On July 30, 2002, the President signed into law the Sarbanes-Oxley Act of 2002 (the "Act"). This sweeping legislation addresses a number of issues of critical importance to public companies. We have previously distributed a memo regarding the new CEO/CFO certification requirements. For your convenience, much of that memo is repeated below in Section III.

Certain provisions of the Act become law upon signature or within a specified period after enactment. Other provisions direct the SEC to adopt rules within specified time periods. Thus, the implications of the legislation will not be fully known until the SEC proposes and then promulgates rules in a variety of areas. Thereafter, to the extent standards and other provisions remain undefined, the full implications may only be clear as matters are raised and addressed in interpretive releases or litigation and enforcement actions.

Among its many sections are provisions:

• requiring CEO and CFO certifications;
• establishing new disclosure requirements applicable to companies and their CEOs and CFOs;
• restricting certain executive officer and director transactions;
• accelerating Section 16 reporting;
• imposing new obligations on corporate audit committees;
• establishing a new regulatory body to oversee public company auditors and redefining the relationship between auditors and their clients;
• imposing new rules of professional responsibility on attorneys and securities analysts; and
• enhancing a variety of criminal penalties and enforcement measures for securities-related offenses.

I.
Section 16 Filing Deadlines.
Effective Date: August 29, 2002.

Section 403 of the Act amends Section 16(a) of the Exchange Act to require directors, officers and greater than 10% equity holders of public companies to expedite disclosure of changes in beneficial ownership of their registrant's equity securities. The amendment requires that Form 4's be filed by the end of the second business day after the transaction requiring disclosure. This new requirement significantly shortens the current rule which allowed at least ten days and up to forty days before a Form 4 had to be filed. Accordingly, it is imperative that counsel be notified immediately when a trade takes place.

The new, nearly simultaneous disclosure requirement affords the registrant a good opportunity to remind all affected persons of the rules relating to when reporting persons can trade in the registrant's stock (i.e., when they are not in possession of any material information and outside blackout periods relating to the issuing of financials). In addition, now would be a good time to revisit the registrant's pre-clearance policies. With the new 2 day requirement, it is more important than ever that the registrant be aware of all trades by reporting persons in its stock.

Effective one year after enactment, Form 4's and Form 5's must be filed with the SEC electronically. Such disclosures will then be posted on the Internet by the SEC. In addition, if the registrant maintains a website, the disclosure must be posted to its website.

II.
Ban on Personal Loans to Executives.
Effective Date: Immediately.

The Act prohibits a public company from, directly or indirectly (including through a subsidiary), extending or maintaining credit, or arranging for the extension of credit, in the form of a personal loan to or for any director or executive officer (or equivalent thereof) of such registrant.

Existing loans, provided they are not amended or extended, are grandfathered. Advances for business expenses are likely not prohibited. However, many compensation arrangements will need to be examined to determine if they are deemed to involve loans. For example, split dollar life insurance policies (where premiums are paid by an employer for a policy in the name of an executive and such premiums are repaid to the registrant upon maturity of the policy) and customary relocation loans may each be deemed to be an unlawful extension of credit.

III.
CEO and CFO Certification.
Effective Date: One requirement is effective immediately while the other requirement becomes effective upon the SEC's issuance of final rules before August 29, 2002.

The Act contains two different sections that address certification by CEOs and CFOs of periodic financial reports filed with the SEC - Section 302 of the Act and Section 906 of the Act. Section 302 contains detailed requirements for what must be certified, and directs the SEC to issue rules to implement the provisions of this Section by August 29, 2002. Section 906, which is effective immediately, sets forth criminal penalties for filing false certifications, but also affirmatively states that CEOs and CFOs must submit certain certifications in connection with their companies' periodic financial reports. The certifications referred to in both Sections 302 and 906 apply to all public companies.

Section 906 requires that each "periodic report" filed by a public company with the SEC that contains financial statements be accompanied by a "written statement" of the principal executive and financial officers. The reference to periodic report certainly includes 10-Q and 10-K filings, but may also include 8-K and other filings as well. Section 906 states that a registrant's CEO and CFO (or equivalents) must certify that:

• The periodic report fully complies with the requirements of Section 13(a) or 15(d) of the Securities Exchange Act of 1934 (which state, among other things, that companies must file such quarterly and annual reports as the SEC shall prescribe); and
• The information contained in the report "fairly presents, in all material respects, the financial condition and results of operations of the issuer."

Section 906 also does not limit the certification to the signer's "knowledge," in contrast to the certification required by Section 302 (see below). Section 906, however, would impose criminal penalties only if the officer certifies the required statement "knowing" that the periodic report does not comport with the requirements of Section 906.

Section 302 will require that each public company's CEO and CFO (or equivalents) certify in each quarterly and annual report filed with the SEC that:

• the signing officer has reviewed the report;
• based on the signing officer's "knowledge," the report does not contain material misstatements, is not misleadingly incomplete, and fairly presents, in all material respects, the financial condition and results of operation of the registrant.

In addition, the signing officers must certify in each such report that they:
• Are responsible for establishing and maintaining internal controls;
• Have designed such internal controls to ensure that material information relating to the registrant for the periods covered by the filing is communicated to them;
• Have personally evaluated the effectiveness of the registrant's internal controls within the previous 90 days;
• Have presented in the filing their conclusions about the effectiveness of the registrant's internal controls based on their personal evaluation as of that date;
• Have reported any internal control deficiencies or fraudulent conduct (whether or not material) to the registrant's audit committee and the registrant's auditor; and
• Have disclosed in the filing whether there were any significant changes in internal controls after the date of their evaluation, including any corrective actions taken as to any significant deficiencies or material weaknesses.

While the SEC has not yet issued any guidance as to how to treat the two, slightly different, requirements, it does appear that for the time being, two certifications will be necessary. In any event, the certifications are similar enough that following the practical guidance below should be sufficient to allow the signing officer to make both certifications.

The new financial report certification requirements contained in the Act, some of which appear to be effective immediately and others of which will take effect no later than August 29, 2002, may lead to significant civil or criminal penalties if the certifications turn out to have been knowingly false. The certification requirement, which carries its own criminal penalties for violations, gives the SEC and federal prosecutors yet another weapon to use against perceived violators.

For that reason, we strongly recommend that before certifying to the accuracy and completeness of any financial report, each CEO and CFO follow a reasonable and explicit process designed to demonstrate the executive's diligent attempt to satisfy himself as to the accuracy and completeness of the report and the integrity and reliability of the internal systems that yielded the information being certified. Even if the signing officer believes to the best of his knowledge that the information contained in a report is accurate and complete and that the registrant has an adequate and reliable internal reporting and control system, it is always possible that previously unknown problems will surface later that call the certification into question. Following an explicit process will help the executive better defend against any later accusations that the certification was made fraudulently, or without any basis for believing that the information was reliable.

We recommend that the following steps be taken, among others, recognizing that there is a very limited amount of time available in which to implement these recommendations before the registrant's first filing with a certification is due. These steps can be reduced to a due diligence "checklist," much like the checklists used by counsel or an investment banker when conducting diligence on an issuer before an initial public offering:

• Carefully read and understand the report being certified. Prepare a memorandum to file memorializing that you completed your review and, if appropriate, that nothing came to your attention that raised any concerns as to the integrity of the information contained in the report.
• Understand the procedures used to prepare the reports (who writes the reports, who reviews them, how the data included in the reports is collected and quality-checked, as well as the other steps in the process).
• Meet with your audit committee and prepare appropriate minutes of this meeting. Those minutes should be reviewed by legal counsel before being finalized and circulated for approval. Confirm with committee members the process and procedures you intend to follow to comply with the certification requirement. Ask the committee if it is aware of any issues that cause the committee to be concerned about the integrity and reliability of the registrant's internal control procedures or the accuracy and completeness of the report being certified.
• Meet with your external and internal auditors. Ask them specifically if there is any information in the report being certified about which they have concerns, or if they have concerns about the registrant's internal reporting and control systems which in their opinion could render the information on which the report is based unreliable in one or more respects. That such a meeting occurred should be documented.
• Meet with appropriate sales and financial management and other relevant employees and have them review with you the procedures that were followed for reporting the components of the financial information that appears in the report, including sales and expenses, and for collecting the other data on which the report is based. These individuals ideally should include the head of the registrant's sales function, as well as regional or divisional sales heads and group, divisional or country financial controllers or managers. In each case, confirm with them that they are not aware of any reason to question the accuracy and appropriateness under the registrant's revenue recognition policy and/or GAAP of sales or other financial information entered into the registrant's internal financial reporting system and ultimately reflected in the report being certified. Confirm, ultimately, that each has no reason to question the accuracy and material completeness of the report being certified.
• Obtain internal certifications from the heads of each unit, similar to the certification the CEO and CFO are required to make, which are designed to support the conclusions covered by the certifications made by the CEO and CFO.
• Review and understand the registrant's important accounting policies, revenue recognition policy, and accounting judgments and estimates. Confirm with the registrant's internal and external auditors that the estimates are reasonable and consistent with GAAP.
• If, as a result of your review, problems are discovered, the best course is to address them immediately. If the problems cannot be resolved prior to the date for certification, then the signing officer must assess whether the certification must be qualified, and, if so, in what way. The audit committee should be notified and provided details of the problems. Should a qualification be necessary, you should consult immediately with counsel.

The Act's disclosure requirements relating to assessment of the adequacy of internal control systems also require that the registrant take affirmative steps to be in compliance. The CEO and CFO must expressly certify in each quarterly and annual report that they have evaluated the effectiveness of the registrant's internal controls "within 90 days prior to the report." Similarly, each annual report must contain an assessment as to the effectiveness of the internal control structure, to which the outside auditor must now attest.

The registrant should immediately begin thinking about how they will go about evaluating and, where appropriate, improving or fixing, their internal control systems. Viewing the Act's requirements in this area as "business as usual" is not advisable. The retention of outside consultants to assist in or undertake this assessment may be appropriate and, in fact, may be demanded by the registrant's outside auditor as a condition of rendering the required attestation. Public accounting firms not involved in conducting audits for the registrant presumably will be able to provide such services, as will other consulting firms, and structuring of a review process should be discussed with securities counsel as well.

Among other things, the registrant should undertake to insure that all sales and financial staff within the registrant understand, and acknowledge in writing that they have read and understand, the requirements of the registrant's revenue recognition policy. If the registrant does not have a comprehensive, written revenue recognition policy, now would be an excellent time to consider implementing one as part of an effective internal control system. In addition, the registrant should consider holding meetings with groups of sales and financial group employees to explain the requirements and prohibitions of the registrant's revenue recognition policy in order to insure that all such employees understand its provisions and to reflect the registrant's commitment to accurate financial reporting. If the registrant is using a legacy electronic data entry system, consider whether updating that system to one with enhanced controls would be appropriate at this time. The registrant should also consider whether its inventory accounting system is adequate and reliable.

IV.
Reimbursement by CEO's and CFO's Related to Accounting Restatements; Debts Related to Securities Violations Non-Dischargable in Bankruptcy.
Effective Date: Immediately.

CEOs and CFOs of public companies will be required to reimburse their companies for bonuses and other incentive-based compensation received during the year following the initial publication of a financial report that is subsequently required to be restated due to material noncompliance with applicable financial reporting requirements, as a result of misconduct. In addition, all profits earned from sales of the registrant's stock during that period must be disgorged to the registrant.

The Act also provides that a debtor who files for bankruptcy will not be discharged from any debt that is for the violation of any federal or state securities laws or common law fraud in connection with the purchase or sale of any security, regardless of whether the debt is court or agency imposed or is a result of a settlement agreement.

V.
Codes of Ethics for Senior Financial Officers.
Effective Date: The SEC is required to propose rules within 90 days, and adopt final rules within 180 days.

The new rule will require public companies to disclose in periodic reports whether or not they have adopted a code of ethics for their senior financial officers and if not, the reasons why not. In addition, the registrant will be required to file a Form 8-K to disclose any change in or waiver of such code of ethics. The term "code of ethics" means standards as are reasonably necessary to promote: honest and ethical conduct, including the ethical handling of actual or apparent conflicts of interest between personal and professional relationships; full, fair, accurate, timely and understandable disclosure in SEC periodic reports; and compliance with applicable governmental rules and regulations.

VI.
Management Assessment of Internal Accounting Controls.
Effective Date: SEC to issue final rules within 180 days.

The SEC will issue rules to require that each annual report contain an internal control report that (1) states the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting, and (2) contains an assessment, as of the end of the issuer's most recent fiscal year, of the effectiveness of the internal control structure and procedures. In addition, the issuer's outside auditor is required to attest to and report on management's assessment in accordance with the standards for attestation engagements adopted by the new Public Company Accounting Oversight Board established under the Act (as discussed below).

VII.
Material Correcting Adjustments. Effective Date: Not clear, but probably not effective until sometime after the Accounting Oversight Board is operating.

Section 13 of the Exchange Act is amended to require that each financial statement required to be prepared in accordance with (or reconciled to) generally accepted accounting principles reflect all material correcting adjustments that have been identified by the registrant's "registered public accounting firm" (as discussed below) in accordance with generally accepted accounting principles and SEC rules.

VIII.
Off-Balance Sheet Transactions. Effective Date: SEC to issue final rules within 180 days.

The SEC will issue rules providing that each annual and quarterly financial report filed with the SEC disclose all material off-balance sheet transactions and other relationships of the issuer with unconsolidated entities or other persons that may have a material current or future impact on the issuer's financial condition, changes in financial condition, results of operations, liquidity, capital expenditures, capital resources or significant components of revenues or expenses.

IX.
Pro Forma Financial Information.
Effective Date: SEC to issue final rules within 180 days.

The SEC will issue rules providing that companies who disseminate "pro forma" financial information in their filings with the SEC, press releases or other public disclosures must present such information in a manner that does not contain an untrue statement or omit to state a material fact necessary in order to make the information, in light of the circumstances under which it is presented, not misleading, and must reconcile such information with the issuer's financial condition and the results of operations under generally accepted accounting principles.

X.
Audit Committee Financial Expert.
Effective Date: SEC to propose rules within 90 days of enactment and issue final rules within 180 days.

The SEC will issue rules to require companies to disclose in periodic reports whether its audit committee includes among its members at least one "financial expert," and if not, why not. In defining the term "financial expert," the SEC must consider whether a person has, through education and experience as a public accountant or auditor or a principal financial officer, comptroller, or principal accounting officer of an issuer, or position involving similar functions, an understanding of generally accepted accounting principles and financial statements, experience in preparing or auditing financial statements, experience with internal accounting controls and an understanding of audit committee functions.

XI.
SEC Review of Disclosures.
Effective Date: Immediately.

The SEC will be required to review the disclosures of public companies on a regular and systematic basis, and in any event at least once every 3 years. The SEC will review larger companies and companies who have had problems in the past on a more frequent basis than other companies.

XII.
Real time Disclosure.
Effective Date: No deadline for SEC rulemaking provided.

Amends Section 13 of the Exchange Act to add a requirement that each issuer make plain English disclosure on a "rapid and current basis" of such additional information concerning material changes in the financial condition or operations of the issuer as the SEC determines by rule.

XIII.
Listing Standards Applicable to Audit Committees.
Effective Date: SEC to issue final rule within 270 days.

The SEC will issue rules to require the NYSE, Nasdaq and any other national securities exchange to prohibit listing any registrant that does not satisfy certain audit committee requirements. Specifically, a registrant's audit committee must:

• be directly responsible for the appointment, compensation, and oversight of the work of any registered public accounting firm engaged by the registrant;
• be composed entirely of independent directors, with "independence" defined to prohibit the director's receipt of any consulting, advisory or other compensatory fees from the registrant and to prohibit other affiliations with the registrant;
• establish procedures to receive and respond to employee and others' complaints and concerns regarding the registrant's accounting or auditing matters;
• be authorized to engage independent counsel and other advisers; and
• be provided by the registrant with appropriate funding for engaging the registrant's outside auditors and any other counsel or advisors.

XIV.
Auditor Qualifications; Registration, Oversight and Independence.
Effective Date: While the effective date is not specifically described in the Act, these provisions are not effective until after the Oversight Board is operational and the auditing firm has qualified as a "registered public accounting firm."

The Act requires firms that audit the financial statements of public companies to be registered with and subject to oversight by the Oversight Board. The accounting firms are required to be registered within 180 days after the SEC determines that the Oversight Board is functional.

The Act prohibits registered public accounting firms from providing eight categories of non-audit services to their audit clients, including financial information systems design and implementation, valuation services and internal audit outsourcing services. Audit committee pre-approval of all services provided by an issuer's outside auditor is required, subject to a de minimis exception. The audit committee may delegate pre-approval authority to one or more members of the audit committee, and pre-approvals for audit-related services may be made in connection with approval of the audit engagement. Pre-approval of non-audit services (other than the enumerated services which are prohibited) to be performed by the issuer's auditor must be disclosed in periodic reports.

The Act provides that the lead (or coordinating) audit partner and the reviewing audit partner of the registered public accounting firm cannot perform audit services for the same issuer for more than five consecutive fiscal years.

The Act requires that registered public accounting firms shall timely report to audit committees on critical accounting policies and practices, alternative treatments of financial information that have been discussed with management, and other material written communications with management.

The Act prohibits registered public accounting firms from providing audit services to issuers whose CEO, CFO or chief accounting officer (or any person serving in an equivalent position) was employed by the audit firm and participated in the issuer's audit in any capacity within 1 year of audit initiation.

XV.
Improper Influence on Audits.
Effective Date: SEC to propose rules within 90 days of enactment and to issue final rules within 270 days.

This provision of the Act makes it unlawful, under rules to be issued by the SEC, for an officer or director, or any person acting under the direction of an officer or director, to "fraudulently influence, coerce, manipulate or mislead" an auditor for the purpose of rendering the financial statements being audited materially misleading. The SEC is given sole civil enforcement authority to enforce this provision (i.e., no private cause of action is authorized).

In addition, the Act makes it a crime to destroy, alter or tamper records in any federal investigation.

XVI.
Officer and Director Bars.
Effective Date: Immediately upon enactment.

This provision lowers the standard governing judicial imposition of officer and director bars in SEC actions under Section 21(d)(2) of the Exchange Act and Section 20(e) of the Securities Act from "substantial unfitness" to mere "unfitness."

In addition, the Act gives increased power to the SEC by amending Section 21C of the Exchange Act and Section 8A of the Securities Act to add new provisions giving the SEC authority to bar, in an administrative cease and desist proceeding, an individual who has violated Section 10(b) of the Exchange Act or Section 17(a)(1) of the Securities Act (anti-fraud provisions), or rules or regulations thereunder, from acting as an officer or director of any public company if the person's conduct demonstrates unfitness to serve as an officer or director of a public company.

XVII.
Restrictions on Insider Transactions in Securities During Pension Fund Blackout Periods.
Effective Date: Immediately.

Directors and executive officers who acquire equity securities of a public company in connection with their service or employment as directors or executive officers are prohibited from purchasing or selling those securities during any non-regularly scheduled "blackout period" of more than three days during which the ability of not fewer than 50% of the participants under the registrant's retirement plans to trade in those securities is temporarily suspended by the registrant or plan fiduciary. Regularly scheduled blackout periods will be excluded. Any profit realized by a director or executive officer in violation of this provision shall inure to and be recoverable by the registrant, irrespective of any intention on the part of such director or officer in entering into the transaction.

The Act also amends the Employee Retirement Income Security Act of 1974 ("ERISA") to require plan administrators to notify plan participants and beneficiaries at least 30 days ahead of a blackout period (or as soon as reasonably possible, in cases where the blackout period is prompted by events that were unforeseeable or circumstances beyond the plan administrator's reasonable control) and inform them of the reasons for the blackout period, the expected duration of the blackout and a statement that the participant or beneficiary should evaluate the appropriateness of their current investment decisions in light of their inability to diversify their accounts during the blackout period.

XVIII.
Professional Conduct Rules for Attorneys.
Effective Date: SEC to issue final rules within 180 days.

The SEC will establish minimum standards of professional conduct for attorneys practicing before the SEC and/or in representation of public companies. The standards will include a requirement that attorneys report to the chief legal counsel or CEO of the registrant evidence of material violations of the securities laws, breaches of fiduciary duty, and similar violations by public companies or their agents. If the CEO or chief legal counsel fails to respond appropriately, the attorney is required to report to the audit committee or the entire board of directors.

XIX.
Statute of Limitations for Securities Fraud; Increased Penalties.
Effective Date: Applies to proceedings commenced on or after the date of enactment.

This provision amends 28 U.S.C. 1658 to extend the statute of limitations for private rights of action involving claims of fraud, deceit, manipulation or contrivance in contravention of a regulatory requirement concerning the securities laws, to the earlier of (i) 2 years after discovery of the facts constituting the violation or (ii) 5 years after such violation.

In addition, the Act provides for increased criminal penalties for mail fraud, wire fraud and ERISA violations and for violations of the Securities Exchange Act.

XX.
Whistleblower Protection.
Effective Date: Immediately upon enactment.

This provision amends Federal criminal law to prohibit public companies and their employees, contractors, subcontractors or other agents from discriminating in the terms and conditions of employment with respect to employees who provide information or assist in investigations of securities law violations by Federal regulatory or law enforcement agencies, Congress or registrant personnel with supervisory or investigatory authority, or who file, testify, participate in, or otherwise assist in proceedings (including private actions) filed or about to be filed involving alleged violations of the securities laws or SEC regulations or securities fraud.

In addition, the Act amends 18 U.S.C. § 1513 (retaliation against a witness, victim or informant) to provide for fines and imprisonment of up to 10 years for anyone who "knowingly, with the intent to retaliate," takes any action harmful to any person, including interference with the lawful employment or livelihood of any person, for providing to a law enforcement officer any truthful information relating to the commission or possible commission of any Federal offense.

XXI.
Creation of a Public Company Accounting Oversight Board.
Effective Date: The SEC must name the 5 Board members (who will serve staggered terms of 5 years each, and no more than two terms may be served by any member) within 90 days. The Board is expected to be functioning beginning within 270 days. Beginning 180 days thereafter, auditors will have to register with the Board in order to prepare audit reports in respect of a public company.

The Act creates a new oversight committee for the accounting industry named the Public Company Accounting Oversight Board. The SEC has oversight and enforcement authority over the Board. The Board will be an independent, non-profit corporate entity and not an agency or establishment of the U.S. Government. The purpose of the Accounting Oversight Board will be to oversee the audit of public companies subject to the securities laws, and related matters. The following duties are assigned to the Accounting Oversight Board:

• register public accounting firms that prepare audit reports for public companies;
• establish auditing, quality control, ethics, independence, and other standards relating to the preparation of audit reports for issuers;
• conduct inspections of registered public accounting firms (not less than annually for the large firms);
• conduct investigations and disciplinary proceedings concerning and, where justified, impose appropriate sanctions upon registered public accounting firms and associated persons of such firms;
• perform such other duties or functions as it or the SEC determines are necessary or appropriate to promote high professional standards among, and improve the quality of audit services offered by, registered public accounting firms and associated persons thereof, or otherwise to carry out the Act, in order to protect investors or to further the public interest;
• enforce compliance with the Act, the rules of the Accounting Oversight Board, professional standards, and the securities laws relating to the preparation and issuance of audit reports and the obligations and liabilities of accountants with respect thereto, by registered public accounting firms and associated persons thereof; and
• set its budget and manage its operations.

The Oversight Board will be supported by assessments levied against all public companies in proportion to their market capitalization.

Any person who has a question about this memorandum or its application to specific circumstances may obtain additional guidance by contacting this firm.