTM in which he doubts the SEC has the authority to adopt its small business advisory committee’s recommendation to exempt small businesses from Sarbox 404, that Congress should give the SEC the…