Securities Regulations

This article focuses on specific regulations that have been passed in the United States in reference to securities issues. Prior to the Wall Street Crash of 1929, there were minimum regulations of securities in the United States at the federal level. Eight specific regulations are discussed, with special emphasis on the Sarbanes Oxley Act. There will be an exploration of how risk assessment may assist organizations with making sure that regulations are followed. Many organizations are beginning to add risk assessment to their compliance and ethics programs.

Keywords Committee of Sponsoring Organizations (COSO); Dodd Frank Act; Enterprise Risk Management; Internal Auditing; Regulation Fair Disclosure; Risk Assessment; Sarbanes Oxley Act; Securities and Exchange Commission; Securities Regulation; Self Regulatory Organizations; Whistleblowers

Law > Securities Regulations

Overview

Securities Act of 1933

Prior to the Wall Street Crash of 1929, there were minimum regulations of securities in the United States at the federal level. However, as a result of the Crash, Congress held hearings to investigate why the situation occurred. After finding abuses, Congress passed the Securities Act of 1933. The purpose of the Act was to regulate the interstate sales of securities and make it illegal to sell securities into a state without complying with state laws. The two basic objectives were to:

  • Require that investors receive significant information concerning securities being offered for public sale.
  • Prohibit deceit, misrepresentation, and other fraud in the sales of securities.

Securities & Exchange Commission

In addition, the law required organizations to file a registration statement with the Securities and Exchange Commission if they wanted to sell securities publicly. The registration statement was designed to provide information about the organization and made sure that the information was on file as a public record. The information required on the form included:

  • A description of the issuer's properties and business;
  • A description of the security to be offered for sale;
  • Information about the management of the issuer:
  • If not registering common stock, information about the securities; and
  • Financial Statements certified by independent accountants.

However, it should be noted that the Securities and Exchange Commission does not provide approval for the statement. Rather, it is responsible for validating the statement if the organization has provided sufficient details, especially information about potential risk factors. Once the statement becomes effective, the organization can began to sell the stocks. The stocks tend to be sold via investment bankers.

It should also be noted that not all offerings have to be registered with the Securities and Exchange Commission. Some of the exceptions from the registration requirement include:

  • Private offerings to a limited number of persons or institutions.
  • Offerings of limited size.
  • Intrastate offerings.
  • Rule 144.
  • Securities of municipal, state and federal governments.

Additional Securities Regulations

Other pertinent securities regulations passed in the United States include:

  • Regulation Fair Disclosure (Reg FD): A regulation that requires publicly traded companies to disclose information to all investors at the same time. The purpose of this regulation is to create an environment where all investors have the same information and to reduce the problem of selective disclosure.
  • The Securities Exchange Act of 1934: An act responsible for regulating the secondary market trading of securities. After the introduction of the Act, it only applied to stock exchanges and their listed companies. However, in the late 1930s, the Act was amended to include regulation of trades between individuals when no stock exchange was involved. The Act also regulates broker-dealers without a status for trading securities. A telecommunications infrastructure was developed for those trades that do not require a physical location.

Today, a digital information network is used to connect the brokers. This system is called the National Association of Securities Dealers Automated Quotation System (NASDAQ). The Act of 1934 regulates NASDAQ through relations that apply to the association and by requiring that it have an independent organization overseeing it (i.e. self-regulatory organization). The self-regulatory organization for NASDAQ is the National Association of Securities Dealers (NASD). There was an amendment in 1964, which extended the change in the late 1930s to include the regulation of companies trading in the over-the-counter market.

  • The Public Utility Holding Company Act of 1935: A law passed by Congress, which facilitated regulation of electric utilities by limiting their operations to a single state, which made them subject to state regulations and/or forcing divestitures so that each became a single integrated system servicing a limited geographic area. In addition, the Act was designed to keep utility holding companies involved in regulated businesses from engaging in unregulated businesses. Therefore, the Securities and Exchange Commission would have to approve a holding company's activities in non-utility business prior to their engaging. This requirement was to ensure that the holding companies kept regulated and unregulated businesses separate.
  • The Trust Indenture Act of 1939: A law passed in 1939 that prohibits bond issues valued at over $5 million from being offered for sale without a formal written agreement (an indenture), signed by both the bond issuer and the bondholder, that fully discloses the particulars of the bond issue. The act also requires that a trustee be appointed for all bond issues, so that the rights of bondholders are not compromised. The Trust Indenture Act of 1939 was passed for the protection of bond investors. In the event that a bond issuer becomes insolvent, the appointed trustee may be given the right to seize the bond issuer's assets and sell them in order to recoup the bondholders' investments (Investopedia, n.d.).
  • The Investment Company Act of 1940: Investment companies were still new in 1940. Given the problems that happened in the late 1920s and the passage of the initial Acts in the early 1930s, Congress felt compelled to pass an Act that would provide investors confidence in these new companies as well as protect the public interest from this type of security. As a result of these concerns, the Investment Company Act of 1940 was passed. The Act established separate standards for investment companies as well as defined and regulated investment vehicles, including mutual funds. However, certain investments (i.e. hedge funds) were exempted.

The Act categorized the investment companies into three different classifications:

Face-amount Certificate Company: An investment company in the business of issuing face-amount certificates of the installment type.

Unit Investment Trust: An investment company, which, organized under a trust indenture, contract of custodianship or agency, or similar instrument, does not have a board of directors, and issues only redeemable securities, each of which represents an undivided interest in a unit of specified securities, but does not include voting trust.

Management Company: Any investment company other than a face-amount certificate company or a unit investment trust. The most well-known type of management company is the mutual fund.

  • The Investment Advisers Act of 1940: A federal law that was implemented in order to regulate the actions of investment advisors.
  • The Securities Investor Protection Act of 1970: A federal law created as a special scheme for the liquidation of insolvent securities' brokerage firms and established the Securities Investor Protection Corporation (SIPC) to administer a fund to protect customers of failed brokers. The primary purpose of the Act is to reimburse customers for losses due to broker failures and to boost public confidence in securities markets (Joo, 1999).

If a customer has cash and securities missing from their customer accounts, he/she may be eligible for SIPC assistance. However, SIPC's fund cannot be used to pay claims of any failed brokerage firm customer who is also a general partner, officer, or director of the firm; the beneficial owner of five percent or more of any class of equity security of the firm (other than certain nonconvertible preferred stocks); a limited partner with a participation of five percent or more in the net assets or net profits of the firm; someone with the power to exercise a controlling influence over the management or policies of the firm; and/or a broker, dealer or bank acting for itself rather than for its own customer or customers (Securities Investor Protection Corporation, n.d.).

  • The Sarbanes-Oxley Act of 2002: An act introduced to Congress by Senator Paul Sarbanes, Democrat from Maryland, and Representative Michael G. Oxley, Republican from Ohio. Legislation passed in 2002 with the purpose of encouraging employees to become effective corporate monitors and report misconduct and unethical behavior in corporations. This act is discussed in greater detail in the next section.
  • The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010: Named for the legislation's sponsors, Senator Christopher Dodd (D-CT) and Representative Barney Frank (D-MA), this 848-page law is "the most ambitious since the Great Depression" (Rao, MacDonald, & Crawford, 2011). It places increased regulations on credit rating agencies, banks, hedge funds, buyout shops, and the derivatives market. Under the act, the government will audit lending programs of the central banks and "rein in" speculative proprietary trading activities of big insured banks. Another big piece of the law is the creation of an independent Consumer Financial Protection Bureau to monitor mortgage and credit card products. Furthermore, Title I, subtitle A of the Dodd-Frank Act created the Financial Stability Oversight Council (FSOC) to monitor and respond to "systemic risk to the U.S. economy caused by the actions of large complex companies, products, and activities" (Rao, MacDonald, & Crawford, 2011).

Application

The Sarbanes-Oxley Act of 2002

The Sarbanes-Oxley (SOX) Act was signed into law on July 30, 2002, and was created in response to the major scandals in corporations such as Enron, WorldCom and Tyco. When these scandals occurred, there was a decline of public trust in accounting and reporting practices. Some believed that the SOX Act was "a controversial reaction by Congress to investor and public companies, compounded by excessive compensation to executives" (Bumgardner, 2003). The law covers a wide area of a business and establishes new or revised standards for U.S. public company boards, management teams, and public accounting firms. The Act has 11 titles, which address issues such as corporate board responsibilities and criminal penalties. The 11 titles (or sections) are:

  • Public Company Accounting Oversight Board (PCAOB). The Supreme Court later ruled in 2010 that the establishment of the PCAOB was actually beyond Congress's constitutional authority. The ruling did not declare the entire act unconstitutional; however, the Supreme Court did acknowledge that the act's establishment of the PCAOB as an independent board allows for no accountability or presidential oversight (Lenn, 2013).
  • Auditors Independence.
  • Corporate Responsibility.
  • Enhanced Financial Disclosures.
  • Analyst Conflicts of Interest.
  • Commission Resources and Authority.
  • Studies and Reports.
  • Corporate and Criminal Fraud Accountability.
  • White Collar Crime Penalty Enhancement.
  • Corporate Tax Return.
  • Corporate Fraud Accountability.

"The law itself amended the regulatory provisions of the Securities Commission Act of 1934" (Britt, 2003, par. 3) by requiring that the Securities and Exchange Commission implement rulings on requirements to comply with the law. Lastly, the law established a new agency, the Public Company Accounting Oversight Board, which is responsible for overseeing, regulating, inspecting, and disciplining accounting firms in their roles as auditors of public companies.

Learning From SOX

Although the SOX Act has had a profound effect on public companies, it was not set up to cover private companies. However, that does not mean that private companies should not take note of the costs and benefits of the SOX implementation. Based on interviews with legal and accounting experts, Anthony (n.d.) was able to develop a list of four key areas that small businesses and private companies should learn about from the Sarbanes-Oxley Act. Some of his important points include:

  • Work with two accountings instead of one. When a large public company works with one firm, it can raise red flags. Small companies should consider having an auditor as well as a separate CPA firm handling areas such tax filing and consulting services. Private companies are starting to hire smaller firms even though there may be additional expenses.
  • Have an audit committee. Private companies and small businesses should consider having an internal mechanism that acts as a "checks and balances" system.
  • Make the independent board truly independent. The external board of advisers should be allowed to voice their opinions versus being cronies of the chief executive officer. They are there to offer objective advice to the senior management team in an effort to keep the organization in compliance with various regulations.
  • Institute whistleblower protection. The SOX Act has two approaches that encourage employees to become corporate whistleblowers (Moberly, 2006). The first step is a clause that provides protection to whistleblowers from employer retaliation once they have disclosed improper behavior. The second step requires employers to provide employees with guidelines, policies and procedures to report organizational misconduct within the organization.

Viewpoint

Risk Assessment

In the past, the compliance and ethics functions fell in the scope of the organization's legal department. However, with the recent creation of scandals units, such as internal auditing, the organization's initiatives with ethics and compliance have reported directly to the senior management team and the board of directors. As a result of these changes, many organizations are beginning to add risk assessment their compliance and ethics programs.

Phases of Risk Assessment Implementation

Aon created a four-phased process to assist with this task (Kaufman, 2006).

Phase 1 (Risk Identification) includes:

  • Identify and characterize key risks (i.e. surveys, workshops, interviews, data analysis/documents).
  • Categorize risks according to business functionality within the organization (i.e. strategic, operational, financial, human capital, technology, legal & regulatory).

Phase 2 (Risk Prioritization) includes:

  • Prioritize/score risks (i.e. frequency, severity, time to impact).
  • Develop risk map graphically detailing impacts of risks.
  • Establish risk ownership (i.e. may be assigned by function, geography or business unit).
  • Group risks into categories of risk magnitude (i.e. low, moderate and high).

Phase 3 (Critical Risk Analysis) includes:

  • Perform financial modeling of key risks using proprietary loss simulation models.
  • Evaluate risk/return (cost/benefit) of competing strategies.
  • Consider expected value and distribution of modeled key performance indicators.
  • Ensure awareness of correlations of risks.

Phase 4 (Implementation) includes:

  • Recommend risk mitigation strategies.
  • Implement and monitor risk mitigation activity.
  • Report results periodically to key stakeholders.
  • Review risks and strategies to account for changes over time.

Criticisms of the Risk Assessment Process

With any new system, there have been criticisms of risk assessment process. According to Kaufman (2004), the most commonly cited arguments are as follows:

  • Threat of legal discovery. Legal counsel may be concerned that information collected during the risk assessment process must be disclosed if a lawsuit were to arise. There is a concern that this exposure will be perceived as organizational knowledge that a risk was present and the organization failed to act on it.
  • Fear of retribution. Participants in the process may be afraid to share information if they believe they will be reprimanded.
  • Lack of senior level support. The senior management team has to support the risk assessment initiative, and it is important that the leaders of this function report directly to their level or the board.
  • Insufficient resources. Risk assessment programs can be expensive. Organizations will have to be committed to seeing this process succeed. Therefore, short-term profits may be reduced in order to fund the process.
  • Inability to operationalize the process. Organizations must find a way to maintain real-time risk control, monitoring and communication.

In many cases, the risk assessment initiative works in conjunction with an organization's enterprise risk management program by acting as the preliminary test to evaluating the organization's strategic, financial, operational, technological and human capital initiatives. The approach provides a "holistic and risk-based views of the organization's legal and social responsibilities" (Kaufman, 2006, p. 8).

Conclusion

Prior to the Wall Street Crash of 1929, there were minimum regulations of securities in the United States at the federal level. However, as a result of the Crash, Congress held hearings to investigate why the situation occurred. After finding abuses, Congress passed the Securities Act of 1933. Other pertinent securities regulations passed in the United States include Regulation Fair Disclosure, The Securities Exchange Act of 1934, The Public Utility Holding Company Act of 1935, The Trust Indenture Act of 1939, The Investment Company Act of 1940, The Investment Advisers Act of 1940, The Securities Investor Protection Act of 1970, The Sarbanes-Oxley Act of 2002, and The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010.

The Sarbanes-Oxley (SOX) Act was signed into law on July 30, 2002, and was in response to the major scandals in corporations such as Enron, WorldCom and Tyco. When these scandals occurred, there was a decline of public trust in accounting and reporting practices. Some believe that the SOX Act was "a controversial reaction by Congress to investor and public companies, compounded by excessive compensation to executives (Bumgardner, 2003). The law covers a wide area of a business and establishes new or revised standards for U.S. public company boards, management teams, and public accounting firms. The Act has 11 titles, which address issues such as corporate board responsibilities and criminal penalties.

The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 is widely considered the most ambitious and far-reaching renovation of financial regulation in the United States since the 1930s. Together with other regulatory reforms both in the U.S. and overseas, the act aims to put an end to the "too big to fail problem" and is expected to substantially alter the structure of financial markets (Acharya, Cooley, Richardson, Sylla & Walter, 2011). Acharya et al. do point to the following as remaining wholly or partially unaddressed by The Dodd-Frank Wall Street Reform and Consumer Protection Act, however: pricing of explicit and implicit government guarantees, dealing with inevitable opportunities for the financial sector to engage in regulatory arbitrage, and containing the systemic risk arising from collections of small institutions and markets such as money market funds and repo contracts (2011).

The current trend supports initiatives such as risk assessment and enterprise risk management programs. There have been recent mandates and guidelines that support the popularity of these two initiatives. Kaufman (2006) listed some of the developments as:

  • Section 404 of the Sarbanes-Oxley Act of 2002 mandating that organizations file an annual internal control report. One of the requirements is for organizations to affirm that the management team has approved the establishment and maintenance of a risk assessment program in order to be in compliance with regulations.
  • The Federal Sentencing Commission made changes to the Federal Sentencing Guidelines by requiring organizations to continuously audit their programs by implementing risk assessment initiatives in order to reduce the risk of violations of laws.
  • In 2004, COSO released the Enterprise Risk Management (ERM) framework, which is a method used to analyze risk.
  • The Open Compliance and Ethics Group (OCEG) drafted a framework that provides a holistic approach to implementing, managing, evaluating and improving compliance and ethics programs.

Mark Zmieski, the Director of Strategic Learning and Research at the Risk Management Association, believes regulatory expectations are the main reason why the ERM approach is becoming popular at many organizations (RMA study, 2007). The study that his organization conducted revealed that respondents believed the following benefits could materialize as a result of an effective ERM system being in place:

  • Improved understanding of risk and controls (48% of the respondents).
  • Ability to set a common risk culture (48% of the respondents).
  • Opportunity to identify and assess risk in total (45% of the respondents).
  • Ability to apply consistent policy and standards (45% of the respondents).
  • Ability to improve strategic decision-making in the next 18 to 24 months (over 50% of the respondents).

Terms & Concepts

Committee of Sponsoring Organizations (COSO): A voluntary private sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance.

Dodd-Frank Wall Street Reform and Consumer Protection Act: Comprehensive and far-reaching legislation passed in 2010, in response to the late-2000s recession, that made significant changes to financial regulations in the United States.

Enterprise Risk Management: Methods and processes used to manage those risks, possible events or circumstances that can have an influence on business enterprises. By identifying and proactively treating such potential effects, one protects the existence, the resources (human and capital), the products and services, or the customers of the enterprise as well as external effects on society, markets and environments.

Internal Auditing: An independent and objective opinion to the accounting officer on risk management, control and governance, by measuring and evaluating their effectiveness in achieving the organizations agreed objectives.

Regulation Fair Disclosure: A regulation which required publicly traded companies to disclose material information to all investors at the same time.

Risk Assessment: A report that shows assets, vulnerabilities, likelihood of damage, estimates of the costs of recovery, summaries of possible defensive measures and their costs and estimated probable savings from better protection.

Sarbanes Oxley Act: Legislation passed in 2002 with the purpose of encouraging employees to become effective corporate monitors and report misconduct and unethical behavior in corporations.

Securities and Exchange Commission: A United States government agency having primary responsibility for enforcing the federal securities laws and regulating the securities industry/stock market.

Securities Regulation: The field of the U.S. law that covers various aspects of transactions and other dealings with securities.

Self Regulatory Organizations: An independent organization that oversees a network of broker-dealer transactions.

Whistleblowers: An employee, former employee, or member of an organization, especially a business or government agency, who reports misconduct to people or entities that have the power and presumed willingness to take corrective action. Generally, the misconduct is a violation of law, rule, regulation and/or a direct threat to public interest — fraud, health, safety violations, and corruption are just a few examples.

Bibliography

Acharya, V.V., Cooley, T., Richardson, M., Sylla, R., & Walter, I. (2011). The Dodd-Frank Wall Street Reform and Consumer Protection Act: accomplishments and limitations. Journal of Applied Corporate Finance, 23, 43-56. Retrieved November 16, 2013, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=59410749&site=ehost-live

Anthony, J. (2007). Private companies: 4 lessons from Sarbanes Oxley Act. Retrieved November 21, 2007, from http://www.microsoft.com/smallbusiness/resources/finance/legal%5fexpenses/private%5fcompanies%5f4%5flessons%5ffrom%5fsarbanes%5foxley%5fact.mspx

Britt, P. (2003, July/August). Professional perspective: Implications of Sarbanes Oxley. Retrieved November 21, 2007, from http://www.nareit.com/portfoliomag/03julaug/professional.shtml

Bumgardner, L. (2003). Reforming corporate America: How does the Sarbanes Oxley act impact American business? Graziadio Business Report, 6. Retrieved November 21, 2007, from http://gbr.pepperdine.edu/031/sarbanesoxley.html

Investopedia (n.d.). Trust indenture act of 1939. Retrieved November 21, 2007, from http://www.investopedia.com/terms/t/trustindentureactof1933.asp

Joo, T. (1999, May). Who watches the watchers? The securities investor protection Act, investor confidence, and the subsidization of failure. Southern California Law Review, 72. Retrieved November 21, 2007, from http://papers.ssrn.com/sol3/papers.cfm?abstract%5fid=169208

Kaufman, C. (2006, February). A strategy for incorporating risk assessment in the compliance and ethics agenda: Evolution of the risk assessment process as a compliance and ethics tool. Aon Corporation. Retrieved May 14, 2007, from www.aon.com/us/busi/risk%5fmanagement/risk%5fconsulting/ent%5frisk k‗mgmt/ERM‗Compliance‗WP.pdf

Lenn, L.E. (2013). Sarbanes-Oxley Act 2002 (SOX)-10 years later. Journal of Legal Issues & Cases In Business, 2, 1-14. Retrieved November 16, 2013, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=91096089&site=ehost-live

Rao, H., MacDonald, J., & Crawford, D. (2011). The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. CPA Journal, 81 , 14-25. Retrieved November 16, 2013, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=65030834&site=ehost-live

RMA announces results of enterprise risk management survey. (2007). Secured Lender, 63, 14. Retrieved May 14, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=23789434&site=ehost-live

Securities Investor Protection Corporation. (n.d.). How SIPC protects you. Retrieved November 21, 2007, from http://www.sipc.org/how/brochure.cfm

Suggested Reading

Fitzsimons, A.P. & Silliman, B.R. (2007). SEC and PCAOB plan to grant relief to smaller companies. Bank Accounting & Finance, 20, 42-46. Retrieved November 28, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=27184163&site=ehost-live

Hail, L. & Leuz, C. (2006). International differences in the cost of equity capital: Do legal institutions and securities regulations matter? Journal of Accounting Research, 44, 485-531. Retrieved November 28, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=20620755&site=ehost-live

Johnson, C.L. (2013). Understanding Dodd-Frank's reach into the financing of Main Street. Journal of Public Budgeting, Accounting & Financial Management, 25, 391-410. Retrieved November 16, 2013, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=89445368&site=ehost-live

Kennedy, D. (2007). FINRA is at the back door of index annuity regulation. National Underwriter / Life & Health Financial Services, 111, 20. Retrieved November 28, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=27460364&site=ehost-live

Essay by Marie Gould

Marie Gould is an Associate Professor and the Faculty Chair of the Business Administration Department at Peirce College in Philadelphia, Pennsylvania. She teaches in the areas of management, entrepreneurship, and international business. Although Ms. Gould has spent her career in both academia and corporate, she enjoys helping people learn new things — whether it's by teaching, developing or mentoring.