Sunday, December 18, 2005

Small-Cap SOX 404 Exemption Issues

I have been done a bit of research, and it appears that nowhere in SOX is there permissive authority for the SEC, through the PCAOB, to exempt small-caps, on that basis (is 150mm "small"? is 181mm "big") from 404 reporting (or compliance) requirements. As it relates to audit committees, for example, Sox §2(a)(3)(A) and §2(a)(3)(B) seem to severely restrict the SEC's ability to exempt reporting requirements except in the case of ministerial persons, etc. Notably, the exemption contained in §405 relates only Investment Companies subject to the Investment Company Act of 1940. The language states that, in the case of audit committees, "The Board, may, by rule, exempt persons engaged only in ministerial tasks from the definition in subparagraph (A), to the extent that the Board determines that any such exemption is consistent with the purposes of this Act, the public interest, or the protection of investors."

The recent recommendation of the staff to the Commission is that small-caps be exempt from 404 reporting requirements. Well, it seems that the interests of investors of small caps are either not really important and that exempting small-caps is consistent with the purposes of the SOX, the public interest, or the protection of investors.

Hmm. I see, said the blind man to the deaf man. And how many shareholder derivative suits for breaches of fiduciary duties in these "small-cap" companies are based upon fraudulent financial misrepresentations that would have as their bases defects in, or a lack of internal controls? Are small-cap shareholder's less deserving of transparency and proper internal controls than those of a large-cap? So, a mere million in capitalization keeps you opaque. How utterly rational. The dollars an investor loses from fraud in a small-cap impose equal monetary damage as an equivalent amount those dollar losses from a large-cap fraud. Even Alan Greenspan would agree with that.

15 USCA §78m (6) also appears to impose the following limitation on the SEC's exemption power reporting companies:

"6) The Commission may, by rule or order, exempt, in whole or in part, any person or class of persons from any or all of the reporting requirements of this subsection as it deems necessary or appropriate in the public interest or for the protection of investors."

If this is, as I believe, applicable to SOX 404 reporting requirements, and if the SEC chooses to so exempt small-caps pursuant to this "authority," I wonder whether a well-placed lawsuit seeking to enjoin the exemption as exceeding the statutory authority might be brought on behalf of those oh-so-well-protected small-cap investors.
Voting Machines - What's Old is New Again

It should really come as no surprise that electronic voting machines can be "hacked," but the interesting point here is that there are alleged hacks carried out by, you guessed it, those who are purportedly neutral and in control of those machines.

For those of you who take comfort in "auditable" paper printout electronic voting machines, be assured they are not. Here's a cautionary note: One can program a voting machine to

1. Appear to record a vote for "A" to a voter on a monitor screen
2. Actually record a vote for "B" for election purposes
3. Print out a vote for "A" for voter "comfort"
4. Revert to a vote "A" as the vote sent to the election authority, for audit purposes.

Sounds comforting, doesn't it?

In pertinent part from the AP via the Sarasota Herald Tribune:

TALLAHASSEE -- Gov. Jeb Bush said the state should review the way it tests electronic voting machines after a local elections official said the devices could be hacked to change race outcomes.Bush's remarks Friday come after the acting secretary of state, David Mann, said he was confident in the process of certifying voting machines. Mann said he was "concerned" only that Leon County Elections Supervisor Ion Sancho might have given an outsider access to computer codes for a test of the Diebold optical-scan machines.Sancho sent state elections officials a letter Friday requesting they do "further investigation" of Diebold Election Systems' Accuvote 2000. Sancho said his internal tests showed the optical-scan machine's memory card produces false results when hacked by elections office insiders.