November 22, 2004
COMMENTARY: The road to good governance | Why complying with Sarbanes-Oxley makes sense for companies that aren't required to do so
By David Carlisle & P. James Dowe
Chairman and president/CEO, respectively, Bangor Savings Bank
Our company has chosen to comply voluntarily with the strictures of the Sarbanes-Oxley Act and related accounting and corporate governance requirements, even though, by law, we aren't required to.
We'll explain why in a moment, but first some background: The Sarbanes-Oxley Act was passed by Congress in 2002 as a reaction to the massive corporate failures of Enron and WorldCom, failures caused by poor accounting and audit practices and internal controls. The problems were facilitated by inadequate oversight by the companies' outside auditors and boards of directors. Investors lost billions, and the public lost faith in companies and the stock market.
By its terms, Sarbanes-Oxley and related provisions apply only to publicly traded companies, those that are regulated by the Securities and Exchange Commission. The act is paralleled by many similar requirements imposed upon members of the self-regulatory listing exchanges, such as the Nasdaq and the New York Stock Exchange.
Bangor Savings Bank is a mutual bank; that means we have no stock and no shareholders. Instead, our board is ultimately accountable to a set of corporators who are representative of the bank's customers and depositors. Being a mutual bank allows us to remain independent, to take a long view rather than just look at quarter-over-quarter results, and to balance our goal of strong financial performance with our concern for our customers, our employees and the communities that we serve. It also means that we are not regulated by the SEC or any stock exchange.
A nearly constant complaint of business is concern about over-regulation and the various costs of regulatory compliance. Then why did we voluntarily choose to comply with the most sweeping new regulatory mandates to come down in recent memory?
In short, these requirements are basic and necessary. In addition, our decision is about aspiring to best practices and genuine excellence in corporate governance, as opposed to complying with minimum requirements. We are committed to take a leadership position to meet and exceed prevailing standards for corporate oversight.
The hallmark of banking is financial integrity, but financial integrity is produced by ˆ and is the twin of ˆ ethical integrity. Outstanding corporate governance has been a commitment of Bangor Savings Bank since its founding in 1852. And while we feel our company has always been led by an independent-minded board of trustees that set high standards for performance, accuracy, accountability and honesty, recent national corporate misdeeds and a heightened awareness called for a re-examination and a recommitment to best practices in this area. Sarbanes-Oxley provided us with the tool.
Roger Raber, president and CEO of the National Association of Corporate Directors and a recent speaker to Bangor Savings trustees, sums up the thrust of Sarbanes-Oxley this way: "For directors, the watchword is independence; for auditors, the watchword is accountability; for management, the watchword is transparency."
Going through the process
Without attempting to capture every detail of the Sarbanes-Oxley regulations and related listing requirements, here are a few highlights. The rules require a majority or super-majority of a board to be independent (i.e., they should be non-management directors who receive no financial benefit from the company other than directors fees). The audit committee must be entirely independent and must include a "financial expert." There must be a code of ethics for the chief executive, CFO and top finance and accounting staff. There must be a "whistleblower" provision enabling anonymous complaints to the audit committee about accounting or financial irregularities.
In addition, the regulations provide that the company's outside audit firm cannot provide consulting and other non-audit services that would create a conflict of interest. Audit partners must rotate every few years so as not to become complacent with the client. The scope of the audit and retention of the outside auditor must be determined by the board's independent audit committee, not by management. Certain key issues and exotic accounting practices must be disclosed to the audit committee and in a company's public filings. Top management must certify financial results and stand behind them, with liability for significant misstatements or omissions.
Our board has long recognized as essential safeguards much of what is now required by Sarbanes-Oxley for publicly traded companies. Our audit committee was already composed entirely of independent, outside trustees. Our audit committee included at least two individuals who met the criteria for a "financial expert." Our independent auditor was retained by and accountable to the board's audit committee, not to management. Our outside auditor is free of conflicts of interest. A strong code of ethics was in place for all employees; and our internal controls and auditing program were extensive. Our board met regularly in executive session without management present, to ensure that all issues could be raised candidly and vigorously. We also separated the chairman and CEO roles.
After thorough review of our current practices against Sarbanes-Oxley requirements, we adopted a policy position that we should voluntarily comply with Sarbanes-Oxley in every area practicable. (Some issues, such as various SEC reporting requirements, are inherently inapplicable to us as a non-stock company.)
In some cases, concern has been stated regarding the inconvenience, cost and expense of complying with the new regime. However, we felt many of the requirements are foundational issues. Our compliance efforts primarily have consisted of formalizing practices that already existed in our company: updating our board committees' charters, reconfirming the independence of our trustees, fine-tuning the scope and capacity of our internal audit program, committing ourselves to periodic self-assessment of our practices and policies in corporate governance and the like.
In other areas, we needed to make some changes. We expanded the scope of our nominating committee to include broader corporate governance issues; we made the entire membership of that committee and our human resources committee (responsible for CEO performance reviews and executive compensation) independent; we adopted corporate governance guidelines that made the policies and practices of our board more explicit; and we adopted a whistleblower policy and retained an outside hotline service to take anonymous complaints from employees.
For us, this is not about complying with new regulations; it's about assuring our account holders that the financial and ethical strength of the institution continues to be real and uncompromised. (We should note that historically banks, due to regulation by the FDIC and its state counterparts, are far more accustomed than any other business sector to satisfying a high degree of scrutiny and transparency as part of the regulatory examination process.)
Cost considerations
Our relatively easy adherence to the vast majority of the Sarbanes-Oxley requirements does not mean that full compliance would be easy or cost-free. Some new standards, particularly in the area of auditing of internal controls, reportedly have added significant cost for publicly traded companies. Specifically, section 404 of Sarbanes-Oxley requires public companies to engage in more complete documentation of internal control structures and procedures for financial reporting. The required documentation is extensive, and in a business of even moderate complexity ˆ let alone the financial services industry ˆ there are many operational and accounting procedures that are relevant to financial reporting. The external auditor, in turn, must sign off on management's assessment of internal controls, so the provision has caused audit fees to escalate as well.
At this stage, we believe that Section 404 compliance would create a lot of redundancy for our company. Based on a careful review and the input of our auditors and regulators, we determined that we will continue to comply instead with the FDIC's longstanding requirements for internal controls and rely on our robust internal audit program, using Section 404 as guidance to enhance our existing financial reporting process.
When all is said and done, outstanding corporate governance goes even beyond Sarbanes-Oxley. In a recent presentation we hosted for our trustees and community leaders titled "Board Leadership: Building the Public Trust in Our Communities," Roger Raber emphasized that good corporate governance must be about more than complying with requirements, even those as particular as Sarbanes-Oxley. Good governance is about commitment and culture.
Raber points out that technical independence is not enough; it is independent-mindedness that is really required. Directors must be engaged as opposed to passive, and must have integrity, as well as the courage, to ask tough questions of management. The same duties of loyalty and care that fiduciaries have always had continue to apply. Directors must have the expertise and devote the time necessary to fulfill these duties. They must hold themselves accountable through meaningful self-assessment, and have zero tolerance for conflicts of interest or for dominant or intimidating CEOs.
Some of these things are not easy to put into practice and capture, so we are constantly on the lookout for best practices in discussions with our auditors and attorneys, and by working with outside experts like Roger Raber. Continuing education of directors/trustees also plays a critical role. We track our trustees' participation in educational opportunities and strongly encourage them to take advantage of seminar opportunities offered by trade groups and regulatory agencies, as well as seek to weave in-depth review of pertinent topic areas into our board agenda several times per year.
We certainly aren't alone in complying voluntarily with expectations such as Sarbanes-Oxley. If an aspiration to excellence is not enough to motivate a company to internalize good corporate governance, then pragmatism might. Auditors, investors, business partners, perhaps lenders and the community at large are not going to differentiate between publicly traded Company X and the mutual or privately held Company Y. A rising tide of common expectation will apply to all companies, and the burden will be on a company to justify why its governance or auditing practices are out of step with these baseline expectations.
The discussion will not be limited to the for-profit world. Even many nonprofit entities will be well served by voluntarily embracing these requirements and cultural expectations in order to improve assurances to members, donors and partners, to better fulfill their missions and increase their sustainability.
Regulation alone cannot ensure integrity and transparency in corporate America. In Raber's words, "To build public trust, boards will need to go beyond their legislative and regulatory requirements. The challenges of today's board members are to commit themselves to be leaders demonstrating personal integrity, strict accountability and complete candor in fulfilling their important fiduciary responsibilities."
We agree.
Our company has chosen to comply voluntarily with the strictures of the Sarbanes-Oxley Act and related accounting and corporate governance requirements, even though, by law, we aren't required to.
We'll explain why in a moment, but first some background: The Sarbanes-Oxley Act was passed by Congress in 2002 as a reaction to the massive corporate failures of Enron and WorldCom, failures caused by poor accounting and audit practices and internal controls. The problems were facilitated by inadequate oversight by the companies' outside auditors and boards of directors. Investors lost billions, and the public lost faith in companies and the stock market.
By its terms, Sarbanes-Oxley and related provisions apply only to publicly traded companies, those that are regulated by the Securities and Exchange Commission. The act is paralleled by many similar requirements imposed upon members of the self-regulatory listing exchanges, such as the Nasdaq and the New York Stock Exchange.
Bangor Savings Bank is a mutual bank; that means we have no stock and no shareholders. Instead, our board is ultimately accountable to a set of corporators who are representative of the bank's customers and depositors. Being a mutual bank allows us to remain independent, to take a long view rather than just look at quarter-over-quarter results, and to balance our goal of strong financial performance with our concern for our customers, our employees and the communities that we serve. It also means that we are not regulated by the SEC or any stock exchange.
A nearly constant complaint of business is concern about over-regulation and the various costs of regulatory compliance. Then why did we voluntarily choose to comply with the most sweeping new regulatory mandates to come down in recent memory?
In short, these requirements are basic and necessary. In addition, our decision is about aspiring to best practices and genuine excellence in corporate governance, as opposed to complying with minimum requirements. We are committed to take a leadership position to meet and exceed prevailing standards for corporate oversight.
The hallmark of banking is financial integrity, but financial integrity is produced by ˆ and is the twin of ˆ ethical integrity. Outstanding corporate governance has been a commitment of Bangor Savings Bank since its founding in 1852. And while we feel our company has always been led by an independent-minded board of trustees that set high standards for performance, accuracy, accountability and honesty, recent national corporate misdeeds and a heightened awareness called for a re-examination and a recommitment to best practices in this area. Sarbanes-Oxley provided us with the tool.
Roger Raber, president and CEO of the National Association of Corporate Directors and a recent speaker to Bangor Savings trustees, sums up the thrust of Sarbanes-Oxley this way: "For directors, the watchword is independence; for auditors, the watchword is accountability; for management, the watchword is transparency."
Going through the process
Without attempting to capture every detail of the Sarbanes-Oxley regulations and related listing requirements, here are a few highlights. The rules require a majority or super-majority of a board to be independent (i.e., they should be non-management directors who receive no financial benefit from the company other than directors fees). The audit committee must be entirely independent and must include a "financial expert." There must be a code of ethics for the chief executive, CFO and top finance and accounting staff. There must be a "whistleblower" provision enabling anonymous complaints to the audit committee about accounting or financial irregularities.
In addition, the regulations provide that the company's outside audit firm cannot provide consulting and other non-audit services that would create a conflict of interest. Audit partners must rotate every few years so as not to become complacent with the client. The scope of the audit and retention of the outside auditor must be determined by the board's independent audit committee, not by management. Certain key issues and exotic accounting practices must be disclosed to the audit committee and in a company's public filings. Top management must certify financial results and stand behind them, with liability for significant misstatements or omissions.
Our board has long recognized as essential safeguards much of what is now required by Sarbanes-Oxley for publicly traded companies. Our audit committee was already composed entirely of independent, outside trustees. Our audit committee included at least two individuals who met the criteria for a "financial expert." Our independent auditor was retained by and accountable to the board's audit committee, not to management. Our outside auditor is free of conflicts of interest. A strong code of ethics was in place for all employees; and our internal controls and auditing program were extensive. Our board met regularly in executive session without management present, to ensure that all issues could be raised candidly and vigorously. We also separated the chairman and CEO roles.
After thorough review of our current practices against Sarbanes-Oxley requirements, we adopted a policy position that we should voluntarily comply with Sarbanes-Oxley in every area practicable. (Some issues, such as various SEC reporting requirements, are inherently inapplicable to us as a non-stock company.)
In some cases, concern has been stated regarding the inconvenience, cost and expense of complying with the new regime. However, we felt many of the requirements are foundational issues. Our compliance efforts primarily have consisted of formalizing practices that already existed in our company: updating our board committees' charters, reconfirming the independence of our trustees, fine-tuning the scope and capacity of our internal audit program, committing ourselves to periodic self-assessment of our practices and policies in corporate governance and the like.
In other areas, we needed to make some changes. We expanded the scope of our nominating committee to include broader corporate governance issues; we made the entire membership of that committee and our human resources committee (responsible for CEO performance reviews and executive compensation) independent; we adopted corporate governance guidelines that made the policies and practices of our board more explicit; and we adopted a whistleblower policy and retained an outside hotline service to take anonymous complaints from employees.
For us, this is not about complying with new regulations; it's about assuring our account holders that the financial and ethical strength of the institution continues to be real and uncompromised. (We should note that historically banks, due to regulation by the FDIC and its state counterparts, are far more accustomed than any other business sector to satisfying a high degree of scrutiny and transparency as part of the regulatory examination process.)
Cost considerations
Our relatively easy adherence to the vast majority of the Sarbanes-Oxley requirements does not mean that full compliance would be easy or cost-free. Some new standards, particularly in the area of auditing of internal controls, reportedly have added significant cost for publicly traded companies. Specifically, section 404 of Sarbanes-Oxley requires public companies to engage in more complete documentation of internal control structures and procedures for financial reporting. The required documentation is extensive, and in a business of even moderate complexity ˆ let alone the financial services industry ˆ there are many operational and accounting procedures that are relevant to financial reporting. The external auditor, in turn, must sign off on management's assessment of internal controls, so the provision has caused audit fees to escalate as well.
At this stage, we believe that Section 404 compliance would create a lot of redundancy for our company. Based on a careful review and the input of our auditors and regulators, we determined that we will continue to comply instead with the FDIC's longstanding requirements for internal controls and rely on our robust internal audit program, using Section 404 as guidance to enhance our existing financial reporting process.
When all is said and done, outstanding corporate governance goes even beyond Sarbanes-Oxley. In a recent presentation we hosted for our trustees and community leaders titled "Board Leadership: Building the Public Trust in Our Communities," Roger Raber emphasized that good corporate governance must be about more than complying with requirements, even those as particular as Sarbanes-Oxley. Good governance is about commitment and culture.
Raber points out that technical independence is not enough; it is independent-mindedness that is really required. Directors must be engaged as opposed to passive, and must have integrity, as well as the courage, to ask tough questions of management. The same duties of loyalty and care that fiduciaries have always had continue to apply. Directors must have the expertise and devote the time necessary to fulfill these duties. They must hold themselves accountable through meaningful self-assessment, and have zero tolerance for conflicts of interest or for dominant or intimidating CEOs.
Some of these things are not easy to put into practice and capture, so we are constantly on the lookout for best practices in discussions with our auditors and attorneys, and by working with outside experts like Roger Raber. Continuing education of directors/trustees also plays a critical role. We track our trustees' participation in educational opportunities and strongly encourage them to take advantage of seminar opportunities offered by trade groups and regulatory agencies, as well as seek to weave in-depth review of pertinent topic areas into our board agenda several times per year.
We certainly aren't alone in complying voluntarily with expectations such as Sarbanes-Oxley. If an aspiration to excellence is not enough to motivate a company to internalize good corporate governance, then pragmatism might. Auditors, investors, business partners, perhaps lenders and the community at large are not going to differentiate between publicly traded Company X and the mutual or privately held Company Y. A rising tide of common expectation will apply to all companies, and the burden will be on a company to justify why its governance or auditing practices are out of step with these baseline expectations.
The discussion will not be limited to the for-profit world. Even many nonprofit entities will be well served by voluntarily embracing these requirements and cultural expectations in order to improve assurances to members, donors and partners, to better fulfill their missions and increase their sustainability.
Regulation alone cannot ensure integrity and transparency in corporate America. In Raber's words, "To build public trust, boards will need to go beyond their legislative and regulatory requirements. The challenges of today's board members are to commit themselves to be leaders demonstrating personal integrity, strict accountability and complete candor in fulfilling their important fiduciary responsibilities."
We agree.
Most Recent
Most Recent
Comments