Managing A CrossBorder Securities Compliance Program

1
Managing A Cross-Border Securities Compliance
Program

• Presented by
• PENNY GREENBacchus Corporate and Securities Law

2
Why Have a Corporate Compliance Policy?

• Satisfy obligations under the Sarbanes-Oxley Act
  of 2002
• Ensure compliance with securities and other laws
• avoid private litigation
• avoid criminal or civil prosecution
• Establish a culture of corporate responsibility
• Promote efficiency
• Maintain stock exchange listing or quotation

3
Why Have a Corporate Compliance PolicyContinued

• Corporate finance
• pass due diligence
• improved access to capital
• better shareholder relations
• Maintain good reputation of company, and its
  directors and officers
• Meet director obligations of good faith
• Avoidance of personal liability for directors
  under the business judgment rule

4
Multi-Jurisdictional Companies

• Challenges
• Greater regulatory scrutiny
• Greater exposure to civil and criminal liability
• Conflicting laws
• Possible inefficiencies of complying with more
  than one disclosure system or securities regime

5
Multi-Jurisdictional Companies

• Benefits
• Greater access to capital
• Choices of which laws to follow
• Ability to design efficient compliance systems to
  lower costs of accessing capital
• Equipped to respond to change in equity markets

6
US Sentencing Guidelines Section 8B2.1

• Section 8B2.1 of the US Sentencing Guidelines
  sets forth a compliance model derived from United
  States Federal law
• Section 8B2.1 sets forth the requirements for an
  effective compliance and ethics program

7
US Sentencing Guidelines

• 9 Factors Relevant to Prosecutorial Discretion
• 1) Nature and seriousness of offence
• 2) Pervasiveness of wrongdoing within the
  corporation
• 3) Corporations history of similar conduct
• 4) Corporations timely and voluntary disclosure
  of wrongdoing and its willingness to cooperate
• 5) Existing and adequacy of corporations
  pre-existing compliance program

8
US Sentencing GuidelinesContinued

• 6) Corporations remedial actions
• Including efforts to implement or improve a
  compliance program
• Discipline of wrongdoers, payment of restitution
• 7) Collateral consequences
• 8) Adequacy of prosecution of individuals
  responsible for the offence
• 9) Adequacy of remedies such as civil or
  regulatory enforcement actions

9
Elements of 8B2.1 Compliance Guidelines

• Periodic Risk Assessment
• Assignment of Accountability
• Policies, Manuals and Education
• Detection of Defects
• Addressing Detected Defects
• Self Evaluation

10
Sarbanes-Oxley Act of 2002

• Section 404 Management Assessment of Internal
  Controls
• Section 404 requires public companies' annual
  reports to include management's own assessment of
  internal control over financial reporting, and
  for accelerated filers an auditor's attestation.
• The report must affirm the responsibility of
  management for establishing and maintaining an
  adequate internal control structure and
  procedures for financial reporting.
• The report must contain an assessment, as of the
  end of the companys most recent fiscal year, of
  the effectiveness of the internal control
  structure and procedures of the issuer for
  financial reporting. To do this, managers are
  generally adopting an internal control framework
  such as that described in the COSO Guidelines.

11
Sarbanes-OxleyContinuedSection 404 Internal
Control compliance dates
12
Sarbanes-OxleyContinued

• Available Guidance for Section 404 Compliance
• The Public Company Accounting Oversight Board
  (PCAOB) approved Auditing Standard No. 5 for
  public accounting firms on July 25, 2007. This
  standard superseded Auditing Standard No. 2, the
  initial guidance provided in 2004.
• The SEC released interpretive guidance on June
  27, 2007 that is generally consistent with the
  PCAOB's guidance but intended for management.
• Both management and the external auditor are
  responsible for performing a top-down risk
  assessment, which requires management to base
  both the scope of its assessment and evidence
  gathered on risk. This gives management wider
  discretion in its assessment approach.

13
Sarbanes-OxleyContinued

• These two standards together require management
  to
• Assess both the design and operating
  effectiveness of selected internal controls
  related to significant accounts and relevant
  assertions, in the context of material
  misstatement risks
• Evaluate company-level (entity-level) controls,
  which correspond to the components of the COSO
  framework
• Perform a fraud risk assessment
• Evaluate controls designed to prevent or detect
  fraud, including management override of controls

14
Sarbanes-OxleyContinued

• Evaluate controls over the period-end financial
  reporting process
• Scale the assessment based on the size and
  complexity of the company
• Rely on management's work based on factors such
  as competency, objectivity and risk
• Conclude on the adequacy of internal control over
  financial reporting.

15
COSO Framework

• The Committee of Sponsoring Organizations of the
  Treadway Commission (COSO) internal control
  framework has been widely used by management and
  auditors to fulfill the requirements of Section
  404 for companies for which Section 404 is
  already effective.

16
COSO FrameworkContinued

• The COSO framework has been widely regarded as
  inappropriate or too costly for small business
  for a number of reasons including
• Its reliance on the presence of multiple levels
  of management
• Its requirement of complex transaction processing
  systems and protocols
• Its assumption of greater human resources and
  personnel with discreet duties

17
COSO FrameworkContinued

• In October, 2007 COSO published for comment new
  guidance on the use of its framework to address
  the needs of smaller businesses in fulfilling the
  requirements of Section 404.

18
COSO FrameworkContinued

• COSOs Small Business Framework
• The 20 fundamental COSO principles which
  constitute effective internal control over
  financial reporting are equally applicable to
  larger and smaller businesses.
• However, smaller companies may implement
  effective internal control in a different manner
  from large companies.
• Smaller companies' management tends to have a
  hands-on approach, wider spans of control and the
  ability to provide ongoing monitoring through
  direct relationships with key personnel,
  customers, vendors and capital providers that can
  allow for controls to be effective while being
  less formal.

19
COSO Framework5 Themes

• COSO identifies five themes for smaller
• businesses
• 1) Control Environment
• The control environment sets the tone for
  internal control. In a smaller company,
  management's actions and demonstrated commitment
  to effective governance and control are more
  transparent.

20
COSO Framework5 Themes

• 2) Risks
• Smaller companies should consider risks to
  reliable financial reporting and identify
  controls required to mitigate risks related to
  financial statement assertions and account
  balances, rather than focusing on mandating
  specific controls.

21
COSO Framework5 Themes

• 3) Control Activities
• Even in smaller companies, control activities
  require a minimal level of formalization so that
  everyone understands their responsibilities, how
  the controls operate and the importance of the
  control process.

22
COSO Framework5 Themes

• 4) Information Technology
• Smaller businesses can use information
  technology to promote more effective control.

23
COSO Framework5 Themes

• 5) Monitoring
• For smaller companies, monitoring may be
  ongoing, and executives who have direct and
  explicit knowledge of the activities of the
  business can monitor the effectiveness of
  internal control.

24
COSO FrameworkContinued

• Cost-Effective Solutions for Smaller Businesses.
• The COSO Guidelines suggests that smaller
  companies can reduce the costs of internal
  controls by implementing certain cost saving
  measures
• Risk-Based Approach. Build controls into the
  corporate culture and focus the internal control
  process on areas that represent a significant
  threat to financial reporting.
• Use Software Tools. Use accounting software and
  other information technology to implement
  consistent controls and enhance segregation of
  duties.
• Leverage Management's Knowledge. With its
  knowledge of the Company, management can provide
  effective monitoring of the financial reporting
  process

25
COSO FrameworkContinued

• Outsource. It may also be cost-effective to
  outsource some monitoring or internal audit
  duties.
• View Controls as a Whole Within Risk Framework.
  Organize the evaluation organically around
  principles and view internal control as a whole
  within a risk framework and not as separate
  components.
• Organize Evaluation Systemically Around
  Principles. Use Exhibit 1.1 to the Coso Guidance
  as a checklist of principles to consider in
  developing effective internal control over
  financial reporting.

26
Steps to Design a Compliance Program

• Assess which jurisdictions apply
• Get appropriate securities legal counsel in each
  Jurisdiction
• Assemble a team to design the program
• Chief Financial Officer, General Counsel, Outside
  Counsel, Controller, Treasurer, Director of
  Shareholder Relations, Director of Corporate
  Finance
• Establish a team lead and a timeline
• Determine goals of the program
• Review current policies and determine weaknesses
• Design and launch program

27
Goals of a Cross-Border Securities Compliance
Program

• Educate the necessary people on what needs to be
  done
• Implement a system where routine matters
  involving securities laws and periodic reporting
  are dealt with in an effective and timely manner
• Establish a warning system ensuring that
  appropriate persons are notified or consulted
  with in non-routine securities matters

28
Goals of a Cross-Border Securities Compliance
ProgramContinued

• Facilitating early and timely consultation with
  securities counsel on potential securities issues
  
• Ensuring all relevant jurisdictions are
  identified and applicable laws are complied with
• Facilitating compliance with certification
  requirements under the Sarbanes-Oxley Act of 2002

29
Elements of a Cross-Border Securities Compliance
Program

• Implement policies, manuals and education
• Assignment of accountability
• Policy for routine compliance
• Warning system
• Communication with counsel in all applicable
  jurisdictions
• Questionnaires
• Centralized record keeping
• Document retention and destruction policy

30
Elements of a Cross-Border Securities Compliance
ProgramContinued

• Policies and Charters that consider multiple
  securities regimes
• Insider Trading Policy
• Code of Ethics
• Audit Committee Charter
• Compensation Committee Charter
• Corporate Governance Committee Charter
• Disclosure Committee Charter
• Investor Relations Disclosure Policy
• Regular Evaluation

31
Elements of Education

• Written materials
• Letters to directors and executive officers
  summarizing securities law obligations
• Memos to employees
• Charters and policies for Board and Committees of
  the Board
• Distribution of corporate policies such as
  Insider Trading Policy and Code of Ethics

32
Elements of EducationContinued

• Identify educational needs for
• Board of Directors
• Senior Officers
• General Counsel
• All person involved in preparation of periodic
  financial reports (i.e. accounting and tax
  personnel)
• Corporate finance personnel
• Shareholder relations departments or consultants
• Business unit managers
• Support staff

33
Elements of EducationContinued

• New hire orientation
• Seminars and meetings
• Consider special educational needs in mergers and
  acquisitions
• Questionnaires also have an educational purpose
• Access to counsel

34
Elements of Investor Relations Disclosure Policy

• Disclosure policy committee
• Authorized spokesperson
• Review of analyst reports
• Response to market rumours
• Making projections or earnings estimates

35
CONTACT

• SUITE 1820 CATHEDRAL PLACE 925 WEST GEORGIA
  STREET VANCOUVER, BRITISH COLUMBIA V6C 3L2
  TELEPHONE 604.632.1700 FACSIMILE 604.632.1730
• WWW.BACCHUSCORPLAW.COM
• PENNY GREEEN
• Direct 604.632.1280
• pgreen_at_bacchuscorplaw.com