March 16, 2017

MBAF's Adam Ingles discusses the regulatory rollback of SOX 404 with the MIS Training Institute.

Less than two weeks after taking the oath of office, President Donald Trump set about fulfilling one of his more tangible and oft-repeated campaign promises: dismantling the Dodd-Frank Act, passed in 2010 in response to the banking failures that brought about the financial crisis a few years before.

On February 3, Trump signed an executive order urging regulatory agencies to review recent regulation, such as Dodd-Frank, and ensure that the rules align with a list of “core principles” that include fostering economic growth and enabling American companies to be competitive with foreign firms. Missing from that list of principles was achieving stability in the financial markets, which was the main intent of Dodd-Frank.

While the order was broad and vague and didn’t call for action on any specific laws, it has given rise to much speculation about how far the Trump Administration will go to roll back Dodd-Frank and, perhaps more importantly, how much regulatory reform the administration could realistically achieve with or without legislation that would likely still need at least some bipartisan support.

For internal auditors, the fate of efforts to gut Dodd-Frank or roll back regulation more generally has substantial significance, since providing assurance over regulatory compliance has been near the top of most internal audit plans in recent years, and many companies have struggled to keep up with the fast pace of regulatory change. Internal audit departments at financial services firms, in particular, would be wise to keep an eye on efforts to repeal certain provisions of Dodd-Frank, such as the Volker rule, since they could have a widespread impact on the industry.

Yet there is another potential outcome of the push for a more pro-business regulatory regime that could have a greater bearing on the work of internal auditors and even the internal audit profession itself. Along with calls to eliminate several Dodd-Frank rules, there has begun, in some circles, calls to re-examine provisions of the Sarbanes-Oxley Act, including Section 404: Management Assessment of Internal Controls, which forms the basis of a great deal of work by internal audit. On February 14, The Wall Street Journal weighed in on the debate with the headline: “Why Stop at Dodd-Frank? Some Want Trump’s Regulatory Overhaul to Go Further.” In the article, several executives called for a review of Section 404 and for Congress and regulatory agencies to explore ways to lighten Section 404’s burden on public companies, particularly smaller companies or newly public ones.

Revisiting SOX, Section 404

Adam Ingles, director and practice leader for the Regulatory Risk Solutions group at accounting and advisory firm MBAF, is among those who think Congress should review Section 404 of SOX and consider reforms to make it less expensive and easier to comply with. According to Ingles, the problem with SOX 404 is that it applied a solution for the misdeeds of a few very large companies to nearly all public companies, putting a disproportionate burden on them. “It was an overcorrection,” says Ingles. “How it’s been enforced by the Securities and Exchange Commission is one size fits all. That puts a huge cost on companies to be 404 compliant.”

Ingles says the SOX provision deters companies from going public, cutting off a source of capital and affecting job creation and the economy. “The cost of compliance is significant and the amount of time companies spend on it is massive. Some of that could be spent on looking at things that present a greater risk to the company,” he says.

The U.S. Chamber of Commerce, which has pushed for reform to Section 404 for years, is focusing more attention on lobbying for changes to Dodd-Frank provisions, but it’s not ruling out a renewed push for SOX 404 reforms. “We have always argued that the burden and cost of internal control regulations should be scalable,” says Tom Quaadman, executive director of the Chamber’s Center for Capital Markets Competitiveness. He says the Chamber isn’t looking for a repeal of 404, but instead a review with consideration of ways to make it less burdensome on small public companies. “The problem is the disproportionate burden on smaller companies,” says Quaadman.

The Financial CHOICE Act

Making changes to the 15-year-old Sarbanes-Oxley Act is likely to take legislation, say securities law experts. And while many are skeptical of the chances for a sweeping regulatory reform bill to pass in the Senate, where Republicans cling to a slim majority, smaller, more targeted reforms could be a possibility. Indeed, Congressional Republicans are readying a piece of legislation known as the Financial CHOICE Act that could contain proposed revisions to SOX 404.

The House Financial Services Committee passed a version of the CHOICE Act, championed by committee Chairman Jeb Hensarling (R-TX), last year and is expected to reintroduce the legislation in the coming weeks. Last year’s version of the CHOICE Act contained a provision that would relax SOX 404 requirements, and the new version is likely also to include the same provision. Currently, public companies with a market capitalization of less than $75 million are exempted from SOX 404. The CHOICE Act could raise that threshold to $250 million or even $500 million, depending on the final version of the Act.

The CHOICE Act could also provide newly public companies with a longer exemption period before they must meet the requirements of SOX 404. “There’s no doubt that SOX has effectively reduced the number of companies that have gone public,” says Ingles. “That has a ripple effect through the economy. This would give them more running room and ease that burden,” he says. While a provision of the JOBS Act, signed into law by President Barack Obama in 2012, gives some public companies as many as five years to comply with 404, the CHOICE Act could make it easier for companies to receive that exemption and may include a longer time frame. “The JOBS Act had some relief, but it was limited and narrowly drawn,” says Ingles. Future legislation could make it easier to receive the exemption, he says.

The Financial CHOICE Act contains several provisions that eliminate or amend elements of the Dodd-Frank Act. Included in the bill are proposals to:

  • Repeal the authority of the Financial Stability Oversight Council (FSOC) to designate non-bank financial companies as systematically important financial institutions (SIFIs).
  • Re-establish the Consumer Financial Protection Bureau as an independent agency outside of the Federal Reserve led by a bipartisan, five-member “Consumer Financial Opportunity Commission.”
  • Repeal of the Volcker Rule, which prohibits commercial banks from engaging in proprietary trading and other speculative investments on their own account.
  • Repeal of clawback provisions that allow companies to recoup executive compensation if it is later found that such pay was based on fraud or faulty accounting.
  • Require less frequent votes by shareholders on executive pay packages, known as “say on pay.”

Still, passage of the CHOICE Act will be difficult for a Congress that doesn’t seem willing to compromise on much. “It will probably pass in the house, but its prospects in the Senate are less favorable,” says Matthew Dyckman, a securities lawyer at Goodwin Procter. “I’m not optimistic.”

Kinder, Gentler Enforcement

Those looking to ease the burden of SOX 404 compliance are exploring other avenues beyond legislation, including pushing for a lighter touch on the enforcement side. The Chamber’s Quaadman says that a changing of the guard at the SEC and other agencies could bring changes to how the rules are enforced. “Some of these issues that are overly burdensome, the SEC can fix without Congress,” he says. Updates to rulemaking requirements, for example, or modernization of rules can be carried out with a majority of votes by the Commission, as long as they maintain the integrity of the original intent of the law.

According to Quaadman, some enforcement efforts have exceeded the original intent of Congress on some rulemaking in recent years. He cites SOX 404 as one area that enforcement bodies have possibly over-reached. Indeed, the Public Company Accounting Oversight Board has come down hard on public accounting firms during inspections, pushing them to scrutinize corporate attestations of internal controls. That effort has resulted, according to some observers, in extreme pressure from the external audit firms on companies to conduct more SOX work and has also resulted in higher fees. “The end result is more assurance work that maybe has less value to the company,” says Quaadman. “The pendulum has swung too far.”

Quaadman says that the Chamber has already facilitated a dialogue between the PCAOB and representatives of public companies and is making progress on the issue. Still, he says a change in the regulatory environment could enhance efforts.

A New Regulatory Environment

With new faces in top positions at most regulatory agencies hand-picked by Trump, it’s hard to imagine he won’t make progress on achieving some easing in corporate and securities regulation. And companies should expect a softening in the aggressive regulatory enforcement stance that characterized the Obama Administration. But that doesn’t mean opponents of a rollback in regulation, such as Senator Elizabeth Warren (D-MA), are going to stay on the sidelines during attempts to repeal provisions of Dodd-Frank and other regulation. Expect a long and hard battle over wholesale efforts to roll back corporate regulation.

While some organizations, including the Competitive Enterprise Institute, are calling for a broader review of Sarbanes-Oxley, reform efforts are unlikely to include more than increasing the threshold of smaller public companies to comply with Section 404 or to give newly public companies more time. “I’d be surprised if it goes beyond that,” says Dyckman. “There would be a lot of resistance to making bigger changes to it.” He adds that if Republicans really wanted consider other changes to SOX, they would have included them in earlier versions of the CHOICE Act.

That means any changes to SOX 404 are likely to be small and incremental. “After all, this is 15-year-old legislation. Nobody is expecting 404 to go away,” says Ingles. “The hope is that we can amend and improve it.” For internal auditors who make their living conducting SOX work, that’s likely to be welcome news.

Click here to read the article on MIS Training Institute.