Nonprofit Corporate Governance

In an indictment dated October 29, 2003, former HealthSouth Corp. chief executive Richard Scrushy was charged with 85 criminal counts for a scheme that allegedly added $2.7 billion in fictitious income to the health-care company he founded. Scrushy is the first chief executive to be accused of violating the Sarbanes-Oxley Act of 2002 (the Act), which includes a requirement that top executives at publicly traded companies certify the accuracy of financial results.

In November, the Associated Press reported that HealthSouth's directors, outside auditors and investment bankers had been called to testify before Congress concerning why they failed to detect the massive conspiracy, allegedly led by Scrushy, to overstate earnings of the one of the nation's largest providers of health care services. The case has already seen more than a dozen former executives of the HealthSouth Corp. plead guilty. In his sentencing hearing in November, one such executive testified that during his employment at HealthSouth, he saw invoices for hand grenades, automatic weapons, and other munitions.

In this two-part article, we summarize the basic requirements of the Act, demonstrate the legitimate public interest in accountability of nonprofits, and explore the extent to which compliance with Act-like corporate governance standards is already required, de facto, of the nonprofit sector.

The Sarbanes-Oxley Act of 2002

We all know by now that Congress enacted the Sarbanes-Oxley Act of 2002 in response to the by now well-publicized financial scandals at Enron Corp. and WorldCom Inc., and the resulting general disintegration of investor confidence in the public markets. The Act requires companies, the securities of which are publicly traded, to comply with a number of disclosure, audit and general corporate responsibility rules. Several states have already enacted or proposed legislation imposing similar requirements. While the Act focuses on publicly traded companies, many have suggested that its requirements will be extended to the nonprofit sector. For example, in March of this year, the New York Attorney General's office announced its intention to extend Act-like corporate governance requirements to nonprofit corporations doing business in New York State.

The requirements of the Act that best lend themselves to application to nonprofits can be divided into four basic categories: enhanced disclosure requirements; independence standards of audit committees and their advisors; general corporate responsibility; and miscellaneous.

Enhanced Disclosure Requirements

Some of the Act's provisions are new, while others mandate what have previously been proposed as “best practices” or rulemaking by the Securities and Exchange Commission (SEC). The emphasis here is on complete, rapid and detailed disclosure, primarily of financial information. Thus, both the quantity and quality of information required to be disclosed in quarterly and annual reports on Forms 10-Q and 10-K have been increased, and filing deadlines have been shortened. This requirement includes disclosure of “off balance sheet” transactions and other relationships that may have a material effect on financial condition. In addition, affected companies may not make untrue or misleading public statements. This latter requirement would apply, for instance, to press releases of pro forma financial information. Affected companies also have enhanced disclosure requirements with respect to material, nonpublic information when communicating with Wall Street professionals. Finally, under its Act rule-making authority, the SEC has adopted new, and in many respects controversial, rules for attorneys who appear and practice before it.

Independence Standards

The Act requires the independence of audit committees and their advisers. The requirement therefore extends to external audit firms. Under the Act, audit committees must be composed solely of independent directors. For these purposes, “independent” means not accepting any advisory fees or other compensation (other than for service as a director) and not being an affiliated person. In addition, the audit committee must have at least one “financial expert” or explain why it does not. For these purposes, a “financial expert” is someone who has sufficient education and experience to understand financial statements, GAAP, financial reporting, internal controls and the proper functions of an audit committee.

Consistent with their mandate for independence, audit committees are empowered to retain independent counsel and other advisers. Moreover, all audit and non-audit services provided to an affected company by the independent auditor must be pre-approved by the audit committee. The affected company's auditors must report directly to the audit committee regarding material written communications between the auditors and the company's management, as well as certain information regarding critical accounting practices and alternative treatments of financial information which affect the company's audit.

The Act requires that the lead audit partner and the reviewing audit partner be rotated every 5 years, and disqualifies (for 1 year) an accounting firm from auditing an affected company that has recruited an executive position from the accounting firm. The Act also prohibits accounting firms from providing a broad range of “consulting” services (including legal services) to an affected company that it audits.

Corporate Responsibility

Perhaps most notable among the the Act requirements are those that fall under the rubric of corporate responsibility. The Act holds an affected company's CEO and CFO directly accountable for the accurate disclosure of the company's financial performance to the public. To this end, these officers must each personally certify the accuracy of their company's quarterly and annual reports. The certification must represent that each has reviewed the report and that, to his or her knowledge, the report is true and fairly presents the company's financial condition. The certification must also represent that each officer has evaluated the company's internal financial controls, and has reported to the company's auditors, and the “independent” audit committee, any deficiencies in such controls. In other words, both the CEO and the CFO must personally certify both the internal process leading to, and the results of, their company's financial reports.

To put some teeth into this new certification requirement, the Act establishes a Public Company Accounting Oversight Board (PCA Oversight Board) that is responsible, inter alia, for enforcing compliance with the Act. Additional teeth appear in the form of both civil and criminal penalties, applicable to those who knowingly certify false financial information. These penalties include the return of any resulting bonus or incentive compensation, or profits from the sale of company stock, as well as the possibility of imprisonment for up to 20 years.

We note here that the reader should be aware of the recommendations set forth in the recently released proposals for changes to the Federal Sentencing Guidelines. The Guidelines control the sentencing of organizations for most criminal violations of law. Of significance is the concept of a sentencing “credit” for organizations that establish effective programs to detect and prevent violations of the law. Submitted by the Advisory Group to the U.S. Sentencing Commission, these recommendations stress the oversight duties of corporate boards of directors, including their responsibility for corporate compliance. We revisit these Guidelines proposals next month in Part Two of this article, when we consider the de facto nature of the imposition of the Act standards on nonprofits.

Finally, but by no means of least importance, the Act requires that affected companies adopt and publish a Code of Ethics that promotes ethical conduct, or explain why they have not done so. This requirement is also of significance relative to sentencing “credit” under the Advisory Group's proposals for changes to the Guidelines.

Additional Sarbanes-Oxley Prohibitions

There are three additional Act prohibitions perhaps best grouped under the heading “miscellaneous.” The Act makes it a crime to retaliate against a whistle-blower who reports information about the commission of any federal offense. It creates a new federal crime for the destruction or alteration of records during a federal investigation. Finally, it prohibits personal loans and other extensions of credit to directors and executive officers.

Public Interest in the Accountability of Nonprofits

In most states, applicable state law permits the organization and operation of nonprofit corporations in either of two forms: charitable or noncharitable (sometimes characterized as public benefit or mutual benefit.) A growing number of states have adopted the Revised Model Nonprofit Corporation Act, which requires that charitable nonprofit corporations dedicate their assets to, and avoid the diversion of their charitable assets away from, their chartered charitable purpose.

Historically, in most states, the state attorney general has assumed the role of parens patriae (literally, parent of the country) and with respect to charitable assets, acts on behalf of the citizens of the state to preserve the continuing dedication of charitable assets to their chartered purpose. Not surprisingly, given the current high level of both governmental and public interest in “corporate responsibility,” the state attorneys general have become increasingly active as enforcers of the basic fiduciary duties of corporate directors. This increased level of activity has included several high visibility matters involving nonprofit corporations, including:

• the Allegheny Health Education and Research Foundation (AHERF) bankruptcy, in which the Pennsylvania AG played an active role;
• the Allina Health System/Medica audit and resulting corporate integrity agreement, in which the Minnesota AG played an active role; and
• the proposed acquisition by WellPoint Health Networks, Inc. of CareFirst, recently denied approval by the Maryland Insurance Commissioner, in which the Maryland AG played an active role.

Although such matters are multi-faceted and complex, at the heart of each is generally some level of concern that the existing system of corporate governance has failed (or is failing) to protect and preserve a nonprofit corporation's charitable assets. States have begun to show interest in adopting rules that would impose Act-like standards on the governance of nonprofit corporations. For example, in January 2003, New York Attorney General Eliot Spitzer proposed legislation that would require nonprofit organizations chartered in New York to adopt certain governance reforms similar to those required by the Act.

Perhaps in response, the Healthcare Trustees of New York State (HTNYS) have issued a special report, entitled Sarbanes-Oxley: Implications for Governing Board Members of New York State's Not-for-Profit Health Care Provider Institutions. In New York, the issues have now, as they say, been joined. In Part 2 of this Article, we will continue to explore developments in state law which, when taken together with existing federal regulations applicable to charitable non profit corporations, suggest that even though the Act has literal application only to publicly reporting companies, it has de facto application to nonprofit corporations.

In an indictment dated October 29, 2003, former HealthSouth Corp. chief executive Richard Scrushy was charged with 85 criminal counts for a scheme that allegedly added $2.7 billion in fictitious income to the health-care company he founded. Scrushy is the first chief executive to be accused of violating the Sarbanes-Oxley Act of 2002 (the Act), which includes a requirement that top executives at publicly traded companies certify the accuracy of financial results.

In November, the Associated Press reported that HealthSouth's directors, outside auditors and investment bankers had been called to testify before Congress concerning why they failed to detect the massive conspiracy, allegedly led by Scrushy, to overstate earnings of the one of the nation's largest providers of health care services. The case has already seen more than a dozen former executives of the HealthSouth Corp. plead guilty. In his sentencing hearing in November, one such executive testified that during his employment at HealthSouth, he saw invoices for hand grenades, automatic weapons, and other munitions.

In this two-part article, we summarize the basic requirements of the Act, demonstrate the legitimate public interest in accountability of nonprofits, and explore the extent to which compliance with Act-like corporate governance standards is already required, de facto, of the nonprofit sector.

The Sarbanes-Oxley Act of 2002

We all know by now that Congress enacted the Sarbanes-Oxley Act of 2002 in response to the by now well-publicized financial scandals at Enron Corp. and WorldCom Inc., and the resulting general disintegration of investor confidence in the public markets. The Act requires companies, the securities of which are publicly traded, to comply with a number of disclosure, audit and general corporate responsibility rules. Several states have already enacted or proposed legislation imposing similar requirements. While the Act focuses on publicly traded companies, many have suggested that its requirements will be extended to the nonprofit sector. For example, in March of this year, the New York Attorney General's office announced its intention to extend Act-like corporate governance requirements to nonprofit corporations doing business in New York State.

The requirements of the Act that best lend themselves to application to nonprofits can be divided into four basic categories: enhanced disclosure requirements; independence standards of audit committees and their advisors; general corporate responsibility; and miscellaneous.

Enhanced Disclosure Requirements

Some of the Act's provisions are new, while others mandate what have previously been proposed as “best practices” or rulemaking by the Securities and Exchange Commission (SEC). The emphasis here is on complete, rapid and detailed disclosure, primarily of financial information. Thus, both the quantity and quality of information required to be disclosed in quarterly and annual reports on Forms 10-Q and 10-K have been increased, and filing deadlines have been shortened. This requirement includes disclosure of “off balance sheet” transactions and other relationships that may have a material effect on financial condition. In addition, affected companies may not make untrue or misleading public statements. This latter requirement would apply, for instance, to press releases of pro forma financial information. Affected companies also have enhanced disclosure requirements with respect to material, nonpublic information when communicating with Wall Street professionals. Finally, under its Act rule-making authority, the SEC has adopted new, and in many respects controversial, rules for attorneys who appear and practice before it.

Independence Standards

The Act requires the independence of audit committees and their advisers. The requirement therefore extends to external audit firms. Under the Act, audit committees must be composed solely of independent directors. For these purposes, “independent” means not accepting any advisory fees or other compensation (other than for service as a director) and not being an affiliated person. In addition, the audit committee must have at least one “financial expert” or explain why it does not. For these purposes, a “financial expert” is someone who has sufficient education and experience to understand financial statements, GAAP, financial reporting, internal controls and the proper functions of an audit committee.

Consistent with their mandate for independence, audit committees are empowered to retain independent counsel and other advisers. Moreover, all audit and non-audit services provided to an affected company by the independent auditor must be pre-approved by the audit committee. The affected company's auditors must report directly to the audit committee regarding material written communications between the auditors and the company's management, as well as certain information regarding critical accounting practices and alternative treatments of financial information which affect the company's audit.

The Act requires that the lead audit partner and the reviewing audit partner be rotated every 5 years, and disqualifies (for 1 year) an accounting firm from auditing an affected company that has recruited an executive position from the accounting firm. The Act also prohibits accounting firms from providing a broad range of “consulting” services (including legal services) to an affected company that it audits.

Corporate Responsibility

Perhaps most notable among the the Act requirements are those that fall under the rubric of corporate responsibility. The Act holds an affected company's CEO and CFO directly accountable for the accurate disclosure of the company's financial performance to the public. To this end, these officers must each personally certify the accuracy of their company's quarterly and annual reports. The certification must represent that each has reviewed the report and that, to his or her knowledge, the report is true and fairly presents the company's financial condition. The certification must also represent that each officer has evaluated the company's internal financial controls, and has reported to the company's auditors, and the “independent” audit committee, any deficiencies in such controls. In other words, both the CEO and the CFO must personally certify both the internal process leading to, and the results of, their company's financial reports.

To put some teeth into this new certification requirement, the Act establishes a Public Company Accounting Oversight Board (PCA Oversight Board) that is responsible, inter alia, for enforcing compliance with the Act. Additional teeth appear in the form of both civil and criminal penalties, applicable to those who knowingly certify false financial information. These penalties include the return of any resulting bonus or incentive compensation, or profits from the sale of company stock, as well as the possibility of imprisonment for up to 20 years.

We note here that the reader should be aware of the recommendations set forth in the recently released proposals for changes to the Federal Sentencing Guidelines. The Guidelines control the sentencing of organizations for most criminal violations of law. Of significance is the concept of a sentencing “credit” for organizations that establish effective programs to detect and prevent violations of the law. Submitted by the Advisory Group to the U.S. Sentencing Commission, these recommendations stress the oversight duties of corporate boards of directors, including their responsibility for corporate compliance. We revisit these Guidelines proposals next month in Part Two of this article, when we consider the de facto nature of the imposition of the Act standards on nonprofits.

Finally, but by no means of least importance, the Act requires that affected companies adopt and publish a Code of Ethics that promotes ethical conduct, or explain why they have not done so. This requirement is also of significance relative to sentencing “credit” under the Advisory Group's proposals for changes to the Guidelines.

Additional Sarbanes-Oxley Prohibitions

There are three additional Act prohibitions perhaps best grouped under the heading “miscellaneous.” The Act makes it a crime to retaliate against a whistle-blower who reports information about the commission of any federal offense. It creates a new federal crime for the destruction or alteration of records during a federal investigation. Finally, it prohibits personal loans and other extensions of credit to directors and executive officers.

Public Interest in the Accountability of Nonprofits

In most states, applicable state law permits the organization and operation of nonprofit corporations in either of two forms: charitable or noncharitable (sometimes characterized as public benefit or mutual benefit.) A growing number of states have adopted the Revised Model Nonprofit Corporation Act, which requires that charitable nonprofit corporations dedicate their assets to, and avoid the diversion of their charitable assets away from, their chartered charitable purpose.

Historically, in most states, the state attorney general has assumed the role of parens patriae (literally, parent of the country) and with respect to charitable assets, acts on behalf of the citizens of the state to preserve the continuing dedication of charitable assets to their chartered purpose. Not surprisingly, given the current high level of both governmental and public interest in “corporate responsibility,” the state attorneys general have become increasingly active as enforcers of the basic fiduciary duties of corporate directors. This increased level of activity has included several high visibility matters involving nonprofit corporations, including:

• the Allegheny Health Education and Research Foundation (AHERF) bankruptcy, in which the Pennsylvania AG played an active role;
• the Allina Health System/Medica audit and resulting corporate integrity agreement, in which the Minnesota AG played an active role; and
• the proposed acquisition by WellPoint Health Networks, Inc. of CareFirst, recently denied approval by the Maryland Insurance Commissioner, in which the Maryland AG played an active role.

Although such matters are multi-faceted and complex, at the heart of each is generally some level of concern that the existing system of corporate governance has failed (or is failing) to protect and preserve a nonprofit corporation's charitable assets. States have begun to show interest in adopting rules that would impose Act-like standards on the governance of nonprofit corporations. For example, in January 2003, New York Attorney General Eliot Spitzer proposed legislation that would require nonprofit organizations chartered in New York to adopt certain governance reforms similar to those required by the Act.

Perhaps in response, the Healthcare Trustees of New York State (HTNYS) have issued a special report, entitled Sarbanes-Oxley: Implications for Governing Board Members of New York State's Not-for-Profit Health Care Provider Institutions. In New York, the issues have now, as they say, been joined. In Part 2 of this Article, we will continue to explore developments in state law which, when taken together with existing federal regulations applicable to charitable non profit corporations, suggest that even though the Act has literal application only to publicly reporting companies, it has de facto application to nonprofit corporations.