SOX and investor over-confidence

Yesterday I pointed to a post about a survey showing that executives still thought that SOX was burdensome yet had done nothing to improve ethical standards. Dealbreaker’s John Carney points to the same survey, and adds that it indicates executives nevertheless thought SOX had improved investor confidence. Carney says:

if the executives are right, this means investors have been lulled into a false sense of confidence by the law. We've said before that the ideology of Investor Confidence is dangerous: it can lead to policies intended to instill an unwarranted confidence in the stock market. This divergence between effect on ethics and effect on confidence is good reminder that you can't spell "Investor Confidence" with a "con." Who says you can't put lipstick on a pig?

I made a similar observation six years ago in my initial article about SOX (SSRN version).  In the final version, (28 J. Corp. L. at 31-32) I point out that (footnotes omitted)

even if lack of confidence is keeping investors out of the market, it is not clear that regulation should bring them back in unless it actually justifies greater confidence. The Sarbanes-Oxley Act may justify little confidence because it makes only incremental changes in prior law. Corporate frauds arguably were facilitated because there was too much investor confidence, as indicated by investors’ willingness to ignore what the market knew about questionable accounting and to not question firms’ extravagant claims about unproven business plans. Overselling regulation might perpetuate this misjudgment and mislead investors back into the same complacency that contributed to the recent frauds.

Have CEOs adjusted to SOX?

Uh, no. 

Is SOX unconstitutional?

According to Ted Frank, at yesterday’s oral argument on Free Enterprise Fund v. PCAOB, which challenges the constitutionality of the PCAOB, “[a] panel of Judges Brett Kavanaugh, Judith Rogers, and Janice Rogers Brown expressed substantial skepticism to the PCAOB's position." Dow Jones’ Judith Burns also writes that “[t]he legality of a private oversight body charged by Congress to inspect and discipline public-company accountants came under sharp questioning Tuesday from one of the judges on a three-judge panel of the U.S. Court of Appeals for the D.C. Circuit."

Here’s some background on the suit, and Donna Nagy’s extensive discussion of the legal issues regarding the PCAOB.

So this suit, which has been lambasted by the pro-SOX crowd, and which is being ignored by the mainstream media, may actually have some legs. And if the PCAOB goes down, so does all of SOX. Congress was too busy falling over itself to adopt this misguided law to insert a severability clause.

I'd love to see Congress have to face the issue in an election year of whether to re-adopt SOX.

Lessons from Bear on SOX

Is there potential SOX internal controls liability for Bear executives? If not, and melt-downs like this can happen after SOX (worth $80+/share one day, $2 the next), then what was it, exactly, that SOX did for us? Could it be that SOX didn't eliminate risk after all?

And Tom Kirkendall sees shades of Enron here. When you're a trust-based business and the trust is gone, your value can evaporate mighty quickly. Skilling pointed out that that's exactly what happened at Enron. Tom K notes that it would have happened at AIG had that company not cut a deal with Big E. Tom says, "such loss is simply one of the risks of investing in a company based on a trust-based business model." Does this mean that Enron was all about inherent risk in the market, and not about fraud?

So two possible lessons from Bear: We didn't need SOX, and it didn't do any good.

Going dark and the defense of SOX

Steve Davidoff, the NYT's Deal Professor, presents yet another defense of SOX against the mounting evidence of its negative effects on US markets. The article's hook is an anecdote about Syms' attempt to "go dark" – that is, deregister from the Securities Exchange Act of 1934 and then trade without having to comply with SOX. (As Davidoff points out, firms can fall under the minimum number of record holders to have to register while still having a significant number of actual shareholders whose shares are held by nominees.)

Syms said its reason for deregistering was to avoid the costs of complying with SOX, estimating "direct recurring annual savings will exceed $750,000."  However, a group of shareholders protested that this action would harm shareholders.  Davidoff says:

Behind their words was an unexpressed fear that the Syms family, which controls 58 percent of the company, would either take the company private without the protections of the federal securities laws or otherwise use the absence of federal disclosure requirements to reap their own private advantages taken from the company. The stock price of Syms plummeted more than 40 percent in the wake of this action. Last week Syms relented and reregistered Syms’ shares listing them on the Nasdaq. On that day the shares rose more than 11 percent.

The story is a boon to those who see value in the obligations and protections imposed by the federal securities laws and Sarbanes-Oxley in particular.

I would draw very different lessons.  To begin with, Henry Butler and I, in our Sarbanes-Oxley Debacle, while acknowledging the harm to shareholders from "going dark," note that this harm is to some extent exacerbated by SOX rather than evidence of the need for SOX. As we explain:

[T]here is . . . evidence that firms that go dark have characteristics such as lower accounting quality and more free cash, indicating greater likelihood of insider misconduct. In other words, they may have perverse reasons for wanting to avoid disclosure. Even before SOX, insiders could try to avoid disclosure obligations by going private and dark. But SOX’s higher disclosure costs now give them a legitimate explanation. Even if this is the real explanation, SOX would be indirectly causing a loss of securities law protection for precisely those shareholders who need it most.

Moreover, the Syms anecdote indicates that shareholders are not powerless to protect themselves against this loss of protection. This supports arguments by Butler and me and other SOX critics that SOX should be made optional. Shareholders should be given a meaningful choice, rather than being forced to swallow SOX's extra costs just because the firm happens to meet a particular threshold for trading – the rule that gives rise to perverse scenarios like Syms.

Davidoff cites other evidence that supposedly casts doubt on the adverse effects of SOX on US markets. But this evidence is ambiguous, and he omits persuasive counter-evidence, particularly including Kate Litvak's careful studies of SOX effects on cross-listed firms. For example, in a recent study of SOX's long-term effects on cross-listing firms, Litvak shows:

Using monthly data on cross-listing premia between 1990 and 2006, and controlling for a variety of firm- and country-level characteristics, I find that premia for firms cross-listed on levels 2 or 3 (and therefore subject to SOX) declined in the year of SOX adoption and remained significantly below their pre-SOX level thereafter (second difference). I also find that firms listed on level 2 or 3 (subject to SOX) experienced stronger after-SOX declines in premia than firms listed on levels 1 or 4 (not subject to SOX) (third difference).

To be sure, the evidence of SOX's negative effects on US markets is not conclusive. But the evidence is mighty convincing, particularly in lining up with the powerful theoretical arguments against SOX. SOX's defenders need to present the full picture, and to understand the implications of their anecdotes.

Litigation and internal controls

The SEC has been asserting for years that all it takes to reduce SOX internal controls costs is to tweak auditing standards or issue guidances. The latest effort, AS 5, was supposed to make a big difference. Except that it didn't:

According to a Compliance Week survey of 280 public companies, most companies have managed to reduce their “key controls” that must be documented and tested under Section 404 of Sarbanes-Oxley—some by a considerable amount. But a large majority don’t expect significant reductions in the future, even with the new risk-based approach to auditing espoused by Auditing Standard No. 5. More than half of respondents said they expect to reduce their key controls by no more than 10 percent, and another one-fourth anticipate a drop of only 10 to 20 percent. In total, the results suggest that more than 80 percent of companies expect no better than a 20 percent reduction in their key controls.

HT Sox First.

No news to me, because I've been saying for years that it's not about the standards under SOX, it's about the liability if the auditors get it wrong. Here, for example, is a post from almost three years ago in response to a pre-AS 5 SEC admonition that the auditors should just be more reasonable:

[T]he accountants get nailed for Type 2 error if being “reasonable” means that that they let a risk get unaddressed that turns out, in hindsight, to have been serious. Needless to say, the accountants will ignore the SEC’s admonition, particularly since they get paid for being strict, and nailed if they’re not. The reporting firms, who are stuck in the middle, pay the real costs. In other words, it's not about the precise standards, it's about the liability.

What we have to do is fix the liability or fix the basic terms of SOX 404. Alas, not much chance of either happening anytime soon.

Small firms get more time on internal controls

The SEC has proposed that small firms won’t have to comply with auditor attestation on internal controls under SOX 404(b) until fiscal years beginning after December 15, 2009.

SoxFirst suggests that the delay may be forever, because in the meantime the SEC is going to do an elaborate cost-benefit analysis of the application of 404 to small companies. Specifically, the SEC says its study will

consist of two main parts: 1) a Web-based survey of companies that are subject to Section 404; and 2) in-depth interviews including companies that are just now becoming compliant. The dual approach will enable the Commission to gather data from a large cross-section of companies and analyze more detailed information about what drives costs and where companies and investors derive the benefits. The SEC's Office of Economic Analysis will lead the cost-benefit study with assistance from the Office of the Chief Accountant and Division of Corporation Finance.

Recognizing that much of the key financial data will not be available to companies until March or April at the earliest, Commission staff expects to complete the study by late summer or early fall.

This is interesting, because Cox seemingly had ruled out exempting small firms. I have doubts about limiting a SOX fix to small firms, but that would seem to be the best we’re going to get at this point.

How about another bubble law?

In February 1720, the South Sea Bubble was touched off when the South Sea Company proposed to assume all national debt not held by the Bank of England or the East India Company and debtholders traded debt for stock. This was supposed to produce money for nothing.

The speculative aftermath led to the passage on June 11, 1720 of the Bubble Act, which restricted corporate-type ventures, and bounded the development of British corporate law for the next century. See Ribstein, Bubble Laws, 40 Houston L. Rev. 77 (2003).

In the fall of 1929, after economist Irving Fisher said that “[s]tock prices have reached what looks like a permanently high plateau,” the market nevertheless crashed. In the aftermath, it was discovered that newly popular animals called investment trusts, promoted by among others a firm known as Goldman, Sachs, did not actually produce money for nothing as investors thought. JK Galbraith (The Great Crash, 50th anniversary ed. 1979), 60-65 describes one such trust:

The initial issue of stock in the Trading Corporation was a million shares, all of which was bought by Goldman, Sachs andCompany at $100 a share for a total of $100,000,000. * * * In the two months after its formation, the new company sold some more stock to the public, and on February 21 it merged with another investment trust, the Financial and Industrial Securities Corporation. The assets of the resulting company were valued at $235 million, reflecting a gain of well over 100 per cent in under three months. By February 2, roughly three weeks before the merger, the stock for which the original investors had paid $104 was selling for $136.50. Five days later, on February 7, it reached $222.50. At this latter figure it had a value approximately twice that of the current total worth of the securities, cash, and other assets owned by the Trading Corporation.

In the aftermath we got the first dose of extensive U.S. federal securities regulation, intended to prevent future crashes through “truth in securities.”

In the fall of 2001, a company called Enron crashed.  Enron presented a façade in the form of a network of complex special purpose entities. Here’s a piece of that story, from Ribstein, Market v. Regulatory Responses to Corporate Fraud, 28 J. Corp. L. 1, 5 (2002) (footnotes omitted) (online version)

In May 2000, Enron began establishing the Raptor entities, purportedly to hedge against declines in Enron investments. The "hedge" consisted of a put pursuant to which Enron could sell its stock back to the Raptor if it declined. Thus, the "hedge" was really a bet that securities markets would keep running up Enron's stock price despite its losing investments in the SPEs. Enron was not hedged but was really speculating on derivatives, including the put on its own stock.

In other words, money for nothing.

In the wake of Enron we got the Sarbanes-Oxley Act, which was supposed to provide a bulwark against future such speculative frenzies. Right after that Act was passed, I observed (id. at 32-33):

[I]t is not clear how much difference the Sarbanes-Oxley requirements concerning disclosure of off- balance-sheet transactions, pro forma earnings, and material changes in financial condition will make in preventing future fraud. * * * In any event, these provisions deal with yesterday's problem. Recent events have cast so much light on these specific matters that additional wattage is unlikely to make any difference in these particular areas. The next great fraud probably will occur elsewhere.

In 2007, five years after the passage of SOX, several Wall Street firms, including Merrill Lynch, got heavily into mortgage-backed securities, including a security called Norma put together by a former penny stock dealer. Here’s a snippet from a helpful summary of these securities in today’s WSJ:

Rather than diversifying their investments, they bet heavily on securities that had one thing in common: They were among the most vulnerable to a rise in defaults on so-called subprime mortgage loans, typically made to borrowers with poor or patchy credit histories. While this boosted returns, it also increased the chances that losses would hit investors severely.

It's not clear whether this was a fraud, because the problems were so obvious: you can't get money for nothing. Unfortunately, for a time, the entire market seems to have believed otherwise. 

Anybody for more regulation?

SOX and the Google CFO search

A couple of weeks ago I noted, via Dealbreaker, that the legal risks from signing off on controls might explain why it was taking so long for Citi to find a new CEO. Now comes news from Forbes.com that a considerably less troubled firm, Google, is taking longer than  it expected to fill the CFO slot vacated in August.

Now why should that be? After all, you get to work with brilliant people, in a company that’s rapidly taking over the world. Forbes says “[i]ndustry experts offer a few clues.” But here are some hints, many from the Forbes story:

• A corporate culture that encourages "experimentation and risk-taking and shrugs at long-term planning."
• Top managers that are entrenched by dual-class stock and make all major decisions.
• The inability to control risks "at a place that's growing like a weed. . . in a spirited, and indulgent, environment." The story quotes a CFO as saying: "CFOs are supposed to say, 'Damn it, you have to follow the rules.' The CFO takes away the punch bowl."
• "The financial incentives for joining Google in 2008 with its stock price in the stratosphere are less compelling than during its pre-IPO period when Reyes [the exiting CFO] joined.” So it's all risk and no reward.

Some might say that this indicates that SOX is working. The CFO job is a sensitive one and should carry legal risk.

However, a company like Google is likely to be able to recruit somebody at the top of his game. There’s no reason to assume such a person would deliberately compromise his reputation and risk liability in order to let the chief executives take all the candy. The problem under SOX is that a CFO has to worry about what he doesn’t know – that’s what Butler and I have called SOX’s “litigation time bomb.”

It’s reasonable to speculate that Google might have to settle for somebody with fewer high-level opportunities and career prospects than would have been the case in the pre-SOX days. If so, that obviously doesn’t help shareholders.

Of course I realize that just by saying this I’m encouraging disrespect for the law.

Who's responsible for corporate crime?

I am! Here’s Renee Jones:

The link between legitimacy and law compliance raises questions as to what, if any, responsibility corporate scholars bear for the degree of disrespect for corporate regulation that seems to have persisted in Sarbanes-Oxley's wake. Robert Prentice and Jay Brown, among others, have pointed out the corroding effects that academic attacks on Sarbanes-Oxley as "quack corporate governance" or a "debacle" [?] may have on the general level of respect for corporate laws. These vehement academic attacks when taken to their logical extreme help make the scene from oPtion$, in which Senator Sarbanes and Representative Oxley are burned in effigy, appear to be a legitimate political protest.