April 13, 2007
Where Regulators Fear to Tread, Litigators rush in!
The topic was Revised National Instrument 52-109 "Certification of Disclosure in Issuers' Annual and Interim Filings". Mr. Carchrae was an informed speaker who imparted a great deal of information. This was time well spent.
NI 52-109 was released for comment March 30, 2007. Mr. Carchrae emphasized the request for formal comments on NI 52-109.
Some interesting statistics were quoted by Carchrae regarding Canadian market size, listings, etc.
- of the approximately 3600 of companies listed on Canadian exchanges (TSX and TSX-V), 98% of the market cap is on the TSX and 2% is on the TSX-V
- 65% of the market cap on Canadian exchanges (240 on the TSX and 79 on the TSX-V) is dual listed on US exchanges.
While NI 52-109 has its origin in Sarbanes-Oxley s. 302 and s. 404, there are some major differences being proposed:
- No external auditor attestation required for internal control over financial reporting
- Issuers do not have to declare a framework for their evaluation
- Venture issuers can scope out potential areas that have "Reportable Deficiencies" (more on that later) that they believe cannot be resolved but must disclose this in MD&A.
Carchrae went on to say that the idea behind not requiring a framework was that the existing frameworks did not seem to work for smaller companies.
My experience is that when a framework is principles based and the existing frameworks ARE, ( COSO, Turnbull and COCO), it is pretty hard to accept the assertion that the frameworks are not scalable to smaller companies. Does that mean that smaller companies cannot figure out a principles based way to run their companies? Unrealistic in my book.
Carchrae indicated that the CSA wants it understood that the Board and Audit Committee are responsible for MD&A disclosures and transparency of internal controls. A new requirement under the proposal is that certifying officers must report to auditors,the board and audit committee if fraud has involved management personnel or others who have a significant role in the issuer's ICFR.
It was pointed out that the Foreign Corrupt Practices Act passed in the US in 1977 and amended in 1978 requires public companies listed on US exchanges to document internal controls. Carchrae made the point that there has been no such requirement in Canada. I guess the point was that if you are dual listed in the US, your company was supposed to have done this work already.
Ok, but we know how well that worked! That is why SOX was passed.
Proposed accommodations for Venture Issuers were discussed. Venture issuers would disclose that they cannot reasonably remediate a reportable deficiency but must disclose it in the MD&A.
Other points of discussion were around the scoping limitations for certain investments as well as companies purchased, IPO's & RTO'S within 90 days of fiscal year end.
"Reportable Deficiency" - hmmm. The idea here was that they did not want to use the baggage laden term "Material Weakness" from SOX. Hmmm. The thought was that there was so much bad press from the US that beginning with another unexplainable term would be better. Interesting.
Then there was the explanation that "reasonable person" was a legal term with its genesis on the English bus system. So the audience went stock still thinking Wow! We have to figure out what some guy who rides the bus in London would think of a Reportable Deficiency to understand if it is one. This sounds so much better than Material Weakness. Thank goodness we have our own term! Whew! Dodged that nasty SOX Material Weakness bullet.
The reality is that if something is as technical as financial reporting is, then no matter what you call it, everyone is going to have their own opinion. So there will be no more clarity on Reportable Deficiency than there is on Material Weakness. Further, since there is no audit standard, it makes this judgment even more variant between issuers.
An even more interesting piece of logic seems to surround the CSA's view of remediation of deficiencies: Since an issuer could choose to disclose a reportable deficiency in the operation of a control but chose not to correct it, the CSA believes that markets will punish the issuer for this in increased cost of capital etc. So are the markets going to get on the bus and investigate "Reportable Deficiency". Not a chance! But if this approach is taken, there is a good chance that litigators will see this as great territory to define a "Reportable Deficiency" in a very broad way.
Regulators have to control the definitions and implementation of regulations. If they do not, someone will and it may not be the best party for the role.
The CSA is holding focus groups to speak with smaller issuers to understand their concerns on this proposed legislation. This is a great idea. Up until now, there has been very little formal educational outreach from regulators to issuers. If you ask questions of issuers, you will get answers.
Carchrae indicated that the CSA is not trying to set a lower or higher standard than the US. Without auditor attestation, Canada has elected a lower standard.
Additionally, by allowing issuers to decide not to declare a framework there is no standard for that "reasonable person" to judge against. Additionally, the ability to not use a framework, according to Carchrae will require more disclosure about how judgments were made. So isn't this then a form of a framework (standard?).
The idea is for management to make judgements. I am all for this, but a judgement must be made with some sort of guidelines. Running businesses is done with standards and guidelines. For public companies and disclosures, this is the job of regulators.
You cannot have "Let the child emerge" regulations, a la the 1960's. We have regulations because companies are not exhibiting strong transparency in internal controls and disclosure controls. The verdict is in already.
See CSA 52-316 to see how many errors and omissions have been made on disclosure control reporting by issuers already. The CSA has made on comments for months about the errors by issuers on 52-109 forms. Let's hope that when this legislation is final, June 30, 2007, the errors will be back on the website. There needs to be some noise made to assure that issuers are listening and know that regulators are watching. We do not want litigators making the rules.
If your company has to comply with SOX 404 or NI 52-109, and wants to do it in a sensible and cost effective way, contact http://www.issuescentral.com/ for more information on Compliance Playbook® for companies based outside of Canada. For Canadian based companies, see http://www.compliancepartner.ca/ for more information on Compliance Partner™ from Thomson Carswell.
