Back on the first day of TOTMâ€™s existence, I raised the question of whether the SEC has the authority to exempt small companies from SOX 404 compliance as proposed by the SEC Advisory Committee on Smaller Public Companies (see here). I stated that â€œ[i]tâ€™s not clear to me that [the SEC has] the legal authority to do so.â€? The committee addresses the authority issue in footnote 96 on page 44 of its latest draft report (HT: Bainbridge) and asserts that the SEC does have the authority. Specifically, it points to Section 3(a) of SOX which gives the SEC broad authority to promulgate â€œsuch rules and regulations as may be necessary or appropriate in the public interest or for protection of investors, and in furtherance of this Act.â€? Iâ€™m certainly no expert on statutory interpretation, but I have a hard time accepting that this language empowers the SEC to adopt rules that essentially negate SOX provisions. When Congress has intended to grant the SEC exemptive authority in the securities area, it has done so expressly (see, e.g., Securities Act Section 28 and Exchange Act Section 36). Regardless, how exactly would exempting small companies from SOX 404 be in furtherance of SOX?
The committee also points to Section 36 of the Exchange Act (linked above) as providing the SEC with the necessary authority. This section does expressly grant the SEC broad exemptive authority with respect to provisions of the Exchange Act. The problem here is that SOX 404 is not part of the Exchange Act. While some provisions of SOX were framed as amendments to the Exchange Act, SOX 404 was not one of them. The committee seems to recognize this flaw in its argument because it also recommends that the SEC apply â€œthe cannon of construction known as â€˜in pari materiaâ€™ to construe Section 404 as subject to the Commissionâ€™s broad exemptive authority in the Exchange Act because the two statutes relate to the same subject matter and must be construed harmoniously.â€? This seems like a real stretch of the cannon to me.
Finally, the committee points to the fact that the SEC has already exempted certain entities such as asset-backed issuers from SOX 404 compliance. While the SEC may be entitled to some deference with respect to its interpretation of the scope of its powers, its view is certainly not determinative.
The bottom line is that I’m staying with my original post–it remains unclear to me that the SEC has the authority to exempt small companies from SOX 404 compliance.